65 files changed, 2040 insertions, 1415 deletions

diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index db656032f8e1..a92d096d9fc2 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -315,6 +315,12 @@
     githubId = 1174858;
     name = "Maxwell Huang-Hobbs";
   };
+  adjacentresearch = {
+     email = "nate@adjacentresearch.xyz";
+     github = "0xperp";
+     githubId = 96147421;
+     name = "0xperp";
+  };
   adnelson = {
     email = "ithinkican@gmail.com";
     github = "adnelson";
diff --git a/nixos/modules/services/hardware/fwupd.nix b/nixos/modules/services/hardware/fwupd.nix
index fe00cd1e32b6..2249f866803a 100644
--- a/nixos/modules/services/hardware/fwupd.nix
+++ b/nixos/modules/services/hardware/fwupd.nix
@@ -126,6 +126,8 @@ in {
     services.udev.packages = [ cfg.package ];
 
     systemd.packages = [ cfg.package ];
+
+    security.polkit.enable = true;
   };
 
   meta = {
diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix
index b1cf72258d17..0a62af95f8f1 100644
--- a/nixos/modules/services/misc/paperless.nix
+++ b/nixos/modules/services/misc/paperless.nix
@@ -3,6 +3,7 @@
 with lib;
 let
   cfg = config.services.paperless;
+  pkg = cfg.package;
 
   defaultUser = "paperless";
 
@@ -27,7 +28,7 @@ let
     setupEnv = lib.concatStringsSep "\n" (mapAttrsToList (name: val: "export ${name}=\"${val}\"") env);
   in pkgs.writeShellScript "manage" ''
     ${setupEnv}
-    exec ${cfg.package}/bin/paperless-ngx "$@"
+    exec ${pkg}/bin/paperless-ngx "$@"
   '';
 
   # Secure the services
@@ -213,7 +214,7 @@ in
       description = "Paperless scheduler";
       serviceConfig = defaultServiceConfig // {
         User = cfg.user;
-        ExecStart = "${cfg.package}/bin/paperless-ngx qcluster";
+        ExecStart = "${pkg}/bin/paperless-ngx qcluster";
         Restart = "on-failure";
         # The `mbind` syscall is needed for running the classifier.
         SystemCallFilter = defaultServiceConfig.SystemCallFilter ++ [ "mbind" ];
@@ -229,9 +230,9 @@ in
 
         # Auto-migrate on first run or if the package has changed
         versionFile="${cfg.dataDir}/src-version"
-        if [[ $(cat "$versionFile" 2>/dev/null) != ${cfg.package} ]]; then
-          ${cfg.package}/bin/paperless-ngx migrate
-          echo ${cfg.package} > "$versionFile"
+        if [[ $(cat "$versionFile" 2>/dev/null) != ${pkg} ]]; then
+          ${pkg}/bin/paperless-ngx migrate
+          echo ${pkg} > "$versionFile"
         fi
       ''
       + optionalString (cfg.passwordFile != null) ''
@@ -241,7 +242,7 @@ in
         superuserStateFile="${cfg.dataDir}/superuser-state"
 
         if [[ $(cat "$superuserStateFile" 2>/dev/null) != $superuserState ]]; then
-          ${cfg.package}/bin/paperless-ngx manage_superuser
+          ${pkg}/bin/paperless-ngx manage_superuser
           echo "$superuserState" > "$superuserStateFile"
         fi
       '';
@@ -266,7 +267,7 @@ in
       description = "Paperless document consumer";
       serviceConfig = defaultServiceConfig // {
         User = cfg.user;
-        ExecStart = "${cfg.package}/bin/paperless-ngx document_consumer";
+        ExecStart = "${pkg}/bin/paperless-ngx document_consumer";
         Restart = "on-failure";
       };
       environment = env;
@@ -282,7 +283,7 @@ in
         User = cfg.user;
         ExecStart = ''
           ${pkgs.python3Packages.gunicorn}/bin/gunicorn \
-            -c ${cfg.package}/lib/paperless-ngx/gunicorn.conf.py paperless.asgi:application
+            -c ${pkg}/lib/paperless-ngx/gunicorn.conf.py paperless.asgi:application
         '';
         Restart = "on-failure";
 
@@ -295,8 +296,8 @@ in
         CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
       };
       environment = env // {
-        PATH = mkForce cfg.package.path;
-        PYTHONPATH = "${cfg.package.pythonPath}:${cfg.package}/lib/paperless-ngx/src";
+        PATH = mkForce pkg.path;
+        PYTHONPATH = "${pkg.python.pkgs.makePythonPath pkg.propagatedBuildInputs}:${pkg}/lib/paperless-ngx/src";
       };
       # Allow the web interface to access the private /tmp directory of the server.
       # This is required to support uploading files via the web interface.
diff --git a/nixos/tests/installed-tests/ibus.nix b/nixos/tests/installed-tests/ibus.nix
index a4bc2a7d7de0..028c20c29f2d 100644
--- a/nixos/tests/installed-tests/ibus.nix
+++ b/nixos/tests/installed-tests/ibus.nix
@@ -4,6 +4,7 @@ makeInstalledTest {
   tested = pkgs.ibus;
 
   testConfig = {
+    i18n.supportedLocales = [ "all" ];
     i18n.inputMethod.enabled = "ibus";
     systemd.user.services.ibus-daemon = {
       serviceConfig.ExecStart = "${pkgs.ibus}/bin/ibus-daemon --xim --verbose";
diff --git a/nixos/tests/kanidm.nix b/nixos/tests/kanidm.nix
index d34f680f5224..852dc53e75d3 100644
--- a/nixos/tests/kanidm.nix
+++ b/nixos/tests/kanidm.nix
@@ -69,7 +69,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
         server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")
         server.wait_until_succeeds("ldapsearch -H ldap://[::1]:636 -b '${ldapBaseDN}' -x '(name=test)'")
         client.wait_until_succeeds("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}")
-        (rv, result) = server.execute("kanidmd recover_account -d quiet -c ${serverConfigFile} -n admin 2>&1 | rg -o '[A-Za-z0-9]{48}'")
+        rv, result = server.execute("kanidmd recover_account -c ${serverConfigFile} idm_admin 2>&1 | rg -o '[A-Za-z0-9]{48}'")
         assert rv == 0
       '';
   })
diff --git a/pkgs/applications/blockchains/solana-validator/default.nix b/pkgs/applications/blockchains/solana-validator/default.nix
new file mode 100644
index 000000000000..d9e159966a73
--- /dev/null
+++ b/pkgs/applications/blockchains/solana-validator/default.nix
@@ -0,0 +1,92 @@
+# largely inspired from https://github.com/saber-hq/saber-overlay/blob/master/packages/solana/solana.nix
+
+{ stdenv
+, fetchFromGitHub
+, lib
+, rustPlatform
+, IOKit
+, Security
+, AppKit
+, pkg-config
+, udev
+, zlib
+, protobuf
+, clang
+, llvm
+, pkgconfig
+, openssl
+, libclang
+, rustfmt
+, perl
+, hidapi
+, solanaPkgs ? [
+    "solana"
+    "solana-bench-tps"
+    "solana-faucet"
+    "solana-gossip"
+    "solana-install"
+    "solana-keygen"
+    "solana-ledger-tool"
+    "solana-log-analyzer"
+    "solana-net-shaper"
+    "solana-sys-tuner"
+    "solana-validator"
+    "cargo-build-bpf"
+    "cargo-test-bpf"
+    "solana-dos"
+    "solana-install-init"
+    "solana-stake-accounts"
+    "solana-test-validator"
+    "solana-tokens"
+    "solana-watchtower"
+  ] ++ [
+    # XXX: Ensure `solana-genesis` is built LAST!
+    # See https://github.com/solana-labs/solana/issues/5826
+    "solana-genesis"
+  ]
+}:
+let
+  pinData = lib.importJSON ./pin.json;
+  version = pinData.version;
+  sha256 = pinData.sha256;
+  cargoSha256 = pinData.cargoSha256;
+in
+rustPlatform.buildRustPackage rec {
+  pname = "solana-validator";
+  inherit version;
+
+  src = fetchFromGitHub {
+    owner = "solana-labs";
+    repo = "solana";
+    rev = "v${version}";
+    inherit sha256;
+  };
+
+  # partly inspired by https://github.com/obsidiansystems/solana-bridges/blob/develop/default.nix#L29
+  inherit cargoSha256;
+  verifyCargoDeps = true;
+
+  cargoBuildFlags = builtins.map (n: "--bin=${n}") solanaPkgs;
+
+  # weird errors. see https://github.com/NixOS/nixpkgs/issues/52447#issuecomment-852079285
+  LIBCLANG_PATH = "${libclang.lib}/lib";
+  BINDGEN_EXTRA_CLANG_ARGS =
+    "-isystem ${libclang.lib}/lib/clang/${lib.getVersion clang}/include";
+  LLVM_CONFIG_PATH = "${llvm}/bin/llvm-config";
+
+  nativeBuildInputs = [ clang llvm pkgconfig protobuf rustfmt perl ];
+  buildInputs =
+    [ openssl zlib libclang hidapi ] ++ (lib.optionals stdenv.isLinux [ udev ]);
+  strictDeps = true;
+
+  doCheck = false;
+
+  meta = with lib; {
+    description = "Web-Scale Blockchain for fast, secure, scalable, decentralized apps and marketplaces. ";
+    homepage = "https://solana.com";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ adjacentresearch ];
+    platforms = platforms.unix;
+  };
+  passthru.updateScript = ./update.sh;
+}
diff --git a/pkgs/applications/blockchains/solana-validator/pin.json b/pkgs/applications/blockchains/solana-validator/pin.json
new file mode 100644
index 000000000000..175cd79ad1bc
--- /dev/null
+++ b/pkgs/applications/blockchains/solana-validator/pin.json
@@ -0,0 +1,5 @@
+{
+  "version": "1.10.35",
+  "sha256": "sha256-y7+ogMJ5E9E/+ZaTCHWOQWG7iR+BGuVqvlNUDT++Ghc=",
+  "cargoSha256": "sha256-idlu9qkh2mrF6MxstRcvemKrtTGNY/InBnIDqRvDQPs"
+}
diff --git a/pkgs/applications/blockchains/solana-validator/update.sh b/pkgs/applications/blockchains/solana-validator/update.sh
new file mode 100644
index 000000000000..ffd8b0010cc2
--- /dev/null
+++ b/pkgs/applications/blockchains/solana-validator/update.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -i oil -p jq sd nix-prefetch-github ripgrep
+
+# TODO set to `verbose` or `extdebug` once implemented in oil
+shopt --set xtrace
+# we need failures inside of command subs to get the correct cargoSha256
+shopt --unset inherit_errexit
+
+const directory = $(dirname $0 | xargs realpath)
+const owner = "solana-labs"
+const repo = "solana"
+const latest_rev = $(curl -q https://api.github.com/repos/${owner}/${repo}/releases/latest | \
+  jq -r '.tag_name')
+const latest_version = $(echo $latest_rev | sd 'v' '')
+const current_version = $(jq -r '.version' $directory/pin.json)
+if ("$latest_version" === "$current_version") {
+  echo "solana is already up-to-date"
+  return 0
+} else {
+  const tarball_meta = $(nix-prefetch-github $owner $repo --rev "$latest_rev")
+  const tarball_hash = "sha256-$(echo $tarball_meta | jq -r '.sha256')"
+
+  jq ".version = \"$latest_version\" | \
+      .\"sha256\" = \"$tarball_hash\" | \
+      .\"cargoSha256\" = \"\"" $directory/pin.json | sponge $directory/pin.json
+
+  const new_cargo_sha256 = $(nix-build -A solana-testnet 2>&1 | \
+    tail -n 2 | \
+    head -n 1 | \
+    sd '\s+got:\s+' '')
+
+  jq ".cargoSha256 = \"$new_cargo_sha256\"" $directory/pin.json | sponge $directory/pin.json
+}
diff --git a/pkgs/applications/editors/helix/default.nix b/pkgs/applications/editors/helix/default.nix
index cc62190aeb1b..d3d0c7c2f939 100644
--- a/pkgs/applications/editors/helix/default.nix
+++ b/pkgs/applications/editors/helix/default.nix
@@ -1,4 +1,4 @@
-{ fetchzip, lib, rustPlatform, makeWrapper }:
+{ fetchzip, lib, rustPlatform, installShellFiles, makeWrapper }:
 
 rustPlatform.buildRustPackage rec {
   pname = "helix";
@@ -14,7 +14,7 @@ rustPlatform.buildRustPackage rec {
 
   cargoSha256 = "sha256-idItRkymr+cxk3zv2mPBR/frCGvzEUdSAhY7gghfR3M=";
 
-  nativeBuildInputs = [ makeWrapper ];
+  nativeBuildInputs = [ installShellFiles makeWrapper ];
 
   postInstall = ''
     # not needed at runtime
@@ -22,6 +22,7 @@ rustPlatform.buildRustPackage rec {
 
     mkdir -p $out/lib
     cp -r runtime $out/lib
+    installShellCompletion contrib/completion/hx.{bash,fish,zsh}
   '';
   postFixup = ''
     wrapProgram $out/bin/hx --set HELIX_RUNTIME $out/lib/runtime
diff --git a/pkgs/applications/graphics/epick/default.nix b/pkgs/applications/graphics/epick/default.nix
index dbe745217a38..fda56c0d8cb7 100644
--- a/pkgs/applications/graphics/epick/default.nix
+++ b/pkgs/applications/graphics/epick/default.nix
@@ -16,16 +16,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "epick";
-  version = "0.8.1";
+  version = "0.8.2";
 
   src = fetchFromGitHub {
     owner = "vv9k";
     repo = pname;
     rev = version;
-    sha256 = "sha256-sZ0ZPst6PE6KQ+pmjqLdcD7bWU/gLRsGH84PtWTLdSQ=";
+    sha256 = "sha256-b4if2ggJY+8CsCX8jbnnWXy16k7sfB88CLlYYCrtltk=";
   };
 
-  cargoSha256 = "sha256-kMVjX4AWn8XFRzI7P9NRW8B7AHcIC8TG8LQk7tzkz5o=";
+  cargoSha256 = "sha256-HyGSmeLJ+2Twkg94p1QqXZDix0mU2jGFfEot6hgUg34=";
 
   nativeBuildInputs = lib.optional stdenv.isLinux python3;
 
diff --git a/pkgs/applications/misc/kanboard/default.nix b/pkgs/applications/misc/kanboard/default.nix
index 10b08bed506d..1e871f4557f7 100644
--- a/pkgs/applications/misc/kanboard/default.nix
+++ b/pkgs/applications/misc/kanboard/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "kanboard";
-  version = "1.2.22";
+  version = "1.2.23";
 
   src = fetchFromGitHub {
     owner = "kanboard";
     repo = "kanboard";
     rev = "v${version}";
-    sha256 = "sha256-WG2lTPpRG9KQpRdb+cS7CqF4ZDV7JZ8XtNqAI6eVzm0=";
+    sha256 = "sha256-RO8yxXn0kRXNIP6+OUdXMH1tRDX55e34r3CGPU5EHU0=";
   };
 
   dontBuild = true;
diff --git a/pkgs/applications/misc/nwg-bar/default.nix b/pkgs/applications/misc/nwg-bar/default.nix
new file mode 100644
index 000000000000..28e736b008fb
--- /dev/null
+++ b/pkgs/applications/misc/nwg-bar/default.nix
@@ -0,0 +1,39 @@
+{ lib, buildGoModule, fetchFromGitHub, pkg-config, gtk3, gtk-layer-shell }:
+
+buildGoModule rec {
+  pname = "nwg-bar";
+  version = "unstable-2021-09-23";
+
+  src = fetchFromGitHub {
+    owner = "nwg-piotr";
+    repo = pname;
+    rev = "7dd7df3cd9a9e78fe477e88e0f3cb97309d50ff5";
+    sha256 = "sha256-piysF19WDjb/EGI9MBepYrOrQL9C1fsoq05AP8CYN58=";
+  };
+
+  patches = [ ./fix-paths.patch ];
+  postPatch = ''
+    substituteInPlace config/bar.json --subst-var out
+    substituteInPlace tools.go --subst-var out
+  '';
+
+  vendorSha256 = "sha256-dgOwflNRb+11umFykozL8DQ50dLbhbMCmCyKmLlW7rw=";
+
+  nativeBuildInputs = [ pkg-config ];
+
+  buildInputs = [ gtk3 gtk-layer-shell ];