Merge branch 'master' into staging-next

This commit is contained in:
Martin Weinelt 2021-09-10 15:04:01 +02:00 committed by GitHub
commit d9341eafa2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 181 additions and 23 deletions

View File

@ -37,6 +37,17 @@
PostgreSQL now defaults to major version 13.
</para>
</listitem>
<listitem>
<para>
Activation scripts can now opt int to be run when running
<literal>nixos-rebuild dry-activate</literal> and detect the
dry activation by reading <literal>$NIXOS_ACTION</literal>.
This allows activation scripts to output what they would
change if the activation was really run. The users/modules
activation script supports this and outputs some of is
actions.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-new-services">

View File

@ -14,6 +14,10 @@ In addition to numerous new and upgraded packages, this release has the followin
- PostgreSQL now defaults to major version 13.
- Activation scripts can now opt int to be run when running `nixos-rebuild dry-activate` and detect the dry activation by reading `$NIXOS_ACTION`.
This allows activation scripts to output what they would change if the activation was really run.
The users/modules activation script supports this and outputs some of is actions.
## New Services {#sec-release-21.11-new-services}
- [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances).

View File

@ -12,6 +12,11 @@ let
(optionalString (cfg.defaultMode == "norouting") "--routing=none")
] ++ cfg.extraFlags);
profile =
if cfg.localDiscovery
then "local-discovery"
else "server";
splitMulitaddr = addrRaw: lib.tail (lib.splitString "/" addrRaw);
multiaddrToListenStream = addrRaw:
@ -236,14 +241,13 @@ in
environment.IPFS_PATH = cfg.dataDir;
preStart = ''
if [[ ! -f ${cfg.dataDir}/config ]]; then
ipfs init ${optionalString cfg.emptyRepo "-e"} \
${optionalString (! cfg.localDiscovery) "--profile=server"}
if [[ ! -f "$IPFS_PATH/config" ]]; then
ipfs init ${optionalString cfg.emptyRepo "-e"} --profile=${profile}
else
${if cfg.localDiscovery
then "ipfs --offline config profile apply local-discovery"
else "ipfs --offline config profile apply server"
}
# After an unclean shutdown this file may exist which will cause the config command to attempt to talk to the daemon. This will hang forever if systemd is holding our sockets open.
rm -vf "$IPFS_PATH/api"
ipfs --offline config profile apply ${profile}
fi
'' + optionalString cfg.autoMount ''
ipfs --offline config Mounts.FuseAllowOther --json true

View File

@ -0,0 +1,4 @@
import ./common.nix {
version = "2.1.8";
sha256 = "0ijmw8adyf6fgaq4ixdj9v5lfg3cs9wyxhb96wxhfld0rjpppsm3";
}

View File

@ -8,11 +8,11 @@
buildPythonPackage rec {
pname = "bitlist";
version = "0.3.1";
version = "0.4.0";
src = fetchPypi {
inherit pname version;
sha256 = "04dz64r21a39p8wph5qlhvs5y873qgk6xxjlzw8n695b8jm3ixir";
sha256 = "sha256-IL1tpP/F6O3BvJab6aC6r6PhRgKFpLp9aXmOK1rQXaU=";
};
propagatedBuildInputs = [

View File

@ -16,12 +16,12 @@
buildPythonPackage rec {
pname = "fakeredis";
version = "1.6.0";
version = "1.6.1";
disabled = pythonOlder "3.5";
src = fetchPypi {
inherit pname version;
sha256 = "11ccfc9769d718d37e45b382e64a6ba02586b622afa0371a6bd85766d72255f3";
sha256 = "sha256-DQapOE+3nanyFkzpbjTrnU4upGIVBwgF6m/TwXRZC0c=";
};
propagatedBuildInputs = [

View File

@ -13,13 +13,13 @@
buildPythonPackage rec {
pname = "pubnub";
version = "5.2.1";
version = "5.3.1";
src = fetchFromGitHub {
owner = pname;
repo = "python";
rev = "v${version}";
sha256 = "151f9vhgjlr3maniry3vin8vxvz7h8kxnfby9zgsrlvjs4nfgdf9";
sha256 = "0fykqr0agdlrhsy2s4yzadyslyjlhgr9iyj2f7s8hz9j400dhj3h";
};
propagatedBuildInputs = [

View File

@ -0,0 +1,34 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "oshka";
version = "0.4.0";
src = fetchFromGitHub {
owner = "k1LoW";
repo = pname;
rev = "v${version}";
sha256 = "1niyy7yiynpwa2cvcj4r3305v8ca4324q512839y79s3izd6a1lf";
};
vendorSha256 = "08aj3nmj8angizkd3rbwbm7qzqxwrgfm1rka2x2a096z6mc3f4k4";
ldflags = [
"-w"
"-s"
"-X github.com/k1LoW/oshka/version.Version=${version}"
];
# Tests requires a running Docker instance
doCheck = false;
meta = with lib; {
description = "Tool for extracting nested CI/CD supply chains and executing commands";
homepage = "https://github.com/k1LoW/oshka";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
};
}

View File

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.10.62";
version = "5.10.63";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1cc6z2xzi1s69805jk4f91iarx19v0yyqvssx1f1mc0l9l1db389";
sha256 = "0bnbkd4vbf43m37wab4zwvcv3wy3ixh4x1zrwlfhi845i21mx88r";
};
} // (args.argsOverride or {}))

View File

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.13.14";
version = "5.13.15";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "06lbjsbr86qa8yai5gfclbfxvcqsw33kxj9b4r93hh6z1wajmx82";
sha256 = "06v2jgzq2l56bjbymcrnaybqvvr1q44c0k534v77b3l5bwwlq2rk";
};
} // (args.argsOverride or { }))

View File

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.14.1";
version = "5.14.2";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1iq8s031fviccc4710biwl7gxqdimm3nhlvxd0m3fykvhhmcanq0";
sha256 = "05yw3i2c21dabdn5khyk60ds4h8krg5iyxk4zq1msv0igdfqf6gl";
};
} // (args.argsOverride or { }))

View File

@ -2,15 +2,15 @@
buildGoModule rec {
pname = "traefik";
version = "2.5.1";
version = "2.5.2";
src = fetchzip {
url = "https://github.com/traefik/traefik/releases/download/v${version}/traefik-v${version}.src.tar.gz";
sha256 = "sha256-vO8sBksh5gRq+s7VXshs5wZw4ygqbJzG2J3iSEGl/Ws=";
sha256 = "1q93l7jb0vs1d324453gk307hlhav2g0xjqkcz3f43rxhb0jbwpk";
stripRoot = false;
};
vendorSha256 = "sha256-tBUW6iBZZYc2OgSzFcDZ1C8YnyrXnuy3SdQiy8FPksM=";
vendorSha256 = "054l0b6xlbl9sh2bisnydm9dha30jrafybb06ggzbjffsqcgj7qw";
doCheck = false;
@ -33,6 +33,7 @@ buildGoModule rec {
meta = with lib; {
homepage = "https://traefik.io";
description = "A modern reverse proxy";
changelog = "https://github.com/traefik/traefik/raw/v${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [ vdemeester ];
};

View File

@ -1,4 +1,4 @@
{ python3Packages, fetchFromGitHub, lib, yubikey-personalization, libu2f-host, libusb1 }:
{ python3Packages, fetchFromGitHub, lib, yubikey-personalization, libu2f-host, libusb1, procps }:
python3Packages.buildPythonPackage rec {
pname = "yubikey-manager";
@ -11,6 +11,11 @@ python3Packages.buildPythonPackage rec {
sha256 = "sha256:0ycp7k6lkxzqwkc16fifhyqaqi7hl3351pwddsn18r5l83jnzdn2";
};
postPatch = ''
substituteInPlace "ykman/pcsc/__init__.py" \
--replace '/usr/bin/pkill' '${procps}/bin/pkill'
'';
format = "pyproject";
nativeBuildInputs = with python3Packages; [ poetry-core ];

View File

@ -0,0 +1,33 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "checkip";
version = "0.2.2";
src = fetchFromGitHub {
owner = "jreisinger";
repo = pname;
rev = "v${version}";
sha256 = "065426z4iak72h56qvp1vk86r2vw5rdqy3qi1zbw1l0hnyq83zwq";
};
vendorSha256 = "10hk2wfkpvnavs20q390qgaj1gj10j1fy8vlqb9s9f76gpb130h4";
postFixup = ''
# Rename binary
mv $out/bin/cmd $out/bin/${pname}
'';
# Requires network
doCheck = false;
meta = with lib; {
description = "CLI tool that checks an IP address using various public services";
homepage = "https://github.com/jreisinger/checkip";
license = licenses.asl20;
maintainers = with maintainers; [ fab ];
};
}

View File

@ -0,0 +1,25 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "dorkscout";
version = "1.0";
src = fetchFromGitHub {
owner = "R4yGM";
repo = pname;
rev = version;
sha256 = "0h2m458jxdm3xg0h2vb8yq1jc28jqwinv1pdqypdsbvsz48s0hxz";
};
vendorSha256 = "05vn9hd5r8cy45b3ixjch17v38p08k8di8gclq0i9rkz9bvy1nph";
meta = with lib; {
description = "Tool to automate the work with Google dorks";
homepage = "https://github.com/R4yGM/dorkscout";
license = licenses.asl20;
maintainers = with maintainers; [ fab ];
};
}

View File

@ -0,0 +1,28 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "kubescape";
version = "1.0.64";
src = fetchFromGitHub {
owner = "armosec";
repo = pname;
rev = "v${version}";
sha256 = "0vc673w40cgjw6jxlwg9ggwzb7yvmsqshihms6ahspc3qiwz56ah";
};
vendorSha256 = "18mvv70g65pq1c7nn752j26d0vasx6cl2rqp5g1hg3cb61hjbn0n";
# One test is failing, disabling for now
doCheck = false;
meta = with lib; {
description = "Tool for testing if Kubernetes is deployed securely";
homepage = "https://github.com/armosec/kubescape";
license = licenses.asl20;
maintainers = with maintainers; [ fab ];
};
}

View File

@ -1303,6 +1303,8 @@ with pkgs;
inherit (darwin.apple_sdk.frameworks) Security;
};
checkip = callPackage ../tools/networking/checkip { };
ec2_api_tools = callPackage ../tools/virtualization/ec2-api-tools { };
ec2_ami_tools = callPackage ../tools/virtualization/ec2-ami-tools { };
@ -4365,6 +4367,8 @@ with pkgs;
doom-bcc = callPackage ../games/zdoom/bcc-git.nix { };
dorkscout = callPackage ../tools/security/dorkscout { };
sl1-to-photon = python3Packages.callPackage ../applications/misc/sl1-to-photon { };
slade = callPackage ../applications/misc/slade {
@ -7904,6 +7908,8 @@ with pkgs;
os-prober = callPackage ../tools/misc/os-prober {};
oshka = callPackage ../development/tools/oshka {};
osl = callPackage ../development/compilers/osl { };
osqp = callPackage ../development/libraries/science/math/osqp { };
@ -12408,6 +12414,7 @@ with pkgs;
sbcl_2_0_9 = callPackage ../development/compilers/sbcl/2.0.9.nix {};
sbcl_2_1_1 = callPackage ../development/compilers/sbcl/2.1.1.nix {};
sbcl_2_1_2 = callPackage ../development/compilers/sbcl/2.1.2.nix {};
sbcl_2_1_8 = callPackage ../development/compilers/sbcl/2.1.8.nix {};
sbcl = sbcl_2_1_2;
roswell = callPackage ../development/tools/roswell/default.nix { };
@ -14144,6 +14151,8 @@ with pkgs;
kubeprompt = callPackage ../development/tools/kubeprompt { };
kubescape = callPackage ../tools/security/kubescape { };
kubesec = callPackage ../tools/security/kubesec { };
kubespy = callPackage ../applications/networking/cluster/kubespy { };