Merge branch 'master' into staging-next
This commit is contained in:
commit
d9341eafa2
@ -37,6 +37,17 @@
|
||||
PostgreSQL now defaults to major version 13.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Activation scripts can now opt int to be run when running
|
||||
<literal>nixos-rebuild dry-activate</literal> and detect the
|
||||
dry activation by reading <literal>$NIXOS_ACTION</literal>.
|
||||
This allows activation scripts to output what they would
|
||||
change if the activation was really run. The users/modules
|
||||
activation script supports this and outputs some of is
|
||||
actions.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-21.11-new-services">
|
||||
|
@ -14,6 +14,10 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- PostgreSQL now defaults to major version 13.
|
||||
|
||||
- Activation scripts can now opt int to be run when running `nixos-rebuild dry-activate` and detect the dry activation by reading `$NIXOS_ACTION`.
|
||||
This allows activation scripts to output what they would change if the activation was really run.
|
||||
The users/modules activation script supports this and outputs some of is actions.
|
||||
|
||||
## New Services {#sec-release-21.11-new-services}
|
||||
|
||||
- [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances).
|
||||
|
@ -12,6 +12,11 @@ let
|
||||
(optionalString (cfg.defaultMode == "norouting") "--routing=none")
|
||||
] ++ cfg.extraFlags);
|
||||
|
||||
profile =
|
||||
if cfg.localDiscovery
|
||||
then "local-discovery"
|
||||
else "server";
|
||||
|
||||
splitMulitaddr = addrRaw: lib.tail (lib.splitString "/" addrRaw);
|
||||
|
||||
multiaddrToListenStream = addrRaw:
|
||||
@ -236,14 +241,13 @@ in
|
||||
environment.IPFS_PATH = cfg.dataDir;
|
||||
|
||||
preStart = ''
|
||||
if [[ ! -f ${cfg.dataDir}/config ]]; then
|
||||
ipfs init ${optionalString cfg.emptyRepo "-e"} \
|
||||
${optionalString (! cfg.localDiscovery) "--profile=server"}
|
||||
if [[ ! -f "$IPFS_PATH/config" ]]; then
|
||||
ipfs init ${optionalString cfg.emptyRepo "-e"} --profile=${profile}
|
||||
else
|
||||
${if cfg.localDiscovery
|
||||
then "ipfs --offline config profile apply local-discovery"
|
||||
else "ipfs --offline config profile apply server"
|
||||
}
|
||||
# After an unclean shutdown this file may exist which will cause the config command to attempt to talk to the daemon. This will hang forever if systemd is holding our sockets open.
|
||||
rm -vf "$IPFS_PATH/api"
|
||||
|
||||
ipfs --offline config profile apply ${profile}
|
||||
fi
|
||||
'' + optionalString cfg.autoMount ''
|
||||
ipfs --offline config Mounts.FuseAllowOther --json true
|
||||
|
4
pkgs/development/compilers/sbcl/2.1.8.nix
Normal file
4
pkgs/development/compilers/sbcl/2.1.8.nix
Normal file
@ -0,0 +1,4 @@
|
||||
import ./common.nix {
|
||||
version = "2.1.8";
|
||||
sha256 = "0ijmw8adyf6fgaq4ixdj9v5lfg3cs9wyxhb96wxhfld0rjpppsm3";
|
||||
}
|
@ -8,11 +8,11 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "bitlist";
|
||||
version = "0.3.1";
|
||||
version = "0.4.0";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "04dz64r21a39p8wph5qlhvs5y873qgk6xxjlzw8n695b8jm3ixir";
|
||||
sha256 = "sha256-IL1tpP/F6O3BvJab6aC6r6PhRgKFpLp9aXmOK1rQXaU=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -16,12 +16,12 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "fakeredis";
|
||||
version = "1.6.0";
|
||||
version = "1.6.1";
|
||||
disabled = pythonOlder "3.5";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "11ccfc9769d718d37e45b382e64a6ba02586b622afa0371a6bd85766d72255f3";
|
||||
sha256 = "sha256-DQapOE+3nanyFkzpbjTrnU4upGIVBwgF6m/TwXRZC0c=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -13,13 +13,13 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pubnub";
|
||||
version = "5.2.1";
|
||||
version = "5.3.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = pname;
|
||||
repo = "python";
|
||||
rev = "v${version}";
|
||||
sha256 = "151f9vhgjlr3maniry3vin8vxvz7h8kxnfby9zgsrlvjs4nfgdf9";
|
||||
sha256 = "0fykqr0agdlrhsy2s4yzadyslyjlhgr9iyj2f7s8hz9j400dhj3h";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
34
pkgs/development/tools/oshka/default.nix
Normal file
34
pkgs/development/tools/oshka/default.nix
Normal file
@ -0,0 +1,34 @@
|
||||
{ lib
|
||||
, buildGoModule
|
||||
, fetchFromGitHub
|
||||
}:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "oshka";
|
||||
version = "0.4.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "k1LoW";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "1niyy7yiynpwa2cvcj4r3305v8ca4324q512839y79s3izd6a1lf";
|
||||
};
|
||||
|
||||
vendorSha256 = "08aj3nmj8angizkd3rbwbm7qzqxwrgfm1rka2x2a096z6mc3f4k4";
|
||||
|
||||
ldflags = [
|
||||
"-w"
|
||||
"-s"
|
||||
"-X github.com/k1LoW/oshka/version.Version=${version}"
|
||||
];
|
||||
|
||||
# Tests requires a running Docker instance
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Tool for extracting nested CI/CD supply chains and executing commands";
|
||||
homepage = "https://github.com/k1LoW/oshka";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
@ -3,7 +3,7 @@
|
||||
with lib;
|
||||
|
||||
buildLinux (args // rec {
|
||||
version = "5.10.62";
|
||||
version = "5.10.63";
|
||||
|
||||
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
|
||||
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
|
||||
@ -13,6 +13,6 @@ buildLinux (args // rec {
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
|
||||
sha256 = "1cc6z2xzi1s69805jk4f91iarx19v0yyqvssx1f1mc0l9l1db389";
|
||||
sha256 = "0bnbkd4vbf43m37wab4zwvcv3wy3ixh4x1zrwlfhi845i21mx88r";
|
||||
};
|
||||
} // (args.argsOverride or {}))
|
||||
|
@ -3,7 +3,7 @@
|
||||
with lib;
|
||||
|
||||
buildLinux (args // rec {
|
||||
version = "5.13.14";
|
||||
version = "5.13.15";
|
||||
|
||||
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
|
||||
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
|
||||
@ -13,6 +13,6 @@ buildLinux (args // rec {
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
|
||||
sha256 = "06lbjsbr86qa8yai5gfclbfxvcqsw33kxj9b4r93hh6z1wajmx82";
|
||||
sha256 = "06v2jgzq2l56bjbymcrnaybqvvr1q44c0k534v77b3l5bwwlq2rk";
|
||||
};
|
||||
} // (args.argsOverride or { }))
|
||||
|
@ -3,7 +3,7 @@
|
||||
with lib;
|
||||
|
||||
buildLinux (args // rec {
|
||||
version = "5.14.1";
|
||||
version = "5.14.2";
|
||||
|
||||
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
|
||||
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
|
||||
@ -13,6 +13,6 @@ buildLinux (args // rec {
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
|
||||
sha256 = "1iq8s031fviccc4710biwl7gxqdimm3nhlvxd0m3fykvhhmcanq0";
|
||||
sha256 = "05yw3i2c21dabdn5khyk60ds4h8krg5iyxk4zq1msv0igdfqf6gl";
|
||||
};
|
||||
} // (args.argsOverride or { }))
|
||||
|
@ -2,15 +2,15 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "traefik";
|
||||
version = "2.5.1";
|
||||
version = "2.5.2";
|
||||
|
||||
src = fetchzip {
|
||||
url = "https://github.com/traefik/traefik/releases/download/v${version}/traefik-v${version}.src.tar.gz";
|
||||
sha256 = "sha256-vO8sBksh5gRq+s7VXshs5wZw4ygqbJzG2J3iSEGl/Ws=";
|
||||
sha256 = "1q93l7jb0vs1d324453gk307hlhav2g0xjqkcz3f43rxhb0jbwpk";
|
||||
stripRoot = false;
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-tBUW6iBZZYc2OgSzFcDZ1C8YnyrXnuy3SdQiy8FPksM=";
|
||||
vendorSha256 = "054l0b6xlbl9sh2bisnydm9dha30jrafybb06ggzbjffsqcgj7qw";
|
||||
|
||||
doCheck = false;
|
||||
|
||||
@ -33,6 +33,7 @@ buildGoModule rec {
|
||||
meta = with lib; {
|
||||
homepage = "https://traefik.io";
|
||||
description = "A modern reverse proxy";
|
||||
changelog = "https://github.com/traefik/traefik/raw/v${version}/CHANGELOG.md";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ vdemeester ];
|
||||
};
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ python3Packages, fetchFromGitHub, lib, yubikey-personalization, libu2f-host, libusb1 }:
|
||||
{ python3Packages, fetchFromGitHub, lib, yubikey-personalization, libu2f-host, libusb1, procps }:
|
||||
|
||||
python3Packages.buildPythonPackage rec {
|
||||
pname = "yubikey-manager";
|
||||
@ -11,6 +11,11 @@ python3Packages.buildPythonPackage rec {
|
||||
sha256 = "sha256:0ycp7k6lkxzqwkc16fifhyqaqi7hl3351pwddsn18r5l83jnzdn2";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace "ykman/pcsc/__init__.py" \
|
||||
--replace '/usr/bin/pkill' '${procps}/bin/pkill'
|
||||
'';
|
||||
|
||||
format = "pyproject";
|
||||
|
||||
nativeBuildInputs = with python3Packages; [ poetry-core ];
|
||||
|
33
pkgs/tools/networking/checkip/default.nix
Normal file
33
pkgs/tools/networking/checkip/default.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{ lib
|
||||
, buildGoModule
|
||||
, fetchFromGitHub
|
||||
}:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "checkip";
|
||||
version = "0.2.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "jreisinger";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "065426z4iak72h56qvp1vk86r2vw5rdqy3qi1zbw1l0hnyq83zwq";
|
||||
};
|
||||
|
||||
vendorSha256 = "10hk2wfkpvnavs20q390qgaj1gj10j1fy8vlqb9s9f76gpb130h4";
|
||||
|
||||
postFixup = ''
|
||||
# Rename binary
|
||||
mv $out/bin/cmd $out/bin/${pname}
|
||||
'';
|
||||
|
||||
# Requires network
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "CLI tool that checks an IP address using various public services";
|
||||
homepage = "https://github.com/jreisinger/checkip";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
25
pkgs/tools/security/dorkscout/default.nix
Normal file
25
pkgs/tools/security/dorkscout/default.nix
Normal file
@ -0,0 +1,25 @@
|
||||
{ lib
|
||||
, buildGoModule
|
||||
, fetchFromGitHub
|
||||
}:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "dorkscout";
|
||||
version = "1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "R4yGM";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "0h2m458jxdm3xg0h2vb8yq1jc28jqwinv1pdqypdsbvsz48s0hxz";
|
||||
};
|
||||
|
||||
vendorSha256 = "05vn9hd5r8cy45b3ixjch17v38p08k8di8gclq0i9rkz9bvy1nph";
|
||||
|
||||
meta = with lib; {
|
||||
description = "Tool to automate the work with Google dorks";
|
||||
homepage = "https://github.com/R4yGM/dorkscout";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
28
pkgs/tools/security/kubescape/default.nix
Normal file
28
pkgs/tools/security/kubescape/default.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ lib
|
||||
, buildGoModule
|
||||
, fetchFromGitHub
|
||||
}:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "kubescape";
|
||||
version = "1.0.64";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "armosec";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0vc673w40cgjw6jxlwg9ggwzb7yvmsqshihms6ahspc3qiwz56ah";
|
||||
};
|
||||
|
||||
vendorSha256 = "18mvv70g65pq1c7nn752j26d0vasx6cl2rqp5g1hg3cb61hjbn0n";
|
||||
|
||||
# One test is failing, disabling for now
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Tool for testing if Kubernetes is deployed securely";
|
||||
homepage = "https://github.com/armosec/kubescape";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
@ -1303,6 +1303,8 @@ with pkgs;
|
||||
inherit (darwin.apple_sdk.frameworks) Security;
|
||||
};
|
||||
|
||||
checkip = callPackage ../tools/networking/checkip { };
|
||||
|
||||
ec2_api_tools = callPackage ../tools/virtualization/ec2-api-tools { };
|
||||
|
||||
ec2_ami_tools = callPackage ../tools/virtualization/ec2-ami-tools { };
|
||||
@ -4365,6 +4367,8 @@ with pkgs;
|
||||
|
||||
doom-bcc = callPackage ../games/zdoom/bcc-git.nix { };
|
||||
|
||||
dorkscout = callPackage ../tools/security/dorkscout { };
|
||||
|
||||
sl1-to-photon = python3Packages.callPackage ../applications/misc/sl1-to-photon { };
|
||||
|
||||
slade = callPackage ../applications/misc/slade {
|
||||
@ -7904,6 +7908,8 @@ with pkgs;
|
||||
|
||||
os-prober = callPackage ../tools/misc/os-prober {};
|
||||
|
||||
oshka = callPackage ../development/tools/oshka {};
|
||||
|
||||
osl = callPackage ../development/compilers/osl { };
|
||||
|
||||
osqp = callPackage ../development/libraries/science/math/osqp { };
|
||||
@ -12408,6 +12414,7 @@ with pkgs;
|
||||
sbcl_2_0_9 = callPackage ../development/compilers/sbcl/2.0.9.nix {};
|
||||
sbcl_2_1_1 = callPackage ../development/compilers/sbcl/2.1.1.nix {};
|
||||
sbcl_2_1_2 = callPackage ../development/compilers/sbcl/2.1.2.nix {};
|
||||
sbcl_2_1_8 = callPackage ../development/compilers/sbcl/2.1.8.nix {};
|
||||
sbcl = sbcl_2_1_2;
|
||||
|
||||
roswell = callPackage ../development/tools/roswell/default.nix { };
|
||||
@ -14144,6 +14151,8 @@ with pkgs;
|
||||
|
||||
kubeprompt = callPackage ../development/tools/kubeprompt { };
|
||||
|
||||
kubescape = callPackage ../tools/security/kubescape { };
|
||||
|
||||
kubesec = callPackage ../tools/security/kubesec { };
|
||||
|
||||
kubespy = callPackage ../applications/networking/cluster/kubespy { };
|
||||
|
Loading…
Reference in New Issue
Block a user