Merge master into staging-next
This commit is contained in:
commit
ca63714c0f
31
.github/workflows/wait-ofborg.yml
vendored
Normal file
31
.github/workflows/wait-ofborg.yml
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
name: "Wait for ofborg"
|
||||
on:
|
||||
pull_request:
|
||||
jobs:
|
||||
tests:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Wait for ofborg CI
|
||||
run: |
|
||||
# wait for ~30min...
|
||||
# ..in future a better fix would be to make ofborg mark CI as pending right away.
|
||||
for i in $(seq 360); do
|
||||
res=$(curl --silent \
|
||||
-H "Accept: application/vnd.github.antiope-preview+json" \
|
||||
-H "Authorization: token ${GITHUB_TOKEN}" \
|
||||
"https://api.github.com/repos/NixOS/nixpkgs/commits/${COMMIT}/check-runs" | \
|
||||
jq ".check_runs | map(.app) | map(.id) | contains([${OFBORG_APP_ID}])")
|
||||
if [[ "$res" == "true" ]]; then
|
||||
exit 0
|
||||
fi
|
||||
sleep 5
|
||||
echo "."
|
||||
done
|
||||
echo "Timeout!"
|
||||
exit 1
|
||||
# ofborg is not checking forks.
|
||||
if: github.repository_owner == 'NixOS'
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ github.token }}
|
||||
COMMIT: ${{ github.event.pull_request.head.sha }}
|
||||
OFBORG_APP_ID: 20500
|
17
flake.nix
17
flake.nix
@ -12,23 +12,30 @@
|
||||
|
||||
lib = import ./lib;
|
||||
|
||||
systems = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" ];
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"i686-linux"
|
||||
"x86_64-darwin"
|
||||
"aarch64-linux"
|
||||
"armv6l-linux"
|
||||
"armv7l-linux"
|
||||
];
|
||||
|
||||
forAllSystems = f: lib.genAttrs systems (system: f system);
|
||||
|
||||
in
|
||||
{
|
||||
lib = lib // {
|
||||
lib = lib.extend (final: prev: {
|
||||
nixosSystem = { modules, ... } @ args:
|
||||
import ./nixos/lib/eval-config.nix (args // {
|
||||
modules = modules ++
|
||||
[ { system.nixos.versionSuffix =
|
||||
".${lib.substring 0 8 (self.lastModifiedDate or self.lastModified)}.${self.shortRev or "dirty"}";
|
||||
system.nixos.revision = lib.mkIf (self ? rev) self.rev;
|
||||
".${final.substring 0 8 (self.lastModifiedDate or self.lastModified)}.${self.shortRev or "dirty"}";
|
||||
system.nixos.revision = final.mkIf (self ? rev) self.rev;
|
||||
}
|
||||
];
|
||||
});
|
||||
};
|
||||
});
|
||||
|
||||
checks.x86_64-linux.tarball = jobs.tarball;
|
||||
|
||||
|
@ -313,6 +313,12 @@
|
||||
githubId = 43479487;
|
||||
name = "Titouan Biteau";
|
||||
};
|
||||
alerque = {
|
||||
email = "caleb@alerque.com";
|
||||
github = "alerque";
|
||||
githubId = 173595;
|
||||
name = "Caleb Maclennan";
|
||||
};
|
||||
alexarice = {
|
||||
email = "alexrice999@hotmail.co.uk";
|
||||
github = "alexarice";
|
||||
@ -543,6 +549,12 @@
|
||||
githubId = 750786;
|
||||
name = "Justin Wood";
|
||||
};
|
||||
anna328p = {
|
||||
email = "anna328p@gmail.com";
|
||||
github = "anna328p";
|
||||
githubId = 9790772;
|
||||
name = "Anna";
|
||||
};
|
||||
anmonteiro = {
|
||||
email = "anmonteiro@gmail.com";
|
||||
github = "anmonteiro";
|
||||
@ -673,6 +685,12 @@
|
||||
githubId = 3965744;
|
||||
name = "Arthur Lee";
|
||||
};
|
||||
arturcygan = {
|
||||
email = "arczicygan@gmail.com";
|
||||
github = "arcz";
|
||||
githubId = 4679721;
|
||||
name = "Artur Cygan";
|
||||
};
|
||||
artuuge = {
|
||||
email = "artuuge@gmail.com";
|
||||
github = "artuuge";
|
||||
@ -1109,6 +1127,12 @@
|
||||
githubId = 3465841;
|
||||
name = "Boris Sukholitko";
|
||||
};
|
||||
bouk = {
|
||||
name = "Bouke van der Bijl";
|
||||
email = "i@bou.ke";
|
||||
github = "bouk";
|
||||
githubId = 97820;
|
||||
};
|
||||
bradediger = {
|
||||
email = "brad@bradediger.com";
|
||||
github = "bradediger";
|
||||
@ -1406,6 +1430,16 @@
|
||||
githubId = 30435868;
|
||||
name = "Okina Matara";
|
||||
};
|
||||
Chili-Man = {
|
||||
email = "dr.elhombrechile@gmail.com";
|
||||
name = "Diego Rodriguez";
|
||||
github = "Chili-Man";
|
||||
githubId = 631802;
|
||||
keys = [{
|
||||
longkeyid = "rsa4096/0xE0EBAD78F0190BD9";
|
||||
fingerprint = "099E 3F97 FA08 3D47 8C75 EBEC E0EB AD78 F019 0BD9";
|
||||
}];
|
||||
};
|
||||
chkno = {
|
||||
email = "chuck@intelligence.org";
|
||||
github = "chkno";
|
||||
@ -2052,12 +2086,6 @@
|
||||
githubId = 1316469;
|
||||
name = "Naomi Morse";
|
||||
};
|
||||
dkudriavtsev = {
|
||||
email = "dkudriavtsev@gmail.com";
|
||||
github = "dkudriavtsev";
|
||||
githubId = 9790772;
|
||||
name = "Dmitry Kudriavtsev";
|
||||
};
|
||||
dmalikov = {
|
||||
email = "malikov.d.y@gmail.com";
|
||||
github = "dmalikov";
|
||||
@ -4717,6 +4745,12 @@
|
||||
githubId = 1202012;
|
||||
name = "Ignat Loskutov";
|
||||
};
|
||||
louisdk1 = {
|
||||
email = "louis@louis.dk";
|
||||
github = "louisdk1";
|
||||
githubId = 4969294;
|
||||
name = "Louis Tim Larsen";
|
||||
};
|
||||
lovek323 = {
|
||||
email = "jason@oconal.id.au";
|
||||
github = "lovek323";
|
||||
@ -4769,6 +4803,12 @@
|
||||
githubId = 59375051;
|
||||
name = "Lucas Ransan";
|
||||
};
|
||||
lucperkins = {
|
||||
email = "lucperkins@gmail.com";
|
||||
github = "lucperkins";
|
||||
githubId = 1523104;
|
||||
name = "Luc Perkins";
|
||||
};
|
||||
lucus16 = {
|
||||
email = "lars.jellema@gmail.com";
|
||||
github = "Lucus16";
|
||||
@ -6160,6 +6200,12 @@
|
||||
githubId = 20792;
|
||||
name = "Sebastian Galkin";
|
||||
};
|
||||
parasrah = {
|
||||
email = "nixos@parasrah.com";
|
||||
github = "parasrah";
|
||||
githubId = 14935550;
|
||||
name = "Brad Pfannmuller";
|
||||
};
|
||||
pashashocky = {
|
||||
email = "pashashocky@gmail.com";
|
||||
github = "pashashocky";
|
||||
@ -6334,6 +6380,12 @@
|
||||
githubId = 119460;
|
||||
name = "Perry Barnoy";
|
||||
};
|
||||
pjjw = {
|
||||
email = "peter@shortbus.org";
|
||||
github = "pjjw";
|
||||
githubId = 638;
|
||||
name = "Peter Woodman";
|
||||
};
|
||||
pjones = {
|
||||
email = "pjones@devalot.com";
|
||||
github = "pjones";
|
||||
@ -6828,6 +6880,12 @@
|
||||
githubId = 2507744;
|
||||
name = "Roland Koebler";
|
||||
};
|
||||
rizary = {
|
||||
email = "andika@numtide.com";
|
||||
github = "Rizary";
|
||||
githubId = 7221768;
|
||||
name = "Andika Demas Riyandi";
|
||||
};
|
||||
rkrzr = {
|
||||
email = "ops+nixpkgs@channable.com";
|
||||
github = "rkrzr";
|
||||
|
@ -525,12 +525,37 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
|
||||
automatically if <literal>stateVersion</literal> is 20.09 or higher.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>udpt</literal> experienced a complete rewrite from C++ to rust. The configuration format changed from ini to toml.
|
||||
The new configuration documentation can be found at
|
||||
<link xlink:href="https://naim94a.github.io/udpt/config.html">the official website</link> and example
|
||||
configuration is packaged in <literal>${udpt}/share/udpt/udpt.toml</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
We now have a unified <xref linkend="opt-services.xserver.displayManager.autoLogin"/> option interface
|
||||
to be used for every display-manager in NixOS.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>bitcoind</literal> module has changed to multi-instance, using submodules.
|
||||
Therefore, it is now mandatory to name each instance, e.g.:
|
||||
<programlisting>
|
||||
services.bitcoind = {
|
||||
enable = true;
|
||||
};
|
||||
</programlisting>
|
||||
requires a name now:
|
||||
<programlisting>
|
||||
services.bitcoind."example-mainnet" = {
|
||||
enable = true;
|
||||
};
|
||||
</programlisting>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
@ -5,21 +5,32 @@
|
||||
config
|
||||
|
||||
, # The size of the disk, in megabytes.
|
||||
diskSize
|
||||
# if "auto" size is calculated based on the contents copied to it and
|
||||
# additionalSpace is taken into account.
|
||||
diskSize ? "auto"
|
||||
|
||||
# The files and directories to be placed in the target file system.
|
||||
, # additional disk space to be added to the image if diskSize "auto"
|
||||
# is used
|
||||
additionalSpace ? "512M"
|
||||
|
||||
, # size of the boot partition, is only used if partitionTableType is
|
||||
# either "efi" or "hybrid"
|
||||
bootSize ? "256M"
|
||||
|
||||
, # The files and directories to be placed in the target file system.
|
||||
# This is a list of attribute sets {source, target} where `source'
|
||||
# is the file system object (regular file or directory) to be
|
||||
# grafted in the file system at path `target'.
|
||||
, contents ? []
|
||||
contents ? []
|
||||
|
||||
, # Type of partition table to use; either "legacy", "efi", or "none".
|
||||
# For "efi" images, the GPT partition table is used and a mandatory ESP
|
||||
# partition of reasonable size is created in addition to the root partition.
|
||||
# If `installBootLoader` is true, GRUB will be installed in EFI mode.
|
||||
# For "legacy", the msdos partition table is used and a single large root
|
||||
# partition is created. If `installBootLoader` is true, GRUB will be
|
||||
# installed in legacy mode.
|
||||
# partition is created.
|
||||
# For "hybrid", the GPT partition table is used and a mandatory ESP
|
||||
# partition of reasonable size is created in addition to the root partition.
|
||||
# Also a legacy MBR will be present.
|
||||
# For "none", no partition table is created. Enabling `installBootLoader`
|
||||
# most likely fails as GRUB will probably refuse to install.
|
||||
partitionTableType ? "legacy"
|
||||
@ -43,7 +54,7 @@
|
||||
format ? "raw"
|
||||
}:
|
||||
|
||||
assert partitionTableType == "legacy" || partitionTableType == "efi" || partitionTableType == "none";
|
||||
assert partitionTableType == "legacy" || partitionTableType == "efi" || partitionTableType == "hybrid" || partitionTableType == "none";
|
||||
# We use -E offset=X below, which is only supported by e2fsprogs
|
||||
assert partitionTableType != "none" -> fsType == "ext4";
|
||||
|
||||
@ -65,6 +76,7 @@ let format' = format; in let
|
||||
rootPartition = { # switch-case
|
||||
legacy = "1";
|
||||
efi = "2";
|
||||
hybrid = "3";
|
||||
}.${partitionTableType};
|
||||
|
||||
partitionDiskScript = { # switch-case
|
||||
@ -76,9 +88,18 @@ let format' = format; in let
|
||||
efi = ''
|
||||
parted --script $diskImage -- \
|
||||
mklabel gpt \
|
||||
mkpart ESP fat32 8MiB 256MiB \
|
||||
mkpart ESP fat32 8MiB ${bootSize} \
|
||||
set 1 boot on \
|
||||
mkpart primary ext4 256MiB -1
|
||||
mkpart primary ext4 ${bootSize} -1
|
||||
'';
|
||||
hybrid = ''
|
||||
parted --script $diskImage -- \
|
||||
mklabel gpt \
|
||||
mkpart ESP fat32 8MiB ${bootSize} \
|
||||
set 1 boot on \
|
||||
mkpart no-fs 0 1024KiB \
|
||||
set 2 bios_grub on \
|
||||
mkpart primary ext4 ${bootSize} -1
|
||||
'';
|
||||
none = "";
|
||||
}.${partitionTableType};
|
||||
@ -129,19 +150,6 @@ let format' = format; in let
|
||||
}
|
||||
|
||||
mkdir $out
|
||||
diskImage=nixos.raw
|
||||
truncate -s ${toString diskSize}M $diskImage
|
||||
|
||||
${partitionDiskScript}
|
||||
|
||||
${if partitionTableType != "none" then ''
|
||||
# Get start & length of the root partition in sectors to $START and $SECTORS.
|
||||
eval $(partx $diskImage -o START,SECTORS --nr ${rootPartition} --pairs)
|
||||
|
||||
mkfs.${fsType} -F -L ${label} $diskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K
|
||||
'' else ''
|
||||
mkfs.${fsType} -F -L ${label} $diskImage
|
||||
''}
|
||||
|
||||
root="$PWD/root"
|
||||
mkdir -p $root
|
||||
@ -186,6 +194,31 @@ let format' = format; in let
|
||||
nixos-install --root $root --no-bootloader --no-root-passwd \
|
||||
--system ${config.system.build.toplevel} --channel ${channelSources} --substituters ""
|
||||
|
||||
diskImage=nixos.raw
|
||||
|
||||
${if diskSize == "auto" then ''
|
||||
${if partitionTableType == "efi" || partitionTableType == "hybrid" then ''
|
||||
additionalSpace=$(( ($(numfmt --from=iec '${additionalSpace}') + $(numfmt --from=iec '${bootSize}')) / 1000 ))
|
||||
'' else ''
|
||||
additionalSpace=$(( $(numfmt --from=iec '${additionalSpace}') / 1000 ))
|
||||
''}
|
||||
diskSize=$(( $(set -- $(du -d0 $root); echo "$1") + $additionalSpace ))
|
||||
truncate -s "$diskSize"K $diskImage
|
||||
'' else ''
|
||||
truncate -s ${toString diskSize}M $diskImage
|
||||
''}
|
||||
|
||||
${partitionDiskScript}
|
||||
|
||||
${if partitionTableType != "none" then ''
|
||||
# Get start & length of the root partition in sectors to $START and $SECTORS.
|
||||
eval $(partx $diskImage -o START,SECTORS --nr ${rootPartition} --pairs)
|
||||
|
||||
mkfs.${fsType} -F -L ${label} $diskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K
|
||||
'' else ''
|
||||
mkfs.${fsType} -F -L ${label} $diskImage
|
||||
''}
|
||||
|
||||
echo "copying staging root to image..."
|
||||
cptofs -p ${optionalString (partitionTableType != "none") "-P ${rootPartition}"} -t ${fsType} -i $diskImage $root/* /
|
||||
'';
|
||||
@ -219,7 +252,7 @@ in pkgs.vmTools.runInLinuxVM (
|
||||
|
||||
# Create the ESP and mount it. Unlike e2fsprogs, mkfs.vfat doesn't support an
|
||||
# '-E offset=X' option, so we can't do this outside the VM.
|
||||
${optionalString (partitionTableType == "efi") ''
|
||||
${optionalString (partitionTableType == "efi" || partitionTableType == "hybrid") ''
|
||||
mkdir -p /mnt/boot
|
||||
mkfs.vfat -n ESP /dev/vda1
|
||||
mount /dev/vda1 /mnt/boot
|
||||
|
@ -2,9 +2,11 @@ pkgs: with pkgs.lib;
|
||||
|
||||
rec {
|
||||
|
||||
# Check whenever fileSystem is needed for boot
|
||||
fsNeededForBoot = fs: fs.neededForBoot
|
||||
|| elem fs.mountPoint [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ];
|
||||
# Check whenever fileSystem is needed for boot. NOTE: Make sure
|
||||
# pathsNeededForBoot is closed under the parent relationship, i.e. if /a/b/c
|
||||
# is in the list, put /a and /a/b in as well.
|
||||
pathsNeededForBoot = [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ];
|
||||
fsNeededForBoot = fs: fs.neededForBoot || elem fs.mountPoint pathsNeededForBoot;
|
||||
|
||||
# Check whenever `b` depends on `a` as a fileSystem
|
||||
fsBefore = a: b: a.mountPoint == b.device
|
||||
|
@ -26,7 +26,7 @@ in
|
||||
Whether to enable <command>uvcvideo</command> dynamic controls.
|
||||
|
||||
Note that enabling this brings the <command>uvcdynctrl</command> tool
|
||||
into your environement and register all dynamic controls from
|
||||
into your environment and register all dynamic controls from
|
||||
specified <command>packages</command> to the <command>uvcvideo</command> driver.
|
||||
'';
|
||||
};
|
||||
|
@ -814,6 +814,7 @@
|
||||
./services/security/torsocks.nix
|
||||
./services/security/usbguard.nix
|
||||
./services/security/vault.nix
|
||||
./services/security/yubikey-agent.nix
|
||||
./services/system/cloud-init.nix
|
||||
./services/system/dbus.nix
|
||||
./services/system/earlyoom.nix
|
||||
@ -885,6 +886,7 @@
|
||||
./services/web-servers/meguca.nix
|
||||
./services/web-servers/mighttpd2.nix
|
||||
./services/web-servers/minio.nix
|
||||
./services/web-servers/molly-brown.nix
|
||||
./services/web-servers/nginx/default.nix
|
||||
./services/web-servers/nginx/gitweb.nix
|
||||
./services/web-servers/phpfpm/default.nix
|
||||
|
@ -70,6 +70,7 @@ in
|
||||
agent.pinentryFlavor = mkOption {
|
||||
type = types.nullOr (types.enum pkgs.pinentry.flavors);
|
||||
example = "gnome3";
|
||||
default = defaultPinentryFlavor;
|
||||
description = ''
|
||||
Which pinentry interface to use. If not null, the path to the
|
||||
pinentry binary will be passed to gpg-agent via commandline and
|
||||
@ -91,8 +92,6 @@ in
|
||||
};
|
||||
|
||||
config = mkIf cfg.agent.enable {
|
||||
programs.gnupg.agent.pinentryFlavor = mkDefault defaultPinentryFlavor;
|
||||
|
||||
# This overrides the systemd user unit shipped with the gnupg package
|
||||
systemd.user.services.gpg-agent = mkIf (cfg.agent.pinentryFlavor != null) {
|
||||
serviceConfig.ExecStart = [ "" ''
|
||||
|
@ -36,6 +36,17 @@ let
|
||||
'';
|
||||
};
|
||||
|
||||
p11Auth = mkOption {
|
||||
default = config.security.pam.p11.enable;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
If set, keys listed in
|
||||
<filename>~/.ssh/authorized_keys</filename> and
|
||||
<filename>~/.eid/authorized_certificates</filename>
|
||||
can be used to log in with the associated PKCS#11 tokens.
|
||||
'';
|
||||
};
|
||||
|
||||
u2fAuth = mkOption {
|
||||
default = config.security.pam.u2f.enable;
|
||||
type = types.bool;
|
||||
@ -352,6 +363,8 @@ let
|
||||
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"}
|
||||
${optionalString cfg.fprintAuth
|
||||
"auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"}
|
||||
${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth
|
||||
"auth ${p11.control} ${pkgs.pam_p11}/lib/security/pam_p11.so ${pkgs.opensc}/lib/opensc-pkcs11.so"}
|
||||
${let u2f = config.security.pam.u2f; in optionalString cfg.u2fAuth
|
||||
"auth ${u2f.control} ${pkgs.pam_u2f}/lib/security/pam_u2f.so ${optionalString u2f.debug "debug"} ${optionalString (u2f.authFile != null) "authfile=${u2f.authFile}"} ${optionalString u2f.interactive "interactive"} ${optionalString u2f.cue "cue"}"}
|
||||
${optionalString cfg.usbAuth
|
||||
@ -566,6 +579,39 @@ in
|
||||
|
||||
security.pam.enableOTPW = mkEnableOption "the OTPW (one-time password) PAM module";
|
||||
|
||||
security.pam.p11 = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Enables P11 PAM (<literal>pam_p11</literal>) module.
|
||||
|
||||
If set, users can log in with SSH keys and PKCS#11 tokens.
|
||||
|
||||
More information can be found <link
|
||||
xlink:href="https://github.com/OpenSC/pam_p11">here</link>.
|
||||
'';
|
||||
};
|
||||
|
||||
control = mkOption {
|
||||
default = "sufficient";
|
||||
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
||||
description = ''
|
||||
This option sets pam "control".
|
||||
If you want to have multi factor authentication, use "required".
|
||||
If you want to use the PKCS#11 device instead of the regular password,
|
||||
use "sufficient".
|
||||
|
||||
Read
|
||||
<citerefentry>
|
||||
<refentrytitle>pam.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</citerefentry>
|
||||
for better understanding of this option.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
security.pam.u2f = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
@ -747,6 +793,7 @@ in
|
||||
++ optionals config.krb5.enable [pam_krb5 pam_ccreds]
|
||||
++ optionals config.security.pam.enableOTPW [ pkgs.otpw ]
|
||||
++ optionals config.security.pam.oath.enable [ pkgs.oathToolkit ]
|
||||
++ optionals config.security.pam.p11.enable [ pkgs.pam_p11 ]
|
||||
++ optionals config.security.pam.u2f.enable [ pkgs.pam_u2f ];
|
||||
|
||||
boot.supportedFilesystems = optionals config.security.pam.enableEcryptfs [ "ecryptfs" ];
|
||||
|
@ -45,14 +45,14 @@ in {
|
||||
environment.ROON_DATAROOT = "/var/lib/${name}";
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.roon-server}/opt/start.sh";
|
||||
ExecStart = "${pkgs.roon-server}/start.sh";
|
||||
LimitNOFILE = 8192;
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
StateDirectory = name;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
allowedTCPPortRanges = [
|
||||
{ from = 9100; to = 9200; }
|
||||
@ -60,7 +60,7 @@ in {
|
||||
allowedUDPPorts = [ 9003 ];
|
||||
};
|
||||
|
||||
|
||||
|
||||
users.groups.${cfg.group} = {};
|
||||
users.users.${cfg.user} =
|
||||
if cfg.user == "roon-server" then {
|
||||
|
@ -49,6 +49,8 @@ let
|
||||
] ++ service.registrationFlags
|
||||
++ optional (service.buildsDir != null)
|
||||
"--builds-dir ${service.buildsDir}"
|
||||
++ optional (service.cloneUrl != null)
|
||||
"--clone-url ${service.cloneUrl}"
|
||||
++ optional (service.preCloneScript != null)
|
||||
"--pre-clone-script ${service.preCloneScript}"
|
||||
++ optional (service.preBuildScript != null)
|
||||
@ -377,6 +379,14 @@ in
|
||||
in context of selected executor (Locally, Docker, SSH).
|
||||
'';
|
||||
};
|
||||
cloneUrl = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "http://gitlab.example.local";
|
||||
description = ''
|
||||
Overwrite the URL for the GitLab instance. Used if the Runner can’t connect to GitLab on the URL GitLab exposes itself.
|
||||
'';
|
||||
};
|
||||
dockerImage = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
|
@ -42,6 +42,7 @@ in {
|
||||
# It has been possible since https://github.com/flatpak/flatpak/releases/tag/1.3.2
|
||||
# to build a SELinux policy module.
|
||||
|
||||
# TODO: use sysusers.d
|
||||
users.users.flatpak = {
|
||||
description = "Flatpak system helper";
|
||||
group = "flatpak";
|
||||
|
@ -28,7 +28,10 @@ with lib;
|
||||
malcontent-ui
|
||||
];
|
||||
|
||||
services.dbus.packages = [ pkgs.malcontent ];
|
||||
services.dbus.packages = [
|
||||
# D-Bus services are in `out`, not the default `bin` output that would be picked up by `makeDbusConf`.
|
||||
pkgs.malcontent.out
|
||||
];
|
||||
|
||||
services.accounts-daemon.enable = true;
|
||||
|
||||
|
@ -125,7 +125,7 @@ in {
|
||||
if [ ! -f '${registrationFile}' ]; then
|
||||
${pkgs.mautrix-telegram}/bin/mautrix-telegram \
|
||||
--generate-registration \
|
||||
--base-config='${pkgs.mautrix-telegram}/example-config.yaml' \
|
||||
--base-config='${pkgs.mautrix-telegram}/${pkgs.mautrix-telegram.pythonModule.sitePackages}/mautrix_telegram/example-config.yaml' \
|
||||
--config='${settingsFile}' \
|
||||
--registration='${registrationFile}'
|
||||
fi
|
||||
|
@ -4,6 +4,7 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.do-agent;
|
||||
|
||||
in
|
||||
{
|
||||
options.services.do-agent = {
|
||||
@ -11,23 +12,13 @@ in
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.do-agent ];
|
||||
systemd.packages = [ pkgs.do-agent ];
|
||||
|
||||
systemd.services.do-agent = {
|
||||
description = "DigitalOcean Droplet Metrics Agent";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.do-agent}/bin/do-agent --syslog";
|
||||
Restart = "always";
|
||||
OOMScoreAdjust = -900;
|
||||
SyslogIdentifier = "DigitalOceanAgent";
|
||||
PrivateTmp = "yes";
|
||||
ProtectSystem = "full";
|
||||
ProtectHome = "yes";
|
||||
NoNewPrivileges = "yes";
|
||||
DynamicUser = "yes";
|
||||
ExecStart = [ "" "${pkgs.do-agent}/bin/do-agent --syslog" ];
|
||||
DynamicUser = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -3,31 +3,8 @@
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.bitcoind;
|
||||
pidFile = "${cfg.dataDir}/bitcoind.pid";
|
||||
configFile = pkgs.writeText "bitcoin.conf" ''
|
||||
${optionalString cfg.testnet "testnet=1"}
|
||||
${optionalString (cfg.dbCache != null) "dbcache=${toString cfg.dbCache}"}
|
||||
${optionalString (cfg.prune != null) "prune=${toString cfg.prune}"}
|
||||
|
||||
# Connection options
|
||||
${optionalString (cfg.port != null) "port=${toString cfg.port}"}
|
||||
|
||||
# RPC server options
|
||||
${optionalString (cfg.rpc.port != null) "rpcport=${toString cfg.rpc.port}"}
|
||||
${concatMapStringsSep "\n"
|
||||
(rpcUser: "rpcauth=${rpcUser.name}:${rpcUser.passwordHMAC}")
|
||||
(attrValues cfg.rpc.users)
|
||||
}
|
||||
|
||||
# Extra config options (from bitcoind nixos service)
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
cmdlineOptions = escapeShellArgs [
|
||||
"-conf=${cfg.configFile}"
|
||||
"-datadir=${cfg.dataDir}"
|
||||
"-pid=${pidFile}"
|
||||
];
|
||||
eachBitcoind = config.services.bitcoind;
|
||||
|
||||
rpcUserOpts = { name, ... }: {
|
||||
options = {
|
||||
@ -39,11 +16,14 @@ let
|
||||
'';
|
||||
};
|
||||
passwordHMAC = mkOption {
|
||||
type = with types; uniq (strMatching "[0-9a-f]+\\$[0-9a-f]{64}");
|
||||
type = types.uniq (types.strMatching "[0-9a-f]+\\$[0-9a-f]{64}");
|
||||
example = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae";
|
||||
description = ''
|
||||
Password HMAC-SHA-256 for JSON-RPC connections. Must be a string of the
|
||||
format <SALT-HEX>$<HMAC-HEX>.
|
||||
|
||||
Tool (Python script) for HMAC generation is available here:
|
||||
<link xlink:href="https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py"/>
|
||||
'';
|
||||
};
|
||||
};
|
||||
@ -51,10 +31,10 @@ let
|
||||
name = mkDefault name;
|
||||
};
|
||||
};
|
||||
in {
|
||||
options = {
|
||||
|
||||
services.bitcoind = {
|
||||
bitcoindOpts = { config, lib, name, ...}: {
|
||||
options = {
|
||||
|
||||
enable = mkEnableOption "Bitcoin daemon";
|
||||
|
||||
package = mkOption {
|
||||
@ -63,12 +43,14 @@ in {
|
||||
defaultText = "pkgs.bitcoind";
|
||||
description = "The package providing bitcoin binaries.";
|
||||
};
|
||||
|
||||
configFile = mkOption {
|
||||
type = types.path;
|
||||
default = configFile;
|
||||
example = "/etc/bitcoind.conf";
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/var/lib/${name}/bitcoin.conf";
|
||||
description = "The configuration file path to supply bitcoind.";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
@ -79,20 +61,22 @@ in {
|
||||
'';
|
||||
description = "Additional configurations to be appended to <filename>bitcoin.conf</filename>.";
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/bitcoind";
|
||||
default = "/var/lib/bitcoind-${name}";
|
||||
description = "The data directory for bitcoind.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "bitcoin";
|
||||
default = "bitcoind-${name}";
|
||||
description = "The user as which to run bitcoind.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = cfg.user;
|
||||
default = config.user;
|
||||
description = "The group as which to run bitcoind.";
|
||||
};
|
||||
|
||||
@ -110,29 +94,36 @@ in {
|
||||
bob.passwordHMAC = "b2dd077cb54591a2f3139e69a897ac$4e71f08d48b4347cf8eff3815c0e25ae2e9a4340474079f55705f40574f4ec99";
|
||||
}
|
||||
'';
|
||||
type = with types; loaOf (submodule rpcUserOpts);
|
||||
description = ''
|
||||
RPC user information for JSON-RPC connnections.
|
||||
'';
|
||||
type = types.attrsOf (types.submodule rpcUserOpts);
|
||||
description = "RPC user information for JSON-RPC connnections.";
|
||||
};
|
||||
};
|
||||
|
||||
pidFile = mkOption {
|
||||
type = types.path;
|
||||
default = "${config.dataDir}/bitcoind.pid";
|
||||
description = "Location of bitcoind pid file.";
|
||||
};
|
||||
|
||||
testnet = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to use the test chain.";
|
||||
description = "Whether to use the testnet instead of mainnet.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.nullOr types.port;
|
||||
default = null;
|
||||
description = "Override the default port on which to listen for connections.";
|
||||
};
|
||||
|
||||
dbCache = mkOption {
|
||||
type = types.nullOr (types.ints.between 4 16384);
|
||||
default = null;
|
||||
example = 4000;
|
||||
description = "Override the default database cache size in megabytes.";
|
||||
description = "Override the default database cache size in MiB.";
|
||||
};
|
||||
|
||||
prune = mkOption {
|
||||
type = types.nullOr (types.coercedTo
|
||||
(types.enum [ "disable" "manual" ])
|
||||
@ -149,45 +140,122 @@ in {
|
||||
and -rescan. Warning: Reverting this setting requires re-downloading
|
||||
the entire blockchain. ("disable" = disable pruning blocks, "manual"
|
||||
= allow manual pruning via RPC, >=550 = automatically prune block files
|
||||
to stay under the specified target size in MiB)
|
||||
to stay under the specified target size in MiB).
|
||||
'';
|
||||
};
|
||||
|
||||
extraCmdlineOptions = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra command line options to pass to bitcoind.
|
||||
Run bitcoind --help to list all available options.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -"
|
||||
"L '${cfg.dataDir}/bitcoin.conf' - - - - '${cfg.configFile}'"
|
||||
];
|
||||
systemd.services.bitcoind = {
|
||||
description = "Bitcoin daemon";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = "${cfg.package}/bin/bitcoind ${cmdlineOptions}";
|
||||
Restart = "on-failure";
|
||||
|
||||
# Hardening measures
|
||||
PrivateTmp = "true";
|
||||
ProtectSystem = "full";
|
||||
NoNewPrivileges = "true";
|
||||
PrivateDevices = "true";
|
||||
MemoryDenyWriteExecute = "true";
|
||||
};
|
||||
options = {
|
||||
services.bitcoind = mkOption {
|
||||
type = types.attrsOf (types.submodule bitcoindOpts);
|
||||
default = {};
|
||||
description = "Specification of one or more bitcoind instances.";
|
||||
};
|
||||
users.users.${cfg.user} = {
|
||||
};
|
||||
|
||||
config = mkIf (eachBitcoind != {}) {
|
||||
|
||||
assertions = flatten (mapAttrsToList (bitcoindName: cfg: [
|
||||
{
|
||||
assertion = (cfg.prune != null) -> (builtins.elem cfg.prune [ "disable" "manual" 0 1 ] || (builtins.isInt cfg.prune && cfg.prune >= 550));
|
||||
message = ''
|
||||
If set, services.bitcoind.${bitcoindName}.prune has to be "disable", "manual", 0 , 1 or >= 550.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = (cfg.rpc.users != {}) -> (cfg.configFile == null);
|
||||
message = ''
|
||||
You cannot set both services.bitcoind.${bitcoindName}.rpc.users and services.bitcoind.${bitcoindName}.configFile
|
||||
as they are exclusive. RPC user setting would have no effect if custom configFile would be used.
|
||||
'';
|
||||
}
|
||||
]) eachBitcoind);
|
||||
|
||||
environment.systemPackages = flatten (mapAttrsToList (bitcoindName: cfg: [
|
||||
cfg.package
|
||||
]) eachBitcoind);
|
||||
|
||||
systemd.services = mapAttrs' (bitcoindName: cfg: (
|
||||
nameValuePair "bitcoind-${bitcoindName}" (
|
||||
let
|
||||
configFile = pkgs.writeText "bitcoin.conf" ''
|
||||
# If Testnet is enabled, we need to add [test] section
|
||||
# otherwise, some options (e.g.: custom RPC port) will not work
|
||||
${optionalString cfg.testnet "[test]"}
|
||||
# RPC users
|
||||
${concatMapStringsSep "\n"
|
||||
(rpcUser: "rpcauth=${rpcUser.name}:${rpcUser.passwordHMAC}")
|
||||
(attrValues cfg.rpc.users)
|
||||
}
|
||||
# Extra config options (from bitcoind nixos service)
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
in {
|
||||
description = "Bitcoin daemon";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/bitcoind \
|
||||
${if (cfg.configFile != null) then
|
||||
"-conf=${cfg.configFile}"
|
||||
else
|
||||
"-conf=${configFile}"
|
||||
} \
|
||||
-datadir=${cfg.dataDir} \
|
||||
-pid=${cfg.pidFile} \
|
||||
${optionalString cfg.testnet "-testnet"}\
|
||||
${optionalString (cfg.port != null) "-port=${toString cfg.port}"}\
|
||||
${optionalString (cfg.prune != null) "-prune=${toString cfg.prune}"}\
|
||||
${optionalString (cfg.dbCache != null) "-dbcache=${toString cfg.dbCache}"}\
|
||||
${optionalString (cfg.rpc.port != null) "-rpcport=${toString cfg.rpc.port}"}\
|
||||
${toString cfg.extraCmdlineOptions}
|
||||
'';
|
||||
Restart = "on-failure";
|
||||
|
||||
# Hardening measures
|
||||
PrivateTmp = "true";
|
||||
ProtectSystem = "full";
|
||||
NoNewPrivileges = "true";
|
||||
PrivateDevices = "true";
|
||||
MemoryDenyWriteExecute = "true";
|
||||
};
|
||||
}
|
||||
))) eachBitcoind;
|
||||
|
||||
systemd.tmpfiles.rules = flatten (mapAttrsToList (bitcoindName: cfg: [
|
||||
"d '${cfg.dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -"
|
||||
]) eachBitcoind);
|
||||
|
||||
users.users = mapAttrs' (bitcoindName: cfg: (
|
||||
nameValuePair "bitcoind-${bitcoindName}" {
|
||||
name = cfg.user;
|
||||
group = cfg.group;
|
||||
description = "Bitcoin daemon user";
|
||||
home = cfg.dataDir;
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.${cfg.group} = {
|
||||
name = cfg.group;
|
||||
};
|
||||
})) eachBitcoind;
|
||||
|
||||
users.groups = mapAttrs' (bitcoindName: cfg: (
|
||||
nameValuePair "${cfg.group}" { }
|
||||
)) eachBitcoind;
|
||||
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ maintainers."1000101" ];
|
||||
|
||||
}
|
||||
|
@ -11,7 +11,7 @@ let
|
||||
''
|
||||
default-lease-time 600;
|
||||
max-lease-time 7200;
|
||||
authoritative;
|
||||
${optionalString (!cfg.authoritative) "not "}authoritative;
|
||||
ddns-update-style interim;
|
||||
log-facility local1; # see dhcpd.nix
|
||||
|
||||
@ -176,6 +176,16 @@ let
|
||||
'';
|
||||
};
|
||||
|
||||
authoritative = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether the DHCP server shall send DHCPNAK messages to misconfigured
|
||||
clients. If this is not done, clients may be unable to get a correct
|
||||
IP address after changing subnets until their old lease has expired.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
in
|
||||
|
@ -64,7 +64,7 @@ in {
|
||||
extraConfig = mkOption {
|
||||
default = {};
|
||||
type = types.attrsOf types.str;
|
||||
description = "Skydns attribute set of extra config options passed as environemnt variables.";
|
||||
description = "Skydns attribute set of extra config options passed as environment variables.";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -4,7 +4,7 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.networking.wireless;
|
||||
configFile = if cfg.networks != {} then pkgs.writeText "wpa_supplicant.conf" ''
|
||||
configFile = if cfg.networks != {} || cfg.extraConfig != "" || cfg.userControlled.enable then pkgs.writeText "wpa_supplicant.conf" ''
|
||||
${optionalString cfg.userControlled.enable ''
|
||||
ctrl_interface=DIR=/run/wpa_supplicant GROUP=${cfg.userControlled.group}
|
||||
update_config=1''}
|
||||
|
@ -195,5 +195,8 @@ in {
|
||||
# Make yggdrasilctl available on the command line.
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
});
|
||||
meta.maintainers = with lib.maintainers; [ gazally ehmry ];
|
||||
meta = {
|
||||
doc = ./yggdrasil.xml;
|
||||
maintainers = with lib.maintainers; [ gazally ehmry ];
|
||||
};
|
||||
}
|
||||
|
157
nixos/modules/services/networking/yggdrasil.xml
Normal file
157
nixos/modules/services/networking/yggdrasil.xml
Normal file
@ -0,0 +1,157 @@
|
||||
<?xml version="1.0"?>
|
||||
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="module-services-networking-yggdrasil">
|
||||
<title>Yggdrasil</title>
|
||||
<para>
|
||||
<emphasis>Source:</emphasis>
|
||||
<filename>modules/services/networking/yggdrasil/default.nix</filename>
|
||||
</para>
|
||||
<para>
|
||||
<emphasis>Upstream documentation:</emphasis>
|
||||
<link xlink:href="https://yggdrasil-network.github.io/"/>
|
||||
</para>
|
||||
<para>
|
||||
Yggdrasil is an early-stage implementation of a fully end-to-end encrypted,
|
||||
self-arranging IPv6 network.
|
||||
</para>
|
||||
<section xml:id="module-services-networking-yggdrasil-configuration">
|
||||
<title>Configuration</title>
|
||||
<section xml:id="module-services-networking-yggdrasil-configuration-simple">
|
||||
<title>Simple ephemeral node</title>
|
||||
<para>
|
||||
An annotated example of a simple configuration:
|
||||
<programlisting>
|
||||
{
|
||||
services.yggdrasil = {
|
||||
enable = true;
|
||||
persistentKeys = false;
|
||||
# The NixOS module will generate new keys and a new IPv6 address each time
|
||||
# it is started if persistentKeys is not enabled.
|
||||
|
||||
config = {
|
||||
Peers = [
|
||||
# Yggdrasil will automatically connect and "peer" with other nodes it
|
||||
# discovers via link-local multicast annoucements. Unless this is the
|
||||
# case (it probably isn't) a node needs peers within the existing
|
||||
# network that it can tunnel to.
|
||||
"tcp://1.2.3.4:1024"
|
||||
"tcp://1.2.3.5:1024"
|
||||
# Public peers can be found at
|
||||
# https://github.com/yggdrasil-network/public-peers
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="module-services-networking-yggdrasil-configuration-prefix">
|
||||
<title>Persistent node with prefix</title>
|
||||
<para>
|
||||
A node with a fixed address that announces a prefix:
|
||||
<programlisting>
|
||||
let
|
||||
address = "210:5217:69c0:9afc:1b95:b9f:8718:c3d2";
|
||||
prefix = "310:5217:69c0:9afc";
|
||||
# taken from the output of "yggdrasilctl getself".
|
||||
in {
|
||||
|
||||
services.yggdrasil = {
|
||||
enable = true;
|
||||
persistentKeys = true; # Maintain a fixed public key and IPv6 address.
|
||||
config = {
|
||||
Peers = [ "tcp://1.2.3.4:1024" "tcp://1.2.3.5:1024" ];
|
||||
NodeInfo = {
|
||||
# This information is visible to the network.
|
||||
name = config.networking.hostName;
|
||||
location = "The North Pole";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
||||
# Forward traffic under the prefix.
|
||||
|
||||
networking.interfaces.${eth0}.ipv6.addresses = [{
|
||||
# Set a 300::/8 address on the local physical device.
|
||||
address = prefix + "::1";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
|
||||
services.radvd = {
|
||||
# Annouce the 300::/8 prefix to eth0.
|
||||
enable = true;
|
||||
config = ''
|
||||
interface eth0
|
||||
{
|
||||
AdvSendAdvert on;
|
||||
AdvDefaultLifetime 0;
|
||||
prefix ${prefix}::/64 {
|
||||
AdvOnLink on;
|
||||
AdvAutonomous on;
|
||||
};
|
||||
route 200::/8 {};
|
||||
};
|
||||
'';
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="module-services-networking-yggdrasil-configuration-container">
|
||||
<title>Yggdrasil attached Container</title>
|
||||
<para>
|
||||
A NixOS container attached to the Yggdrasil network via a node running on the
|
||||
host:
|
||||
<programlisting>
|
||||
let
|
||||
yggPrefix64 = "310:5217:69c0:9afc";
|
||||
# Again, taken from the output of "yggdrasilctl getself".
|
||||
in
|
||||
{
|
||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
||||
# Enable IPv6 forwarding.
|
||||
|
||||
networking = {
|
||||
bridges.br0.interfaces = [ ];
|
||||
# A bridge only to containers…
|
||||
|
||||
interfaces.br0 = {
|
||||
# … configured with a prefix address.
|
||||
ipv6.addresses = [{
|
||||
address = "${yggPrefix64}::1";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
containers.foo = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "br0";
|
||||
# Attach the container to the bridge only.
|
||||
config = { config, pkgs, ... }: {
|
||||
networking.interfaces.eth0.ipv6 = {
|
||||
addresses = [{
|
||||
# Configure a prefix address.
|
||||
address = "${yggPrefix64}::2";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
routes = [{
|
||||
# Configure the prefix route.
|
||||
address = "200::";
|
||||
prefixLength = 7;
|
||||
via = "${yggPrefix64}::1";
|
||||
}];
|
||||
};
|
||||
|
||||
services.httpd.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
</programlisting>
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
</chapter>
|
60
nixos/modules/services/security/yubikey-agent.nix
Normal file
60
nixos/modules/services/security/yubikey-agent.nix
Normal file
@ -0,0 +1,60 @@
|
||||
# Global configuration for yubikey-agent.
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.yubikey-agent;
|
||||
|
||||
# reuse the pinentryFlavor option from the gnupg module
|
||||
pinentryFlavor = config.programs.gnupg.agent.pinentryFlavor;
|
||||
in
|
||||
{
|
||||
###### interface
|
||||
|
||||
meta.maintainers = with maintainers; [ philandstuff rawkode ];
|
||||
|
||||
options = {
|
||||
|
||||
services.yubikey-agent = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to start yubikey-agent when you log in. Also sets
|
||||
SSH_AUTH_SOCK to point at yubikey-agent.
|
||||
|
||||
Note that yubikey-agent will use whatever pinentry is
|
||||
specified in programs.gnupg.agent.pinentryFlavor.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.yubikey-agent;
|
||||
defaultText = "pkgs.yubikey-agent";
|
||||
description = ''
|
||||
The package used for the yubikey-agent daemon.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
systemd.packages = [ cfg.package ];
|
||||
|
||||
# This overrides the systemd user unit shipped with the
|
||||
# yubikey-agent package
|
||||
systemd.user.services.yubikey-agent = mkIf (pinentryFlavor != null) {
|
||||
path = [ pkgs.pinentry.${pinentryFlavor} ];
|
||||
};
|
||||
|
||||
environment.extraInit = ''
|
||||
if [ -z "$SSH_AUTH_SOCK" -a -n "$XDG_RUNTIME_DIR" ]; then
|
||||
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/yubikey-agent/yubikey-agent.sock"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
}
|
117
nixos/modules/services/web-servers/molly-brown.nix
Normal file
117
nixos/modules/services/web-servers/molly-brown.nix
Normal file
@ -0,0 +1,117 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.molly-brown;
|
||||
|
||||
settingsType = with types;
|
||||
attrsOf (oneOf [
|
||||
int
|
||||
str
|
||||
(listOf str)
|
||||
(attrsOf (oneOf [ int str (listOf str) (attrsOf str) ]))
|
||||
]) // {
|
||||
description = "primitive expression convertable to TOML";
|
||||
};
|
||||
|
||||
configFile = pkgs.runCommand "molly-brown.toml" {
|
||||
buildInputs = [ pkgs.remarshal ];
|
||||
preferLocalBuild = true;
|
||||
passAsFile = [ "settings" ];
|
||||
settings = builtins.toJSON cfg.settings;
|
||||
} "remarshal -if json -of toml < $settingsPath > $out";
|
||||
in {
|
||||
|
||||
options.services.molly-brown = {
|
||||
|
||||
enable = mkEnableOption "Molly-Brown Gemini server";
|
||||
|
||||
port = mkOption {
|
||||
default = 1965;
|
||||
type = types.port;
|
||||
description = ''
|
||||
TCP port for molly-brown to bind to.
|
||||
'';
|
||||
};
|
||||
|
||||
hostName = mkOption {
|
||||
type = types.str;
|
||||
example = literalExample "config.networking.hostName";
|
||||
default = config.networking.hostName;
|
||||
description = ''
|
||||
The hostname to respond to requests for. Requests for URLs with
|
||||
other hosts will result in a status 53 (PROXY REQUEST REFUSED)
|
||||
response.
|
||||
'';
|
||||
};
|
||||
|
||||
certPath = mkOption {
|
||||
type = types.path;
|
||||
example = "/var/lib/acme/example.com/cert.pem";
|
||||
description = ''
|
||||
Path to TLS certificate. An ACME certificate and key may be
|
||||
shared with an HTTP server, but only if molly-brown has
|
||||
permissions allowing it to read such keys.
|
||||
|
||||
As an example:
|
||||
<programlisting>
|
||||
security.acme.certs."example.com".allowKeysForGroup = true;
|
||||
systemd.services.molly-brown.serviceConfig.SupplementaryGroups =
|
||||
[ config.security.acme.certs."example.com".group ];
|
||||
</programlisting>
|
||||
'';
|
||||
};
|
||||
|
||||
keyPath = mkOption {
|
||||
type = types.path;
|
||||
example = "/var/lib/acme/example.com/key.pem";
|
||||
description = "Path to TLS key. See <option>CertPath</option>.";
|
||||
};
|
||||
|
||||
docBase = mkOption {
|
||||
type = types.path;
|
||||
example = "/var/lib/molly-brown";
|
||||
description = "Base directory for Gemini content.";
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = settingsType;
|
||||
default = { };
|
||||
description = ''
|
||||
molly-brown configuration. Refer to
|
||||
<link xlink:href="https://tildegit.org/solderpunk/molly-brown/src/branch/master/example.conf"/>
|
||||
for details on supported values.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.molly-brown.settings = let logDir = "/var/log/molly-brown";
|
||||
in {
|
||||
Port = cfg.port;
|
||||
Hostname = cfg.hostName;
|
||||
CertPath = cfg.certPath;
|
||||
KeyPath = cfg.keyPath;
|
||||
DocBase = cfg.docBase;
|
||||
AccessLog = "${logDir}/access.log";
|
||||
ErrorLog = "${logDir}/error.log";
|
||||
};
|
||||
|
||||
systemd.services.molly-brown = {
|
||||
description = "Molly Brown gemini server";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
LogsDirectory = "molly-brown";
|
||||
ExecStart = "${pkgs.molly-brown}/bin/molly-brown -c ${configFile}";
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
@ -559,10 +559,12 @@ in
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
If set, this file system will be mounted in the initial
|
||||
ramdisk. By default, this applies to the root file system
|
||||
and to the file system containing
|
||||
<filename>/nix/store</filename>.
|
||||
If set, this file system will be mounted in the initial ramdisk.
|
||||
Note that the file system will always be mounted in the initial
|
||||
ramdisk if its mount point is one of the following:
|
||||
${concatStringsSep ", " (
|
||||
forEach utils.pathsNeededForBoot (i: "<filename>${i}</filename>")
|
||||
)}.
|
||||
'';
|
||||
};
|
||||
});
|
||||
|
@ -37,7 +37,14 @@ let
|
||||
default = null;
|
||||
example = "/mnt-root/root/.swapkey";
|
||||
type = types.nullOr types.str;
|
||||
description = "File system location of keyfile. This unlocks the drive after the root has been mounted to <literal>/mnt-root</literal>.";
|
||||
description = ''
|
||||
Path to a keyfile used to unlock the backing encrypted
|
||||
device. At the time this keyfile is accessed, the
|
||||
<literal>neededForBoot</literal> filesystems (see
|
||||
<literal>fileSystems.<name?>.neededForBoot</literal>)
|
||||
will have been mounted under <literal>/mnt-root</literal>,
|
||||
so the keyfile path should usually start with "/mnt-root/".
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -65,12 +72,16 @@ in
|
||||
boot.initrd = {
|
||||
luks = {
|
||||
devices =
|
||||
builtins.listToAttrs (map (dev: { name = dev.encrypted.label; value = { device = dev.encrypted.blkDev; }; }) keylessEncDevs);
|
||||
builtins.listToAttrs (map (dev: {
|
||||
name = dev.encrypted.label;
|
||||
value = { device = dev.encrypted.blkDev; };
|
||||
}) keylessEncDevs);
|
||||
forceLuksSupportInInitrd = true;
|
||||
};
|
||||
postMountCommands =
|
||||
concatMapStrings (dev: "cryptsetup luksOpen --key-file ${dev.encrypted.keyFile} ${dev.encrypted.blkDev} ${dev.encrypted.label};\n") keyedEncDevs;
|
||||
concatMapStrings (dev:
|
||||
"cryptsetup luksOpen --key-file ${dev.encrypted.keyFile} ${dev.encrypted.blkDev} ${dev.encrypted.label};\n"
|
||||
) keyedEncDevs;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -22,7 +22,7 @@ in {
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf (!config.boot.isContainer) {
|
||||
environment.etc."tmpfiles.d/lvm2.conf".source = "${cfg.package}/lib/tmpfiles.d/lvm2.conf";
|
||||
systemd.tmpfiles.packages = [ cfg.package.out ];
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
systemd.packages = [ cfg.package ];
|
||||
|
||||
|
@ -310,6 +310,11 @@ in rec {
|
||||
services.xserver.desktopManager.gnome3.enable = true;
|
||||
});
|
||||
|
||||
pantheon = makeClosure ({ ... }:
|
||||
{ services.xserver.enable = true;
|
||||
services.xserver.desktopManager.pantheon.enable = true;
|
||||
});
|
||||
|
||||
# Linux/Apache/PostgreSQL/PHP stack.
|
||||
lapp = makeClosure ({ pkgs, ... }:
|
||||
{ services.httpd.enable = true;
|
||||
|
@ -32,6 +32,7 @@ in
|
||||
beanstalkd = handleTest ./beanstalkd.nix {};
|
||||
bees = handleTest ./bees.nix {};
|
||||
bind = handleTest ./bind.nix {};
|
||||
bitcoind = handleTest ./bitcoind.nix {};
|
||||
bittorrent = handleTest ./bittorrent.nix {};
|
||||
blockbook-frontend = handleTest ./blockbook-frontend.nix {};
|
||||
buildkite-agents = handleTest ./buildkite-agents.nix {};
|
||||
@ -284,6 +285,7 @@ in
|
||||
prosody = handleTest ./xmpp/prosody.nix {};
|
||||
prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {};
|
||||
proxy = handleTest ./proxy.nix {};
|
||||
pt2-clone = handleTest ./pt2-clone.nix {};
|
||||
qboot = handleTestOn ["x86_64-linux" "i686-linux"] ./qboot.nix {};
|
||||
quagga = handleTest ./quagga.nix {};
|
||||
quorum = handleTest ./quorum.nix {};
|
||||
@ -319,6 +321,7 @@ in
|
||||
sudo = handleTest ./sudo.nix {};
|
||||
switchTest = handleTest ./switch-test.nix {};
|
||||
sympa = handleTest ./sympa.nix {};
|
||||
syncthing = handleTest ./syncthing.nix {};
|
||||
syncthing-init = handleTest ./syncthing-init.nix {};
|
||||
syncthing-relay = handleTest ./syncthing-relay.nix {};
|
||||
systemd = handleTest ./systemd.nix {};
|
||||
|
46
nixos/tests/bitcoind.nix
Normal file
46
nixos/tests/bitcoind.nix
Normal file
@ -0,0 +1,46 @@
|
||||
import ./make-test-python.nix ({ pkgs, ... }: {
|
||||
name = "bitcoind";
|
||||
meta = with pkgs.stdenv.lib; {
|
||||
maintainers = with maintainers; [ maintainers."1000101" ];
|
||||
};
|
||||
|
||||
machine = { ... }: {
|
||||
services.bitcoind."mainnet" = {
|
||||
enable = true;
|
||||
rpc = {
|
||||
port = 8332;
|
||||
users.rpc.passwordHMAC = "acc2374e5f9ba9e62a5204d3686616cf$53abdba5e67a9005be6a27ca03a93ce09e58854bc2b871523a0d239a72968033";
|
||||
users.rpc2.passwordHMAC = "1495e4a3ad108187576c68f7f9b5ddc5$accce0881c74aa01bb8960ff3bdbd39f607fd33178147679e055a4ac35f53225";
|
||||
};
|
||||
};
|
||||
services.bitcoind."testnet" = {
|
||||
enable = true;
|
||||
configFile = "/test.blank";
|
||||
testnet = true;
|
||||
rpc = {
|
||||
port = 18332;
|
||||
};
|
||||
extraCmdlineOptions = [ "-rpcuser=rpc" "-rpcpassword=rpc" "-rpcauth=rpc2:1495e4a3ad108187576c68f7f9b5ddc5$accce0881c74aa01bb8960ff3bdbd39f607fd33178147679e055a4ac35f53225" ];
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
|
||||
machine.wait_for_unit("bitcoind-mainnet.service")
|
||||
machine.wait_for_unit("bitcoind-testnet.service")
|
||||
|
||||
machine.wait_until_succeeds(
|
||||
'curl --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' '
|
||||
)
|
||||
machine.wait_until_succeeds(
|
||||
'curl --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' '
|
||||
)
|
||||
machine.wait_until_succeeds(
|
||||
'curl --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' '
|
||||
)
|
||||
machine.wait_until_succeeds(
|
||||
'curl --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' '
|
||||
)
|
||||
'';
|
||||
})
|
@ -8,7 +8,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
|
||||
services.blockbook-frontend."test" = {
|
||||
enable = true;
|
||||
};
|
||||
services.bitcoind = {
|
||||
services.bitcoind.mainnet = {
|
||||
enable = true;
|
||||
rpc = {
|
||||
port = 8030;
|
||||
|
@ -50,6 +50,12 @@ let
|
||||
|
||||
environment.systemPackages = with pkgs; [ gnome-desktop-testing ];
|
||||
|
||||
# The installed tests need to be added to the test VM’s closure.
|
||||
# Otherwise, their dependencies might not actually be registered
|
||||
# as valid paths in the VM’s Nix store database,
|
||||
# and `nix-store --query` commands run as part of the tests
|
||||
# (for example when building Flatpak runtimes) will fail.
|
||||
environment.variables.TESTED_PACKAGE_INSTALLED_TESTS = "${tested.installedTests}/share";
|
||||
};
|
||||
|
||||
testScript =
|
||||
|
@ -5,14 +5,11 @@ makeInstalledTest {
|
||||
withX11 = true;
|
||||
|
||||
testConfig = {
|
||||
services.xserver.desktopManager.gnome3.enable = true; # TODO: figure out minimal environment where the tests work
|
||||
# common/x11.nix enables the auto display manager (lightdm)
|
||||
services.xserver.displayManager.gdm.enable = false;
|
||||
services.gnome3.core-utilities.enable = false;
|
||||
xdg.portal.enable = true;
|
||||
services.flatpak.enable = true;
|
||||
environment.systemPackages = with pkgs; [ gnupg ostree python2 ];
|
||||
environment.systemPackages = with pkgs; [ gnupg ostree python3 ];
|
||||
virtualisation.memorySize = 2047;
|
||||
virtualisation.diskSize = 1024;
|
||||
virtualisation.diskSize = 3072;
|
||||
};
|
||||
|
||||
testRunnerFlags = "--timeout 3600";
|
||||
|
@ -3,21 +3,10 @@
|
||||
makeInstalledTest {
|
||||
tested = pkgs.ostree;
|
||||
|
||||
# TODO: Wrap/patch the tests directly in the package
|
||||
testConfig = {
|
||||
environment.systemPackages = with pkgs; [
|
||||
(python3.withPackages (p: with p; [ pyyaml ]))
|
||||
gnupg
|
||||
ostree
|
||||
];
|
||||
|
||||
# for GJS tests
|
||||
environment.variables.GI_TYPELIB_PATH = lib.makeSearchPath "lib/girepository-1.0" (with pkgs; [
|
||||
gtk3
|
||||
pango.out
|
||||
ostree
|
||||
gdk-pixbuf
|
||||
atk
|
||||
]);
|
||||
};
|
||||
}
|
||||
|
@ -562,7 +562,7 @@ in {
|
||||
"sleep 1",
|
||||
"lvcreate --size 1G --name swap MyVolGroup",
|
||||
"sleep 1",
|
||||
"lvcreate --size 2G --name nixos MyVolGroup",
|
||||
"lvcreate --size 3G --name nixos MyVolGroup",
|
||||
"sleep 1",
|
||||
"mkswap -f /dev/MyVolGroup/swap -L swap",
|
||||
"swapon -L swap",
|
||||
|
71
nixos/tests/molly-brown.nix
Normal file
71
nixos/tests/molly-brown.nix
Normal file
@ -0,0 +1,71 @@
|
||||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
|
||||
let testString = "NixOS Gemini test successful";
|
||||
in {
|
||||
|
||||
name = "molly-brown";
|
||||
meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ ehmry ]; };
|
||||
|
||||
nodes = {
|
||||
|
||||
geminiServer = { config, pkgs, ... }:
|
||||
let
|
||||
inherit (config.networking) hostName;
|
||||
cfg = config.services.molly-brown;
|
||||
in {
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.writeScriptBin "test-gemini" ''
|
||||
#!${pkgs.python3}/bin/python
|
||||
|
||||
import socket
|
||||
import ssl
|
||||
import tempfile
|
||||
import textwrap
|
||||
import urllib.parse
|
||||
|
||||
url = "gemini://geminiServer/init.gmi"
|
||||
parsed_url = urllib.parse.urlparse(url)
|
||||
|
||||
s = socket.create_connection((parsed_url.netloc, 1965))
|
||||
context = ssl.SSLContext()
|
||||
context.check_hostname = False
|
||||
context.verify_mode = ssl.CERT_NONE
|
||||
s = context.wrap_socket(s, server_hostname=parsed_url.netloc)
|
||||
s.sendall((url + "\r\n").encode("UTF-8"))
|
||||
fp = s.makefile("rb")
|
||||
print(fp.readline().strip())
|
||||
print(fp.readline().strip())
|
||||
print(fp.readline().strip())
|
||||
'')
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ cfg.settings.Port ];
|
||||
|
||||
services.molly-brown = {
|
||||
enable = true;
|
||||
docBase = "/tmp/docs";
|
||||
certPath = "/tmp/cert.pem";
|
||||
keyPath = "/tmp/key.pem";
|
||||
};
|
||||
|
||||
systemd.services.molly-brown.preStart = ''
|
||||
${pkgs.openssl}/bin/openssl genrsa -out "/tmp/key.pem"
|
||||
${pkgs.openssl}/bin/openssl req -new \
|
||||
-subj "/CN=${config.networking.hostName}" \
|
||||
-key "/tmp/key.pem" -out /tmp/request.pem
|
||||
${pkgs.openssl}/bin/openssl x509 -req -days 3650 \
|
||||
-in /tmp/request.pem -signkey "/tmp/key.pem" -out "/tmp/cert.pem"
|
||||
|
||||
mkdir -p "${cfg.settings.DocBase}"
|
||||
echo "${testString}" > "${cfg.settings.DocBase}/test.gmi"
|
||||
'';
|
||||
};
|
||||
};
|
||||
testScript = ''
|
||||
geminiServer.wait_for_unit("molly-brown")
|
||||
geminiServer.wait_for_open_port(1965)
|
||||
geminiServer.succeed("test-gemini")
|
||||
'';
|
||||
|
||||
})
|
@ -15,7 +15,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||
node.wait_for_open_port(27017)
|
||||
|
||||
assert "hello" in node.succeed(
|
||||
"mongo ${testQuery}"
|
||||
"${pkg}/bin/mongo ${testQuery}"
|
||||
)
|
||||
|
||||
node.execute(
|
||||
@ -36,6 +36,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||
mongodb-3_4
|
||||
mongodb-3_6
|
||||
mongodb-4_0
|
||||
mongodb-4_2
|
||||
];
|
||||
};
|
||||
};
|
||||
@ -46,6 +47,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||
+ runMongoDBTest pkgs.mongodb-3_4
|
||||
+ runMongoDBTest pkgs.mongodb-3_6
|
||||
+ runMongoDBTest pkgs.mongodb-4_0
|
||||
+ runMongoDBTest pkgs.mongodb-4_2
|
||||
+ ''
|
||||
node.shutdown()
|
||||
'';
|
||||
|
@ -32,14 +32,14 @@ let
|
||||
services.dhcpd4 = {
|
||||
enable = true;
|
||||
interfaces = map (n: "eth${toString n}") vlanIfs;
|
||||
extraConfig = ''
|
||||
'' + flip concatMapStrings vlanIfs (n: ''
|
||||
extraConfig = flip concatMapStrings vlanIfs (n: ''
|
||||
subnet 192.168.${toString n}.0 netmask 255.255.255.0 {
|
||||
option routers 192.168.${toString n}.1;
|
||||
range 192.168.${toString n}.2 192.168.${toString n}.254;
|
||||
}
|
||||
'')
|
||||
;
|
||||
machines = lib.flip map vlanIfs (vlan:
|
||||
machines = flip map vlanIfs (vlan:
|
||||
{
|
||||
hostName = "client${toString vlan}";
|
||||
ethernetAddress = qemu-flags.qemuNicMac vlan 1;
|
||||
|
35
nixos/tests/pt2-clone.nix
Normal file
35
nixos/tests/pt2-clone.nix
Normal file
@ -0,0 +1,35 @@
|
||||
import ./make-test-python.nix ({ pkgs, ... }: {
|
||||
name = "pt2-clone";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ fgaz ];
|
||||
};
|
||||
|
||||
machine = { config, pkgs, ... }: {
|
||||
imports = [
|
||||
./common/x11.nix
|
||||
];
|
||||
|
||||
services.xserver.enable = true;
|
||||
sound.enable = true;
|
||||
environment.systemPackages = [ pkgs.pt2-clone ];
|
||||
};
|
||||
|
||||
enableOCR = true;
|
||||
|
||||
testScript =
|
||||
''
|
||||
machine.wait_for_x()
|
||||
# Add a dummy sound card, or the program won't start
|
||||
machine.execute("modprobe snd-dummy")
|
||||
|
||||
machine.execute("pt2-clone &")
|
||||
|
||||
machine.wait_for_window(r"ProTracker")
|
||||
machine.sleep(5)
|
||||
# One of the few words that actually get recognized
|
||||
if "LENGTH" not in machine.get_screen_text():
|
||||
raise Exception("Program did not start successfully")
|
||||
machine.screenshot("screen")
|
||||
'';
|
||||
})
|
||||
|
65
nixos/tests/syncthing.nix
Normal file
65
nixos/tests/syncthing.nix
Normal file
@ -0,0 +1,65 @@
|
||||
import ./make-test-python.nix ({ lib, pkgs, ... }: {
|
||||
name = "syncthing";
|
||||
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ chkno ];
|
||||
|
||||
nodes = rec {
|
||||
a = {
|
||||
environment.systemPackages = with pkgs; [ curl libxml2 syncthing ];
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
openDefaultPorts = true;
|
||||
};
|
||||
};
|
||||
b = a;
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
import json
|
||||
import shlex
|
||||
|
||||
confdir = "/var/lib/syncthing/.config/syncthing"
|
||||
|
||||
|
||||
def addPeer(host, name, deviceID):
|
||||
APIKey = host.succeed(
|
||||
"xmllint --xpath 'string(configuration/gui/apikey)' %s/config.xml" % confdir
|
||||
).strip()
|
||||
oldConf = host.succeed(
|
||||
"curl -Ss -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config" % APIKey
|
||||
)
|
||||
conf = json.loads(oldConf)
|
||||
conf["devices"].append({"deviceID": deviceID, "id": name})
|
||||
conf["folders"].append(
|
||||
{
|
||||
"devices": [{"deviceID": deviceID}],
|
||||
"id": "foo",
|
||||
"path": "/var/lib/syncthing/foo",
|
||||
"rescanIntervalS": 1,
|
||||
}
|
||||
)
|
||||
newConf = json.dumps(conf)
|
||||
host.succeed(
|
||||
"curl -Ss -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config -d %s"
|
||||
% (APIKey, shlex.quote(newConf))
|
||||
)
|
||||
|
||||
|
||||
start_all()
|
||||
a.wait_for_unit("syncthing.service")
|
||||
b.wait_for_unit("syncthing.service")
|
||||
a.wait_for_open_port(22000)
|
||||
b.wait_for_open_port(22000)
|
||||
|
||||
aDeviceID = a.succeed("syncthing -home=%s -device-id" % confdir).strip()
|
||||
bDeviceID = b.succeed("syncthing -home=%s -device-id" % confdir).strip()
|
||||
addPeer(a, "b", bDeviceID)
|
||||
addPeer(b, "a", aDeviceID)
|
||||
|
||||
a.wait_for_file("/var/lib/syncthing/foo")
|
||||
b.wait_for_file("/var/lib/syncthing/foo")
|
||||
a.succeed("echo a2b > /var/lib/syncthing/foo/a2b")
|
||||
b.succeed("echo b2a > /var/lib/syncthing/foo/b2a")
|
||||
a.wait_for_file("/var/lib/syncthing/foo/b2a")
|
||||
b.wait_for_file("/var/lib/syncthing/foo/a2b")
|
||||
'';
|
||||
})
|
@ -7,6 +7,7 @@ let
|
||||
SigningPrivateKey = "fe3add8da35316c05f6d90d3ca79bd2801e6ccab6d37e5339fef4152589398abe2c43349083bc1e998e4ec4535b4c6a8f44ca9a5a8e07336561267253b2be5f4";
|
||||
};
|
||||
bobIp6 = "201:ebbd:bde9:f138:c302:4afa:1fb6:a19a";
|
||||
bobPrefix = "301:ebbd:bde9:f138";
|
||||
bobConfig = {
|
||||
InterfacePeers = {
|
||||
eth1 = [ "tcp://192.168.1.200:12345" ];
|
||||
@ -18,6 +19,7 @@ let
|
||||
SigningPublicKey = "de111da0ec781e45bf6c63ecb45a78c24d7d4655abfaeea83b26c36eb5c0fd5b";
|
||||
SigningPrivateKey = "2a6c21550f3fca0331df50668ffab66b6dce8237bcd5728e571e8033b363e247de111da0ec781e45bf6c63ecb45a78c24d7d4655abfaeea83b26c36eb5c0fd5b";
|
||||
};
|
||||
danIp6 = bobPrefix + "::2";
|
||||
|
||||
in import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
name = "yggdrasil";
|
||||
@ -69,6 +71,41 @@ in import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
text = builtins.toJSON bobConfig;
|
||||
});
|
||||
};
|
||||
|
||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
||||
|
||||
networking = {
|
||||
bridges.br0.interfaces = [ ];
|
||||
interfaces.br0 = {
|
||||
ipv6.addresses = [{
|
||||
address = bobPrefix + "::1";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
# dan is a node inside a container running on bob's host.
|
||||
containers.dan = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "br0";
|
||||
config = { config, pkgs, ... }: {
|
||||
networking.interfaces.eth0.ipv6 = {
|
||||
addresses = [{
|
||||
address = bobPrefix + "::2";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
routes = [{
|
||||
address = "200::";
|
||||
prefixLength = 7;
|
||||
via = bobPrefix + "::1";
|
||||
}];
|
||||
};
|
||||
services.httpd.enable = true;
|
||||
services.httpd.adminAddr = "foo@example.org";
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Carol only does local peering. Carol's yggdrasil config is all Nix.
|
||||
@ -100,7 +137,7 @@ in import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
|
||||
bob.start()
|
||||
carol.start()
|
||||
bob.wait_for_unit("yggdrasil.service")
|
||||
bob.wait_for_unit("default.target")
|
||||
carol.wait_for_unit("yggdrasil.service")
|
||||
|
||||
ip_addr_show = "ip -o -6 addr show dev ygg0 scope global"
|
||||
@ -117,10 +154,13 @@ in import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
|
||||
carol.succeed("ping -c 1 ${aliceIp6}")
|
||||
carol.succeed("ping -c 1 ${bobIp6}")
|
||||
carol.succeed("ping -c 1 ${bobPrefix}::1")
|
||||
carol.succeed("ping -c 8 ${danIp6}")
|
||||
|
||||
carol.fail("journalctl -u dhcpcd | grep ygg0")
|
||||
|
||||
alice.wait_for_unit("httpd.service")
|
||||
carol.succeed("curl --fail -g http://[${aliceIp6}]")
|
||||
carol.succeed("curl --fail -g http://[${danIp6}]")
|
||||
'';
|
||||
})
|
||||
|
@ -1,28 +1,21 @@
|
||||
{ stdenv, fetchzip, wxGTK30, pkgconfig, file, gettext,
|
||||
{ stdenv, fetchzip, wxGTK31, pkgconfig, file, gettext,
|
||||
libvorbis, libmad, libjack2, lv2, lilv, serd, sord, sratom, suil, alsaLib, libsndfile, soxr, flac, lame,
|
||||
expat, libid3tag, ffmpeg_3, soundtouch, /*, portaudio - given up fighting their portaudio.patch */
|
||||
autoconf, automake, libtool
|
||||
pcre, vamp-plugin-sdk, portmidi, twolame, git,
|
||||
cmake, libtool
|
||||
}:
|
||||
|
||||
with stdenv.lib;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "2.4.1";
|
||||
version = "2.4.2";
|
||||
pname = "audacity";
|
||||
|
||||
src = fetchzip {
|
||||
url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz";
|
||||
sha256 = "1xk0piv72d2xd3p7igr916fhcbrm76fhjr418k1rlqdzzg1hfljn";
|
||||
sha256 = "0lklcvqkxrr2gkb9gh3422iadzl2rv9v0a8s76rwq43lj2im7546";
|
||||
};
|
||||
|
||||
preConfigure = /* we prefer system-wide libs */ ''
|
||||
autoreconf -vi # use system libraries
|
||||
|
||||
# we will get a (possibly harmless) warning during configure without this
|
||||
substituteInPlace configure \
|
||||
--replace /usr/bin/file ${file}/bin/file
|
||||
'';
|
||||
|
||||
configureFlags = [
|
||||
"--with-libsamplerate"
|
||||
];
|
||||
@ -43,11 +36,12 @@ stdenv.mkDerivation rec {
|
||||
"-lswscale"
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ pkgconfig autoconf automake libtool ];
|
||||
nativeBuildInputs = [ pkgconfig cmake libtool git ];
|
||||
buildInputs = [
|
||||
file gettext wxGTK30 expat alsaLib
|
||||
libsndfile soxr libid3tag libjack2 lv2 lilv serd sord sratom suil wxGTK30.gtk
|
||||
file gettext wxGTK31 expat alsaLib
|
||||
libsndfile soxr libid3tag libjack2 lv2 lilv serd sord sratom suil wxGTK31.gtk
|
||||
ffmpeg_3 libmad lame libvorbis flac soundtouch
|
||||
pcre vamp-plugin-sdk portmidi twolame
|
||||
]; #ToDo: detach sbsms
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ lib
|
||||
, fetchgit
|
||||
, nix-update-script
|
||||
, meson
|
||||
, ninja
|
||||
, pkgconfig
|
||||
@ -91,6 +92,13 @@ python3.pkgs.buildPythonApplication rec {
|
||||
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
meta = with lib; {
|
||||
changelog = "https://gitlab.gnome.org/World/lollypop/tags/${version}";
|
||||
description = "A modern music player for GNOME";
|
||||
|
@ -52,7 +52,7 @@ mkDerivation rec {
|
||||
homepage = "https://mixxx.org";
|
||||
description = "Digital DJ mixing software";
|
||||
license = licenses.gpl2Plus;
|
||||
maintainers = [ maintainers.aszlig maintainers.goibhniu maintainers.bfortz ];
|
||||
maintainers = [ maintainers.goibhniu maintainers.bfortz ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
|
@ -2,12 +2,12 @@
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "mopidy-youtube";
|
||||
version = "3.0";
|
||||
version = "3.1";
|
||||
|
||||
src = python3Packages.fetchPypi {
|
||||
inherit version;
|
||||
pname = "Mopidy-YouTube";
|
||||
sha256 = "0x1q9rfnjx65n6hi8s5rw5ff4xv55h63zy52fwm8aksdnzppr7gd";
|
||||
sha256 = "1bn3nxianbal9f81z9wf2cxi893hndvrz2zdqvh1zpxrhs0cr038";
|
||||
};
|
||||
|
||||
patchPhase = "sed s/bs4/beautifulsoup4/ -i setup.cfg";
|
||||
|
@ -2,14 +2,14 @@
|
||||
, usePulseAudio ? config.pulseaudio or false, libpulseaudio }:
|
||||
|
||||
let
|
||||
version = "0.5.0";
|
||||
version = "0.5.1";
|
||||
in stdenv.mkDerivation {
|
||||
pname = "openmpt123";
|
||||
inherit version;
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-${version}+release.autotools.tar.gz";
|
||||
sha256 = "0zl3djy9z7cpqk8g8pxrzmmikxsskb0y5qdabg6c683j7x5abjs3";
|
||||
sha256 = "1vpalfsrkbx4vyrh1qy564lr91jwdxlbjivv5gzf8zcywxasf0xa";
|
||||
};
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
@ -1,24 +1,29 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, cmake
|
||||
, nixosTests
|
||||
, alsaLib
|
||||
, SDL2
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pt2-clone";
|
||||
version = "1.20";
|
||||
version = "1.22";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "8bitbubsy";
|
||||
repo = "pt2-clone";
|
||||
rev = "v${version}";
|
||||
sha256 = "0s4yk8w19qa58n5p558n6m7d5mslr9h9z5q3ayrgqcchdlm8cfky";
|
||||
sha256 = "1w6lbq4366bawy975glvjizk57zhvl562xhxwzn7p5hpm2bvw09b";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
buildInputs = [ SDL2 ] ++ stdenv.lib.optional stdenv.isLinux alsaLib;
|
||||
|
||||
passthru.tests = {
|
||||
pt2-clone-opens = nixosTests.pt2-clone;
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A highly accurate clone of the classic ProTracker 2.3D software for Amiga";
|
||||
homepage = "https://16-bits.org/pt2.php";
|
||||
|
@ -29,11 +29,11 @@
|
||||
# handle that.
|
||||
|
||||
mkDerivation rec {
|
||||
name = "qmmp-1.4.0";
|
||||
name = "qmmp-1.4.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
|
||||
sha256 = "13rhnk55d44svksl13w23w2qkfpkq4mc0jy5mi89nzqkzshwvfd8";
|
||||
sha256 = "0p18r2ri75vbyjzfa7bcl1dm372m6jvn9zj2p5ia2rh1g77fbm9a";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig ];
|
||||
|
@ -0,0 +1,45 @@
|
||||
{ stdenv, fetchFromGitHub, perlPackages, makeWrapper }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "realTimeConfigQuickScan";
|
||||
version = "unstable-2020-08-03";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "raboof";
|
||||
repo = pname;
|
||||
rev = "4b482db17f8d8567ba0abf33459ceb5f756f088c";
|
||||
sha256 = "00l69gzwla9gjv5kpklgxlwnl48wnh8h6w0k8i69qr2cxigg4rhj";
|
||||
};
|
||||
|
||||
buildInputs = [ perlPackages.perl makeWrapper ];
|
||||
|
||||
dontBuild = true;
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
mkdir -p $out/share/doc
|
||||
# Install Script Files:
|
||||
# *.pm files
|
||||
for i in *.pm; do
|
||||
install -Dm 755 "$i" "$out/share/$i"
|
||||
done
|
||||
# Install doc files:
|
||||
install -D COPYING "$out/share/doc/COPYING"
|
||||
install -D README.md "$out/share/doc/README.md"
|
||||
# Install Executable scripts:
|
||||
install -Dm 755 realTimeConfigQuickScan.pl "$out/bin/realTimeConfigQuickScan"
|
||||
install -Dm 755 QuickScan.pl "$out/bin/QuickScan"
|
||||
wrapProgram $out/bin/realTimeConfigQuickScan \
|
||||
--set PERL5LIB "$out/share"
|
||||
wrapProgram $out/bin/QuickScan \
|
||||
--set PERL5LIB "$out/share:${with perlPackages; makePerlPath [ Tk ]}"
|
||||
'';
|
||||
meta = with stdenv.lib; {
|
||||
description = "Linux configuration checker for systems to be used for real-time audio";
|
||||
homepage = "https://github.com/raboof/realtimeconfigquickscan";
|
||||
license = licenses.gpl2;
|
||||
maintainers = with maintainers; [ magnetophon ];
|
||||
platforms = platforms.linux ;
|
||||
};
|
||||
}
|
||||
|
@ -20,13 +20,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "sooperlooper";
|
||||
version = "unstable-2019-09-30";
|
||||
version = "1.7.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "essej";
|
||||
repo = "sooperlooper";
|
||||
rev = "4d1da14176e16b0f56b727bb1e6c2e8957515625";
|
||||
sha256 = "1gsgqa7hdymzw2al1ymzv0f33y161dyhh3fmy88lpjwv3bfchamg";
|
||||
rev = "v${builtins.replaceStrings [ "." ] [ "_" ] version}";
|
||||
sha256 = "1jng9bkb7iikad0dy1fkiq9wjjdhh1xi1p0cp2lvnz1dsc4yk6iw";
|
||||
};
|
||||
|
||||
autoreconfPhase = ''
|
||||
@ -51,6 +51,8 @@ stdenv.mkDerivation rec {
|
||||
fftw
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A live looping sampler capable of immediate loop recording, overdubbing, multiplying, reversing and more";
|
||||
longDescription = ''
|
||||
|
@ -6,18 +6,21 @@
|
||||
, alsaLib
|
||||
, SDL
|
||||
, jack2
|
||||
, audiofile
|
||||
, goocanvas # graphical envelope editing
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "soundtracker";
|
||||
version = "1.0.0.1";
|
||||
version = "1.0.1";
|
||||
|
||||
src = fetchurl {
|
||||
# Past releases get moved to the "old releases" directory.
|
||||
# Only the latest release (currently a prerelease) is at the top level.
|
||||
url = "mirror://sourceforge/soundtracker/old%20releases/soundtracker-${version}.tar.bz2";
|
||||
sha256 = "1ggliswz5ngmlnrnyhv3x1arh5w77an0ww9p53cddp9aas5q11jm";
|
||||
# Only the latest release is at the top level.
|
||||
# Nonetheless, only the name of the file seems to affect which file is
|
||||
# downloaded, so this path should be fine both for old and current releases.
|
||||
url = "mirror://sourceforge/soundtracker/soundtracker-${version}.tar.bz2";
|
||||
sha256 = "0m5iiqccch6w53khpvdldz59zymw13vmwqc5ggx3sn41riwbd6ks";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
@ -28,9 +31,12 @@ stdenv.mkDerivation rec {
|
||||
gtk2
|
||||
SDL
|
||||
jack2
|
||||
audiofile
|
||||
goocanvas
|
||||
] ++ stdenv.lib.optional stdenv.isLinux alsaLib;
|
||||
|
||||
hardeningDisable = [ "format" ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A music tracking tool similar in design to the DOS program FastTracker and the Amiga legend ProTracker";
|
||||
longDescription = ''
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "spotify-tui";
|
||||
version = "0.20.0";
|
||||
version = "0.21.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Rigellute";
|
||||
repo = "spotify-tui";
|
||||
rev = "v${version}";
|
||||
sha256 = "1gdsk620md5nv1r05jysmfhpbcidh15wzyiklkazsb6cppm6qsiy";
|
||||
sha256 = "0pvgq8r1bb7bdxm50hxl0n7ajplpzp1gnf6j55dn6xwck0syml9y";
|
||||
};
|
||||
|
||||
cargoSha256 = "0irfdmik6nrpfs9yzva5q351cfyf1cijxa2a08prwdccrivdk98a";
|
||||
cargoSha256 = "07v1qm5ky99j2lwbl00g80z0f8hfrpwgyqsm8fnda6y9s3vzzdgz";
|
||||
|
||||
nativeBuildInputs = stdenv.lib.optionals stdenv.isLinux [ pkgconfig python3 ];
|
||||
buildInputs = [ ]
|
||||
|
60
pkgs/applications/audio/sublime-music/default.nix
Normal file
60
pkgs/applications/audio/sublime-music/default.nix
Normal file
@ -0,0 +1,60 @@
|
||||
{ lib, python3Packages, gobject-introspection, gtk3, pango, wrapGAppsHook
|
||||
|
||||
, chromecastSupport ? false
|
||||
, serverSupport ? false
|
||||
, keyringSupport ? true
|
||||
, notifySupport ? true, libnotify
|
||||
, networkSupport ? true, networkmanager
|
||||
}:
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "sublime-music";
|
||||
version = "0.11.0";
|
||||
|
||||
src = python3Packages.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1rnjc8pjfaq67mq10gy939g77azc80lxf77s9nsaxds4q5j1yrl2";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
gobject-introspection
|
||||
python3Packages.setuptools
|
||||
wrapGAppsHook
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
gtk3
|
||||
pango
|
||||
]
|
||||
++ lib.optional notifySupport libnotify
|
||||
++ lib.optional networkSupport networkmanager
|
||||
;
|
||||
|
||||
propagatedBuildInputs = with python3Packages; [
|
||||
dataclasses-json
|
||||
deepdiff
|
||||
fuzzywuzzy
|
||||
mpv
|
||||
peewee
|
||||
pygobject3
|
||||
python-Levenshtein
|
||||
python-dateutil
|
||||
requests
|
||||
semver
|
||||
]
|
||||
++ lib.optional chromecastSupport PyChromecast
|
||||
++ lib.optional keyringSupport keyring
|
||||
++ lib.optional serverSupport bottle
|
||||
;
|
||||
|
||||
# hook for gobject-introspection doesn't like strictDeps
|
||||
# https://github.com/NixOS/nixpkgs/issues/56943
|
||||
strictDeps = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "GTK3 Subsonic/Airsonic client";
|
||||
homepage = "https://sublimemusic.app/";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = with maintainers; [ albakham ];
|
||||
};
|
||||
}
|
@ -1,5 +1,6 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, nix-update-script
|
||||
, cmake
|
||||
, ninja
|
||||
, vala
|
||||
@ -61,7 +62,7 @@ stdenv.mkDerivation rec {
|
||||
];
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "go-ethereum";
|
||||
version = "1.9.17";
|
||||
version = "1.9.18";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ethereum";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "175cy5cqkdhvh3kv2d0madybbz2sdbgxhm8xfb3ydbaf2hzihxmx";
|
||||
sha256 = "0nkzwmrzk0m9662cr18h5i54v07mw8v3fh0csvqx8n50z5fcvb7b";
|
||||
};
|
||||
|
||||
usb = fetchFromGitHub {
|
||||
@ -18,7 +18,7 @@ buildGoModule rec {
|
||||
sha256 = "0asd5fz2rhzkjmd8wjgmla5qmqyz4jaa6qf0n2ycia16jsck6wc2";
|
||||
};
|
||||
|
||||
vendorSha256 = "0w2214fllw93xbrlxayhl014aqbjsc8zz7mpik7w5b26m60hn5kr";
|
||||
vendorSha256 = "13wh6r9zi5qw72xkbzy3mcgn7lv9l981x4lniypjbnkwhq2dj5iz";
|
||||
|
||||
overrideModAttrs = (_: {
|
||||
postBuild = ''
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, nix-update-script
|
||||
, substituteAll
|
||||
, plymouth
|
||||
, pam
|
||||
@ -127,6 +128,13 @@ stdenv.mkDerivation rec {
|
||||
rm -rf $out/etc/apparmor.d $out/etc/init $out/etc/pam.d
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
meta = {
|
||||
homepage = "https://github.com/CanonicalLtd/lightdm";
|
||||
description = "A cross-desktop display manager";
|
||||
|
@ -18,9 +18,9 @@ let
|
||||
sha256Hash = "11lkwcbzdl86cyz4lci65cx9z5jjhrc4z40maqx2r5hw1xka9290";
|
||||
};
|
||||
latestVersion = { # canary & dev
|
||||
version = "4.2.0.4"; # "Android Studio 4.2 Canary 4"
|
||||
build = "201.6636798";
|
||||
sha256Hash = "1v3893g5kx2azmv0zj2k1rxpiksapnapy7rgfq6x6fq4d2q87wbc";
|
||||
version = "4.2.0.5"; # "Android Studio 4.2 Canary 5"
|
||||
build = "201.6682321";
|
||||
sha256Hash = "076q6d7kmi0wcsqak7n6ggp1qns4xj1134xcpdzb92qk3dmg3wrh";
|
||||
};
|
||||
in {
|
||||
# Attributes are named by their corresponding release channels
|
||||
|
@ -2,6 +2,8 @@
|
||||
, Xaw3d, libXcursor, pkgconfig, gettext, libXft, dbus, libpng, libjpeg, libungif
|
||||
, libtiff, librsvg, gconf, libxml2, imagemagick, gnutls, libselinux
|
||||
, alsaLib, cairo, acl, gpm, AppKit, GSS, ImageIO, m17n_lib, libotf
|
||||
, jansson, harfbuzz
|
||||
, libgccjit, targetPlatform, binutils, binutils-unwrapped, makeWrapper # native-comp params
|
||||
, systemd ? null
|
||||
, withX ? !stdenv.isDarwin
|
||||
, withNS ? stdenv.isDarwin
|
||||
@ -11,6 +13,7 @@
|
||||
, withCsrc ? true
|
||||
, srcRepo ? false, autoconf ? null, automake ? null, texinfo ? null
|
||||
, siteStart ? ./site-start.el
|
||||
, nativeComp ? false
|
||||
, toolkit ? (
|
||||
if withGTK2 then "gtk2"
|
||||
else if withGTK3 then "gtk3"
|
||||
@ -28,10 +31,13 @@ assert withGTK3 -> !withGTK2 && gtk3-x11 != null;
|
||||
assert withXwidgets -> withGTK3 && webkitgtk != null;
|
||||
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "emacs-${version}${versionModifier}";
|
||||
let
|
||||
version = "26.3";
|
||||
versionModifier = "";
|
||||
name = "emacs-${version}${versionModifier}";
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
inherit name version;
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnu/emacs/${name}.tar.xz";
|
||||
@ -50,29 +56,50 @@ stdenv.mkDerivation rec {
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = lib.optionalString srcRepo ''
|
||||
rm -fr .git
|
||||
'';
|
||||
postPatch = lib.concatStringsSep "\n" [
|
||||
(lib.optionalString srcRepo ''
|
||||
rm -fr .git
|
||||
'')
|
||||
|
||||
# Make native compilation work both inside and outside of nix build
|
||||
(lib.optionalString nativeComp (let
|
||||
libPath = lib.concatStringsSep ":" [
|
||||
"${lib.getLib libgccjit}/lib/gcc/${targetPlatform.config}/${libgccjit.version}"
|
||||
"${lib.getLib stdenv.cc.cc}/lib"
|
||||
"${lib.getLib stdenv.glibc}/lib"
|
||||
];
|
||||
in ''
|
||||
substituteInPlace lisp/emacs-lisp/comp.el --replace \
|
||||
"(defcustom comp-async-env-modifier-form nil" \
|
||||
"(defcustom comp-async-env-modifier-form '((setenv \"LIBRARY_PATH\" (string-join (seq-filter (lambda (v) (null (eq v nil))) (list (getenv \"LIBRARY_PATH\") \"${libPath}\")) \":\")))"
|
||||
|
||||
''))
|
||||
|
||||
""
|
||||
];
|
||||
|
||||
CFLAGS = "-DMAC_OS_X_VERSION_MAX_ALLOWED=101200";
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ]
|
||||
LIBRARY_PATH = if nativeComp then "${lib.getLib stdenv.cc.libc}/lib" else "";
|
||||
|
||||
nativeBuildInputs = [ pkgconfig makeWrapper ]
|
||||
++ lib.optionals srcRepo [ autoconf automake texinfo ]
|
||||
++ lib.optional (withX && (withGTK3 || withXwidgets)) wrapGAppsHook;
|
||||
|
||||
buildInputs =
|
||||
[ ncurses gconf libxml2 gnutls alsaLib acl gpm gettext ]
|
||||
[ ncurses gconf libxml2 gnutls alsaLib acl gpm gettext jansson harfbuzz.dev ]
|
||||
++ lib.optionals stdenv.isLinux [ dbus libselinux systemd ]
|
||||
++ lib.optionals withX
|
||||
[ xlibsWrapper libXaw Xaw3d libXpm libpng libjpeg libungif libtiff libXft
|
||||
gconf ]
|
||||
gconf cairo ]
|
||||
++ lib.optionals (withX || withNS) [ imagemagick librsvg ]
|
||||
++ lib.optionals (stdenv.isLinux && withX) [ m17n_lib libotf ]
|
||||
++ lib.optional (withX && withGTK2) gtk2-x11
|
||||
++ lib.optionals (withX && withGTK3) [ gtk3-x11 gsettings-desktop-schemas ]
|
||||
++ lib.optional (stdenv.isDarwin && withX) cairo
|
||||
++ lib.optionals (withX && withXwidgets) [ webkitgtk glib-networking ]
|
||||
++ lib.optionals withNS [ AppKit GSS ImageIO ];
|
||||
++ lib.optionals withNS [ AppKit GSS ImageIO ]
|
||||
++ lib.optionals nativeComp [ libgccjit ]
|
||||
;
|
||||
|
||||
hardeningDisable = [ "format" ];
|
||||
|
||||
@ -88,7 +115,9 @@ stdenv.mkDerivation rec {
|
||||
then [ "--with-x-toolkit=${toolkit}" "--with-xft" ]
|
||||
else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no"
|
||||
"--with-gif=no" "--with-tiff=no" ])
|
||||
++ lib.optional withXwidgets "--with-xwidgets";
|
||||
++ lib.optional withXwidgets "--with-xwidgets"
|
||||
++ lib.optional nativeComp "--with-nativecomp"
|
||||
;
|
||||
|
||||
preConfigure = lib.optionalString srcRepo ''
|
||||
./autogen.sh
|
||||
@ -106,13 +135,16 @@ stdenv.mkDerivation rec {
|
||||
postInstall = ''
|
||||
mkdir -p $out/share/emacs/site-lisp
|
||||
cp ${siteStart} $out/share/emacs/site-lisp/site-start.el
|
||||
|
||||
$out/bin/emacs --batch -f batch-byte-compile $out/share/emacs/site-lisp/site-start.el
|
||||
|
||||
siteVersionDir=`ls $out/share/emacs | grep -v site-lisp | head -n 1`
|
||||
|
||||
rm -rf $out/var
|
||||
rm -rf $out/share/emacs/${version}/site-lisp
|
||||
rm -rf $siteVersionDir
|
||||
'' + lib.optionalString withCsrc ''
|
||||
for srcdir in src lisp lwlib ; do
|
||||
dstdir=$out/share/emacs/${version}/$srcdir
|
||||
dstdir=$siteVersionDir/$srcdir
|
||||
mkdir -p $dstdir
|
||||
find $srcdir -name "*.[chm]" -exec cp {} $dstdir \;
|
||||
cp $srcdir/TAGS $dstdir
|
||||
@ -123,16 +155,24 @@ stdenv.mkDerivation rec {
|
||||
mv nextstep/Emacs.app $out/Applications
|
||||
'';
|
||||
|
||||
postFixup =
|
||||
let libPath = lib.makeLibraryPath [
|
||||
libXcursor
|
||||
];
|
||||
in lib.optionalString (stdenv.isLinux && withX && toolkit == "lucid") ''
|
||||
postFixup = lib.concatStringsSep "\n" [
|
||||
|
||||
(lib.optionalString (stdenv.isLinux && withX && toolkit == "lucid") ''
|
||||
patchelf --set-rpath \
|
||||
"$(patchelf --print-rpath "$out/bin/emacs"):${libPath}" \
|
||||
"$(patchelf --print-rpath "$out/bin/emacs"):${lib.makeLibraryPath [ libXcursor ]}" \
|
||||
"$out/bin/emacs"
|
||||
patchelf --add-needed "libXcursor.so.1" "$out/bin/emacs"
|
||||
'';
|
||||
'')
|
||||
|
||||
(lib.optionalString nativeComp ''
|
||||
wrapProgram $out/bin/emacs-* --prefix PATH : "${lib.makeBinPath [ binutils binutils-unwrapped ]}"
|
||||
'')
|
||||
|
||||
];
|
||||
|
||||
passthru = {
|
||||
inherit nativeComp;
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "The extensible, customizable GNU text editor";
|
||||
|
@ -1,13 +1,13 @@
|
||||
{ lib, stdenv, callPackage, fetchurl
|
||||
, python
|
||||
, jdk, cmake, libxml2, zlib, python3, ncurses5
|
||||
, dotnet-sdk_3
|
||||
}:
|
||||
|
||||
with stdenv.lib;
|
||||
|
||||
let
|
||||
mkJetBrainsProduct = callPackage ./common.nix { };
|
||||
|
||||
# Sorted alphabetically
|
||||
|
||||
buildClion = { name, version, src, license, description, wmClass, ... }:
|
||||
@ -223,6 +223,8 @@ let
|
||||
# Patch built-in mono for ReSharperHost to start successfully
|
||||
interpreter=$(echo ${stdenv.glibc.out}/lib/ld-linux*.so.2)
|
||||
patchelf --set-interpreter "$interpreter" lib/ReSharperHost/linux-x64/mono/bin/mono-sgen
|
||||
rm -rf lib/ReSharperHost/linux-x64/dotnet
|
||||
ln -s ${dotnet-sdk_3} lib/ReSharperHost/linux-x64/dotnet
|
||||
'');
|
||||
});
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchFromGitHub, pkgconfig, meson, ninja, python3, vala
|
||||
{ stdenv, fetchFromGitHub, nix-update-script, pkgconfig, meson, ninja, python3, vala
|
||||
, gtk3, desktop-file-utils, gtksourceview, webkitgtk, gtkspell3, pantheon
|
||||
, libgee, discount, wrapGAppsHook }:
|
||||
|
||||
@ -40,7 +40,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
@ -11,8 +11,8 @@ let
|
||||
archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz";
|
||||
|
||||
sha256 = {
|
||||
x86_64-linux = "1c8gi2001p2f0zc165cqwwf9f8ls34fgg040qn9l08za7djb9hyv";
|
||||
x86_64-darwin = "06n17s3qa2jkmg5qx3zvshz6rvdx33dhxn65j0x5mi62dv93gjgg";
|
||||
x86_64-linux = "162qwjmm439zplcyjhbb961ircqpdfw13h9ybnik1q128f4650ky";
|
||||
x86_64-darwin = "1kmg1h1gnx9kdnigjzpqd6rlzv7bz01h29ldla2srfr2q6nr0r9v";
|
||||
}.${system};
|
||||
in
|
||||
callPackage ./generic.nix rec {
|
||||
@ -21,7 +21,7 @@ in
|
||||
|
||||
# Please backport all compatible updates to the stable release.
|
||||
# This is important for the extension ecosystem.
|
||||
version = "1.46.1";
|
||||
version = "1.47.3";
|
||||
pname = "vscode";
|
||||
|
||||
executableName = "code" + lib.optionalString isInsiders "-insiders";
|
||||
|
@ -11,8 +11,8 @@ let
|
||||
archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz";
|
||||
|
||||
sha256 = {
|
||||
x86_64-linux = "0l9sg2d0657k9dacy7k2jn8z07z50v8d1czgy4bkzbrj9vz7c6a7";
|
||||
x86_64-darwin = "0mnq0ykahwfrgs28rdy1jl366qyclipsr3apnmhym1xsylk0mpfx";
|
||||
x86_64-linux = "01wzdwb6laa0kwgwwvqri06ckdixg1w4fwcx400vhg3mby4n9wvl";
|
||||
x86_64-darwin = "1byh1x839w4r88yv0k7jpvxvida1xpf7pvnsp6vnawvqpbmdwlw0";
|
||||
}.${system};
|
||||
|
||||
sourceRoot = {
|
||||
@ -27,7 +27,7 @@ in
|
||||
|
||||
# Please backport all compatible updates to the stable release.
|
||||
# This is important for the extension ecosystem.
|
||||
version = "1.46.1";
|
||||
version = "1.47.3";
|
||||
pname = "vscodium";
|
||||
|
||||
executableName = "codium";
|
||||
|
@ -11,11 +11,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "drawio";
|
||||
version = "13.4.5";
|
||||
version = "13.5.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/jgraph/drawio-desktop/releases/download/v${version}/draw.io-x86_64-${version}.rpm";
|
||||
sha256 = "1vp5krgj0xzhkiidj658ij6j10d2p97l1nifx0nrqysblcz2km3g";
|
||||
sha256 = "00ggm867c5005qfm35qf8a94d87ln91irb1ir6012am2k5bn8c8p";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
@ -88,6 +88,7 @@ stdenv.mkDerivation rec {
|
||||
description = "A desktop application for creating diagrams";
|
||||
homepage = "https://about.draw.io/";
|
||||
license = licenses.asl20;
|
||||
changelog = "https://github.com/jgraph/drawio-desktop/releases/tag/v${version}";
|
||||
maintainers = with maintainers; [ danieldk ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
};
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, nix-update-script
|
||||
, pantheon
|
||||
, vala
|
||||
, pkgconfig
|
||||
@ -57,7 +58,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, nix-update-script
|
||||
, fetchpatch
|
||||
, vala
|
||||
, pkgconfig
|
||||
@ -51,7 +52,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
@ -13,14 +13,14 @@ let
|
||||
pythonPackages = python3Packages;
|
||||
in
|
||||
mkDerivation rec {
|
||||
version = "1.8";
|
||||
version = "1.9";
|
||||
pname = "renderdoc";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "baldurk";
|
||||
repo = "renderdoc";
|
||||
rev = "v${version}";
|
||||
sha256 = "177j893abplj8wd8j4ava58m1mr7qq8fsffsq0w4hf5xgl5w8fq8";
|
||||
sha256 = "18nparkd435hdbm924jfdvmym7f3xd2fcy96jr4lrkl5rhj2sf85";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
|
@ -17,6 +17,7 @@
|
||||
, libgudev
|
||||
, libraw
|
||||
, glib
|
||||
, glib-networking
|
||||
, json-glib
|
||||
, gcr
|
||||
, libgee
|
||||
@ -77,6 +78,7 @@ stdenv.mkDerivation rec {
|
||||
libraw
|
||||
json-glib
|
||||
glib
|
||||
glib-networking
|
||||
gdk-pixbuf
|
||||
librsvg
|
||||
librest
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ mkDerivation, stdenv, lib, qtbase, qtsvg, libglvnd, fetchurl, makeDesktopItem }:
|
||||
{ mkDerivation, stdenv, lib, qtbase, qtsvg, libglvnd, libX11, libXi, fetchurl, makeDesktopItem }:
|
||||
let
|
||||
# taken from: https://www.iconfinder.com/icons/50835/edit_pencil_write_icon
|
||||
# license: Free for commercial use
|
||||
@ -9,7 +9,7 @@ let
|
||||
in
|
||||
mkDerivation rec {
|
||||
pname = "write_stylus";
|
||||
version = "209";
|
||||
version = "300";
|
||||
|
||||
desktopItem = makeDesktopItem {
|
||||
name = "Write";
|
||||
@ -23,7 +23,7 @@ mkDerivation rec {
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://www.styluslabs.com/write/write${version}.tar.gz";
|
||||
sha256 = "1p6glp4vdpwl8hmhypayc4cvs3j9jfmjfhhrgqm2xkgl5bfbv2qd";
|
||||
sha256 = "1kg4qqxgg7iyxl13hkbl3j27dykra56dj67hbv0392mwdcgavihq";
|
||||
};
|
||||
|
||||
sourceRoot = ".";
|
||||
@ -44,7 +44,9 @@ mkDerivation rec {
|
||||
qtbase # libQt5PrintSupport.so.5
|
||||
qtsvg # libQt5Svg.so.5
|
||||
stdenv.cc.cc.lib # libstdc++.so.6
|
||||
libglvnd # ibGL.so.1
|
||||
libglvnd # libGL.so.1
|
||||
libX11 # libX11.so.6
|
||||
libXi # libXi.so.6
|
||||
];
|
||||
in ''
|
||||
patchelf \
|
||||
|
38
pkgs/applications/logging/humioctl/default.nix
Normal file
38
pkgs/applications/logging/humioctl/default.nix
Normal file
@ -0,0 +1,38 @@
|
||||
{ buildGoModule, fetchFromGitHub, installShellFiles, stdenv }:
|
||||
|
||||
let
|
||||
humioCtlVersion = "0.25.0";
|
||||
sha256 = "1x8354m410nf9g167v0i1c77s5w2by7smdlyjwl89ixgdjw04ay3";
|
||||
vendorSha256 = "14bysjgvahr56hvd8walym11hh721i1q2g503n8m68wdzrrym4qy";
|
||||
in buildGoModule {
|
||||
name = "humioctl-${humioCtlVersion}";
|
||||
pname = "humioctl";
|
||||
version = humioCtlVersion;
|
||||
|
||||
vendorSha256 = vendorSha256;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "humio";
|
||||
repo = "cli";
|
||||
rev = "v${humioCtlVersion}";
|
||||
sha256 = sha256;
|
||||
};
|
||||
|
||||
buildFlagsArray = "-ldflags=-X main.version=${humioCtlVersion}";
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
postInstall = ''
|
||||
mv $out/bin/cli $out/bin/humioctl
|
||||
$out/bin/humioctl completion bash > humioctl.bash
|
||||
$out/bin/humioctl completion zsh > humioctl.zsh
|
||||
installShellCompletion humioctl.{bash,zsh}
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://github.com/humio/cli";
|
||||
description = "A CLI for managing and sending data to Humio";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ lucperkins ];
|
||||
};
|
||||
}
|
@ -1,5 +1,6 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, nix-update-script
|
||||
, vala
|
||||
, meson
|
||||
, ninja
|
||||
@ -51,7 +52,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, nix-update-script
|
||||
, meson
|
||||
, ninja
|
||||
, vala
|
||||
@ -48,7 +49,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
@ -6,13 +6,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "clight";
|
||||
version = "4.0";
|
||||
version = "4.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "FedeDP";
|
||||
repo = "Clight";
|
||||
rev = version;
|
||||
sha256 = "101fp9kwmfmfffpdvv41wf96kdjw0b16xk49g43w32a5wlr74zrq";
|
||||
sha256 = "1j7va217g1k8lxl3lly13js8myf0shjc6knalq8q6lakc6j1mkxx";
|
||||
};
|
||||
|
||||
# bash-completion.pc completionsdir=${bash-completion.out}
|
||||
|
@ -1,14 +1,14 @@
|
||||
{ stdenv, fetchFromGitHub, python3, installShellFiles }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "1.8.1";
|
||||
version = "1.9";
|
||||
pname = "ddgr";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "jarun";
|
||||
repo = "ddgr";
|
||||
rev = "v${version}";
|
||||
sha256 = "0668wzh1gqin0xscy3fly9hz370n2ny175f3kya9bsld0x0jkd5p";
|
||||
sha256 = "0qbdq7k0mmvkjp6qzz88n7vf29liqn6y5w4y39ldqdc8hzw5sld7";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
@ -6,13 +6,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "dunst";
|
||||
version = "1.4.1";
|
||||
version = "1.5.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "dunst-project";
|
||||
repo = "dunst";
|
||||
rev = "v${version}";
|
||||
sha256 = "0xjj1f2jr1ja5grj6wrx5jjz1sx5fpqnvkw7nqi4452j3nc4p4l2";
|
||||
sha256 = "0irwkqcgwkqaylcpvqgh25gn2ysbdm2kydipxfzcq1ddj9ns6f9c";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ perl pkgconfig which systemd makeWrapper ];
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, nix-update-script
|
||||
, meson
|
||||
, ninja
|
||||
, vala
|
||||
@ -62,7 +63,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
@ -3,13 +3,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "girara";
|
||||
version = "0.3.4";
|
||||
version = "0.3.5";
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://git.pwmt.org/pwmt/${pname}/-/archive/${version}/${pname}-${version}.tar.gz";
|
||||
sha256 = "08zdsr4zwi49facsl5596l0g1xqqv2jk3sqk841gkxwawcggim44";
|
||||
sha256 = "1n3i960b458172mc3pkq7m9dn5qxry6fms3c3k06v27cjp5whsyf";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ meson ninja pkgconfig gettext check dbus xvfb_run ];
|
||||
|
@ -1,16 +1,14 @@
|
||||
{ stdenv, buildGoModule, fetchFromGitHub, libsass }:
|
||||
{ stdenv, buildGoModule, fetchFromGitHub }:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "hugo";
|
||||
version = "0.73.0";
|
||||
|
||||
buildInputs = [ libsass ];
|
||||
version = "0.74.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "gohugoio";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0qhv8kdv5k1xfk6106lxvsz7f92k7w6wk05ngz7qxbkb6zkcnshw";
|
||||
sha256 = "0rikr4yrjvmrv8smvr8jdbcjqwf61y369wn875iywrj63pyr74r9";
|
||||
};
|
||||
|
||||
golibsass = fetchFromGitHub {
|
||||
@ -27,7 +25,7 @@ buildGoModule rec {
|
||||
'';
|
||||
});
|
||||
|
||||
vendorSha256 = "07dkmrldsxw59v6r4avj1gr4hsaxybhb14qv61hc777qix2kq9v1";
|
||||
vendorSha256 = "031k8bvca1pb1naw922vg5h95gnwp76dii1cjcs0b1qj93isdibk";
|
||||
|
||||
buildFlags = [ "-tags" "extended" ];
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchFromGitHub, vala, pkgconfig, meson, ninja, python3, pantheon
|
||||
{ stdenv, fetchFromGitHub, nix-update-script, vala, pkgconfig, meson, ninja, python3, pantheon
|
||||
, gtk3, gtksourceview, json-glib, libgee, wrapGAppsHook }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
@ -35,7 +35,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
49
pkgs/applications/misc/nwg-launchers/default.nix
Normal file
49
pkgs/applications/misc/nwg-launchers/default.nix
Normal file
@ -0,0 +1,49 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, cmake
|
||||
, gtkmm3
|
||||
, meson
|
||||
, ninja
|
||||
, nlohmann_json
|
||||
, pkgconfig
|
||||
, swaylock
|
||||
, makeWrapper
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "nwg-launchers";
|
||||
version = "0.2.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nwg-piotr";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "1mlym0mpg6njwgwniwlk95fk6wfwlzq8nwmkb5mkjlm2nqv5bdv1";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
meson
|
||||
ninja
|
||||
pkgconfig
|
||||
cmake
|
||||
makeWrapper
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
gtkmm3
|
||||
nlohmann_json
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
wrapProgram $out/bin/nwgbar \
|
||||
--prefix PATH : "${swaylock}/bin"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "GTK-based launchers: application grid, button bar, dmenu for sway and other window managers";
|
||||
homepage = "https://github.com/nwg-piotr/nwg-launchers";
|
||||
license = licenses.gpl3;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ bbigras ];
|
||||
};
|
||||
}
|
@ -1,5 +1,6 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, nix-update-script
|
||||
, fetchpatch
|
||||
, vala
|
||||
, meson
|
||||
@ -54,7 +55,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pdfsam-basic";
|
||||
version = "4.1.3";
|
||||
version = "4.1.4";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/torakiki/pdfsam/releases/download/v${version}/pdfsam_${version}-1_amd64.deb";
|
||||
sha256 = "1rhv6mf6pr9aaa8516i3b7v6h622qb1p8c4jsy3j0s5wrdry5l9l";
|
||||
sha256 = "1gw3cmc8c1xxc55bm71v1dz9x9560lbhx9nkwprarhxlmn0m0zzp";
|
||||
};
|
||||
|
||||
unpackPhase = ''
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchFromGitHub
|
||||
{ stdenv, fetchFromGitHub, nix-update-script
|
||||
, vala, meson, ninja, pkgconfig, pantheon, gettext, wrapGAppsHook, python3, desktop-file-utils
|
||||
, gtk3, glib, libgee, libgda, gtksourceview, libxml2, libsecret, libssh2 }:
|
||||
|
||||
@ -30,7 +30,7 @@ in stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
@ -75,7 +75,7 @@ stdenv.mkDerivation rec {
|
||||
description = "Share one mouse and keyboard between multiple computers";
|
||||
homepage = "http://synergy-project.org/";
|
||||
license = licenses.gpl2;
|
||||
maintainers = with maintainers; [ aszlig enzime ];
|
||||
maintainers = with maintainers; [ enzime ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, nix-update-script
|
||||
, fetchpatch
|
||||
, vala
|
||||
, meson
|
||||
@ -63,7 +64,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
buildGoPackage rec {
|
||||
pname = "tut";
|
||||
version = "0.0.13";
|
||||
version = "0.0.14";
|
||||
|
||||
goPackagePath = "github.com/RasmusLindroth/tut";
|
||||
goDeps = ./deps.nix;
|
||||
@ -11,7 +11,7 @@ buildGoPackage rec {
|
||||
owner = "RasmusLindroth";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "085qiv9q2hzv1v6qmbddra23acsmmkbwmjqc3cp81gfgl893z7sm";
|
||||
sha256 = "1l7lc6cjx97v9zhc0b6lfzqjmyv1i3qj83drkck36if3mc60vvwi";
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ stdenv
|
||||
, fetchurl
|
||||
, nix-update-script
|
||||
, python3Packages
|
||||
, gdk-pixbuf
|
||||
, glib
|
||||
@ -103,6 +104,13 @@ python3Packages.buildPythonApplication rec {
|
||||
gappsWrapperArgs+=(--prefix PATH : "${stdenv.lib.makeBinPath [ wmctrl ]}")
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A fast application launcher for Linux, written in Python, using GTK";
|
||||
homepage = "https://ulauncher.io/";
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
let
|
||||
pname = "Sylk";
|
||||
version = "2.7.2";
|
||||
version = "2.8.0";
|
||||
in
|
||||
|
||||
appimageTools.wrapType2 rec {
|
||||
@ -10,7 +10,7 @@ appimageTools.wrapType2 rec {
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://download.ag-projects.com/Sylk/Sylk-${version}-x86_64.AppImage";
|
||||
sha256 = "1hz41jan8hw56ahpaajlb1yy5zjkyxrclzmqhklm5x59b76pd0zx";
|
||||
hash = "sha256:09j1kijs31yk3iw2lj7szv1nwkqiqydj3zkkmr49qlib1qj717wh";
|
||||
};
|
||||
|
||||
profile = ''
|
||||
|
@ -90,5 +90,6 @@ mkChromiumDerivation (base: rec {
|
||||
platforms = platforms.linux;
|
||||
hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else [];
|
||||
timeout = 172800; # 48 hours
|
||||
broken = channel == "dev"; # Requires LLVM 11
|
||||
};
|
||||
})
|
||||
|
@ -44,7 +44,7 @@ let
|
||||
sha256 = "00y2d35wvqmx9glaqhfb62wdgbfpwr77v0934nnvh9ks71vnsjqy";
|
||||
};
|
||||
});
|
||||
} // lib.optionalAttrs (channel == "dev") {
|
||||
} // lib.optionalAttrs (channel == "beta") {
|
||||
gnChromium = gn.overrideAttrs (oldAttrs: {
|
||||
version = "2020-05-19";
|
||||
src = fetchgit {
|
||||
@ -53,6 +53,15 @@ let
|
||||
sha256 = "0197msabskgfbxvhzq73gc3wlr3n9cr4bzrhy5z5irbvy05lxk17";
|
||||
};
|
||||
});
|
||||
} // lib.optionalAttrs (channel == "dev") {
|
||||
gnChromium = gn.overrideAttrs (oldAttrs: {
|
||||
version = "2020-07-20";
|
||||
src = fetchgit {
|
||||
url = "https://gn.googlesource.com/gn";
|
||||
rev = "3028c6a426a4aaf6da91c4ebafe716ae370225fe";
|
||||
sha256 = "0h3wf4152zdvrbb0jbj49q6814lfl3rcy5mj8b2pl9s0ahvkbc6q";
|
||||
};
|
||||
});
|
||||
});
|
||||
|
||||
browser = callPackage ./browser.nix { inherit channel enableWideVine; };
|
||||
|
@ -1,18 +1,18 @@
|
||||
# This file is autogenerated from update.sh in the same directory.
|
||||
{
|
||||
beta = {
|
||||
sha256 = "0yf6j0459qzr677zsa2apmfz0x0ndlscvwj1a5v40nqjijchv5qp";
|
||||
sha256bin64 = "017ix9a74f2gzlg6in0x6fqgiw8bpk0rypr6wsqqkslywprypjd0";
|
||||
version = "84.0.4147.89";
|
||||
sha256 = "06cl77yi7cb6r7n8mn38d61zmgwxi690qxrkd56hg2773hn06wq5";
|
||||
sha256bin64 = "0a6c44qb0n2hdc42p5xqybnbhgdxd51lyygkqz42fmym6id65v88";
|
||||
version = "85.0.4183.39";
|
||||
};
|
||||
dev = {
|
||||
sha256 = "1dbbr7s8vbhxd0sk4k2yqp630zp1r4gzkkd2a86pzlzq2mjhsk8a";
|
||||
sha256bin64 = "0bphfwi6nkj9nzrjjaffiv27xfblgdikyifsbjl6vv2pawkh335q";
|
||||
version = "85.0.4183.15";
|
||||
sha256 = "1l2d3gk7si1djxn3901fjgykv7nzc8g970m3fb9pjflfrr8f17v6";
|
||||
sha256bin64 = "0flsmy5blrc9gs6cikag7mdlvgkm6mzm745kcq0shfmhanvlkykn";
|
||||
version = "86.0.4209.2";
|
||||
};
|
||||
stable = {
|
||||
sha256 = "0yf6j0459qzr677zsa2apmfz0x0ndlscvwj1a5v40nqjijchv5qp";
|
||||
sha256bin64 = "1hzhgvs2ykqsncpnbnhzh09sw1vlsdfjhs06z5gc80l47brdi3wz";
|
||||
version = "84.0.4147.89";
|
||||
sha256 = "1b6cqnwx76pp4y5hvz3qm8lm1ayaxr5578k76164acr35bmypx6a";
|
||||
sha256bin64 = "0znxq5ncyvyysx3p8xikzg8jm8jr51k478y29m985x6c5p5a4zyw";
|
||||
version = "84.0.4147.105";
|
||||
};
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchgit, meson, ninja, pkgconfig
|
||||
{ stdenv, fetchgit, meson, ninja, pkgconfig, nix-update-script
|
||||
, python3, gtk3, libsecret, gst_all_1, webkitgtk
|
||||
, glib-networking, gtkspell3, hunspell, desktop-file-utils
|
||||
, gobject-introspection, wrapGAppsHook }:
|
||||
@ -57,6 +57,13 @@ python3.pkgs.buildPythonApplication rec {
|
||||
patchPythonScript "$out/libexec/eolie-sp"
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A new GNOME web browser";
|
||||
homepage = "https://wiki.gnome.org/Apps/Eolie";
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, nix-update-script
|
||||
, desktop-file-utils
|
||||
, vala
|
||||
, gettext
|
||||
@ -55,7 +56,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = pantheon.updateScript {
|
||||
updateScript = nix-update-script {
|
||||
attrPath = pname;
|
||||
};
|
||||
};
|
||||
|
@ -51,7 +51,7 @@
|
||||
# https://github.com/NixOS/nixpkgs/issues/31843#issuecomment-346372756 we
|
||||
# have permission to use the official firefox branding.
|
||||
#
|
||||
# Fur purposes of documentation the statement of @sylvestre:
|
||||
# For purposes of documentation the statement of @sylvestre:
|
||||
# > As the person who did part of the work described in the LWN article
|
||||
# > and release manager working for Mozilla, I can confirm the statement
|
||||
# > that I made in
|
||||
|
@ -27,6 +27,7 @@ let
|
||||
, nameSuffix ? ""
|
||||
, icon ? browserName
|
||||
, extraNativeMessagingHosts ? []
|
||||
, pkcs11Modules ? []
|
||||
, forceWayland ? false
|
||||
, useGlvnd ? true
|
||||
, cfg ? config.${browserName} or {}
|
||||
@ -74,7 +75,8 @@ let
|
||||
++ lib.optionals (cfg.enableQuakeLive or false)
|
||||
(with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsaLib zlib ])
|
||||
++ lib.optional (enableAdobeFlash && (cfg.enableAdobeFlashDRM or false)) hal-flash
|
||||
++ lib.optional (config.pulseaudio or true) libpulseaudio;
|
||||
++ lib.optional (config.pulseaudio or true) libpulseaudio
|
||||
++ pkcs11Modules;
|
||||
gtk_modules = [ libcanberra-gtk2 ];
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
@ -154,6 +156,11 @@ let
|
||||
ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/*
|
||||
done
|
||||
|
||||
mkdir -p $out/lib/mozilla/pkcs11-modules
|
||||
for ext in ${toString pkcs11Modules}; do
|
||||
ln -sLt $out/lib/mozilla/pkcs11-modules $ext/lib/mozilla/pkcs11-modules/*
|
||||
done
|
||||
|
||||
# For manpages, in case the program supplies them
|
||||
mkdir -p $out/nix-support
|
||||
echo ${browser} > $out/nix-support/propagated-user-env-packages
|
||||
|
@ -2,8 +2,9 @@
|
||||
, mkDerivationWith, wrapQtAppsHook, wrapGAppsHook, qtbase, glib-networking
|
||||
, asciidoc, docbook_xml_dtd_45, docbook_xsl, libxml2
|
||||
, libxslt, gst_all_1 ? null
|
||||
, withPdfReader ? true
|
||||
, withMediaPlayback ? true
|
||||
, withPdfReader ? true
|
||||
, withMediaPlayback ? true
|
||||
, backend ? "webengine"
|
||||
}:
|
||||
|
||||
assert withMediaPlayback -> gst_all_1 != null;
|
||||
@ -19,6 +20,14 @@ let
|
||||
stripRoot = false;
|
||||
};
|
||||
|
||||
backendPackage =
|
||||
if backend == "webengine" then python3Packages.pyqtwebengine else
|
||||
if backend == "webkit" then python3Packages.pyqt5_with_qtwebkit else
|
||||
throw ''
|
||||
Unknown qutebrowser backend "${backend}".
|
||||
Valid choices are qtwebengine (recommended) or qtwebkit.
|
||||
'';
|
||||
|
||||
in mkDerivationWith python3Packages.buildPythonApplication rec {
|
||||
pname = "qutebrowser";
|
||||
version = "1.13.0";
|
||||
@ -46,16 +55,14 @@ in mkDerivationWith python3Packages.buildPythonApplication rec {
|
||||
];
|
||||
|
||||
propagatedBuildInputs = with python3Packages; [
|
||||
pyyaml pyqt5 pyqtwebengine jinja2 pygments
|
||||
pyyaml backendPackage jinja2 pygments
|
||||
pypeg2 cssutils pyopengl attrs setuptools
|
||||
# scripts and userscripts libs
|
||||
tldextract beautifulsoup4
|
||||
pyreadability pykeepass stem
|
||||
];
|
||||
|
||||
patches = [
|
||||
./fix-restart.patch
|
||||
];
|
||||
patches = [ ./fix-restart.patch ];
|
||||
|
||||
dontWrapGApps = true;
|
||||
dontWrapQtApps = true;
|
||||
@ -101,7 +108,8 @@ in mkDerivationWith python3Packages.buildPythonApplication rec {
|
||||
postFixup = ''
|
||||
wrapProgram $out/bin/qutebrowser \
|
||||
"''${gappsWrapperArgs[@]}" \
|
||||
"''${qtWrapperArgs[@]}"
|
||||
"''${qtWrapperArgs[@]}" \
|
||||
--add-flags '--backend ${backend}'
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
@ -46,7 +46,8 @@
|
||||
|
||||
# Hardening
|
||||
, graphene-hardened-malloc
|
||||
, useHardenedMalloc ? graphene-hardened-malloc != null && builtins.elem stdenv.system graphene-hardened-malloc.meta.platforms
|
||||
# crashes with intel driver
|
||||
, useHardenedMalloc ? false
|
||||
|
||||
# Whether to disable multiprocess support to work around crashing tabs
|
||||
# TODO: fix the underlying problem instead of this terrible work-around
|
||||
|
@ -4,7 +4,7 @@
|
||||
, bzip2, flac, speex, libopus
|
||||
, libevent, expat, libjpeg, snappy
|
||||
, libpng, libcap
|
||||
, xdg_utils, yasm, minizip, libwebp
|
||||
, xdg_utils, yasm, nasm, minizip, libwebp
|
||||
, libusb1, pciutils, nss, re2, zlib
|
||||
|
||||
, python2Packages, perl, pkgconfig
|
||||
@ -13,10 +13,12 @@
|
||||
, bison, gperf
|
||||
, glib, gtk3, dbus-glib
|
||||
, glibc
|
||||
, xorg
|
||||
, libXScrnSaver, libXcursor, libXtst, libGLU, libGL
|
||||
, protobuf, speechd, libXdamage, cups
|
||||
, ffmpeg_3, libxslt, libxml2, at-spi2-core
|
||||
, jre
|
||||
, pipewire_0_2
|
||||
|
||||
# optional dependencies
|
||||
, libgcrypt ? null # gnomeSupport || cupsSupport
|
||||
@ -74,7 +76,7 @@ let
|
||||
in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
|
||||
|
||||
gnSystemLibraries = [
|
||||
"flac" "libwebp" "libxslt" "yasm" "opus" "snappy" "libpng"
|
||||
"flac" "libwebp" "libxslt" "opus" "snappy" "libpng"
|
||||
# "zlib" # version 77 reports unresolved dependency on //third_party/zlib:zlib_config
|
||||
# "libjpeg" # fails with multiple undefined references to chromium_jpeg_*
|
||||
# "re2" # fails with linker errors
|
||||
@ -91,9 +93,10 @@ let
|
||||
bzip2 flac speex opusWithCustomModes
|
||||
libevent expat libjpeg snappy
|
||||
libpng libcap
|
||||
xdg_utils yasm minizip libwebp
|
||||
xdg_utils minizip libwebp
|
||||
libusb1 re2 zlib
|
||||
ffmpeg_3 libxslt libxml2
|
||||
nasm
|
||||
# harfbuzz # in versions over 63 harfbuzz and freetype are being built together
|
||||
# so we can't build with one from system and other from source
|
||||
];
|
||||
@ -128,8 +131,9 @@ let
|
||||
nativeBuildInputs = [
|
||||
ninja which python2Packages.python perl pkgconfig
|
||||
python2Packages.ply python2Packages.jinja2 nodejs
|
||||
gnutar
|
||||
] ++ optional (versionAtLeast version "83") python2Packages.setuptools;
|
||||
gnutar python2Packages.setuptools
|
||||
(xorg.xcbproto.override { python = python2Packages.python; })
|
||||
];
|
||||
|
||||
buildInputs = defaultDependencies ++ [
|
||||
nspr nss systemd
|
||||
@ -139,6 +143,7 @@ let
|
||||
libXScrnSaver libXcursor libXtst libGLU libGL
|
||||
pciutils protobuf speechd libXdamage at-spi2-core
|
||||
jre
|
||||
pipewire_0_2
|
||||
] ++ optional useVaapi libva
|
||||
++ optional gnomeKeyringSupport libgnome-keyring3
|
||||
++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
|
||||
@ -161,13 +166,10 @@ let
|
||||
#
|
||||
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
|
||||
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
|
||||
] ++ optionals (useVaapi) ([ # Fixes for the VA-API build:
|
||||
] ++ optionals (useVaapi) [ # Improvements for the VA-API build:
|
||||
./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
|
||||
./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
|
||||
] ++ optionals (versionRange "81" "82") [
|
||||
(githubPatch "5b2ff215473e0526b5b24aeff4ad90d369b21c75" "0n00vh8wfpn2ay5fqsxcsx0zadnv7mihm72bcvnrfzh75nzbg902")
|
||||
(githubPatch "98e343ab369e4262511b5fce547728e3e5eefba8" "00wwp653jk0k0yvix00vr7ymgck9dj7fxjwx4nc67ynn84dh6064")
|
||||
]);
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
|
||||
@ -187,6 +189,11 @@ let
|
||||
'/usr/share/locale/' \
|
||||
'${glibc}/share/locale/'
|
||||
|
||||
substituteInPlace ui/gfx/x/BUILD.gn \
|
||||
--replace \
|
||||
'/usr/share/xcb' \
|
||||
'${xorg.xcbproto}/share/xcb/'
|
||||
|
||||
sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \
|
||||
chrome/browser/shell_integration_linux.cc
|
||||
|
||||
@ -239,7 +246,6 @@ let
|
||||
'';
|
||||
|
||||
gnFlags = mkGnFlags ({
|
||||
linux_use_bundled_binutils = false;
|
||||
use_lld = false;
|
||||
use_gold = true;
|
||||
gold_path = "${stdenv.cc}/bin";
|
||||
@ -257,6 +263,8 @@ let
|
||||
# added later in the wrapped -wv build or downloaded from Google.
|
||||
enable_widevine = true;
|
||||
use_cups = cupsSupport;
|
||||
# Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture.
|
||||
rtc_use_pipewire = true;
|
||||
|
||||
treat_warnings_as_errors = false;
|
||||
is_clang = stdenv.cc.isClang;
|
||||
|
@ -1,7 +1,8 @@
|
||||
{ newScope, config, stdenv, llvmPackages_9, llvmPackages_10
|
||||
, makeWrapper, ed
|
||||
, makeWrapper, ed, gnugrep
|
||||
, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit
|
||||
, libva ? null
|
||||
, pipewire_0_2
|
||||
, gcc, nspr, nss, runCommand
|
||||
, lib
|
||||
|
||||
@ -23,9 +24,7 @@
|
||||
}:
|
||||
|
||||
let
|
||||
llvmPackages = if channel != "stable"
|
||||
then llvmPackages_10
|
||||
else llvmPackages_9;
|
||||
llvmPackages = llvmPackages_10;
|
||||
stdenv = llvmPackages.stdenv;
|
||||
|
||||
callPackage = newScope chromium;
|
||||
@ -38,8 +37,6 @@ let
|
||||
mkChromiumDerivation = callPackage ./common.nix ({
|
||||
inherit gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs cupsSupport pulseSupport useOzone;
|
||||
inherit ungoogled;
|
||||
gnChromium = gn;
|
||||
} // lib.optionalAttrs (channel != "stable") {
|
||||
# TODO: Remove after we can update gn for the stable channel (backward incompatible changes):
|
||||
gnChromium = gn.overrideAttrs (oldAttrs: {
|
||||
version = "2020-03-23";
|
||||
@ -49,6 +46,15 @@ let
|
||||
sha256 = "00y2d35wvqmx9glaqhfb62wdgbfpwr77v0934nnvh9ks71vnsjqy";
|
||||
};
|
||||
});
|
||||
} // lib.optionalAttrs (channel == "dev") {
|
||||
gnChromium = gn.overrideAttrs (oldAttrs: {
|
||||
version = "2020-05-19";
|
||||
src = fetchgit {
|
||||
url = "https://gn.googlesource.com/gn";
|
||||
rev = "d0a6f072070988e7b038496c4e7d6c562b649732";
|
||||
sha256 = "0197msabskgfbxvhzq73gc3wlr3n9cr4bzrhy5z5irbvy05lxk17";
|
||||
};
|
||||
});
|
||||
});
|
||||
|
||||
browser = callPackage ./browser.nix { inherit channel enableWideVine; };
|
||||
@ -140,7 +146,7 @@ let
|
||||
(!enableVaapi)
|
||||
"--add-flags --disable-accelerated-video-decode --add-flags --disable-accelerated-video-encode";
|
||||
in stdenv.mkDerivation {
|
||||
name = "chromium${suffix}-${version}";
|
||||
name = "ungoogled-chromium${suffix}-${version}";
|
||||
inherit version;
|
||||
|
||||
buildInputs = [
|
||||
@ -158,7 +164,7 @@ in stdenv.mkDerivation {
|
||||
buildCommand = let
|
||||
browserBinary = "${chromiumWV}/libexec/chromium/chromium";
|
||||
getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")";
|
||||
libPath = stdenv.lib.makeLibraryPath [ libva ];
|
||||
libPath = stdenv.lib.makeLibraryPath [ libva pipewire_0_2 ];
|
||||
|
||||
in with stdenv.lib; ''
|
||||
mkdir -p "$out/bin"
|
||||
@ -185,7 +191,7 @@ in stdenv.mkDerivation {
|
||||
'' + ''
|
||||
|
||||
# libredirect causes chromium to deadlock on startup
|
||||
export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | tr ':' '\n' | grep -v /lib/libredirect\\\\.so$ | tr '\n' ':')"
|
||||
export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | tr ':' '\n' | ${gnugrep}/bin/grep -v /lib/libredirect\\\\.so$ | tr '\n' ':')"
|
||||
|
||||
export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS
|
||||
|
||||
|
@ -31,15 +31,6 @@
|
||||
// TODO(crbug.com/912295): Enable a better BufferAllocationMode for IMPORT
|
||||
// |output_mode_| as well.
|
||||
if (output_mode_ == VideoDecodeAccelerator::Config::OutputMode::IMPORT)
|
||||
@@ -1105,7 +1113,7 @@ VaapiVideoDecodeAccelerator::DecideBufferAllocationMode() {
|
||||
// depends on the bitstream and sometimes it's not enough to cover the amount
|
||||
// of frames needed by the client pipeline (see b/133733739).
|
||||
// TODO(crbug.com/911754): Enable for VP9 Profile 2.
|
||||
- if (IsGeminiLakeOrLater() &&
|
||||
+ if (false && IsGeminiLakeOrLater() &&
|
||||
(profile_ == VP9PROFILE_PROFILE0 || profile_ == VP8PROFILE_ANY)) {
|
||||
// Add one to the reference frames for the one being currently egressed, and
|
||||
// an extra allocation for both |client_| and |decoder_|, see
|
||||
--- a/media/gpu/vaapi/vaapi_video_decode_accelerator.h
|
||||
+++ b/media/gpu/vaapi/vaapi_video_decode_accelerator.h
|
||||
@@ -204,6 +204,7 @@ class MEDIA_GPU_EXPORT VaapiVideoDecodeAccelerator
|
||||
|
@ -44,11 +44,11 @@ let
|
||||
|
||||
flash = stdenv.mkDerivation rec {
|
||||
pname = "flashplayer-ppapi";
|
||||
version = "32.0.0.371";
|
||||
version = "32.0.0.403";
|
||||
|
||||
src = fetchzip {
|
||||
url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/${version}/flash_player_ppapi_linux.x86_64.tar.gz";
|
||||
sha256 = "1nks2wx74b21hv0l7bnrzkxn7c6p6r8zgwbqvy3cqpi8famyr5v9";
|
||||
sha256 = "1xirngiqypylgm8f3ddvny2ghqxgj8i98bm1carcj2vryw53wwal";
|
||||
stripRoot = false;
|
||||
};
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user