JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse Source
This commit is contained in:
github-actions[bot] 2022-03-05 18:01:48 +00:00 committed by GitHub
commit 47494ea53c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
63 changed files with 2878 additions and 1910 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
nixos/doc/manual/development/option-declarations.section.md
View File

@ -145,26 +145,26 @@ As an example, we will take the case of display managers. There is a
central display manager module for generic display manager options and a
module file per display manager backend (sddm, gdm \...).
There are two approach to this module structure:
There are two approaches we could take with this module structure:
- Managing the display managers independently by adding an enable
- Configuring the display managers independently by adding an enable
option to every display manager module backend. (NixOS)
- Managing the display managers in the central module by adding an
option to select which display manager backend to use.
- Configuring the display managers in the central module by adding
an option to select which display manager backend to use.
Both approaches have problems.
Making backends independent can quickly become hard to manage. For
display managers, there can be only one enabled at a time, but the type
system can not enforce this restriction as there is no relation between
each backend `enable` option. As a result, this restriction has to be
done explicitely by adding assertions in each display manager backend
module.
display managers, there can only be one enabled at a time, but the
type system cannot enforce this restriction as there is no relation
between each backend's `enable` option. As a result, this restriction
has to be done explicitly by adding assertions in each display manager
backend module.
On the other hand, managing the display managers backends in the central
module will require to change the central module option every time a new
backend is added or removed.
On the other hand, managing the display manager backends in the
central module will require changing the central module option every
time a new backend is added or removed.
By using extensible option types, it is possible to create a placeholder
option in the central module
@ -175,7 +175,7 @@ and to extend it in each backend module
As a result, `displayManager.enable` option values can be added without
changing the main service module file and the type system automatically
enforce that there can only be a single display manager enabled.
enforces that there can only be a single display manager enabled.
::: {#ex-option-declaration-eot-service .example}
::: {.title}

6
nixos/doc/manual/development/option-types.section.md
View File

@ -16,9 +16,9 @@ merging is handled.
`types.path`
: A filesystem path, defined as anything that when coerced to a string
starts with a slash. Even if derivations can be considered as path,
the more specific `types.package` should be preferred.
: A filesystem path is anything that starts with a slash when
coerced to a string. Even if derivations can be considered as
paths, the more specific `types.package` should be preferred.
`types.package`

29
nixos/doc/manual/from_md/development/option-declarations.section.xml
View File

@ -215,21 +215,22 @@ lib.mkOption {
manager backend (sddm, gdm ...).
</para>
<para>
There are two approach to this module structure:
There are two approaches we could take with this module
structure:
</para>
<itemizedlist>
<listitem>
<para>
Managing the display managers independently by adding an
enable option to every display manager module backend.
(NixOS)
Configuring the display managers independently by adding
an enable option to every display manager module
backend. (NixOS)
</para>
</listitem>
<listitem>
<para>
Managing the display managers in the central module by
adding an option to select which display manager backend
to use.
Configuring the display managers in the central module
by adding an option to select which display manager
backend to use.
</para>
</listitem>
</itemizedlist>
@ -238,16 +239,16 @@ lib.mkOption {
</para>
<para>
Making backends independent can quickly become hard to
manage. For display managers, there can be only one enabled
at a time, but the type system can not enforce this
restriction as there is no relation between each backend
manage. For display managers, there can only be one enabled
at a time, but the type system cannot enforce this
restriction as there is no relation between each backends
<literal>enable</literal> option. As a result, this
restriction has to be done explicitely by adding assertions
restriction has to be done explicitly by adding assertions
in each display manager backend module.
</para>
<para>
On the other hand, managing the display managers backends in
the central module will require to change the central module
On the other hand, managing the display manager backends in
the central module will require changing the central module
option every time a new backend is added or removed.
</para>
<para>
@ -268,7 +269,7 @@ lib.mkOption {
<para>
As a result, <literal>displayManager.enable</literal> option
values can be added without changing the main service module
file and the type system automatically enforce that there
file and the type system automatically enforces that there
can only be a single display manager enabled.
</para>
<anchor xml:id="ex-option-declaration-eot-service" />

8
nixos/doc/manual/from_md/development/option-types.section.xml
View File

@ -30,10 +30,10 @@
</term>
<listitem>
<para>
A filesystem path, defined as anything that when coerced to
a string starts with a slash. Even if derivations can be
considered as path, the more specific
<literal>types.package</literal> should be preferred.
A filesystem path is anything that starts with a slash when
coerced to a string. Even if derivations can be considered
as paths, the more specific <literal>types.package</literal>
should be preferred.
</para>
</listitem>
</varlistentry>

118
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View File

@ -394,6 +394,116 @@
its reliance on python2.
</para>
</listitem>
<listitem>
<para>
The <literal>matrix-synapse</literal> service
(<literal>services.matrix-synapse</literal>) has been
converted to use the <literal>settings</literal> option
defined in RFC42. This means that options that are part of
your <literal>homeserver.yaml</literal> configuration, and
that were specified at the top-level of the module
(<literal>services.matrix-synapse</literal>) now need to be
moved into
<literal>services.matrix-synapse.settings</literal>. And while
not all options you may use are defined in there, they are
still supported, because you can set arbitrary values in this
freeform type.
</para>
<para>
An example to make the required migration clearer:
</para>
<para>
Before:
</para>
<programlisting language="bash">
{
services.matrix-synapse = {
enable = true;
server_name = &quot;example.com&quot;;
public_baseurl = &quot;https://example.com:8448&quot;;
enable_registration = false;
registration_shared_secret = &quot;xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut&quot;;
macaroon_secret_key = &quot;xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l&quot;;
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
listeners = [ {
port = 8448;
bind_address = &quot;&quot;;
type = &quot;http&quot;;
tls = true;
resources = [ {
names = [ &quot;client&quot; ];
compress = true;
} {
names = [ &quot;federation&quot; ];
compress = false;
} ];
} ];
};
}
</programlisting>
<para>
After:
</para>
<programlisting language="bash">
{
services.matrix-synapse = {
enable = true;
# this attribute set holds all values that go into your homeserver.yaml configuration
# See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
# possible values.
settings = {
server_name = &quot;example.com&quot;;
public_baseurl = &quot;https://example.com:8448&quot;;
enable_registration = false;
# pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
listeners = [ {
port = 8448;
bind_address = [
&quot;::&quot;
&quot;0.0.0.0&quot;
];
type = &quot;http&quot;;
tls = true;
resources = [ {
names = [ &quot;client&quot; ];
compress = true;
} {
names = [ &quot;federation&quot; ];
compress = false;
} ];
} ];
};
extraConfigFiles = [
/run/keys/matrix-synapse/secrets.yaml
];
};
}
</programlisting>
<para>
The secrets in your original config should be migrated into a
YAML file that is included via
<literal>extraConfigFiles</literal>.
</para>
<para>
Additionally a few option defaults have been synced up with
upstream default values, for example the
<literal>max_upload_size</literal> grew from
<literal>10M</literal> to <literal>50M</literal>.
</para>
</listitem>
<listitem>
<para>
The MoinMoin wiki engine
@ -1191,6 +1301,14 @@
<literal>tmux</literal>.
</para>
</listitem>
<listitem>
<para>
The polkit service, available at
<literal>security.polkit.enable</literal>, is now disabled by
default. It will automatically be enabled through services and
desktop environments as needed.
</para>
</listitem>
</itemizedlist>
</section>
</section>

91
nixos/doc/manual/release-notes/rl-2205.section.md
View File

@ -130,6 +130,95 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `mailpile` email webclient (`services.mailpile`) has been removed due to its reliance on python2.
- The `matrix-synapse` service (`services.matrix-synapse`) has been converted to use the `settings` option defined in RFC42.
This means that options that are part of your `homeserver.yaml` configuration, and that were specified at the top-level of the
module (`services.matrix-synapse`) now need to be moved into `services.matrix-synapse.settings`. And while not all options you
may use are defined in there, they are still supported, because you can set arbitrary values in this freeform type.
An example to make the required migration clearer:
Before:
```nix
{
services.matrix-synapse = {
enable = true;
server_name = "example.com";
public_baseurl = "https://example.com:8448";
enable_registration = false;
registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut";
macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l";
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
listeners = [ {
port = 8448;
bind_address = "";
type = "http";
tls = true;
resources = [ {
names = [ "client" ];
compress = true;
} {
names = [ "federation" ];
compress = false;
} ];
} ];
};
}
```
After:
```nix
{
services.matrix-synapse = {
enable = true;
# this attribute set holds all values that go into your homeserver.yaml configuration
# See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
# possible values.
settings = {
server_name = "example.com";
public_baseurl = "https://example.com:8448";
enable_registration = false;
# pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
listeners = [ {
port = 8448;
bind_address = [
"::"
"0.0.0.0"
];
type = "http";
tls = true;
resources = [ {
names = [ "client" ];
compress = true;
} {
names = [ "federation" ];
compress = false;
} ];
} ];
};
extraConfigFiles = [
/run/keys/matrix-synapse/secrets.yaml
];
};
}
```
The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`.
Additionally a few option defaults have been synced up with upstream default values, for example the `max_upload_size` grew from `10M` to `50M`.
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
@ -382,4 +471,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- `programs.tmux` has a new option `plugins` that accepts a list of packages from the `tmuxPlugins` group. The specified packages are added to the system and loaded by `tmux`.
- The polkit service, available at `security.polkit.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

4
nixos/modules/module-list.nix
View File

@ -455,6 +455,7 @@
./services/hardware/vdr.nix
./services/hardware/xow.nix
./services/home-automation/home-assistant.nix
./services/home-automation/zigbee2mqtt.nix
./services/logging/SystemdJournal2Gelf.nix
./services/logging/awstats.nix
./services/logging/filebeat.nix
@ -499,6 +500,7 @@
./services/mail/roundcube.nix
./services/mail/sympa.nix
./services/mail/nullmailer.nix
./services/matrix/matrix-synapse.nix
./services/matrix/mjolnir.nix
./services/matrix/pantalaimon.nix
./services/misc/ananicy.nix
@ -565,7 +567,6 @@
./services/misc/matrix-appservice-discord.nix
./services/misc/matrix-appservice-irc.nix
./services/misc/matrix-conduit.nix
./services/misc/matrix-synapse.nix
./services/misc/mautrix-facebook.nix
./services/misc/mautrix-telegram.nix
./services/misc/mbpfan.nix
@ -626,7 +627,6 @@
./services/misc/weechat.nix
./services/misc/xmr-stak.nix
./services/misc/xmrig.nix
./services/misc/zigbee2mqtt.nix
./services/misc/zoneminder.nix
./services/misc/zookeeper.nix
./services/monitoring/alerta.nix

1
nixos/modules/programs/sway.nix
View File

@ -134,6 +134,7 @@ in {
'';
};
};
security.polkit.enable = true;
security.pam.services.swaylock = {};
hardware.opengl.enable = mkDefault true;
fonts.enableDefaultFonts = mkDefault true;

6
nixos/modules/security/polkit.nix
View File

@ -12,11 +12,7 @@ in
options = {
security.polkit.enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable PolKit.";
};
security.polkit.enable = mkEnableOption "polkit";
security.polkit.extraConfig = mkOption {
type = types.lines;

2
nixos/modules/services/desktops/flatpak.nix
View File

@ -30,6 +30,8 @@ in {
environment.systemPackages = [ pkgs.flatpak ];
security.polkit.enable = true;
services.dbus.packages = [ pkgs.flatpak ];
systemd.packages = [ pkgs.flatpak ];

2
nixos/modules/services/hardware/udisks2.nix
View File

@ -32,6 +32,8 @@ with lib;
environment.systemPackages = [ pkgs.udisks2 ];
security.polkit.enable = true;
services.dbus.packages = [ pkgs.udisks2 ];
systemd.tmpfiles.rules = [ "d /var/lib/udisks2 0755 root root -" ];

0
nixos/modules/services/misc/zigbee2mqtt.nix → nixos/modules/services/home-automation/zigbee2mqtt.nix
View File

0
nixos/modules/services/misc/matrix-synapse-log_config.yaml → nixos/modules/services/matrix/matrix-synapse-log_config.yaml
View File

773
nixos/modules/services/matrix/matrix-synapse.nix Normal file
View File

@ -0,0 +1,773 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.matrix-synapse;
format = pkgs.formats.yaml {};
# remove null values from the final configuration
finalSettings = lib.filterAttrsRecursive (_: v: v != null) cfg.settings;
configFile = format.generate "homeserver.yaml" finalSettings;
logConfigFile = format.generate "log_config.yaml" cfg.logConfig;
pluginsEnv = cfg.package.python.buildEnv.override {
extraLibs = cfg.plugins;
};
usePostgresql = cfg.settings.database.name == "psycopg2";
hasLocalPostgresDB = let args = cfg.settings.database.args; in
usePostgresql && (!(args ? host) || (elem args.host [ "localhost" "127.0.0.1" "::1" ]));
registerNewMatrixUser =
let
isIpv6 = x: lib.length (lib.splitString ":" x) > 1;
listener =
lib.findFirst (
listener: lib.any (
resource: lib.any (
name: name == "client"
) resource.names
) listener.resources
) (lib.last cfg.settings.listeners) cfg.settings.listeners;
# FIXME: Handle cases with missing client listener properly,
# don't rely on lib.last, this will not work.
# add a tail, so that without any bind_addresses we still have a useable address
bindAddress = head (listener.bind_addresses ++ [ "127.0.0.1" ]);
listenerProtocol = if listener.tls
then "https"
else "http";
in
pkgs.writeShellScriptBin "matrix-synapse-register_new_matrix_user" ''
exec ${cfg.package}/bin/register_new_matrix_user \
$@ \
${lib.concatMapStringsSep " " (x: "-c ${x}") ([ configFile ] ++ cfg.extraConfigFiles)} \
"${listenerProtocol}://${
if (isIpv6 bindAddress) then
"[${bindAddress}]"
else
"${bindAddress}"
}:${builtins.toString listener.port}/"
'';
in {
imports = [
(mkRemovedOptionModule [ "services" "matrix-synapse" "trusted_third_party_id_servers" ] ''
The `trusted_third_party_id_servers` option as been removed in `matrix-synapse` v1.4.0
as the behavior is now obsolete.
'')
(mkRemovedOptionModule [ "services" "matrix-synapse" "create_local_database" ] ''
Database configuration must be done manually. An exemplary setup is demonstrated in
<nixpkgs/nixos/tests/matrix-synapse.nix>
'')
(mkRemovedOptionModule [ "services" "matrix-synapse" "web_client" ] "")
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_invite_state_types" ] ''
You may add additional event types via
`services.matrix-synapse.room_prejoin_state.additional_event_types` and
disable the default events via
`services.matrix-synapse.room_prejoin_state.disable_default_event_types`.
'')
# options that don't exist in synapse anymore
(mkRemovedOptionModule [ "services" "matrix-synapse" "bind_host" ] "Use listener settings instead." )
(mkRemovedOptionModule [ "services" "matrix-synapse" "bind_port" ] "Use listener settings instead." )
(mkRemovedOptionModule [ "services" "matrix-synapse" "expire_access_tokens" ] "" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "no_tls" ] "It is no longer supported by synapse." )
(mkRemovedOptionModule [ "services" "matrix-synapse" "tls_dh_param_path" ] "It was removed from synapse." )
(mkRemovedOptionModule [ "services" "matrix-synapse" "unsecure_port" ] "Use settings.listeners instead." )
(mkRemovedOptionModule [ "services" "matrix-synapse" "user_creation_max_duration" ] "It is no longer supported by synapse." )
(mkRemovedOptionModule [ "services" "matrix-synapse" "verbose" ] "Use a log config instead." )
# options that were moved into rfc42 style settigns
(mkRemovedOptionModule [ "services" "matrix-synapse" "app_service_config_files" ] "Use settings.app_service_config_Files instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_args" ] "Use settings.database.args instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_name" ] "Use settings.database.args.database instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_type" ] "Use settings.database.name instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_user" ] "Use settings.database.args.user instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "dynamic_thumbnails" ] "Use settings.dynamic_thumbnails instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "enable_metrics" ] "Use settings.enable_metrics instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "enable_registration" ] "Use settings.enable_registration instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "extraConfig" ] "Use settings instead." )
(mkRemovedOptionModule [ "services" "matrix-synapse" "listeners" ] "Use settings.listeners instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "logConfig" ] "Use settings.log_config instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "max_image_pixels" ] "Use settings.max_image_pixels instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "max_upload_size" ] "Use settings.max_upload_size instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "presence" "enabled" ] "Use settings.presence.enabled instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "public_baseurl" ] "Use settings.public_baseurl instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "report_stats" ] "Use settings.report_stats instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "server_name" ] "Use settings.server_name instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "servers" ] "Use settings.trusted_key_servers instead." )
(mkRemovedOptionModule [ "services" "matrix-synapse" "tls_certificate_path" ] "Use settings.tls_certificate_path instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "tls_private_key_path" ] "Use settings.tls_private_key_path instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "turn_shared_secret" ] "Use settings.turn_shared_secret instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "turn_uris" ] "Use settings.turn_uris instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "turn_user_lifetime" ] "Use settings.turn_user_lifetime instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_enabled" ] "Use settings.url_preview_enabled instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_ip_range_blacklist" ] "Use settings.url_preview_ip_range_blacklist instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_ip_range_whitelist" ] "Use settings.url_preview_ip_range_whitelist instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_url_blacklist" ] "Use settings.url_preview_url_blacklist instead" )
# options that are too specific to mention them explicitly in settings
(mkRemovedOptionModule [ "services" "matrix-synapse" "account_threepid_delegates" "email" ] "Use settings.account_threepid_delegates.email instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "account_threepid_delegates" "msisdn" ] "Use settings.account_threepid_delegates.msisdn instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "allow_guest_access" ] "Use settings.allow_guest_access instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "bcrypt_rounds" ] "Use settings.bcrypt_rounds instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "enable_registration_captcha" ] "Use settings.enable_registration_captcha instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "event_cache_size" ] "Use settings.event_cache_size instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_concurrent" ] "Use settings.rc_federation.concurrent instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_reject_limit" ] "Use settings.rc_federation.reject_limit instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_sleep_delay" ] "Use settings.rc_federation.sleep_delay instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_sleep_limit" ] "Use settings.rc_federation.sleep_limit instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_window_size" ] "Use settings.rc_federation.window_size instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "key_refresh_interval" ] "Use settings.key_refresh_interval instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "rc_messages_burst_count" ] "Use settings.rc_messages.burst_count instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "rc_messages_per_second" ] "Use settings.rc_messages.per_second instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "recaptcha_private_key" ] "Use settings.recaptcha_private_key instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "recaptcha_public_key" ] "Use settings.recaptcha_public_key instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "redaction_retention_period" ] "Use settings.redaction_retention_period instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_prejoin_state" "additional_event_types" ] "Use settings.room_prejoin_state.additional_event_types instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_prejoin_state" "disable_default_event_types" ] "Use settings.room_prejoin-state.disable_default_event_types instead" )
# Options that should be passed via extraConfigFiles, so they are not persisted into the nix store
(mkRemovedOptionModule [ "services" "matrix-synapse" "macaroon_secret_key" ] "Pass this value via extraConfigFiles instead" )
(mkRemovedOptionModule [ "services" "matrix-synapse" "registration_shared_secret" ] "Pass this value via extraConfigFiles instead" )
];
options = {
services.matrix-synapse = {
enable = mkEnableOption "matrix.org synapse";
configFile = mkOption {
type = types.str;
readOnly = true;
description = ''
Path to the configuration file on the target system. Useful to configure e.g. workers
that also need this.
'';
};
package = mkOption {
type = types.package;
default = pkgs.matrix-synapse;
defaultText = literalExpression "pkgs.matrix-synapse";
description = ''
Overridable attribute of the matrix synapse server package to use.
'';
};
plugins = mkOption {
type = types.listOf types.package;
default = [ ];
example = literalExpression ''
with config.services.matrix-synapse.package.plugins; [
matrix-synapse-ldap3
matrix-synapse-pam
];
'';
description = ''
List of additional Matrix plugins to make available.
'';
};
withJemalloc = mkOption {
type = types.bool;
default = false;
description = ''
Whether to preload jemalloc to reduce memory fragmentation and overall usage.
'';
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/matrix-synapse";
description = ''
The directory where matrix-synapse stores its stateful data such as
certificates, media and uploads.
'';
};
settings = mkOption {
default = {};
description = ''
The primary synapse configuration. See the
<link xlink:href="https://github.com/matrix-org/synapse/blob/v${cfg.package.version}/docs/sample_config.yaml">sample configuration</link>
for possible values.
Secrets should be passed in by using the <literal>extraConfigFiles</literal> option.
'';
type = with types; submodule {
freeformType = format.type;
options = {
# This is a reduced set of popular options and defaults
# Do not add every available option here, they can be specified
# by the user at their own discretion. This is a freeform type!
server_name = mkOption {
type = types.str;
example = "example.com";
default = config.networking.hostName;
defaultText = literalExpression "config.networking.hostName";
description = ''
The domain name of the server, with optional explicit port.
This is used by remote servers to look up the server address.
This is also the last part of your UserID.
The server_name cannot be changed later so it is important to configure this correctly before you start Synapse.
'';
};
enable_registration = mkOption {
type = types.bool;
default = false;
description = ''
Enable registration for new users.
'';
};
registration_shared_secret = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
If set, allows registration by anyone who also has the shared
secret, even if registration is otherwise disabled.
Secrets should be passed in via <literal>extraConfigFiles</literal>!
'';
};
macaroon_secret_key = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Secret key for authentication tokens. If none is specified,
the registration_shared_secret is used, if one is given; otherwise,
a secret key is derived from the signing key.
Secrets should be passed in via <literal>extraConfigFiles</literal>!
'';
};
enable_metrics = mkOption {
type = types.bool;
default = false;
description = ''
Enable collection and rendering of performance metrics
'';
};
report_stats = mkOption {
type = types.bool;
default = false;
description = ''
Whether or not to report anonymized homeserver usage statistics.
'';
};
signing_key_path = mkOption {
type = types.path;
default = "${cfg.dataDir}/homeserver.signing.key";
description = ''
Path to the signing key to sign messages with.
'';
};
pid_file = mkOption {
type = types.path;
default = "/run/matrix-synapse.pid";
readOnly = true;
description = ''
The file to store the PID in.
'';
};
log_config = mkOption {
type = types.path;
default = ./matrix-synapse-log_config.yaml;
description = ''
The file that holds the logging configuration.
'';
};
media_store_path = mkOption {
type = types.path;
default = if lib.versionAtLeast config.system.stateVersion "22.05"
then "${cfg.dataDir}/media_store"
else "${cfg.dataDir}/media";
description = ''
Directory where uploaded images and attachments are stored.
'';
};
public_baseurl = mkOption {
type = types.nullOr types.str;
default = null;
example = "https://example.com:8448/";
description = ''
The public-facing base URL for the client API (not including _matrix/...)
'';
};
tls_certificate_path = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/acme/example.com/fullchain.pem";
description = ''
PEM encoded X509 certificate for TLS.
You can replace the self-signed certificate that synapse
autogenerates on launch with your own SSL certificate + key pair
if you like. Any required intermediary certificates can be
appended after the primary certificate in hierarchical order.
'';
};
tls_private_key_path = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/acme/example.com/key.pem";
description = ''
PEM encoded private key for TLS. Specify null if synapse is not
speaking TLS directly.
'';
};
presence.enabled = mkOption {
type = types.bool;
default = true;
example = false;
description = ''
Whether to enable presence tracking.
Presence tracking allows users to see the state (e.g online/offline)
of other local and remote users.
'';
};
listeners = mkOption {
type = types.listOf (types.submodule {
options = {
port = mkOption {
type = types.port;
example = 8448;
description = ''
The port to listen for HTTP(S) requests on.
'';
};
bind_addresses = mkOption {
type = types.listOf types.str;
default = [
"::1"
"127.0.0.1"
];
example = literalExpression ''
[
"::"
"0.0.0.0"
]
'';
description = ''
IP addresses to bind the listener to.
'';
};
type = mkOption {
type = types.enum [
"http"
"manhole"
"metrics"
"replication"
];
default = "http";
example = "metrics";
description = ''
The type of the listener, usually http.
'';
};
tls = mkOption {
type = types.bool;
default = true;
example = false;
description = ''
Whether to enable TLS on the listener socket.
'';
};
x_forwarded = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Use the X-Forwarded-For (XFF) header as the client IP and not the
actual client IP.
'';
};
resources = mkOption {
type = types.listOf (types.submodule {
options = {
names = mkOption {
type = types.listOf (types.enum [
"client"
"consent"
"federation"
"keys"
"media"
"metrics"
"openid"
"replication"
"static"
]);
description = ''
List of resources to host on this listener.
'';
example = [
"client"
];
};
compress = mkOption {
type = types.bool;
description = ''
Should synapse compress HTTP responses to clients that support it?
This should be disabled if running synapse behind a load balancer
that can do automatic compression.
'';
};
};
});
description = ''
List of HTTP resources to serve on this listener.
'';
};
};
});
default = [ {
port = 8008;
bind_addresses = [ "127.0.0.1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [ {
names = [ "client" ];
compress = true;
} {
names = [ "federation" ];
compress = false;
} ];
} ];
description = ''
List of ports that Synapse should listen on, their purpose and their configuration.
'';
};
database.name = mkOption {
type = types.enum [
"sqlite3"
"psycopg2"
];
default = if versionAtLeast config.system.stateVersion "18.03"
then "psycopg2"
else "sqlite3";
defaultText = literalExpression ''
if versionAtLeast config.system.stateVersion "18.03"
then "psycopg2"
else "sqlite3"
'';
description = ''
The database engine name. Can be sqlite3 or psycopg2.
'';
};
database.args.database = mkOption {
type = types.str;
default = {
sqlite3 = "${cfg.dataDir}/homeserver.db";
psycopg2 = "matrix-synapse";
}.${cfg.settings.database.name};
defaultText = literalExpression ''
{
sqlite3 = "''${${options.services.matrix-synapse.dataDir}}/homeserver.db";
psycopg2 = "matrix-synapse";
}.''${${options.services.matrix-synapse.settings}.database.name};
'';
description = ''
Name of the database when using the psycopg2 backend,
path to the database location when using sqlite3.
'';
};
database.args.user = mkOption {
type = types.nullOr types.str;
default = {
sqlite3 = null;
psycopg2 = "matrix-synapse";
}.${cfg.settings.database.name};
description = ''
Username to connect with psycopg2, set to null
when using sqlite3.
'';
};
url_preview_enabled = mkOption {
type = types.bool;
default = true;
example = false;
description = ''
Is the preview URL API enabled? If enabled, you *must* specify an
explicit url_preview_ip_range_blacklist of IPs that the spider is
denied from accessing.
'';
};
url_preview_ip_range_blacklist = mkOption {
type = types.listOf types.str;
default = [
"10.0.0.0/8"
"100.64.0.0/10"
"127.0.0.0/8"
"169.254.0.0/16"
"172.16.0.0/12"
"192.0.0.0/24"
"192.0.2.0/24"
"192.168.0.0/16"
"192.88.99.0/24"
"198.18.0.0/15"
"198.51.100.0/24"
"2001:db8::/32"
"203.0.113.0/24"
"224.0.0.0/4"
"::1/128"
"fc00::/7"
"fe80::/10"
"fec0::/10"
"ff00::/8"
];
description = ''
List of IP address CIDR ranges that the URL preview spider is denied
from accessing.
'';
};
url_preview_ip_range_whitelist = mkOption {
type = types.listOf types.str;
default = [];
description = ''
List of IP address CIDR ranges that the URL preview spider is allowed
to access even if they are specified in url_preview_ip_range_blacklist.
'';
};
url_preview_url_blacklist = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Optional list of URL matches that the URL preview spider is
denied from accessing.
'';
};
max_upload_size = mkOption {
type = types.str;
default = "50M";
example = "100M";
description = ''
The largest allowed upload size in bytes
'';
};
max_image_pixels = mkOption {
type = types.str;
default = "32M";
example = "64M";
description = ''
Maximum number of pixels that will be thumbnailed
'';
};
dynamic_thumbnails = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether to generate new thumbnails on the fly to precisely match
the resolution requested by the client. If true then whenever
a new resolution is requested by the client the server will
generate a new thumbnail. If false the server will pick a thumbnail
from a precalculated list.
'';
};
turn_uris = mkOption {
type = types.listOf types.str;
default = [];
example = [
"turn:turn.example.com:3487?transport=udp"
"turn:turn.example.com:3487?transport=tcp"
"turns:turn.example.com:5349?transport=udp"
"turns:turn.example.com:5349?transport=tcp"
];
description = ''
The public URIs of the TURN server to give to clients
'';
};
turn_shared_secret = mkOption {
type = types.str;
default = "";
example = literalExpression ''
config.services.coturn.static-auth-secret
'';
description = ''
The shared secret used to compute passwords for the TURN server.
Secrets should be passed in via <literal>extraConfigFiles</literal>!
'';
};
trusted_key_servers = mkOption {
type = types.listOf (types.submodule {
options = {
server_name = mkOption {
type = types.str;
example = "matrix.org";
description = ''
Hostname of the trusted server.
'';
};
verify_keys = mkOption {
type = types.nullOr (types.attrsOf types.str);
default = null;
example = literalExpression ''
{
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
}
'';
description = ''
Attribute set from key id to base64 encoded public key.
If specified synapse will check that the response is signed
by at least one of the given keys.
'';
};
};
});
default = [ {
server_name = "matrix.org";
verify_keys = {
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
};
} ];
description = ''
The trusted servers to download signing keys from.
'';
};
app_service_config_files = mkOption {
type = types.listOf types.path;
default = [ ];
description = ''
A list of application service config file to use
'';
};
};
};
};
extraConfigFiles = mkOption {
type = types.listOf types.path;
default = [];
description = ''
Extra config files to include.
The configuration files will be included based on the command line
argument --config-path. This allows to configure secrets without
having to go through the Nix store, e.g. based on deployment keys if
NixOps is in use.
'';
};
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = hasLocalPostgresDB -> config.services.postgresql.enable;
message = ''
Cannot deploy matrix-synapse with a configuration for a local postgresql database
and a missing postgresql service. Since 20.03 it's mandatory to manually configure the
database (please read the thread in https://github.com/NixOS/nixpkgs/pull/80447 for
further reference).
If you
- try to deploy a fresh synapse, you need to configure the database yourself. An example
for this can be found in <nixpkgs/nixos/tests/matrix-synapse.nix>
- update your existing matrix-synapse instance, you simply need to add `services.postgresql.enable = true`
to your configuration.
For further information about this update, please read the release-notes of 20.03 carefully.
'';
}
];
services.matrix-synapse.configFile = configFile;
users.users.matrix-synapse = {
group = "matrix-synapse";
home = cfg.dataDir;
createHome = true;
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.matrix-synapse;
};
users.groups.matrix-synapse = {
gid = config.ids.gids.matrix-synapse;
};
systemd.services.matrix-synapse = {
description = "Synapse Matrix homeserver";
after = [ "network.target" ] ++ optional hasLocalPostgresDB "postgresql.service";
wantedBy = [ "multi-user.target" ];
preStart = ''
${cfg.package}/bin/synapse_homeserver \
--config-path ${configFile} \
--keys-directory ${cfg.dataDir} \
--generate-keys
'';
environment = {
PYTHONPATH = makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ];
} // optionalAttrs (cfg.withJemalloc) {
LD_PRELOAD = "${pkgs.jemalloc}/lib/libjemalloc.so";
};
serviceConfig = {
Type = "notify";
User = "matrix-synapse";
Group = "matrix-synapse";
WorkingDirectory = cfg.dataDir;
ExecStartPre = [ ("+" + (pkgs.writeShellScript "matrix-synapse-fix-permissions" ''
chown matrix-synapse:matrix-synapse ${cfg.dataDir}/homeserver.signing.key
chmod 0600 ${cfg.dataDir}/homeserver.signing.key
'')) ];
ExecStart = ''
${cfg.package}/bin/synapse_homeserver \
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
--keys-directory ${cfg.dataDir}
'';
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
Restart = "on-failure";
UMask = "0077";
};
};
environment.systemPackages = [ registerNewMatrixUser ];
};
meta = {
buildDocsInSandbox = false;
doc = ./matrix-synapse.xml;
maintainers = teams.matrix.members;
};
}

35
nixos/modules/services/misc/matrix-synapse.xml → nixos/modules/services/matrix/matrix-synapse.xml
View File

@ -115,20 +115,21 @@ in {
};
services.matrix-synapse = {
<link linkend="opt-services.matrix-synapse.enable">enable</link> = true;
<link linkend="opt-services.matrix-synapse.server_name">server_name</link> = config.networking.domain;
<link linkend="opt-services.matrix-synapse.listeners">listeners</link> = [
<link linkend="opt-services.matrix-synapse.settings.server_name">server_name</link> = config.networking.domain;
<link linkend="opt-services.matrix-synapse.settings.listeners">listeners</link> = [
{
<link linkend="opt-services.matrix-synapse.listeners._.port">port</link> = 8008;
<link linkend="opt-services.matrix-synapse.listeners._.bind_address">bind_address</link> = "::1";
<link linkend="opt-services.matrix-synapse.listeners._.type">type</link> = "http";
<link linkend="opt-services.matrix-synapse.listeners._.tls">tls</link> = false;
<link linkend="opt-services.matrix-synapse.listeners._.x_forwarded">x_forwarded</link> = true;
<link linkend="opt-services.matrix-synapse.listeners._.resources">resources</link> = [
{
<link linkend="opt-services.matrix-synapse.listeners._.resources._.names">names</link> = [ "client" "federation" ];
<link linkend="opt-services.matrix-synapse.listeners._.resources._.compress">compress</link> = false;
}
];
<link linkend="opt-services.matrix-synapse.settings.listeners._.port">port</link> = 8008;
<link linkend="opt-services.matrix-synapse.settings.listeners._.bind_addresses">bind_address</link> = [ "::1" ];
<link linkend="opt-services.matrix-synapse.settings.listeners._.type">type</link> = "http";
<link linkend="opt-services.matrix-synapse.settings.listeners._.tls">tls</link> = false;
<link linkend="opt-services.matrix-synapse.settings.listeners._.x_forwarded">x_forwarded</link> = true;
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources">resources</link> = [ {
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.names">names</link> = [ "client" ];
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.compress">compress</link> = true;
} {
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.names">names</link> = [ "federation" ];
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.compress">compress</link> = false;
} ];
}
];
};
@ -151,11 +152,11 @@ in {
<para>
If you want to run a server with public registration by anybody, you can
then enable <literal><link linkend="opt-services.matrix-synapse.enable_registration">services.matrix-synapse.enable_registration</link> =
then enable <literal><link linkend="opt-services.matrix-synapse.settings.enable_registration">services.matrix-synapse.enable_registration</link> =
true;</literal>. Otherwise, or you can generate a registration secret with
<command>pwgen -s 64 1</command> and set it with
<option><link linkend="opt-services.matrix-synapse.registration_shared_secret">services.matrix-synapse.registration_shared_secret</link></option>. To
create a new user or admin, run the following after you have set the secret
<option><link linkend="opt-services.matrix-synapse.settings.registration_shared_secret">services.matrix-synapse.registration_shared_secret</link></option>.
To create a new user or admin, run the following after you have set the secret
and have rebuilt NixOS:
<screen>
<prompt>$ </prompt>nix run nixpkgs.matrix-synapse
@ -170,7 +171,7 @@ Success!
<literal>@your-username:example.org</literal>. Note that the registration
secret ends up in the nix store and therefore is world-readable by any user
on your machine, so it makes sense to only temporarily activate the
<link linkend="opt-services.matrix-synapse.registration_shared_secret">registration_shared_secret</link>
<link linkend="opt-services.matrix-synapse.settings.registration_shared_secret">registration_shared_secret</link>
option until a better solution for NixOS is in place.
</para>
</section>

844
nixos/modules/services/misc/matrix-synapse.nix
View File

@ -1,844 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.matrix-synapse;
opt = options.services.matrix-synapse;
pg = config.services.postgresql;
usePostgresql = cfg.database_type == "psycopg2";
logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${boolToString r.compress}}'';
mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${boolToString l.tls}, x_forwarded: ${boolToString l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
pluginsEnv = cfg.package.python.buildEnv.override {
extraLibs = cfg.plugins;
};
configFile = pkgs.writeText "homeserver.yaml" ''
${optionalString (cfg.tls_certificate_path != null) ''
tls_certificate_path: "${cfg.tls_certificate_path}"
''}
${optionalString (cfg.tls_private_key_path != null) ''
tls_private_key_path: "${cfg.tls_private_key_path}"
''}
${optionalString (cfg.tls_dh_params_path != null) ''
tls_dh_params_path: "${cfg.tls_dh_params_path}"
''}
no_tls: ${boolToString cfg.no_tls}
${optionalString (cfg.bind_port != null) ''
bind_port: ${toString cfg.bind_port}
''}
${optionalString (cfg.unsecure_port != null) ''
unsecure_port: ${toString cfg.unsecure_port}
''}
${optionalString (cfg.bind_host != null) ''
bind_host: "${cfg.bind_host}"
''}
server_name: "${cfg.server_name}"
pid_file: "/run/matrix-synapse.pid"
${optionalString (cfg.public_baseurl != null) ''
public_baseurl: "${cfg.public_baseurl}"
''}
listeners: [${concatStringsSep "," (map mkListener cfg.listeners)}]
database: {
name: "${cfg.database_type}",
args: {
${concatStringsSep ",\n " (
mapAttrsToList (n: v: "\"${n}\": ${builtins.toJSON v}") cfg.database_args
)}
}
}
event_cache_size: "${cfg.event_cache_size}"
verbose: ${cfg.verbose}
log_config: "${logConfigFile}"
rc_messages_per_second: ${cfg.rc_messages_per_second}
rc_message_burst_count: ${cfg.rc_message_burst_count}
federation_rc_window_size: ${cfg.federation_rc_window_size}
federation_rc_sleep_limit: ${cfg.federation_rc_sleep_limit}
federation_rc_sleep_delay: ${cfg.federation_rc_sleep_delay}
federation_rc_reject_limit: ${cfg.federation_rc_reject_limit}
federation_rc_concurrent: ${cfg.federation_rc_concurrent}
media_store_path: "${cfg.dataDir}/media"
uploads_path: "${cfg.dataDir}/uploads"
max_upload_size: "${cfg.max_upload_size}"
max_image_pixels: "${cfg.max_image_pixels}"
dynamic_thumbnails: ${boolToString cfg.dynamic_thumbnails}
url_preview_enabled: ${boolToString cfg.url_preview_enabled}
${optionalString (cfg.url_preview_enabled == true) ''
url_preview_ip_range_blacklist: ${builtins.toJSON cfg.url_preview_ip_range_blacklist}
url_preview_ip_range_whitelist: ${builtins.toJSON cfg.url_preview_ip_range_whitelist}
url_preview_url_blacklist: ${builtins.toJSON cfg.url_preview_url_blacklist}
''}
recaptcha_private_key: "${cfg.recaptcha_private_key}"
recaptcha_public_key: "${cfg.recaptcha_public_key}"
enable_registration_captcha: ${boolToString cfg.enable_registration_captcha}
turn_uris: ${builtins.toJSON cfg.turn_uris}
turn_shared_secret: "${cfg.turn_shared_secret}"
enable_registration: ${boolToString cfg.enable_registration}
${optionalString (cfg.registration_shared_secret != null) ''
registration_shared_secret: "${cfg.registration_shared_secret}"
''}
recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
turn_user_lifetime: "${cfg.turn_user_lifetime}"
user_creation_max_duration: ${cfg.user_creation_max_duration}
bcrypt_rounds: ${cfg.bcrypt_rounds}
allow_guest_access: ${boolToString cfg.allow_guest_access}
account_threepid_delegates:
${optionalString (cfg.account_threepid_delegates.email != null) "email: ${cfg.account_threepid_delegates.email}"}
${optionalString (cfg.account_threepid_delegates.msisdn != null) "msisdn: ${cfg.account_threepid_delegates.msisdn}"}
room_prejoin_state:
disable_default_event_types: ${boolToString cfg.room_prejoin_state.disable_default_event_types}
additional_event_types: ${builtins.toJSON cfg.room_prejoin_state.additional_event_types}
${optionalString (cfg.macaroon_secret_key != null) ''
macaroon_secret_key: "${cfg.macaroon_secret_key}"
''}
expire_access_token: ${boolToString cfg.expire_access_token}
enable_metrics: ${boolToString cfg.enable_metrics}
report_stats: ${boolToString cfg.report_stats}
signing_key_path: "${cfg.dataDir}/homeserver.signing.key"
key_refresh_interval: "${cfg.key_refresh_interval}"
perspectives:
servers: {
${concatStringsSep "},\n" (mapAttrsToList (n: v: ''
"${n}": {
"verify_keys": {
${concatStringsSep "},\n" (mapAttrsToList (n: v: ''
"${n}": {
"key": "${v}"
}'') v)}
}
'') cfg.servers)}
}
}
redaction_retention_period: ${toString cfg.redaction_retention_period}
app_service_config_files: ${builtins.toJSON cfg.app_service_config_files}
${cfg.extraConfig}
'';
hasLocalPostgresDB = let args = cfg.database_args; in
usePostgresql && (!(args ? host) || (elem args.host [ "localhost" "127.0.0.1" "::1" ]));
registerNewMatrixUser =
let
isIpv6 = x: lib.length (lib.splitString ":" x) > 1;
listener =
lib.findFirst (
listener: lib.any (
resource: lib.any (
name: name == "client"
) resource.names
) listener.resources
) (lib.last cfg.listeners) cfg.listeners;
in
pkgs.writeShellScriptBin "matrix-synapse-register_new_matrix_user" ''
exec ${cfg.package}/bin/register_new_matrix_user \
$@ \
${lib.concatMapStringsSep " " (x: "-c ${x}") ([ configFile ] ++ cfg.extraConfigFiles)} \
"${listener.type}://${
if (isIpv6 listener.bind_address) then
"[${listener.bind_address}]"
else
"${listener.bind_address}"
}:${builtins.toString listener.port}/"
'';
in {
options = {
services.matrix-synapse = {
enable = mkEnableOption "matrix.org synapse";
configFile = mkOption {
type = types.str;
readOnly = true;
description = ''
Path to the configuration file on the target system. Useful to configure e.g. workers
that also need this.
'';
};
package = mkOption {
type = types.package;
default = pkgs.matrix-synapse;
defaultText = literalExpression "pkgs.matrix-synapse";
description = ''
Overridable attribute of the matrix synapse server package to use.
'';
};
plugins = mkOption {
type = types.listOf types.package;
default = [ ];
example = literalExpression ''
with config.services.matrix-synapse.package.plugins; [
matrix-synapse-ldap3
matrix-synapse-pam
];
'';
description = ''
List of additional Matrix plugins to make available.
'';
};
withJemalloc = mkOption {
type = types.bool;
default = false;
description = ''
Whether to preload jemalloc to reduce memory fragmentation and overall usage.
'';
};
no_tls = mkOption {
type = types.bool;
default = false;
description = ''
Don't bind to the https port
'';
};
bind_port = mkOption {
type = types.nullOr types.int;
default = null;
example = 8448;
description = ''
DEPRECATED: Use listeners instead.
The port to listen for HTTPS requests on.
For when matrix traffic is sent directly to synapse.
'';
};
unsecure_port = mkOption {
type = types.nullOr types.int;
default = null;
example = 8008;
description = ''
DEPRECATED: Use listeners instead.
The port to listen for HTTP requests on.
For when matrix traffic passes through loadbalancer that unwraps TLS.
'';
};
bind_host = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
DEPRECATED: Use listeners instead.
Local interface to listen on.
The empty string will cause synapse to listen on all interfaces.
'';
};
tls_certificate_path = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/matrix-synapse/homeserver.tls.crt";
description = ''
PEM encoded X509 certificate for TLS.
You can replace the self-signed certificate that synapse
autogenerates on launch with your own SSL certificate + key pair
if you like. Any required intermediary certificates can be
appended after the primary certificate in hierarchical order.
'';
};
tls_private_key_path = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/matrix-synapse/homeserver.tls.key";
description = ''
PEM encoded private key for TLS. Specify null if synapse is not
speaking TLS directly.
'';
};
tls_dh_params_path = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/matrix-synapse/homeserver.tls.dh";
description = ''
PEM dh parameters for ephemeral keys
'';
};
server_name = mkOption {
type = types.str;
example = "example.com";
default = config.networking.hostName;
defaultText = literalExpression "config.networking.hostName";
description = ''
The domain name of the server, with optional explicit port.
This is used by remote servers to look up the server address.
This is also the last part of your UserID.
The server_name cannot be changed later so it is important to configure this correctly before you start Synapse.
'';
};
public_baseurl = mkOption {
type = types.nullOr types.str;
default = null;
example = "https://example.com:8448/";
description = ''
The public-facing base URL for the client API (not including _matrix/...)
'';
};
listeners = mkOption {
type = types.listOf (types.submodule {
options = {
port = mkOption {
type = types.port;
example = 8448;
description = ''
The port to listen for HTTP(S) requests on.
'';
};
bind_address = mkOption {
type = types.str;
default = "";
example = "203.0.113.42";
description = ''
Local interface to listen on.
The empty string will cause synapse to listen on all interfaces.
'';
};
type = mkOption {
type = types.str;
default = "http";
description = ''
Type of listener.
'';
};
tls = mkOption {
type = types.bool;
default = true;
description = ''
Whether to listen for HTTPS connections rather than HTTP.
'';
};
x_forwarded = mkOption {
type = types.bool;
default = false;
description = ''
Use the X-Forwarded-For (XFF) header as the client IP and not the
actual client IP.
'';
};
resources = mkOption {
type = types.listOf (types.submodule {
options = {
names = mkOption {
type = types.listOf types.str;
description = ''
List of resources to host on this listener.
'';
example = ["client" "federation"];
};
compress = mkOption {
type = types.bool;
description = ''
Should synapse compress HTTP responses to clients that support it?
This should be disabled if running synapse behind a load balancer
that can do automatic compression.
'';
};
};
});
description = ''
List of HTTP resources to serve on this listener.
'';
};
};
});
default = [{
port = 8448;
bind_address = "";
type = "http";
tls = true;
x_forwarded = false;
resources = [
{ names = ["client"]; compress = true; }
{ names = ["federation"]; compress = false; }
];
}];
description = ''
List of ports that Synapse should listen on, their purpose and their configuration.
'';
};
verbose = mkOption {
type = types.str;
default = "0";
description = "Logging verbosity level.";
};
rc_messages_per_second = mkOption {
type = types.str;
default = "0.2";
description = "Number of messages a client can send per second";
};
rc_message_burst_count = mkOption {
type = types.str;
default = "10.0";
description = "Number of message a client can send before being throttled";
};
federation_rc_window_size = mkOption {
type = types.str;
default = "1000";
description = "The federation window size in milliseconds";
};
federation_rc_sleep_limit = mkOption {
type = types.str;
default = "10";
description = ''
The number of federation requests from a single server in a window
before the server will delay processing the request.
'';
};
federation_rc_sleep_delay = mkOption {
type = types.str;
default = "500";
description = ''
The duration in milliseconds to delay processing events from
remote servers by if they go over the sleep limit.
'';
};
federation_rc_reject_limit = mkOption {
type = types.str;
default = "50";
description = ''
The maximum number of concurrent federation requests allowed
from a single server
'';
};
federation_rc_concurrent = mkOption {
type = types.str;
default = "3";
description = "The number of federation requests to concurrently process from a single server";
};
database_type = mkOption {
type = types.enum [ "sqlite3" "psycopg2" ];
default = if versionAtLeast config.system.stateVersion "18.03"
then "psycopg2"
else "sqlite3";
defaultText = literalExpression ''
if versionAtLeast config.system.stateVersion "18.03"
then "psycopg2"
else "sqlite3"
'';
description = ''
The database engine name. Can be sqlite or psycopg2.
'';
};
database_name = mkOption {
type = types.str;
default = "matrix-synapse";
description = "Database name.";
};
database_user = mkOption {
type = types.str;
default = "matrix-synapse";
description = "Database user name.";
};
database_args = mkOption {
type = types.attrs;
default = {
sqlite3 = { database = "${cfg.dataDir}/homeserver.db"; };
psycopg2 = {
user = cfg.database_user;
database = cfg.database_name;
};
}.${cfg.database_type};
defaultText = literalDocBook ''
<variablelist>
<varlistentry>
<term>using sqlite3</term>
<listitem>
<programlisting>
{ database = "''${config.${opt.dataDir}}/homeserver.db"; }
</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term>using psycopg2</term>
<listitem>
<programlisting>
psycopg2 = {
user = config.${opt.database_user};
database = config.${opt.database_name};
}
</programlisting>
</listitem>
</varlistentry>
</variablelist>
'';
description = ''
Arguments to pass to the engine.
'';
};
event_cache_size = mkOption {
type = types.str;
default = "10K";
description = "Number of events to cache in memory.";
};
url_preview_enabled = mkOption {
type = types.bool;
default = false;
description = ''
Is the preview URL API enabled? If enabled, you *must* specify an
explicit url_preview_ip_range_blacklist of IPs that the spider is
denied from accessing.
'';
};
url_preview_ip_range_blacklist = mkOption {
type = types.listOf types.str;
default = [
"127.0.0.0/8"
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
"100.64.0.0/10"
"169.254.0.0/16"
"::1/128"
"fe80::/64"
"fc00::/7"
];
description = ''
List of IP address CIDR ranges that the URL preview spider is denied
from accessing.
'';
};
url_preview_ip_range_whitelist = mkOption {
type = types.listOf types.str;
default = [];
description = ''
List of IP address CIDR ranges that the URL preview spider is allowed
to access even if they are specified in
url_preview_ip_range_blacklist.
'';
};
url_preview_url_blacklist = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Optional list of URL matches that the URL preview spider is
denied from accessing.
'';
};
recaptcha_private_key = mkOption {
type = types.str;
default = "";
description = ''
This Home Server's ReCAPTCHA private key.
'';
};
recaptcha_public_key = mkOption {
type = types.str;
default = "";
description = ''
This Home Server's ReCAPTCHA public key.
'';
};
enable_registration_captcha = mkOption {
type = types.bool;
default = false;
description = ''
Enables ReCaptcha checks when registering, preventing signup
unless a captcha is answered. Requires a valid ReCaptcha
public/private key.
'';
};
turn_uris = mkOption {
type = types.listOf types.str;
default = [];
description = ''
The public URIs of the TURN server to give to clients
'';
};
turn_shared_secret = mkOption {
type = types.str;
default = "";
description = ''
The shared secret used to compute passwords for the TURN server
'';
};
turn_user_lifetime = mkOption {
type = types.str;
default = "1h";
description = "How long generated TURN credentials last";
};
enable_registration = mkOption {
type = types.bool;
default = false;
description = ''
Enable registration for new users.
'';
};
registration_shared_secret = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
If set, allows registration by anyone who also has the shared
secret, even if registration is otherwise disabled.
'';
};
enable_metrics = mkOption {
type = types.bool;
default = false;
description = ''
Enable collection and rendering of performance metrics
'';
};
report_stats = mkOption {
type = types.bool;
default = false;
description = "";
};
servers = mkOption {
type = types.attrsOf (types.attrsOf types.str);
default = {
"matrix.org" = {
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
};
};
description = ''
The trusted servers to download signing keys from.
'';
};
max_upload_size = mkOption {
type = types.str;
default = "10M";
description = "The largest allowed upload size in bytes";
};
max_image_pixels = mkOption {
type = types.str;
default = "32M";
description = "Maximum number of pixels that will be thumbnailed";
};
dynamic_thumbnails = mkOption {
type = types.bool;
default = false;
description = ''
Whether to generate new thumbnails on the fly to precisely match
the resolution requested by the client. If true then whenever
a new resolution is requested by the client the server will
generate a new thumbnail. If false the server will pick a thumbnail
from a precalculated list.
'';
};
user_creation_max_duration = mkOption {
type = types.str;
default = "1209600000";
description = ''
Sets the expiry for the short term user creation in
milliseconds. The default value is two weeks.
'';
};
bcrypt_rounds = mkOption {
type = types.str;
default = "12";
description = ''
Set the number of bcrypt rounds used to generate password hash.
Larger numbers increase the work factor needed to generate the hash.
'';
};
allow_guest_access = mkOption {
type = types.bool;
default = false;
description = ''
Allows users to register as guests without a password/email/etc, and
participate in rooms hosted on this server which have been made
accessible to anonymous users.
'';
};
account_threepid_delegates.email = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Delegate email sending to https://example.org
'';
};
account_threepid_delegates.msisdn = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Delegate SMS sending to this local process (https://localhost:8090)
'';
};
room_prejoin_state.additional_event_types = mkOption {
default = [];
type = types.listOf types.str;
description = ''
Additional events to share with users who received an invite.
'';
};
room_prejoin_state.disable_default_event_types = mkOption {
default = false;
type = types.bool;
description = ''
Whether to disable the default state-event types for users invited to a room.
These are:
<itemizedlist>
<listitem><para>m.room.join_rules</para></listitem>
<listitem><para>m.room.canonical_alias</para></listitem>
<listitem><para>m.room.avatar</para></listitem>
<listitem><para>m.room.encryption</para></listitem>
<listitem><para>m.room.name</para></listitem>
<listitem><para>m.room.create</para></listitem>
</itemizedlist>
'';
};
macaroon_secret_key = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Secret key for authentication tokens
'';
};
expire_access_token = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable access token expiration.
'';
};
key_refresh_interval = mkOption {
type = types.str;
default = "1d";
description = ''
How long key response published by this server is valid for.
Used to set the valid_until_ts in /key/v2 APIs.
Determines how quickly servers will query to check which keys
are still valid.
'';
};
app_service_config_files = mkOption {
type = types.listOf types.path;
default = [ ];
description = ''
A list of application service config file to use
'';
};
redaction_retention_period = mkOption {
type = types.int;
default = 7;
description = ''
How long to keep redacted events in unredacted form in the database.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Extra config options for matrix-synapse.
'';
};
extraConfigFiles = mkOption {
type = types.listOf types.path;
default = [];
description = ''
Extra config files to include.
The configuration files will be included based on the command line
argument --config-path. This allows to configure secrets without
having to go through the Nix store, e.g. based on deployment keys if
NixOPS is in use.
'';
};
logConfig = mkOption {
type = types.lines;
default = readFile ./matrix-synapse-log_config.yaml;
description = ''
A yaml python logging config file
'';
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/matrix-synapse";
description = ''
The directory where matrix-synapse stores its stateful data such as
certificates, media and uploads.
'';
};
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = hasLocalPostgresDB -> config.services.postgresql.enable;
message = ''
Cannot deploy matrix-synapse with a configuration for a local postgresql database
and a missing postgresql service. Since 20.03 it's mandatory to manually configure the
database (please read the thread in https://github.com/NixOS/nixpkgs/pull/80447 for
further reference).
If you
- try to deploy a fresh synapse, you need to configure the database yourself. An example
for this can be found in <nixpkgs/nixos/tests/matrix-synapse.nix>
- update your existing matrix-synapse instance, you simply need to add `services.postgresql.enable = true`
to your configuration.
For further information about this update, please read the release-notes of 20.03 carefully.
'';
}
];
services.matrix-synapse.configFile = "${configFile}";
users.users.matrix-synapse = {
group = "matrix-synapse";
home = cfg.dataDir;
createHome = true;
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.matrix-synapse;
};
users.groups.matrix-synapse = {
gid = config.ids.gids.matrix-synapse;
};
systemd.services.matrix-synapse = {
description = "Synapse Matrix homeserver";
after = [ "network.target" ] ++ optional hasLocalPostgresDB "postgresql.service";
wantedBy = [ "multi-user.target" ];
preStart = ''
${cfg.package}/bin/synapse_homeserver \
--config-path ${configFile} \
--keys-directory ${cfg.dataDir} \
--generate-keys
'';
environment = {
PYTHONPATH = makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ];
} // optionalAttrs (cfg.withJemalloc) {
LD_PRELOAD = "${pkgs.jemalloc}/lib/libjemalloc.so";
};
serviceConfig = {
Type = "notify";
User = "matrix-synapse";
Group = "matrix-synapse";
WorkingDirectory = cfg.dataDir;
ExecStartPre = [ ("+" + (pkgs.writeShellScript "matrix-synapse-fix-permissions" ''
chown matrix-synapse:matrix-synapse ${cfg.dataDir}/homeserver.signing.key
chmod 0600 ${cfg.dataDir}/homeserver.signing.key
'')) ];
ExecStart = ''
${cfg.package}/bin/synapse_homeserver \
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
--keys-directory ${cfg.dataDir}
'';
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
Restart = "on-failure";
UMask = "0077";
};
};
environment.systemPackages = [ registerNewMatrixUser ];
};
imports = [
(mkRemovedOptionModule [ "services" "matrix-synapse" "trusted_third_party_id_servers" ] ''
The `trusted_third_party_id_servers` option as been removed in `matrix-synapse` v1.4.0
as the behavior is now obsolete.
'')
(mkRemovedOptionModule [ "services" "matrix-synapse" "create_local_database" ] ''
Database configuration must be done manually. An exemplary setup is demonstrated in
<nixpkgs/nixos/tests/matrix-synapse.nix>
'')
(mkRemovedOptionModule [ "services" "matrix-synapse" "web_client" ] "")
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_invite_state_types" ] ''
You may add additional event types via
`services.matrix-synapse.room_prejoin_state.additional_event_types` and
disable the default events via
`services.matrix-synapse.room_prejoin_state.disable_default_event_types`.
'')
];
meta.doc = ./matrix-synapse.xml;
meta.maintainers = teams.matrix.members;
}

1
nixos/modules/services/networking/networkmanager.nix
View File

@ -556,6 +556,7 @@ in {
boot.kernelModules = [ "ctr" ];
security.polkit.enable = true;
security.polkit.extraConfig = polkitConf;
services.dbus.packages = cfg.packages

2
nixos/modules/services/wayland/cage.nix
View File

@ -81,6 +81,8 @@ in {
};
};
security.polkit.enable = true;
security.pam.services.cage.text = ''
auth required pam_unix.so nullok
account required pam_unix.so

2
nixos/modules/services/x11/display-managers/lightdm.nix
View File

@ -267,6 +267,8 @@ in
# Enable the accounts daemon to find lightdm's dbus interface
environment.systemPackages = [ lightdm ];
security.polkit.enable = true;
security.pam.services.lightdm.text = ''
auth substack login
account include login

3
nixos/modules/services/x11/xserver.nix
View File

@ -620,9 +620,6 @@ in
in optional (driver != null) ({ inherit name; modules = []; driverName = name; display = true; } // driver));
assertions = [
{ assertion = config.security.polkit.enable;
message = "X11 requires Polkit to be enabled (security.polkit.enable = true).";
}
(let primaryHeads = filter (x: x.primary) cfg.xrandrHeads; in {
assertion = length primaryHeads < 2;
message = "Only one head is allowed to be primary in "

42
nixos/tests/matrix-appservice-irc.nix
View File

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ... }:
let
homeserverUrl = "http://homeserver:8448";
homeserverUrl = "http://homeserver:8008";
in
{
name = "matrix-appservice-irc";
@ -14,28 +14,32 @@ import ./make-test-python.nix ({ pkgs, ... }:
specialisation.running.configuration = {
services.matrix-synapse = {
enable = true;
database_type = "sqlite3";
app_service_config_files = [ "/registration.yml" ];
settings = {
database.name = "sqlite3";
app_service_config_files = [ "/registration.yml" ];
enable_registration = true;
enable_registration = true;
listeners = [
# The default but tls=false
{
"bind_address" = "";
"port" = 8448;
"resources" = [
{ "compress" = true; "names" = [ "client" ]; }
{ "compress" = false; "names" = [ "federation" ]; }
listeners = [ {
# The default but tls=false
bind_addresses = [
"0.0.0.0"
];
"tls" = false;
"type" = "http";
"x_forwarded" = false;
}
];
port = 8008;
resources = [ {
"compress" = true;
"names" = [ "client" ];
} {
"compress" = false;
"names" = [ "federation" ];
} ];
tls = false;
type = "http";
} ];
};
};
networking.firewall.allowedTCPPorts = [ 8448 ];
networking.firewall.allowedTCPPorts = [ 8008 ];
};
};
@ -209,7 +213,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
)
homeserver.wait_for_unit("matrix-synapse.service")
homeserver.wait_for_open_port(8448)
homeserver.wait_for_open_port(8008)
with subtest("ensure messages can be exchanged"):
client.succeed("do_test ${homeserverUrl} >&2")

64
nixos/tests/matrix-synapse.nix
View File

@ -33,6 +33,29 @@ import ./make-test-python.nix ({ pkgs, ... } : let
testUser = "alice";
testPassword = "alicealice";
testEmail = "alice@example.com";
listeners = [ {
port = 8448;
bind_addresses = [
"127.0.0.1"
"::1"
];
type = "http";
tls = true;
x_forwarded = false;
resources = [ {
names = [
"client"
];
compress = true;
} {
names = [
"federation"
];
compress = false;
} ];
} ];
in {
name = "matrix-synapse";
@ -48,22 +71,24 @@ in {
{
services.matrix-synapse = {
enable = true;
database_type = "psycopg2";
tls_certificate_path = "${cert}";
tls_private_key_path = "${key}";
database_args = {
password = "synapse";
settings = {
inherit listeners;
database = {
name = "psycopg2";
args.password = "synapse";
};
tls_certificate_path = "${cert}";
tls_private_key_path = "${key}";
registration_shared_secret = registrationSharedSecret;
public_baseurl = "https://example.com";
email = {
smtp_host = mailerDomain;
smtp_port = 25;
require_transport_security = true;
notif_from = "matrix <matrix@${mailerDomain}>";
app_name = "Matrix";
};
};
registration_shared_secret = registrationSharedSecret;
public_baseurl = "https://example.com";
extraConfig = ''
email:
smtp_host: "${mailerDomain}"
smtp_port: 25
require_transport_security: true
notif_from: "matrix <matrix@${mailerDomain}>"
app_name: "Matrix"
'';
};
services.postgresql = {
enable = true;
@ -165,9 +190,12 @@ in {
serversqlite = args: {
services.matrix-synapse = {
enable = true;
database_type = "sqlite3";
tls_certificate_path = "${cert}";
tls_private_key_path = "${key}";
settings = {
inherit listeners;
database.name = "sqlite3";
tls_certificate_path = "${cert}";
tls_private_key_path = "${key}";
};
};
};
};

41
nixos/tests/matrix/mjolnir.nix
View File

@ -38,26 +38,31 @@ import ../make-test-python.nix (
homeserver = { pkgs, ... }: {
services.matrix-synapse = {
enable = true;
database_type = "sqlite3";
tls_certificate_path = "${cert}";
tls_private_key_path = "${key}";
enable_registration = true;
registration_shared_secret = "supersecret-registration";
settings = {
database.name = "sqlite3";
tls_certificate_path = "${cert}";
tls_private_key_path = "${key}";
enable_registration = true;
registration_shared_secret = "supersecret-registration";
listeners = [
# The default but tls=false
{
"bind_address" = "";
"port" = 8448;
"resources" = [
{ "compress" = true; "names" = [ "client" "webclient" ]; }
{ "compress" = false; "names" = [ "federation" ]; }
listeners = [ {
# The default but tls=false
bind_addresses = [
"0.0.0.0"
];
"tls" = false;
"type" = "http";
"x_forwarded" = false;
}
];
port = 8448;
resources = [ {
compress = true;
names = [ "client" ];
} {
compress = false;
names = [ "federation" ];
} ];
tls = false;
type = "http";
x_forwarded = false;
} ];
};
};
networking.firewall.allowedTCPPorts = [ 8448 ];

29
nixos/tests/matrix/pantalaimon.nix
View File

@ -47,9 +47,32 @@ import ../make-test-python.nix (
services.matrix-synapse = {
enable = true;
database_type = "sqlite3";
tls_certificate_path = "${cert}";
tls_private_key_path = "${key}";
settings = {
listeners = [ {
port = 8448;
bind_addresses = [
"127.0.0.1"
"::1"
];
type = "http";
tls = true;
x_forwarded = false;
resources = [ {
names = [
"client"
];
compress = true;
} {
names = [
"federation"
];
compress = false;
} ];
} ];
database.name = "sqlite3";
tls_certificate_path = "${cert}";
tls_private_key_path = "${key}";
};
};
};

1
nixos/tests/tinywl.nix
View File

@ -10,6 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
# Automatically login on tty1 as a normal user:
imports = [ ./common/user-account.nix ];
services.getty.autologinUser = "alice";
security.polkit.enable = true;
environment = {
systemPackages = with pkgs; [ tinywl foot wayland-utils ];

6
pkgs/applications/blockchains/erigon.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "erigon";
version = "2022.02.03";
version = "2022.02.04";
src = fetchFromGitHub {
owner = "ledgerwatch";
repo = pname;
rev = "v${version}";
sha256 = "sha256-M8rCLkKoCx+5Eg53HfK6Ui4UrYsujGd7G8ckONclhTM=";
sha256 = "sha256-86a1VtVyTRKpY41fAHskUfPZpXUutpyvxlRLhkiHTZ0=";
};
vendorSha256 = "sha256-loYo1nAR1lARsfoY5Q+k/tgVBxNxcr++zwUjLN3TRLA=";
vendorSha256 = "sha256-P3jdK+ubBHusTL4eWlA/TDJIrbuV17tL8Cv6c3ubjlc=";
proxyVendor = true;
# Build errors in mdbx when format hardening is enabled:

4
pkgs/applications/blockchains/exodus/default.nix
View File

@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core, libxkbcommon, mesa }:
stdenv.mkDerivation rec {
pname = "exodus";
version = "22.2.11";
version = "22.2.25";
src = fetchurl {
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
sha256 = "sha256-/K5dB5Qfaiv68YWTQ4j5QnqSo+TXPkWcQ+PlJpzDoe8=";
sha256 = "sha256-YbApI9rIk1653Hp3hsXJrxBMpaGn6Wv3WhZiQWAfPQM=";
};
sourceRoot = ".";

4
pkgs/applications/misc/mkgmap/default.nix
View File

@ -14,11 +14,11 @@ let
in
stdenv.mkDerivation rec {
pname = "mkgmap";
version = "4895";
version = "4896";
src = fetchurl {
url = "https://www.mkgmap.org.uk/download/mkgmap-r${version}-src.tar.gz";
sha256 = "jGSDH90ze0hHa9nAaeEkj1sfADEk7EatGrePM3+/SDk=";
sha256 = "1tPKZASmU0xfQgNZJYzhtvm0f7ynrWk/RWCFZ1kseKs=";
};
patches = [

11
pkgs/applications/misc/oil/default.nix → pkgs/applications/misc/oil-buku/default.nix
View File

@ -15,12 +15,6 @@ stdenvNoCC.mkDerivation rec {
substituteInPlace src/oil --replace \
"LIBDIR=/usr/local/lib/oil" "LIBDIR=${placeholder "out"}/lib"
substituteInPlace Makefile --replace \
"LIBDIR ?= /usr/local/lib/oil" "LIBDIR ?= ${placeholder "out"}/lib" \
substituteInPlace Makefile --replace \
"BINDIR ?= /usr/local/bin" "BINDIR ?= ${placeholder "out"}/bin"
substituteInPlace src/json-to-line.jq --replace \
"/usr/bin/env -S jq" "${jq}/bin/jq"
@ -28,6 +22,11 @@ stdenvNoCC.mkDerivation rec {
"/usr/bin/env -S awk" "${gawk}/bin/awk"
'';
makeFlags = [
"BINDIR=${placeholder "out"}/bin"
"LIBDIR=${placeholder "out"}/lib"
];
nativeBuildInputs = [ makeWrapper ];
postFixup = ''

24
pkgs/applications/misc/wego/default.nix
View File

@ -1,23 +1,21 @@
{ lib, buildGoPackage, fetchgit }:
{ lib, buildGoModule, fetchFromGitHub }:
buildGoPackage rec {
buildGoModule rec {
pname = "wego";
version = "unstable-2019-02-11";
rev = "994e4f141759a1070d7b0c8fbe5fad2cc7ee7d45";
version = "2.1";
goPackagePath = "github.com/schachmat/wego";
src = fetchgit {
inherit rev;
url = "https://github.com/schachmat/wego";
sha256 = "1affzwi5rbp4zkirhmby8bvlhsafw7a4rs27caqwyj8g3jhczmhy";
src = fetchFromGitHub {
owner = "schachmat";
repo = pname;
rev = version;
sha256 = "sha256-lMcrFwYtlnivNjSbzyiAEAVX6ME87yB/Em8Cxb1LUS4=";
};
goDeps = ./deps.nix;
vendorSha256 = "sha256-kv8c0TZdxCIfmkgCLDiNyoGqQZEKUlrNLEbjlG9rSPs=";
meta = {
license = lib.licenses.isc;
meta = with lib; {
homepage = "https://github.com/schachmat/wego";
description = "Weather app for the terminal";
license = licenses.isc;
};
}

48
pkgs/applications/misc/wego/deps.nix generated
View File

@ -1,48 +0,0 @@
# This file was generated by https://github.com/kamilchm/go2nix v1.3.0
[
{
goPackagePath = "github.com/mattn/go-colorable";
fetch = {
type = "git";
url = "https://github.com/mattn/go-colorable";
rev = "98ec13f34aabf44cc914c65a1cfb7b9bc815aef1";
sha256 = "1yxcz08kminqr1221zxpibnbzfcgs3fafin0z9zqb3gqvf74jywz";
};
}
{
goPackagePath = "github.com/mattn/go-isatty";
fetch = {
type = "git";
url = "https://github.com/mattn/go-isatty";
rev = "31745d66dd679ac0ac4f8d3ecff168fce6170c6a";
sha256 = "0h671sv7hfprja495kavazkalkx7xzaqksjh13brcnwq67ijrali";
};
}
{
goPackagePath = "github.com/mattn/go-runewidth";
fetch = {
type = "git";
url = "https://github.com/mattn/go-runewidth";
rev = "18c3d09a134a52720932bbaa92c798a0ab111004";
sha256 = "1snr8mk63vz2h44knq26dm81p83887v7kb09iywqmx0nqzngih66";
};
}
{
goPackagePath = "github.com/schachmat/ingo";
fetch = {
type = "git";
url = "https://github.com/schachmat/ingo";
rev = "a4bdc0729a3fda62cc4069b6e490fc657fd54e33";
sha256 = "1gw0kddy7jh3467imsqni86cf9yq7k6vpfc0ywkbwj0zsjsdgd49";
};
}
{
goPackagePath = "golang.org/x/sys";
fetch = {
type = "git";
url = "https://go.googlesource.com/sys";
rev = "b016eb3dc98ea7f69ed55e8216b87187067ae621";
sha256 = "1k0qr26046d228gi6ngkfxp4m1rjgxk4jj75h0kh1cpyp91n5rja";
};
}
]

1
pkgs/applications/office/paperwork/openpaperwork-core.nix
View File

@ -39,5 +39,6 @@ buildPythonPackage rec {
homepage = "https://openpaper.work/";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ aszlig symphorien ];
platforms = lib.platforms.linux;
};
}

1
pkgs/applications/office/paperwork/openpaperwork-gtk.nix
View File

@ -49,5 +49,6 @@ buildPythonPackage rec {
homepage = "https://openpaper.work/";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ aszlig symphorien ];
platforms = lib.platforms.linux;
};
}

22
pkgs/applications/office/paperwork/paperwork-gtk.nix
View File

@ -16,6 +16,7 @@
, texlive
, imagemagick
, perlPackages
, writeScript
}:
let
@ -27,12 +28,19 @@ let
imagemagick
perlPackages.Po4a
];
inherit (import ./src.nix { inherit fetchFromGitLab; }) version src sample_documents;
in
python3Packages.buildPythonApplication rec {
inherit (import ./src.nix { inherit fetchFromGitLab; }) version src sample_documents;
inherit src version;
pname = "paperwork";
sample_docs = sample_documents // {
# a trick for the update script
name = "sample_documents";
src = sample_documents;
};
sourceRoot = "source/paperwork-gtk";
# Patch out a few paths that assume that we're using the FHS:
@ -69,7 +77,7 @@ python3Packages.buildPythonApplication rec {
export XDG_DATA_DIRS=$XDG_DATA_DIRS:${gnome.adwaita-icon-theme}/share
# build the user manual
PATH=$out/bin:$PATH PAPERWORK_TEST_DOCUMENTS=${sample_documents} make data
PATH=$out/bin:$PATH PAPERWORK_TEST_DOCUMENTS=${sample_docs} make data
for i in src/paperwork_gtk/model/help/out/*.pdf; do
install -Dt $site/model/help/out $i
done
@ -122,12 +130,20 @@ python3Packages.buildPythonApplication rec {
openpaperwork-core
pypillowfight
pyxdg
python-dateutil
setuptools
];
disallowedRequisites = documentation_deps;
passthru.updateScript = writeScript "update.sh" ''
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl common-updater-scripts
version=$(list-git-tags https://gitlab.gnome.org/World/OpenPaperwork/paperwork.git | sed 's/^v//' | sort -V | tail -n1)
update-source-version paperwork "$version" --file=pkgs/applications/office/paperwork/src.nix
docs_version="$(curl https://gitlab.gnome.org/World/OpenPaperwork/paperwork/-/raw/$version/paperwork-gtk/src/paperwork_gtk/model/help/screenshot.sh | grep TEST_DOCS_TAG= | cut -d'"' -f2)"
update-source-version paperwork.sample_docs "$docs_version" --file=pkgs/applications/office/paperwork/src.nix --version-key=rev
'';
meta = {
description = "A personal document manager for scanned documents";
homepage = "https://openpaper.work/";

4
pkgs/applications/office/paperwork/src.nix
View File

@ -1,13 +1,13 @@
{fetchFromGitLab}:
rec {
version = "2.1.0";
version = "2.1.1";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
repo = "paperwork";
group = "World";
owner = "OpenPaperwork";
rev = version;
sha256 = "0d1cw6k1giqs8ji8h3h97ckb134s8pszgip0nac5hmw0mvqq84xa";
sha256 = "2M2eMP54F3RRDMBuAZ1gBiBoMmTRJaHTUwtTjj4ZU+4=";
};
sample_documents = fetchFromGitLab {
domain = "gitlab.gnome.org";

4
pkgs/applications/radio/urh/default.nix
View File

@ -6,13 +6,13 @@
python3Packages.buildPythonApplication rec {
pname = "urh";
version = "2.9.2";
version = "2.9.3";
src = fetchFromGitHub {
owner = "jopohl";
repo = pname;
rev = "v${version}";
sha256 = "0ibcr2ypnyl2aq324sbmmr18ksxszg81yrhybawx46ba9vym6j99";
sha256 = "sha256-TrvyPcpSMACrbKPVOjxHsVsC28LmruiVO/CyCPh0KZ8=";
};
nativeBuildInputs = [ qt5.wrapQtAppsHook ];

4
pkgs/applications/terminal-emulators/xterm/default.nix
View File

@ -4,14 +4,14 @@
stdenv.mkDerivation rec {
pname = "xterm";
version = "370";
version = "371";
src = fetchurl {
urls = [
"ftp://ftp.invisible-island.net/xterm/${pname}-${version}.tgz"
"https://invisible-mirror.net/archives/xterm/${pname}-${version}.tgz"
];
sha256 = "ljxdhAoPD0wHf/KEWG6LH4Pz+YPcpvdPSzYZdbU4jII=";
sha256 = "MviIJ3sZ4o68CjESv/AAYHwHvtBnnKoL7rs2+crUhPU=";
};
strictDeps = true;

6
pkgs/applications/version-management/git-and-tools/lucky-commit/default.nix
View File

@ -9,16 +9,16 @@
rustPlatform.buildRustPackage rec {
pname = "lucky-commit";
version = "2.1.0";
version = "2.1.1";
src = fetchFromGitHub {
owner = "not-an-aardvark";
repo = pname;
rev = "v${version}";
sha256 = "0vs668i1yglfcqs94jhwdk90v0lja2w5kr5gakz082wykilms0zg";
sha256 = "sha256-FnH9rDy6opu0WJnCgAFvxJXWKyD2v5eGPNmbC1cvzko=";
};
cargoSha256 = "sha256-MvopLKhovwXaEmRgXnAzJeuhPgqnMjt0EtKUGSWFpaY=";
cargoSha256 = "sha256-iEYkOPAcWIwK7mthovrGFHfp/NsQ4ycqiTZvkHnYWzA=";
buildInputs = lib.optional withOpenCL (if stdenv.isDarwin then OpenCL else ocl-icd);

25
pkgs/data/misc/spdx-license-list-data/default.nix
View File

@ -2,28 +2,45 @@
stdenvNoCC.mkDerivation rec {
pname = "spdx-license-list-data";
version = "3.15";
version = "3.16";
src = fetchFromGitHub {
owner = "spdx";
repo = "license-list-data";
rev = "v${version}";
sha256 = "0r88j00shmhayfq8avswaxsaj1my1vq540rg0srma29862vrjpfk";
hash = "sha256-FPN9EIwXtz0b1tUZ/AOWK2zj2nfd5+POGmRC52mSzcA=";
};
# List of file formats to package.
_types = [ "html" "json" "jsonld" "rdfa" "rdfnt" "rdfturtle" "rdfxml" "template" "text" ];
outputs = [ "out" ] ++ _types;
dontPatch = true;
dontConfigure = true;
dontBuild = true;
installPhase = ''
runHook preInstall
install -vDt $out/json json/licenses.json
mkdir -pv $out
for t in $_types
do
_outpath=''${!t}
mkdir -pv $_outpath
cp -ar $t $_outpath && echo "$t format installed"
done
runHook postInstall
'';
dontFixup = true;
meta = with lib; {
description = "Various data formats for the SPDX License List";
homepage = "https://github.com/spdx/license-list-data";
license = licenses.cc0;
maintainers = with maintainers; [ oxzi ];
maintainers = with maintainers; [ oxzi c0bw3b ];
platforms = platforms.all;
};
}

47
pkgs/development/embedded/platformio/core.nix
View File

@ -9,54 +9,32 @@
let
python = python3.override {
packageOverrides = self: super: {
aiofiles = super.aiofiles.overridePythonAttrs (oldAttrs: rec {
version = "0.8.0";
src = fetchFromGitHub {
owner = "Tinche";
repo = "aiofiles";
rev = "v${version}";
sha256 = "0mr9pzji4vqyf2yzh8yxz5q7fm8mgmkimx1xh49wh625m72pxcap";
};
});
asgiref = super.asgiref.overridePythonAttrs (oldAttrs: rec {
version = "3.4.1";
src = fetchFromGitHub {
owner = "django";
repo = "asgiref";
rev = version;
sha256 = "0440321alpqb1cdsmfzmiiy8rpq0ic0wvraalzk39cgrl7mghw39";
};
});
click = super.click.overridePythonAttrs (oldAttrs: rec {
version = "8.0.3";
src = fetchFromGitHub {
owner = "pallets";
repo = "click";
rev = version;
sha256 = "0pxvxgfhqjgsjbgfnilqjki1l24r0rdfd98cl77i71yqdd2f497g";
semantic-version = super.semantic-version.overridePythonAttrs (oldAttrs: rec {
version = "2.9.0";
src = fetchPypi {
pname = "semantic_version";
version = version;
sha256 = "1chjd8019wnwb5mnd4x4jw9f8nhzg0xnapsdznk0fpiyamrlixdb";
};
});
starlette = super.starlette.overridePythonAttrs (oldAttrs: rec {
version = "0.17.0";
version = "0.18.0";
src = fetchFromGitHub {
owner = "encode";
repo = "starlette";
rev = version;
sha256 = "1g76qpvqzivmwll5ir4bf45jx5kilnkadvy6b7qjisvr402i3qmw";
sha256 = "1dpj33cggjjvpd3qdf6hv04z5ckcn9f5dfn98p5a8hx262kgsr9p";
};
disabledTestPaths = [];
});
uvicorn = super.uvicorn.overridePythonAttrs (oldAttrs: rec {
version = "0.16.0";
version = "0.17.0";
src = fetchFromGitHub {
owner = "encode";
repo = "uvicorn";
rev = version;
sha256 = "14jih6j4q2qp5c9rgl798i5p51b4y6zkkj434q2l1naw0csphk4s";
sha256 = "142x8skb1yfys6gndfaay2r240j56dkr006p49pw4y9i0v85kynp";
};
});
};
@ -80,6 +58,7 @@ with python.pkgs; buildPythonApplication rec {
pyserial
requests
semantic-version
spdx-license-list-data.json
starlette
tabulate
uvicorn
@ -171,7 +150,7 @@ with python.pkgs; buildPythonApplication rec {
postPatch = ''
substitute platformio/package/manifest/schema.py platformio/package/manifest/schema.py \
--subst-var-by SPDX_LICENSE_LIST_DATA '${spdx-license-list-data}'
--subst-var-by SPDX_LICENSE_LIST_DATA '${spdx-license-list-data.json}'
substituteInPlace setup.py \
--replace "zeroconf==0.37.*" "zeroconf"
@ -180,7 +159,7 @@ with python.pkgs; buildPythonApplication rec {
meta = with lib; {
broken = stdenv.isAarch64;
description = "An open source ecosystem for IoT development";
homepage = "http://platformio.org";
homepage = "https://platformio.org";
license = licenses.asl20;
maintainers = with maintainers; [ mog makefu ];
};

4
pkgs/development/embedded/platformio/default.nix
View File

@ -4,14 +4,14 @@
let
callPackage = newScope self;
version = "5.2.4";
version = "5.2.5";
# pypi tarballs don't contain tests - https://github.com/platformio/platformio-core/issues/1964
src = fetchFromGitHub {
owner = "platformio";
repo = "platformio-core";
rev = "v${version}";
sha256 = "1dhyxrdxrca669qm6alxxn2jmvcwlpqrx9kfwh4iqy9za5717ag9";
sha256 = "1x1jqprwzpb09ca953rqbh2jvizh7bz8yj30krphb6007bnjilwy";
};
self = {

2
pkgs/development/embedded/platformio/fix-searchpath.patch
View File

@ -2,7 +2,7 @@ diff --git a/platformio/proc.py b/platformio/proc.py
index 80e50201..15cee5a5 100644
--- a/platformio/proc.py
+++ b/platformio/proc.py
@@ -167,7 +167,7 @@ def copy_pythonpath_to_osenv():
@@ -181,7 +181,7 @@ def copy_pythonpath_to_osenv():
conditions.append(isdir(join(p, "click")) or isdir(join(p, "platformio")))
if all(conditions):
_PYTHONPATH.append(p)

2
pkgs/development/embedded/platformio/use-local-spdx-license-list.patch
View File

@ -6,7 +6,7 @@ index 416dccfd..896c3649 100644
@staticmethod
@memoized(expire="1h")
def load_spdx_licenses():
- version = "3.15"
- version = "3.16"
- spdx_data_url = (
- "https://raw.githubusercontent.com/spdx/license-list-data/"
- "v%s/json/licenses.json" % version

4
pkgs/development/interpreters/clojure/babashka.nix
View File

@ -2,11 +2,11 @@
buildGraalvmNativeImage rec {
pname = "babashka";
version = "0.7.6";
version = "0.7.7";
src = fetchurl {
url = "https://github.com/babashka/${pname}/releases/download/v${version}/${pname}-${version}-standalone.jar";
sha256 = "sha256-bRuf9qUBgb+1Sr2US67NZZrrb2MycSvNbekLLSpvZss=";
sha256 = "sha256-4aYYm2gCtfp+OiY6ouaTn4giHbX6JyULBHMpDnGMpbs=";
};
executable = "bb";

4
pkgs/development/libraries/science/math/suitesparse-graphblas/default.nix
View File

@ -6,7 +6,7 @@
stdenv.mkDerivation rec {
pname = "suitesparse-graphblas";
version = "6.2.1";
version = "6.2.2";
outputs = [ "out" "dev" ];
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
owner = "DrTimothyAldenDavis";
repo = "GraphBLAS";
rev = "v${version}";
sha256 = "sha256-YgQdhXxXcvhQ10hCGrGM49jjY4jyzqH9ea+gltdh+Uc=";
sha256 = "sha256-uSPE7uFiG4xbsAeo/UmOP5Ns+3yZ7kKL2bNxzd8mzP8=";
};
nativeBuildInputs = [

4
pkgs/development/python-modules/mathlibtools/default.nix
View File

@ -3,11 +3,11 @@
buildPythonPackage rec {
pname = "mathlibtools";
version = "1.1.0";
version = "1.1.1";
src = fetchPypi {
inherit pname version;
sha256 = "789f070f35424e89e4f2e2c007382250133cc48877627e37c5c463bcf4a1b58a";
sha256 = "sha256-0iW7SWIxb+Ek4T26hru5EgBgXfqRh6zOR73GAgLFNyE=";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/openai/default.nix
View File

@ -17,7 +17,7 @@
buildPythonPackage rec {
pname = "openai";
version = "0.14.0";
version = "0.15.0";
disabled = pythonOlder "3.7.1";
@ -26,7 +26,7 @@ buildPythonPackage rec {
owner = "openai";
repo = "openai-python";
rev = "v${version}";
sha256 = "sha256-AFfbMeYxdZaIABhf4XpszhLvFuMJebhl07sv9kuiknA=";
sha256 = "sha256-HOMBVrAz3cP8r4w8CKXKy6epxf00myYJiKv1PQ1iqhQ=";
};
propagatedBuildInputs = [

4
pkgs/development/tools/analysis/pmd/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "pmd";
version = "6.42.0";
version = "6.43.0";
src = fetchurl {
url = "mirror://sourceforge/pmd/pmd-bin-${version}.zip";
sha256 = "sha256-rVqHMhiuFLVTz/J9TGnA/42m9GaGORsf+CrUUqsdUfs=";
sha256 = "sha256-+eJCN890vm4WBcMZ2VCGOS8WUyIckL+DfQVNaUSovGE=";
};
nativeBuildInputs = [ unzip makeWrapper ];

6
pkgs/development/tools/ent/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "ent-go";
version = "0.10.0";
version = "0.10.1";
src = fetchFromGitHub {
owner = "ent";
repo = "ent";
rev = "v${version}";
sha256 = "sha256-TG08GRo1gNxC5iHt/Md5WVWaEQ1m2mUDGqpuxw8Pavg=";
sha256 = "sha256-MvfbQKGVYWbZkqc3X3BqsB+z2KMkr0gMOquL02qHwUY=";
};
vendorSha256 = "sha256-n5dS78SSBAEgE4/9jMZZhbOQZ3IGi9n3ErA0ioP9Tsg=";
vendorSha256 = "sha256-BF2eD/jOtY1XhZ0hB7f3/frKQYwS9PbuGxum5SSnjzA=";
subPackages = [ "cmd/ent" ];

4
pkgs/development/tools/minizinc/default.nix
View File

@ -1,7 +1,7 @@
{ lib, stdenv, fetchFromGitHub, cmake, flex, bison }:
stdenv.mkDerivation rec {
pname = "minizinc";
version = "2.6.0";
version = "2.6.1";
nativeBuildInputs = [ cmake flex bison ];
@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
owner = "MiniZinc";
repo = "libminizinc";
rev = version;
sha256 = "sha256-eeviSmbXSZdW27IGZ2EZjV9eKn6aW1wxzhiRC/LaOX4=";
sha256 = "sha256-JCR2wvtMNyHBIIqrH5eBc0CIOVyo8mnPUZXtwjJt3sw=";
};
meta = with lib; {

2
pkgs/os-specific/linux/dddvb/default.nix
View File

@ -6,7 +6,7 @@
stdenv.mkDerivation rec {
pname = "dddvb";
version = "0.9.33-404-ge9ccab3";
version = "0.9.38-pre.4";
src = fetchFromGitHub {
owner = "DigitalDevices";

8
pkgs/servers/mail/dovecot/plugins/fts_xapian/default.nix
View File

@ -1,16 +1,16 @@
{ lib, stdenv, fetchFromGitHub, autoconf, automake, pkg-config, dovecot, libtool, xapian, icu64 }:
{ lib, stdenv, fetchFromGitHub, autoconf, automake, sqlite, pkg-config, dovecot, libtool, xapian, icu64 }:
stdenv.mkDerivation rec {
pname = "dovecot-fts-xapian";
version = "1.5.2";
version = "1.5.4";
src = fetchFromGitHub {
owner = "grosjo";
repo = "fts-xapian";
rev = version;
sha256 = "1ap4jb43gvy7caa8lg2hg811q0n5c2gqbmcjl4126wz44hb7waa1";
sha256 = "sha256-3vrcaBsarJNECwfzUOrUnjD555E2dgbFiiEJR5bN3qM=";
};
buildInputs = [ dovecot xapian icu64 ];
buildInputs = [ dovecot xapian icu64 sqlite ];
nativeBuildInputs = [ autoconf automake libtool pkg-config ];

4
pkgs/servers/sickbeard/sickgear.nix
View File

@ -4,13 +4,13 @@ let
pythonEnv = python3.withPackages(ps: with ps; [ cheetah3 ]);
in stdenv.mkDerivation rec {
pname = "sickgear";
version = "0.25.26";
version = "0.25.28";
src = fetchFromGitHub {
owner = "SickGear";
repo = "SickGear";
rev = "release_${version}";
sha256 = "153zd0yq39vmh00ydw42yw8dx18cy3as36xml228hq244cxypkwp";
sha256 = "16d0yvsp9yp67q1clhjs77syd13bmfgbadxcc1x8yfrfvdy6v39l";
};
dontBuild = true;

4
pkgs/servers/zigbee2mqtt/default.nix
View File

@ -3,14 +3,14 @@ let
package = (import ./node.nix { inherit pkgs; inherit (stdenv.hostPlatform) system; }).package;
in
package.override rec {
version = "1.23.0";
version = "1.24.0";
reconstructLock = true;
src = pkgs.fetchFromGitHub {
owner = "Koenkk";
repo = "zigbee2mqtt";
rev = version;
sha256 = "0mf6ya5pw5gh0ld0j5dlsicx3ndhfrm3q683faqcm4ks7c5kjhax";
sha256 = "epQXexhTT6xuB50eudRRzTZHGv0vX+hgMUZcm36red4=";
};
passthru.tests.zigbee2mqtt = nixosTests.zigbee2mqtt;

2357
pkgs/servers/zigbee2mqtt/node-packages.nix generated
View File

File diff suppressed because it is too large Load Diff

6
pkgs/tools/admin/stripe-cli/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "stripe-cli";
version = "1.7.13";
version = "1.8.0";
src = fetchFromGitHub {
owner = "stripe";
repo = pname;
rev = "v${version}";
sha256 = "sha256-XYhOBEpHVAJ/PHovMylme56le33IUM5C9HEZAm/gG3I=";
sha256 = "sha256-5Dvmlzhu7xqJAcAdyjPJ/iMooK7N+Qv8J93uEySYb/s=";
};
vendorSha256 = "sha256-OP39ZuWBz/lutuYGbYLVEtjIirXq89QTdltq2v0NWRE=";
vendorSha256 = "sha256-KgoSJcVUtE4ryJLtQXNCdl51sgO94vyb682OdL5CYw8=";
subPackages = [
"cmd/stripe"

4
pkgs/tools/misc/calamares/default.nix
View File

@ -6,12 +6,12 @@
mkDerivation rec {
pname = "calamares";
version = "3.2.44.3";
version = "3.2.51";
# release including submodule
src = fetchurl {
url = "https://github.com/${pname}/${pname}/releases/download/v${version}/${pname}-${version}.tar.gz";
sha256 = "sha256-p3ctULrzXPt9dNs8Ckb7cqdOBpp4qOmEwu0dEVq8lEw=";
sha256 = "sha256-MOs+VoqzHYRSXbOO8voj+3jvtYQnWyYAcTelS594LXA=";
};
nativeBuildInputs = [ cmake extra-cmake-modules ];

4
pkgs/tools/misc/esphome/default.nix
View File

@ -15,14 +15,14 @@ let
in
with python.pkgs; buildPythonApplication rec {
pname = "esphome";
version = "2022.2.5";
version = "2022.2.6";
format = "setuptools";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = version;
sha256 = "sha256-ZHxPiQEqFmW9tYv5SaHutOuBh7gsmN4Ux4+sMAJRIk4=";
sha256 = "sha256-AoSFtEg7GpUBdIrFCYlOMBRc2nBBtiFEkxoZnKC/xyQ=";
};
postPatch = ''

4
pkgs/tools/networking/i2pd/default.nix
View File

@ -10,13 +10,13 @@ assert upnpSupport -> miniupnpc != null;
stdenv.mkDerivation rec {
pname = "i2pd";
version = "2.40.0";
version = "2.41.0";
src = fetchFromGitHub {
owner = "PurpleI2P";
repo = pname;
rev = version;
sha256 = "sha256-Cld5TP2YoLzm73q7uP/pwqEeUsT5uMPAUx9HABOVeZA=";
sha256 = "sha256-fQqbZYb0brGmGf7Yc/2Zd5BZ+YOkGYC3o9uhShYdAE4=";
};
buildInputs = with lib; [ boost zlib openssl ]

4
pkgs/tools/networking/kea/default.nix
View File

@ -14,11 +14,11 @@
stdenv.mkDerivation rec {
pname = "kea";
version = "2.0.1"; # only even minor versions are stable
version = "2.0.2"; # only even minor versions are stable
src = fetchurl {
url = "https://ftp.isc.org/isc/${pname}/${version}/${pname}-${version}.tar.gz";
sha256 = "sha256-9Qu5qVTjFDFrQDOhddyAdJa7nBdUEQvZKiHBZanoTFc=";
sha256 = "sha256-jSghO9yOK7hwo4OzCsHlPVTh66Q9L4blFRsItmqmzzI=";
};
patches = [ ./dont-create-var.patch ];

4
pkgs/tools/networking/whois/default.nix
View File

@ -1,14 +1,14 @@
{ lib, stdenv, fetchFromGitHub, perl, gettext, pkg-config, libidn2, libiconv }:
stdenv.mkDerivation rec {
version = "5.5.11";
version = "5.5.12";
pname = "whois";
src = fetchFromGitHub {
owner = "rfc1036";
repo = "whois";
rev = "v${version}";
sha256 = "sha256-+fNld+stSniuQV2zx+Qd4s2ZSwNLmnve/tXg36MC2nM=";
sha256 = "sha256-UJy71VKEKPYfRXZB2lJiy6Ua6BkGW9Uz0zXciZC4oJE=";
};
nativeBuildInputs = [ perl gettext pkg-config ];

6
pkgs/tools/security/nuclei/default.nix
View File

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "nuclei";
version = "2.6.2";
version = "2.6.3";
src = fetchFromGitHub {
owner = "projectdiscovery";
repo = pname;
rev = "v${version}";
sha256 = "sha256-tu7jj2rRREXH9jsQBWXncjCD6MXCddB99mr6h9ng8GA=";
sha256 = "sha256-4jByNyO0EvJ2ppdg21+7YfeB9arjBZALrOm5MJlkZsg=";
};
vendorSha256 = "sha256-ezUknVPlIbiy6PmpOgkUQU4kfH2Ic8Wn64zwoyqJMl0=";
vendorSha256 = "sha256-717+jJiyqmctR9Yb/XnnKd1N+31K2+xO1XClGMKlL+k=";
modRoot = "./v2";
subPackages = [

2
pkgs/top-level/all-packages.nix
View File

@ -3637,7 +3637,7 @@ with pkgs;
odafileconverter = libsForQt5.callPackage ../applications/graphics/odafileconverter {};
oil-buku = callPackage ../applications/misc/oil { };
oil-buku = callPackage ../applications/misc/oil-buku { };
ossutil = callPackage ../tools/admin/ossutil {};