From 7fa1ba2ca088969906c31e351e29c676bc909239 Mon Sep 17 00:00:00 2001 From: DavHau Date: Thu, 24 Sep 2020 16:22:47 +0700 Subject: profiles: add 'hpsa' scsi driver to all-hardware.nix --- nixos/modules/profiles/all-hardware.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/profiles/all-hardware.nix b/nixos/modules/profiles/all-hardware.nix index 19f821ae17f3..b9e240a2dfa0 100644 --- a/nixos/modules/profiles/all-hardware.nix +++ b/nixos/modules/profiles/all-hardware.nix @@ -29,7 +29,7 @@ "pata_winbond" # SCSI support (incomplete). - "3w-9xxx" "3w-xxxx" "aic79xx" "aic7xxx" "arcmsr" + "3w-9xxx" "3w-xxxx" "aic79xx" "aic7xxx" "arcmsr" "hpsa" # USB support, especially for booting from USB CD-ROM # drives. -- cgit v1.2.3 From 857c6490832fb5dccbac6ca7a679496e85a85e21 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Tue, 23 Mar 2021 11:40:54 -0400 Subject: network-interfaces: set hostname from sysctl if defined The `networking.hostname` option was changed to not permit periods in names, due to a strict reading of RFC 1123. For users who need the hostname to be fully qualified, the networking.hostName option suggests using boot.kernel.sysctl."kernel.hostname" as a workaround. This option works correctly at boot time, but every "nixos-rebuild switch" will change the hostname back to the unqualified version. This commit brings the activation script in line with the documentation's recommendation. --- nixos/modules/tasks/network-interfaces.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index f730ec82bdf5..a3929428f694 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -1115,9 +1115,10 @@ in # Set the host and domain names in the activation script. Don't # clear it if it's not configured in the NixOS configuration, # since it may have been set by dhcpcd in the meantime. - system.activationScripts.hostname = - optionalString (cfg.hostName != "") '' - hostname "${cfg.hostName}" + system.activationScripts.hostname = let + effectiveHostname = config.boot.kernel.sysctl."kernel.hostname" or cfg.hostName; + in optionalString (effectiveHostname != "") '' + hostname "${effectiveHostname}" ''; system.activationScripts.domain = optionalString (cfg.domain != null) '' -- cgit v1.2.3 From 1c659c9958d1f8c278eeccf8f71bc72798b51fbe Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Thu, 7 Oct 2021 09:53:31 +0200 Subject: nixos/isso: systemd unit hardening --- nixos/modules/services/web-apps/isso.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/nixos/modules/services/web-apps/isso.nix b/nixos/modules/services/web-apps/isso.nix index 4c01781a6a2b..53b66b5a9c14 100644 --- a/nixos/modules/services/web-apps/isso.nix +++ b/nixos/modules/services/web-apps/isso.nix @@ -63,6 +63,28 @@ in { Restart = "on-failure"; RestartSec = 1; + + # Hardening + CapabilityBoundingSet = [ "" ]; + DeviceAllow = [ "" ]; + LockPersonality = true; + PrivateDevices = true; + PrivateUsers = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; + UMask = "0077"; }; }; }; -- cgit v1.2.3 From 3be58b2afc2369c777f987359c0843e219e78590 Mon Sep 17 00:00:00 2001 From: Felix Singer Date: Sat, 14 May 2022 22:48:52 +0200 Subject: nixos/redmine: Drop darcs integration darcs support was dropped with Redmine 4.0.0. Thus, drop the darcs integration. For more information, see https://www.redmine.org/issues/26391. Signed-off-by: Felix Singer --- nixos/modules/services/misc/redmine.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixos/modules/services/misc/redmine.nix b/nixos/modules/services/misc/redmine.nix index 696b8d1a25d9..45443b5f9f5b 100644 --- a/nixos/modules/services/misc/redmine.nix +++ b/nixos/modules/services/misc/redmine.nix @@ -234,7 +234,6 @@ in scm_git_command = "${pkgs.git}/bin/git"; scm_cvs_command = "${pkgs.cvs}/bin/cvs"; scm_bazaar_command = "${pkgs.breezy}/bin/bzr"; - scm_darcs_command = "${pkgs.darcs}/bin/darcs"; }; }; @@ -299,7 +298,6 @@ in imagemagick breezy cvs - darcs git mercurial subversion -- cgit v1.2.3 From 92b1cf8b4ccc16e42b04d518f9d23de42cc97c07 Mon Sep 17 00:00:00 2001 From: Felix Singer Date: Sat, 7 May 2022 07:48:08 +0200 Subject: nixos/redmine: Make optional components configurable Currently, optional components and integrations of Redmine are enforced to install in NixOS. Thus, add the following options allowing the users to enable or disable the components. They are disabled by default. Enabling these options will add their package to the Redmine environment and will configure their specific setting in the Redmine configuration file. * services.redmine.components.subversion * services.redmine.components.mercurial * services.redmine.components.git * services.redmine.components.cvs * services.redmine.components.breezy * services.redmine.components.imagemagick Signed-off-by: Felix Singer --- nixos/modules/services/misc/redmine.nix | 63 ++++++++++++++++++++++++++------- 1 file changed, 51 insertions(+), 12 deletions(-) diff --git a/nixos/modules/services/misc/redmine.nix b/nixos/modules/services/misc/redmine.nix index 45443b5f9f5b..0cf8acbbf79e 100644 --- a/nixos/modules/services/misc/redmine.nix +++ b/nixos/modules/services/misc/redmine.nix @@ -206,6 +206,44 @@ in description = "Create the database and database user locally."; }; }; + + components = { + subversion = mkOption { + type = types.bool; + default = false; + description = "Subversion integration."; + }; + + mercurial = mkOption { + type = types.bool; + default = false; + description = "Mercurial integration."; + }; + + git = mkOption { + type = types.bool; + default = false; + description = "git integration."; + }; + + cvs = mkOption { + type = types.bool; + default = false; + description = "cvs integration."; + }; + + breezy = mkOption { + type = types.bool; + default = false; + description = "bazaar integration."; + }; + + imagemagick = mkOption { + type = types.bool; + default = false; + description = "Allows exporting Gant diagrams as PNG."; + }; + }; }; }; @@ -229,11 +267,11 @@ in services.redmine.settings = { production = { - scm_subversion_command = "${pkgs.subversion}/bin/svn"; - scm_mercurial_command = "${pkgs.mercurial}/bin/hg"; - scm_git_command = "${pkgs.git}/bin/git"; - scm_cvs_command = "${pkgs.cvs}/bin/cvs"; - scm_bazaar_command = "${pkgs.breezy}/bin/bzr"; + scm_subversion_command = if cfg.components.subversion then "${pkgs.subversion}/bin/svn" else ""; + scm_mercurial_command = if cfg.components.mercurial then "${pkgs.mercurial}/bin/hg" else ""; + scm_git_command = if cfg.components.git then "${pkgs.git}/bin/git" else ""; + scm_cvs_command = if cfg.components.cvs then "${pkgs.cvs}/bin/cvs" else ""; + scm_bazaar_command = if cfg.components.breezy then "${pkgs.breezy}/bin/bzr" else ""; }; }; @@ -295,13 +333,14 @@ in environment.REDMINE_LANG = "en"; environment.SCHEMA = "${cfg.stateDir}/cache/schema.db"; path = with pkgs; [ - imagemagick - breezy - cvs - git - mercurial - subversion - ]; + ] + ++ optional cfg.components.subversion subversion + ++ optional cfg.components.mercurial mercurial + ++ optional cfg.components.git git + ++ optional cfg.components.cvs cvs + ++ optional cfg.components.breezy breezy + ++ optional cfg.components.imagemagick imagemagick; + preStart = '' rm -rf "${cfg.stateDir}/plugins/"* rm -rf "${cfg.stateDir}/public/themes/"* -- cgit v1.2.3 From 4d23eae938b33fd9cf5ad046d18fb0266b3ca8de Mon Sep 17 00:00:00 2001 From: Felix Singer Date: Wed, 11 May 2022 00:09:09 +0200 Subject: nixos/redmine: Add PDF export support for gant Ghostscript is needed to export Gant diagrams as PDF. Thus, add the option `services.redmine.components.ghostscript` allowing to enable or disable the component. The component is disabled by default. Enabling the option will add Ghostscript to the Redmine environment and configure the setting `gs_command` in the Redmine configuration file. Signed-off-by: Felix Singer --- nixos/modules/services/misc/redmine.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/redmine.nix b/nixos/modules/services/misc/redmine.nix index 0cf8acbbf79e..0dcc50978437 100644 --- a/nixos/modules/services/misc/redmine.nix +++ b/nixos/modules/services/misc/redmine.nix @@ -243,6 +243,12 @@ in default = false; description = "Allows exporting Gant diagrams as PNG."; }; + + ghostscript = mkOption { + type = types.bool; + default = false; + description = "Allows exporting Gant diagrams as PDF."; + }; }; }; }; @@ -272,6 +278,7 @@ in scm_git_command = if cfg.components.git then "${pkgs.git}/bin/git" else ""; scm_cvs_command = if cfg.components.cvs then "${pkgs.cvs}/bin/cvs" else ""; scm_bazaar_command = if cfg.components.breezy then "${pkgs.breezy}/bin/bzr" else ""; + gs_command = if cfg.components.ghostscript then "${pkgs.ghostscript}/bin/gs" else ""; }; }; @@ -339,7 +346,8 @@ in ++ optional cfg.components.git git ++ optional cfg.components.cvs cvs ++ optional cfg.components.breezy breezy - ++ optional cfg.components.imagemagick imagemagick; + ++ optional cfg.components.imagemagick imagemagick + ++ optional cfg.components.ghostscript ghostscript; preStart = '' rm -rf "${cfg.stateDir}/plugins/"* -- cgit v1.2.3 From 66ef66fc6215fa22f1f216d00ae258db93fe9441 Mon Sep 17 00:00:00 2001 From: Felix Singer Date: Wed, 11 May 2022 01:03:48 +0200 Subject: nixos/redmine: Configure imagemagick_convert_command For completeness, configure the setting `imagemagick_convert_command` in the Redmine configuration file. Signed-off-by: Felix Singer --- nixos/modules/services/misc/redmine.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/misc/redmine.nix b/nixos/modules/services/misc/redmine.nix index 0dcc50978437..3c9391f4ee94 100644 --- a/nixos/modules/services/misc/redmine.nix +++ b/nixos/modules/services/misc/redmine.nix @@ -278,6 +278,7 @@ in scm_git_command = if cfg.components.git then "${pkgs.git}/bin/git" else ""; scm_cvs_command = if cfg.components.cvs then "${pkgs.cvs}/bin/cvs" else ""; scm_bazaar_command = if cfg.components.breezy then "${pkgs.breezy}/bin/bzr" else ""; + imagemagick_convert_command = if cfg.components.imagemagick then "${pkgs.imagemagick}/bin/convert" else ""; gs_command = if cfg.components.ghostscript then "${pkgs.ghostscript}/bin/gs" else ""; }; }; -- cgit v1.2.3 From 562bc5c2a9c4479b11e454d2ac75fccd13e043b9 Mon Sep 17 00:00:00 2001 From: Felix Singer Date: Sun, 15 May 2022 00:02:45 +0200 Subject: nixos/redmine: Fix PNG generation of Gant diagrams The Ruby gem `minimagick` is used to export Gant diagrams as PNG. However, minimagick can't find a font and Redmine throws an error. The setting `minimagick_font_path` allows configuring a path to a font file in the Redmine configuration. Thus, add the option `services.redmine.components.minimagick_font_path` allowing to do that. Also, add an assertion to check if `services.redmine.components.minimagick_font_path` is set when imagemagick is enabled. Signed-off-by: Felix Singer --- nixos/modules/services/misc/redmine.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/nixos/modules/services/misc/redmine.nix b/nixos/modules/services/misc/redmine.nix index 3c9391f4ee94..68a4b03991ed 100644 --- a/nixos/modules/services/misc/redmine.nix +++ b/nixos/modules/services/misc/redmine.nix @@ -249,6 +249,13 @@ in default = false; description = "Allows exporting Gant diagrams as PDF."; }; + + minimagick_font_path = mkOption { + type = types.str; + default = ""; + description = ""; + example = "/run/current-system/sw/share/X11/fonts/LiberationSans-Regular.ttf"; + }; }; }; }; @@ -269,6 +276,9 @@ in { assertion = cfg.database.createLocally -> cfg.database.host == "localhost"; message = "services.redmine.database.host must be set to localhost if services.redmine.database.createLocally is set to true"; } + { assertion = cfg.components.imagemagick -> cfg.components.minimagick_font_path != ""; + message = "services.redmine.components.minimagick_font_path must be configured with a path to a font file if services.redmine.components.imagemagick is set to true."; + } ]; services.redmine.settings = { @@ -280,6 +290,7 @@ in scm_bazaar_command = if cfg.components.breezy then "${pkgs.breezy}/bin/bzr" else ""; imagemagick_convert_command = if cfg.components.imagemagick then "${pkgs.imagemagick}/bin/convert" else ""; gs_command = if cfg.components.ghostscript then "${pkgs.ghostscript}/bin/gs" else ""; + minimagick_font_path = "${cfg.components.minimagick_font_path}"; }; }; -- cgit v1.2.3 From 7f026cc6d02746d553e5e3701d44fc89869bc7af Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Mon, 5 Sep 2022 17:10:59 -0700 Subject: qemu-vm: ensure we do not overwrite the partition table when EFI is in use --- nixos/modules/virtualisation/qemu-vm.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 0207bfba82ad..b2e10da6891e 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -858,7 +858,8 @@ in # If the disk image appears to be empty, run mke2fs to # initialise. FSTYPE=$(blkid -o value -s TYPE ${cfg.bootDevice} || true) - if test -z "$FSTYPE"; then + PARTTYPE=$(blkid -o value -s PTTYPE ${cfg.bootDevice} || true) + if test -z "$FSTYPE" -a -z "$PARTTYPE"; then mke2fs -t ext4 ${cfg.bootDevice} fi ''; -- cgit v1.2.3 From 5b520df32f3da8b2df9e7cb055e6115586955534 Mon Sep 17 00:00:00 2001 From: Jaakko Luttinen Date: Tue, 30 Mar 2021 12:31:59 +0300 Subject: nixos/jupyter: add env kernel option --- nixos/modules/services/development/jupyter/kernel-options.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/development/jupyter/kernel-options.nix b/nixos/modules/services/development/jupyter/kernel-options.nix index 42af47aeb3c8..3c91d531b0ef 100644 --- a/nixos/modules/services/development/jupyter/kernel-options.nix +++ b/nixos/modules/services/development/jupyter/kernel-options.nix @@ -1,5 +1,5 @@ # Options that can be used for creating a jupyter kernel. -{lib }: +{ lib }: with lib; @@ -40,6 +40,15 @@ with lib; ''; }; + env = mkOption { + type = types.attrsOf types.str; + default = { }; + example = { OMP_NUM_THREADS = "1"; }; + description = lib.mdDoc '' + Environment variables to set for the kernel. + ''; + }; + logo32 = mkOption { type = types.nullOr types.path; default = null; -- cgit v1.2.3 From 8eafc61e238d53da35dad025f2925e50d485606d Mon Sep 17 00:00:00 2001 From: Jaakko Luttinen Date: Fri, 14 Oct 2022 20:19:09 +0300 Subject: nixos/jupyter: make kernel options freeform JSON --- nixos/modules/services/development/jupyter/default.nix | 2 +- nixos/modules/services/development/jupyter/kernel-options.nix | 4 +++- nixos/modules/services/development/jupyterhub/default.nix | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/development/jupyter/default.nix b/nixos/modules/services/development/jupyter/default.nix index 9b0178d3ea68..c3ef040ebe65 100644 --- a/nixos/modules/services/development/jupyter/default.nix +++ b/nixos/modules/services/development/jupyter/default.nix @@ -119,7 +119,7 @@ in { kernels = mkOption { type = types.nullOr (types.attrsOf(types.submodule (import ./kernel-options.nix { - inherit lib; + inherit lib pkgs; }))); default = null; diff --git a/nixos/modules/services/development/jupyter/kernel-options.nix b/nixos/modules/services/development/jupyter/kernel-options.nix index 3c91d531b0ef..6e406152de47 100644 --- a/nixos/modules/services/development/jupyter/kernel-options.nix +++ b/nixos/modules/services/development/jupyter/kernel-options.nix @@ -1,9 +1,11 @@ # Options that can be used for creating a jupyter kernel. -{ lib }: +{ lib, pkgs }: with lib; { + freeformType = (pkgs.formats.json { }).type; + options = { displayName = mkOption { diff --git a/nixos/modules/services/development/jupyterhub/default.nix b/nixos/modules/services/development/jupyterhub/default.nix index c0c0734cac09..cebc35a50476 100644 --- a/nixos/modules/services/development/jupyterhub/default.nix +++ b/nixos/modules/services/development/jupyterhub/default.nix @@ -119,7 +119,7 @@ in { kernels = mkOption { type = types.nullOr (types.attrsOf(types.submodule (import ../jupyter/kernel-options.nix { - inherit lib; + inherit lib pkgs; }))); default = null; -- cgit v1.2.3 From 8538873dab56a6f2237f36f9541188642c8e5987 Mon Sep 17 00:00:00 2001 From: Winter Date: Sat, 29 Oct 2022 23:11:21 -0400 Subject: sourcehut.dispatchsrht: remove dispatch has been deprecated since August (see https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/). --- .../from_md/release-notes/rl-2211.section.xml | 10 ++++++ nixos/doc/manual/release-notes/rl-2211.section.md | 2 ++ nixos/modules/services/misc/sourcehut/default.nix | 42 ++++------------------ .../version-management/sourcehut/default.nix | 4 +-- .../version-management/sourcehut/dispatch.nix | 40 --------------------- .../version-management/sourcehut/update.sh | 2 +- 6 files changed, 22 insertions(+), 78 deletions(-) delete mode 100644 pkgs/applications/version-management/sourcehut/dispatch.nix diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index e9f4f707f52f..1fb511128851 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -573,6 +573,16 @@ instead. + + + services.sourcehut.dispatch and the + corresponding package + (sourcehut.dispatchsrht) have been removed + due to + upstream + deprecation. + + The p4 package now only includes the diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 9b5257ca8e1e..0ba088c6cf9e 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -186,6 +186,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - `services.hbase` has been renamed to `services.hbase-standalone`. For production HBase clusters, use `services.hadoop.hbase` instead. +- `services.sourcehut.dispatch` and the corresponding package (`sourcehut.dispatchsrht`) have been removed due to [upstream deprecation](https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/). + - The `p4` package now only includes the open-source Perforce Helix Core command-line client and APIs. It no longer installs the unfree Helix Core Server binaries `p4d`, `p4broker`, and `p4p`. To install the Helix Core Server binaries, use the `p4d` package instead. - The `coq` package and versioned variants starting at `coq_8_14` no diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index a79149c8f58a..aaa7bb057546 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -88,7 +88,6 @@ let # Sourcehut services srht buildsrht - dispatchsrht gitsrht hgsrht hubsrht @@ -109,13 +108,13 @@ in { options.services.sourcehut = { enable = mkEnableOption (lib.mdDoc '' - sourcehut - git hosting, continuous integration, mailing list, ticket tracking, - task dispatching, wiki and account management services + sourcehut - git hosting, continuous integration, mailing list, ticket tracking, wiki + and account management services ''); services = mkOption { type = with types; listOf (enum - [ "builds" "dispatch" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); + [ "builds" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); defaultText = "locally enabled services"; description = lib.mdDoc '' Services that may be displayed as links in the title bar of the Web interface. @@ -301,32 +300,6 @@ in }; }; - options."dispatch.sr.ht" = commonServiceSettings "dispatch" // { - }; - options."dispatch.sr.ht::github" = { - oauth-client-id = mkOptionNullOrStr "OAuth client id."; - oauth-client-secret = mkOptionNullOrStr "OAuth client secret."; - }; - options."dispatch.sr.ht::gitlab" = { - enabled = mkEnableOption (lib.mdDoc "GitLab integration"); - canonical-upstream = mkOption { - type = types.str; - description = lib.mdDoc "Canonical upstream."; - default = "gitlab.com"; - }; - repo-cache = mkOption { - type = types.str; - description = lib.mdDoc "Repository cache directory."; - default = "./repo-cache"; - }; - "gitlab.com" = mkOption { - type = with types; nullOr str; - description = lib.mdDoc "GitLab id and secret."; - default = null; - example = "GitLab:application id:secret"; - }; - }; - options."builds.sr.ht" = commonServiceSettings "builds" // { allow-free = mkEnableOption (lib.mdDoc "nonpaying users to submit builds"); redis = mkOption { @@ -1021,11 +994,6 @@ in ]; }) - (import ./service.nix "dispatch" { - inherit configIniOfService; - port = 5005; - }) - (import ./service.nix "git" (let baseService = { path = [ cfg.git.package ]; @@ -1416,6 +1384,10 @@ in (mkRenamedOptionModule [ "services" "sourcehut" "address" ] [ "services" "sourcehut" "listenAddress" ]) + (mkRemovedOptionModule [ "services" "sourcehut" "dispatch" ] '' + dispatch is deprecated. See https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/ + for more information. + '') ]; meta.doc = ./sourcehut.xml; diff --git a/pkgs/applications/version-management/sourcehut/default.nix b/pkgs/applications/version-management/sourcehut/default.nix index 2189e54ce3ca..7faca39e2fe4 100644 --- a/pkgs/applications/version-management/sourcehut/default.nix +++ b/pkgs/applications/version-management/sourcehut/default.nix @@ -15,7 +15,6 @@ let srht = self.callPackage ./core.nix { inherit fetchNodeModules; }; buildsrht = self.callPackage ./builds.nix { }; - dispatchsrht = self.callPackage ./dispatch.nix { }; gitsrht = self.callPackage ./git.nix { }; hgsrht = self.callPackage ./hg.nix { }; hubsrht = self.callPackage ./hub.nix { }; @@ -33,7 +32,8 @@ with python.pkgs; recurseIntoAttrs { inherit python; coresrht = toPythonApplication srht; buildsrht = toPythonApplication buildsrht; - dispatchsrht = toPythonApplication dispatchsrht; + # Added 2022-10-29 + dispatchsrht = throw "dispatch is deprecated. See https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/ for more information."; gitsrht = toPythonApplication gitsrht; hgsrht = toPythonApplication hgsrht; hubsrht = toPythonApplication hubsrht; diff --git a/pkgs/applications/version-management/sourcehut/dispatch.nix b/pkgs/applications/version-management/sourcehut/dispatch.nix deleted file mode 100644 index 05ed0450e000..000000000000 --- a/pkgs/applications/version-management/sourcehut/dispatch.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib -, fetchFromSourcehut -, buildPythonPackage -, srht -, pyyaml -, PyGithub -, python -}: - -buildPythonPackage rec { - pname = "dispatchsrht"; - version = "0.15.34"; - - src = fetchFromSourcehut { - owner = "~sircmpwn"; - repo = "dispatch.sr.ht"; - rev = version; - sha256 = "sha256-bZ4ZKohMozZIyP0TUgxETOECib4XGUv29+Mg8ZsoMf8="; - }; - - propagatedBuildInputs = [ - srht - pyyaml - PyGithub - ]; - - preBuild = '' - export PKGVER=${version} - export SRHT_PATH=${srht}/${python.sitePackages}/srht - ''; - - pythonImportsCheck = [ "dispatchsrht" ]; - - meta = with lib; { - homepage = "https://git.sr.ht/~sircmpwn/dispatch.sr.ht"; - description = "Task dispatcher and service integration tool for the sr.ht network"; - license = licenses.agpl3Only; - maintainers = with maintainers; [ eadwu ]; - }; -} diff --git a/pkgs/applications/version-management/sourcehut/update.sh b/pkgs/applications/version-management/sourcehut/update.sh index e13ce09da4c7..239d767ed9b4 100755 --- a/pkgs/applications/version-management/sourcehut/update.sh +++ b/pkgs/applications/version-management/sourcehut/update.sh @@ -67,7 +67,7 @@ else # because the reported $oldHash to be changed # may not actually be in $default_nix # but in the file of one of its dependencies. - services=( "srht" "scmsrht" "buildsrht" "dispatchsrht" "gitsrht" "hgsrht" "hubsrht" "listssrht" "mansrht" + services=( "srht" "scmsrht" "buildsrht" "gitsrht" "hgsrht" "hubsrht" "listssrht" "mansrht" "metasrht" "pagessrht" "pastesrht" "todosrht" ) fi -- cgit v1.2.3 From ee090cd8081d99a82ec12191df5fff9e93d5fd2c Mon Sep 17 00:00:00 2001 From: Owen McGrath Date: Thu, 3 Nov 2022 14:04:43 -0500 Subject: nixos/physlock: add muteKernelMessages options Add an option for physlock's -m flag, which mutes kernel messages on the console. This ensures that the password prompt is the only thing on the screen and isn't lost in a flood of kernel messages. --- nixos/modules/services/security/physlock.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/security/physlock.nix b/nixos/modules/services/security/physlock.nix index 3db9e0ac4458..cd7747659152 100644 --- a/nixos/modules/services/security/physlock.nix +++ b/nixos/modules/services/security/physlock.nix @@ -57,6 +57,14 @@ in ''; }; + muteKernelMessages = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Disable kernel messages on console while physlock is running. + ''; + }; + lockOn = { suspend = mkOption { @@ -116,7 +124,7 @@ in ++ cfg.lockOn.extraTargets; serviceConfig = { Type = "forking"; - ExecStart = "${pkgs.physlock}/bin/physlock -d${optionalString cfg.disableSysRq "s"}${optionalString (cfg.lockMessage != "") " -p \"${cfg.lockMessage}\""}"; + ExecStart = "${pkgs.physlock}/bin/physlock -d${optionalString cfg.muteKernelMessages "m"}${optionalString cfg.disableSysRq "s"}${optionalString (cfg.lockMessage != "") " -p \"${cfg.lockMessage}\""}"; }; }; -- cgit v1.2.3 From c3cff074f8dc3aaa4739ae0f60d0b3c907aba164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= Date: Fri, 4 Nov 2022 14:05:43 +0100 Subject: nixos/sane: add openFirewall option Open ports needed for discovery of scanners on the local network, e.g. needed for Canon scanners (BJNP protocol). Ref. https://github.com/NixOS/nixpkgs/issues/28406. --- nixos/modules/services/hardware/sane.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/nixos/modules/services/hardware/sane.nix b/nixos/modules/services/hardware/sane.nix index 5455cf56e8aa..ab36e204e1a5 100644 --- a/nixos/modules/services/hardware/sane.nix +++ b/nixos/modules/services/hardware/sane.nix @@ -124,6 +124,15 @@ in ''; }; + hardware.sane.openFirewall = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Open ports needed for discovery of scanners on the local network, e.g. + needed for Canon scanners (BJNP protocol). + ''; + }; + services.saned.enable = mkOption { type = types.bool; default = false; @@ -159,6 +168,7 @@ in services.udev.packages = backends; users.groups.scanner.gid = config.ids.gids.scanner; + networking.firewall.allowedUDPPorts = mkIf config.hardware.sane.openFirewall [ 8612 ]; }) (mkIf config.services.saned.enable { -- cgit v1.2.3 From a42f7a08755a3d14db770c833133fca32633f212 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 20 Nov 2022 19:38:20 +0100 Subject: nixos/mandb: fix cross compiling --- nixos/modules/misc/man-db.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/modules/misc/man-db.nix b/nixos/modules/misc/man-db.nix index 08fb91b3994c..df903259fa42 100644 --- a/nixos/modules/misc/man-db.nix +++ b/nixos/modules/misc/man-db.nix @@ -52,9 +52,13 @@ in environment.systemPackages = [ cfg.package ]; environment.etc."man_db.conf".text = let + mandbForBuild = if pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform then + cfg.package + else + pkgs.buildPackages.man-db; manualCache = pkgs.runCommand "man-cache" { } '' echo "MANDB_MAP ${cfg.manualPages}/share/man $out" > man.conf - ${cfg.package}/bin/mandb -C man.conf -psc >/dev/null 2>&1 + ${mandbForBuild}/bin/mandb -C man.conf -psc >/dev/null 2>&1 ''; in '' -- cgit v1.2.3 From 6033e4e5ed285759726050faaf6f75fbdbb33b20 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Sun, 27 Nov 2022 04:21:00 +0100 Subject: gitea: needs gnupg in its path to sign commits See: https://docs.gitea.io/en-us/signing/#installing-and-generating-a-gpg-key-for-gitea --- nixos/modules/services/misc/gitea.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index ac598108a01e..f8bfda165eb6 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -483,7 +483,7 @@ in description = "gitea"; after = [ "network.target" ] ++ lib.optional usePostgresql "postgresql.service" ++ lib.optional useMysql "mysql.service"; wantedBy = [ "multi-user.target" ]; - path = [ gitea pkgs.git ]; + path = [ gitea pkgs.git pkgs.gnupg ]; # In older versions the secret naming for JWT was kind of confusing. # The file jwt_secret hold the value for LFS_JWT_SECRET and JWT_SECRET -- cgit v1.2.3 From 0811f83e3cf5a6a6d1d457556fd62fd01750524a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Sun, 27 Nov 2022 22:27:21 +0100 Subject: libdbi-drivers: remove global with lib, add TODO --- pkgs/development/libraries/libdbi-drivers/default.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/pkgs/development/libraries/libdbi-drivers/default.nix b/pkgs/development/libraries/libdbi-drivers/default.nix index 79e063826f8b..321c50b61c98 100644 --- a/pkgs/development/libraries/libdbi-drivers/default.nix +++ b/pkgs/development/libraries/libdbi-drivers/default.nix @@ -1,10 +1,10 @@ { lib, stdenv, fetchurl, libdbi +# TODO: migrate away from overriding packages to null , libmysqlclient ? null , sqlite ? null , postgresql ? null }: -with lib; stdenv.mkDerivation rec { pname = "libdbi-drivers"; version = "0.9.0"; @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { sha256 = "0m680h8cc4428xin4p733azysamzgzcmv4psjvraykrsaz6ymlj3"; }; - buildInputs = [ libdbi sqlite postgresql ] ++ optional (libmysqlclient != null) libmysqlclient; + buildInputs = [ libdbi sqlite postgresql ] ++ lib.optional (libmysqlclient != null) libmysqlclient; postPatch = '' sed -i '/SQLITE3_LIBS/ s/-lsqlite/-lsqlite3/' configure; @@ -27,15 +27,15 @@ stdenv.mkDerivation rec { "--enable-libdbi" "--with-dbi-incdir=${libdbi}/include" "--with-dbi-libdir=${libdbi}/lib" - ] ++ optionals (libmysqlclient != null) [ + ] ++ lib.optionals (libmysqlclient != null) [ "--with-mysql" - "--with-mysql-incdir=${getDev libmysqlclient}/include/mysql" + "--with-mysql-incdir=${lib.getDev libmysqlclient}/include/mysql" "--with-mysql-libdir=${libmysqlclient}/lib/mysql" - ] ++ optionals (sqlite != null) [ + ] ++ lib.optionals (sqlite != null) [ "--with-sqlite3" "--with-sqlite3-incdir=${sqlite.dev}/include/sqlite" "--with-sqlite3-libdir=${sqlite.out}/lib/sqlite" - ] ++ optionals (postgresql != null) [ + ] ++ lib.optionals (postgresql != null) [ "--with-pgsql" "--with-pgsql_incdir=${postgresql}/include" "--with-pgsql_libdir=${postgresql.lib}/lib" @@ -54,10 +54,11 @@ stdenv.mkDerivation rec { rm -rf $out/var ''; - meta = { + meta = with lib; { homepage = "http://libdbi-drivers.sourceforge.net/"; description = "Database drivers for libdbi"; platforms = platforms.all; license = licenses.lgpl21; + maintainers = with maintainers; [ ]; }; } -- cgit v1.2.3 From 98d14710200ad518738a3c9b4d27f702c6183c77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 28 Nov 2022 00:28:13 +0100 Subject: hqplayer-desktop: mark broken because src link is 403 --- pkgs/applications/audio/hqplayer-desktop/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/applications/audio/hqplayer-desktop/default.nix b/pkgs/applications/audio/hqplayer-desktop/default.nix index 17c8f936efd1..bacb67806ebc 100644 --- a/pkgs/applications/audio/hqplayer-desktop/default.nix +++ b/pkgs/applications/audio/hqplayer-desktop/default.nix @@ -89,5 +89,7 @@ mkDerivation rec { sourceProvenance = with sourceTypes; [ binaryNativeCode ]; platforms = [ "x86_64-linux" ]; maintainers = with maintainers; [ lovesegfault ]; + # src link returns 403 + broken = true; }; } -- cgit v1.2.3 From 7d5132376eddab09884ffbffdf65521e94fc2614 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 28 Nov 2022 00:37:46 +0100 Subject: zoneminder: fix linking against mariadb --- pkgs/servers/zoneminder/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/servers/zoneminder/default.nix b/pkgs/servers/zoneminder/default.nix index e790108327e0..cfdde9ab2d87 100644 --- a/pkgs/servers/zoneminder/default.nix +++ b/pkgs/servers/zoneminder/default.nix @@ -122,7 +122,7 @@ in stdenv.mkDerivation rec { ''; buildInputs = [ - curl ffmpeg glib libjpeg libselinux libsepol mp4v2 libmysqlclient mariadb.client pcre perl polkit x264 zlib + curl ffmpeg glib libjpeg libselinux libsepol mp4v2 libmysqlclient mariadb pcre perl polkit x264 zlib util-linuxMinimal # for libmount ] ++ (with perlPackages; [ # build-time dependencies -- cgit v1.2.3 From 80f99bc8f6cd9e81af942fea7b25b47a5b0b35d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 28 Nov 2022 01:55:12 +0100 Subject: mono: cleanup --- pkgs/development/compilers/mono/generic.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/pkgs/development/compilers/mono/generic.nix b/pkgs/development/compilers/mono/generic.nix index 8336f76b5253..ddd77509c766 100644 --- a/pkgs/development/compilers/mono/generic.nix +++ b/pkgs/development/compilers/mono/generic.nix @@ -1,4 +1,5 @@ -{ lib, stdenv, fetchurl, bison, pkg-config, glib, gettext, perl, libgdiplus, libX11, callPackage, ncurses, zlib, withLLVM ? false, cacert, Foundation, libobjc, python3, version, sha256, autoconf, libtool, automake, cmake, which +{ lib, stdenv, fetchurl, bison, pkg-config, glib, gettext, perl, libgdiplus, libX11, callPackage, ncurses, zlib +, withLLVM ? false, cacert, Foundation, libobjc, python3, version, sha256, autoconf, libtool, automake, cmake, which , gnumake42 , enableParallelBuilding ? true , srcArchiveSuffix ? "tar.bz2" @@ -6,7 +7,7 @@ }: let - llvm = callPackage ./llvm.nix { }; + llvm = callPackage ./llvm.nix { }; in stdenv.mkDerivation rec { pname = "mono"; @@ -18,23 +19,21 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ automake bison cmake pkg-config which gnumake42 ]; - buildInputs = - [ glib gettext perl libgdiplus libX11 ncurses zlib python3 autoconf libtool - ] - ++ (lib.optionals stdenv.isDarwin [ Foundation libobjc ]); + buildInputs = [ + glib gettext perl libgdiplus libX11 ncurses zlib python3 autoconf libtool + ] ++ lib.optionals stdenv.isDarwin [ Foundation libobjc ]; configureFlags = [ "--x-includes=${libX11.dev}/include" "--x-libraries=${libX11.out}/lib" "--with-libgdiplus=${libgdiplus}/lib/libgdiplus.so" - ] - ++ lib.optionals withLLVM [ + ] ++ lib.optionals withLLVM [ "--enable-llvm" "--with-llvm=${llvm}" ]; configurePhase = '' - patchShebangs ./ + patchShebangs autogen.sh mcs/build/start-compiler-server.sh ./autogen.sh --prefix $out $configureFlags ''; -- cgit v1.2.3 From 25dfb66d5442d5b519c914de87423aed44e70870 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 28 Nov 2022 05:37:49 +0100 Subject: spirv-headers: use clickable homepage --- pkgs/development/libraries/spirv-headers/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/spirv-headers/default.nix b/pkgs/development/libraries/spirv-headers/default.nix index d1c854f0cfb2..8abdea5249b7 100644 --- a/pkgs/development/libraries/spirv-headers/default.nix +++ b/pkgs/development/libraries/spirv-headers/default.nix @@ -20,8 +20,8 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - inherit (src.meta) homepage; description = "Machine-readable components of the Khronos SPIR-V Registry"; + homepage = "https://github.com/KhronosGroup/SPIRV-Headers"; license = licenses.mit; maintainers = [ maintainers.ralith ]; }; -- cgit v1.2.3 From df509993c857c428bfbf672b506b50ca4fe44453 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 28 Nov 2022 05:37:56 +0100 Subject: spirv-tools: use clickable homepage --- pkgs/development/tools/spirv-tools/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/spirv-tools/default.nix b/pkgs/development/tools/spirv-tools/default.nix index 3a64646ded63..7edba948586e 100644 --- a/pkgs/development/tools/spirv-tools/default.nix +++ b/pkgs/development/tools/spirv-tools/default.nix @@ -38,8 +38,8 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - inherit (src.meta) homepage; description = "The SPIR-V Tools project provides an API and commands for processing SPIR-V modules"; + homepage = "https://github.com/KhronosGroup/SPIRV-Tools"; license = licenses.asl20; platforms = platforms.unix; maintainers = [ maintainers.ralith ]; -- cgit v1.2.3 From a6415e6158f7cef321c695ddfa774ce0e2c9737a Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 27 Nov 2022 22:00:49 +0000 Subject: python310Packages.openstacksdk: 0.102.0 -> 0.103.0 --- pkgs/development/python-modules/openstacksdk/default.nix | 4 ++-- pkgs/development/python-modules/openstacksdk/tests.nix | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/openstacksdk/default.nix b/pkgs/development/python-modules/openstacksdk/default.nix index 75833f8a8684..986fa493bf9b 100644 --- a/pkgs/development/python-modules/openstacksdk/default.nix +++ b/pkgs/development/python-modules/openstacksdk/default.nix @@ -19,14 +19,14 @@ buildPythonPackage rec { pname = "openstacksdk"; - version = "0.102.0"; + version = "0.103.0"; format = "setuptools"; disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; - hash = "sha256-sqGP66eerCrDRpyNr+AdQAjIrDC+OkxrUydbTxxroq0="; + hash = "sha256-T58RiYZgOWdDXzl2s+BZlQpxvY5BqDFsyK+y2WaKB0E="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/openstacksdk/tests.nix b/pkgs/development/python-modules/openstacksdk/tests.nix index 9a2d6e37ab56..31a42990874d 100644 --- a/pkgs/development/python-modules/openstacksdk/tests.nix +++ b/pkgs/development/python-modules/openstacksdk/tests.nix @@ -13,9 +13,10 @@ , testscenarios }: -buildPythonPackage rec { +buildPythonPackage { pname = "openstacksdk-tests"; inherit (openstacksdk) version; + format = "other"; src = openstacksdk.src; -- cgit v1.2.3 From ee36d118681581690579293b11953b18507dd488 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Tue, 29 Nov 2022 22:32:01 +0100 Subject: postgresql_jdbc: 42.5.0 -> 42.5.1 Fixes CVE-2022-41946. https://github.com/pgjdbc/pgjdbc/blob/REL42.5.1/CHANGELOG.md --- pkgs/development/java-modules/postgresql_jdbc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/java-modules/postgresql_jdbc/default.nix b/pkgs/development/java-modules/postgresql_jdbc/default.nix index 7c20e42d4cc9..cb1cc3e95f3f 100644 --- a/pkgs/development/java-modules/postgresql_jdbc/default.nix +++ b/pkgs/development/java-modules/postgresql_jdbc/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { pname = "postgresql-jdbc"; - version = "42.5.0"; + version = "42.5.1"; src = fetchMavenArtifact { artifactId = "postgresql"; groupId = "org.postgresql"; - sha256 = "sha256-pNGLWrGuuShaixezZfQk8mhEUinKv45BIRXbYVK33uM="; + sha256 = "sha256-iei/+os3uUh5RgEsaQzwTzEDlTBRwcGT2I7ja2jTZa4="; inherit version; }; -- cgit v1.2.3 From fe75709cbf85eb44dce82ad97a56d3073a2401bc Mon Sep 17 00:00:00 2001 From: Keshav Kini Date: Tue, 29 Nov 2022 13:50:56 -0800 Subject: zoom-us: 5.12.{3.11845,2.4816} -> 5.12.9.{13190,367} --- .../networking/instant-messengers/zoom-us/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/zoom-us/default.nix b/pkgs/applications/networking/instant-messengers/zoom-us/default.nix index 8f78f0d9add8..10f06393bfc5 100644 --- a/pkgs/applications/networking/instant-messengers/zoom-us/default.nix +++ b/pkgs/applications/networking/instant-messengers/zoom-us/default.nix @@ -47,23 +47,23 @@ let # and often with different versions. We write them on three lines # like this (rather than using {}) so that the updater script can # find where to edit them. - versions.aarch64-darwin = "5.12.3.11845"; - versions.x86_64-darwin = "5.12.3.11845"; - versions.x86_64-linux = "5.12.2.4816"; + versions.aarch64-darwin = "5.12.9.13190"; + versions.x86_64-darwin = "5.12.9.13190"; + versions.x86_64-linux = "5.12.9.367"; srcs = { aarch64-darwin = fetchurl { url = "https://zoom.us/client/${versions.aarch64-darwin}/zoomusInstallerFull.pkg?archType=arm64"; name = "zoomusInstallerFull.pkg"; - hash = "sha256-iDLxqG7/cdo60V0mFE3tX/Msi0rRUjoM8X9yq2rlvf0="; + hash = "sha256-Htug/hmp0OjysUY4q8RO1oqjSsa2sgpqiAERr6ahBuw="; }; x86_64-darwin = fetchurl { url = "https://zoom.us/client/${versions.x86_64-darwin}/zoomusInstallerFull.pkg"; - hash = "sha256-+YOtdoh8S50+GHRLb6TPYCqDtry7SnnNqo7USzkDc7c="; + hash = "sha256-nl+hrAZECaC5uceK8OZ/em3rY9pK4VrtezT6qCNmbCA="; }; x86_64-linux = fetchurl { url = "https://zoom.us/client/${versions.x86_64-linux}/zoom_x86_64.pkg.tar.xz"; - hash = "sha256-kgjooMqeZurzqIn3ADcgFjlqaC58dQNuIAHLx4M0S9I="; + hash = "sha256-7B9wS0myf6QkDq4ooqWen03s/36BeF7cSsOzjDdIw8g="; }; }; -- cgit v1.2.3 From a2251e2225bceec4928bdb9fff90daa365695b58 Mon Sep 17 00:00:00 2001 From: Roman Volosatovs Date: Wed, 30 Nov 2022 09:11:50 +0100 Subject: module-list: include AMD SEV module Signed-off-by: Roman Volosatovs --- nixos/modules/module-list.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 215e001c2ec1..d5550cd878ee 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -46,6 +46,7 @@ ./hardware/brillo.nix ./hardware/ckb-next.nix ./hardware/cpu/amd-microcode.nix + ./hardware/cpu/amd-sev.nix ./hardware/cpu/intel-microcode.nix ./hardware/cpu/intel-sgx.nix ./hardware/corectrl.nix -- cgit v1.2.3 From fb8aaadfd7d9e7b6fe6d8e57bb632deedbb9f2e0 Mon Sep 17 00:00:00 2001 From: Daniel Nagy Date: Mon, 28 Nov 2022 23:32:15 +0100 Subject: visidata: 2.9.1 -> 2.10.2 Changelog: https://github.com/saulpw/visidata/blob/v2.10.2/CHANGELOG.md --- pkgs/applications/misc/visidata/default.nix | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/misc/visidata/default.nix b/pkgs/applications/misc/visidata/default.nix index 336a0821df1e..36a7285b3d25 100644 --- a/pkgs/applications/misc/visidata/default.nix +++ b/pkgs/applications/misc/visidata/default.nix @@ -20,19 +20,22 @@ , wcwidth , zstandard , setuptools +, importlib-metadata , git , withPcap ? true, dpkt, dnslib , withXclip ? stdenv.isLinux, xclip +, testers +, visidata }: buildPythonApplication rec { pname = "visidata"; - version = "2.9.1"; + version = "2.10.2"; src = fetchFromGitHub { owner = "saulpw"; repo = "visidata"; rev = "v${version}"; - hash = "sha256-PKj+imTSAGMpF1tkN0WmE3l/4FmWkm/ktIDzF2ku48s="; + hash = "sha256-OKCrlUWHgbaLZJPVvs9lnw4cD27pRoO7F9oel1NzT6A="; }; propagatedBuildInputs = [ @@ -64,6 +67,7 @@ buildPythonApplication rec { zstandard odfpy setuptools + importlib-metadata ] ++ lib.optionals withPcap [ dpkt dnslib ] ++ lib.optional withXclip xclip; @@ -75,6 +79,7 @@ buildPythonApplication rec { doCheck = stdenv.buildPlatform == stdenv.hostPlatform; checkPhase = '' + runHook preCheck # disable some tests which require access to the network rm tests/load-http.vd # http rm tests/graph-cursor-nosave.vd # http @@ -87,13 +92,21 @@ buildPythonApplication rec { substituteInPlace dev/test.sh --replace "bin/vd" "$out/bin/vd" bash dev/test.sh + runHook postCheck ''; + pythonImportsCheck = ["visidata"]; + + passthru.tests.version = testers.testVersion { + package = visidata; + version = "v${version}"; + }; + meta = { description = "Interactive terminal multitool for tabular data"; license = lib.licenses.gpl3; maintainers = with lib.maintainers; [ raskin markus1189 ]; - homepage = "http://visidata.org/"; + homepage = "https://visidata.org/"; changelog = "https://github.com/saulpw/visidata/blob/v${version}/CHANGELOG.md"; }; } -- cgit v1.2.3 From b232557c458e09161f5e3d0b97e6a3452715374b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Deniz=20Kolua=C3=A7=C4=B1k?= Date: Wed, 30 Nov 2022 14:33:04 +0300 Subject: zathura: 0.4.9 -> 0.5.2 https://pwmt.org/projects/zathura/changelog/0.5.2/index.html Zathura plugins are updated to the latest versions as well. --- pkgs/applications/misc/zathura/cb/default.nix | 4 ++-- pkgs/applications/misc/zathura/core/default.nix | 5 ++--- .../misc/zathura/pdf-mupdf/default.nix | 6 ++---- .../misc/zathura/pdf-mupdf/fix-mupdf-1.20.patch | 24 ---------------------- .../misc/zathura/pdf-poppler/default.nix | 4 ++-- pkgs/applications/misc/zathura/ps/default.nix | 4 ++-- 6 files changed, 10 insertions(+), 37 deletions(-) delete mode 100644 pkgs/applications/misc/zathura/pdf-mupdf/fix-mupdf-1.20.patch diff --git a/pkgs/applications/misc/zathura/cb/default.nix b/pkgs/applications/misc/zathura/cb/default.nix index 69ecb1cfd1b8..ea2c74fda370 100644 --- a/pkgs/applications/misc/zathura/cb/default.nix +++ b/pkgs/applications/misc/zathura/cb/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { pname = "zathura-cb"; - version = "0.1.8"; + version = "0.1.10"; src = fetchurl { url = "https://pwmt.org/projects/${pname}/download/${pname}-${version}.tar.xz"; - sha256 = "1i6cf0vks501cggwvfsl6qb7mdaf3sszdymphimfvnspw810faj5"; + sha256 = "1j5v32f9ki35v1jc7a067anhlgqplzrp4fqvznlixfhcm0bwmc49"; }; nativeBuildInputs = [ meson ninja pkg-config gettext ]; diff --git a/pkgs/applications/misc/zathura/core/default.nix b/pkgs/applications/misc/zathura/core/default.nix index 6398b88ffccd..29140b04dd99 100644 --- a/pkgs/applications/misc/zathura/core/default.nix +++ b/pkgs/applications/misc/zathura/core/default.nix @@ -10,11 +10,11 @@ with lib; stdenv.mkDerivation rec { pname = "zathura"; - version = "0.4.9"; + version = "0.5.2"; src = fetchurl { url = "https://pwmt.org/projects/${pname}/download/${pname}-${version}.tar.xz"; - sha256 = "0msy7s57mlx0wya99qpia4fpcy40pbj253kmx2y97nb0sqnc8c7w"; + sha256 = "15314m9chmh5jkrd9vk2h2gwcwkcffv2kjcxkd4v3wmckz5sfjy6"; }; outputs = [ "bin" "man" "dev" "out" ]; @@ -23,7 +23,6 @@ stdenv.mkDerivation rec { # https://github.com/pwmt/zathura/blob/master/meson_options.txt mesonFlags = [ "-Dsqlite=enabled" - "-Dmagic=enabled" "-Dmanpages=enabled" "-Dconvert-icon=enabled" "-Dsynctex=enabled" diff --git a/pkgs/applications/misc/zathura/pdf-mupdf/default.nix b/pkgs/applications/misc/zathura/pdf-mupdf/default.nix index 3584d24f1494..25856f0e58df 100644 --- a/pkgs/applications/misc/zathura/pdf-mupdf/default.nix +++ b/pkgs/applications/misc/zathura/pdf-mupdf/default.nix @@ -14,16 +14,14 @@ }: stdenv.mkDerivation rec { - version = "0.3.8"; + version = "0.4.0"; pname = "zathura-pdf-mupdf"; src = fetchurl { url = "https://pwmt.org/projects/${pname}/download/${pname}-${version}.tar.xz"; - sha256 = "sha256-wgW0z1ANjP6ezqreVOX6jUzRKYzYXxem9QxkclkRYhc="; + sha256 = "0pcjxvlh4hls8mjhjghhhihyy2kza8l27wdx0yq4bkd1g1b5f74c"; }; - patches = [ ./fix-mupdf-1.20.patch ]; - nativeBuildInputs = [ meson ninja pkg-config ]; buildInputs = [ diff --git a/pkgs/applications/misc/zathura/pdf-mupdf/fix-mupdf-1.20.patch b/pkgs/applications/misc/zathura/pdf-mupdf/fix-mupdf-1.20.patch deleted file mode 100644 index 6790721a76c3..000000000000 --- a/pkgs/applications/misc/zathura/pdf-mupdf/fix-mupdf-1.20.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 5a5bb2634812f4c0530f5688a06269aaa4cd11dd Mon Sep 17 00:00:00 2001 -From: Osama Rebach -Date: Fri, 19 Aug 2022 13:39:49 +0100 -Subject: [PATCH] fix fz_search_stext_page - ---- - zathura-pdf-mupdf/search.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/zathura-pdf-mupdf/search.c b/zathura-pdf-mupdf/search.c -index f84dea0..419e5f4 100644 ---- a/zathura-pdf-mupdf/search.c -+++ b/zathura-pdf-mupdf/search.c -@@ -41,7 +41,7 @@ pdf_page_search_text(zathura_page_t* page, void* data, const char* text, zathura - - fz_quad* hit_bbox = fz_malloc_array(mupdf_page->ctx, N_SEARCH_RESULTS, fz_quad); - int num_results = fz_search_stext_page(mupdf_page->ctx, mupdf_page->text, -- text, hit_bbox, N_SEARCH_RESULTS); -+ text, NULL, hit_bbox, N_SEARCH_RESULTS); - - fz_rect r; - for (int i = 0; i < num_results; i++) { --- -2.37.1 diff --git a/pkgs/applications/misc/zathura/pdf-poppler/default.nix b/pkgs/applications/misc/zathura/pdf-poppler/default.nix index b76e72a6970c..57f33559c667 100644 --- a/pkgs/applications/misc/zathura/pdf-poppler/default.nix +++ b/pkgs/applications/misc/zathura/pdf-poppler/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "zathura-pdf-poppler"; - version = "0.3.0"; + version = "0.3.1"; src = fetchurl { url = "https://pwmt.org/projects/${pname}/download/${pname}-${version}.tar.xz"; - sha256 = "1vfl4vkyy3rf39r1sqaa7y8113bgkh2bkfq3nn2inis9mrykmk6m"; + sha256 = "12qhkshpp1wjfpjmjccsyi6wscqyqvaa19j85prjpyf65i9jg0gf"; }; nativeBuildInputs = [ meson ninja pkg-config zathura_core ]; diff --git a/pkgs/applications/misc/zathura/ps/default.nix b/pkgs/applications/misc/zathura/ps/default.nix index ee63a9df53bd..151a63af33e8 100644 --- a/pkgs/applications/misc/zathura/ps/default.nix +++ b/pkgs/applications/misc/zathura/ps/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "zathura-ps"; - version = "0.2.6"; + version = "0.2.7"; src = fetchurl { url = "https://pwmt.org/projects/${pname}/download/${pname}-${version}.tar.xz"; - sha256 = "0wygq89nyjrjnsq7vbpidqdsirjm6iq4w2rijzwpk2f83ys8bc3y"; + sha256 = "0ilf63wxn1yzis9m3qs8mxbk316yxdzwxrrv86wpiygm9hhgk5sq"; }; nativeBuildInputs = [ meson ninja pkg-config gettext ]; -- cgit v1.2.3 From a7e188a80f0f9d2e928120ee88773a40548225da Mon Sep 17 00:00:00 2001 From: Colin Arnott Date: Wed, 30 Nov 2022 15:56:34 +0000 Subject: gnostic: init at 0.6.8 Fixes #142070 --- pkgs/development/compilers/gnostic/default.nix | 26 ++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 28 insertions(+) create mode 100644 pkgs/development/compilers/gnostic/default.nix diff --git a/pkgs/development/compilers/gnostic/default.nix b/pkgs/development/compilers/gnostic/default.nix new file mode 100644 index 000000000000..f0d1b53ca23e --- /dev/null +++ b/pkgs/development/compilers/gnostic/default.nix @@ -0,0 +1,26 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "gnostic"; + version = "0.6.8"; + + src = fetchFromGitHub { + owner = "google"; + repo = pname; + rev = "v${version}"; + hash = "sha256-+/KZmwVV3pnbv3JNwNk9Q2gcTyDxV1tgsDzW5IYnnds="; + }; + + vendorHash = "sha256-OoI1/OPBgAy4AysPPSCXGmf0S4opzxO7ZrwBsQYImwU="; + + # some tests are broken and others require network access + doCheck = false; + + meta = with lib; { + homepage = "https://github.com/google/gnostic"; + description = "A compiler for APIs described by the OpenAPI Specification with plugins for code generation and other API support tasks"; + changelog = "https://github.com/google/gnostic/releases/tag/v${version}"; + license = licenses.asl20; + maintainers = with maintainers; [ urandom ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index be2fefff86c7..050b34486af0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14426,6 +14426,8 @@ with pkgs; glslang = callPackage ../development/compilers/glslang { }; + gnostic = callPackage ../development/compilers/gnostic {}; + go-junit-report = callPackage ../development/tools/go-junit-report { }; gobang = callPackage ../development/tools/database/gobang { -- cgit v1.2.3 From 3f20add24fe6bcc0ae230819bb83ee7683ce5e2c Mon Sep 17 00:00:00 2001 From: 06kellyjac Date: Wed, 16 Mar 2022 15:01:51 +0000 Subject: crowdsec: init at 1.4.2 Fixes #155822 Closes #162633 --- pkgs/tools/security/crowdsec/default.nix | 60 ++++++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 62 insertions(+) create mode 100644 pkgs/tools/security/crowdsec/default.nix diff --git a/pkgs/tools/security/crowdsec/default.nix b/pkgs/tools/security/crowdsec/default.nix new file mode 100644 index 000000000000..ce76c5d9b450 --- /dev/null +++ b/pkgs/tools/security/crowdsec/default.nix @@ -0,0 +1,60 @@ +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: + +buildGoModule rec { + pname = "crowdsec"; + version = "1.4.2"; + + src = fetchFromGitHub { + owner = "crowdsecurity"; + repo = pname; + rev = "v${version}"; + hash = "sha256-hL3+hTOuwcbxiVZeq9oZjfKI1TJJt64g+74NolA3Drc="; + }; + + vendorHash = "sha256-FPsoufB9UDgBDIE3yUq4doBse3qgjP19ussYnMAxntk="; + + nativeBuildInputs = [ installShellFiles ]; + + subPackages = [ + "cmd/crowdsec" + "cmd/crowdsec-cli" + ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=v${version}" + "-X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=1970-01-01_00:00:00" + ]; + + postBuild = "mv $GOPATH/bin/{crowdsec-cli,cscli}"; + + postInstall = '' + mkdir -p $out/share/crowdsec + cp -r ./config $out/share/crowdsec/ + + installShellCompletion --cmd cscli \ + --bash <($out/bin/cscli completion bash) \ + --fish <($out/bin/cscli completion fish) \ + --zsh <($out/bin/cscli completion zsh) + ''; + + meta = with lib; { + homepage = "https://crowdsec.net/"; + changelog = "https://github.com/crowdsecurity/crowdsec/releases/tag/v${version}"; + description = "CrowdSec is a free, open-source and collaborative IPS"; + longDescription = '' + CrowdSec is a free, modern & collaborative behavior detection engine, + coupled with a global IP reputation network. It stacks on fail2ban's + philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok + patterns to parse logs and YAML scenario to identify behaviors. CrowdSec + is engineered for modern Cloud/Containers/VM based infrastructures (by + decoupling detection and remediation). Once detected you can remedy + threats with various bouncers (firewall block, nginx http 403, Captchas, + etc.) while the aggressive IP can be sent to CrowdSec for curation before + being shared among all users to further improve everyone's security. + ''; + license = licenses.mit; + maintainers = with maintainers; [ jk urandom ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 86313b938dfa..68b58e86355a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3681,6 +3681,8 @@ with pkgs; crossplane = with python3Packages; toPythonApplication crossplane; + crowdsec = callPackage ../tools/security/crowdsec { }; + crunch = callPackage ../tools/security/crunch { }; crudini = callPackage ../tools/misc/crudini { }; -- cgit v1.2.3 From ca6c2c211148bf090ad954f361cac97fa453c901 Mon Sep 17 00:00:00 2001 From: figsoda Date: Wed, 30 Nov 2022 17:24:39 -0500 Subject: nixos/docker-image: clean up let-in binding --- nixos/modules/profiles/docker-container.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/nixos/modules/profiles/docker-container.nix b/nixos/modules/profiles/docker-container.nix index 183645de36fb..5365e49711dc 100644 --- a/nixos/modules/profiles/docker-container.nix +++ b/nixos/modules/profiles/docker-container.nix @@ -1,13 +1,12 @@ { config, lib, pkgs, ... }: -with lib; - -let inherit (pkgs) writeScript; in - let - pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l; + inherit (pkgs) writeScript; + + pkgs2storeContents = map (x: { object = x; symlink = "none"; }); +in -in { +{ # Docker image config. imports = [ ../installer/cd-dvd/channel.nix -- cgit v1.2.3 From fd4f865645cfba121f2ac6d052786cdf9638b318 Mon Sep 17 00:00:00 2001 From: figsoda Date: Wed, 30 Nov 2022 17:26:31 -0500 Subject: nixos/nixpkgs: remove unused binding --- nixos/modules/misc/nixpkgs.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/nixos/modules/misc/nixpkgs.nix b/nixos/modules/misc/nixpkgs.nix index 7f7417226d17..7f44c3f6f3f0 100644 --- a/nixos/modules/misc/nixpkgs.nix +++ b/nixos/modules/misc/nixpkgs.nix @@ -23,12 +23,12 @@ let optionalAttrs (lhs ? packageOverrides) { packageOverrides = pkgs: optCall lhs.packageOverrides pkgs // - optCall (attrByPath ["packageOverrides"] ({}) rhs) pkgs; + optCall (attrByPath [ "packageOverrides" ] { } rhs) pkgs; } // optionalAttrs (lhs ? perlPackageOverrides) { perlPackageOverrides = pkgs: optCall lhs.perlPackageOverrides pkgs // - optCall (attrByPath ["perlPackageOverrides"] ({}) rhs) pkgs; + optCall (attrByPath [ "perlPackageOverrides" ] { } rhs) pkgs; }; configType = mkOptionType { @@ -67,11 +67,6 @@ let # Context for messages hostPlatformLine = optionalString hasHostPlatform "${showOptionWithDefLocs opt.hostPlatform}"; buildPlatformLine = optionalString hasBuildPlatform "${showOptionWithDefLocs opt.buildPlatform}"; - platformLines = optionalString hasPlatform '' - Your system configuration configures nixpkgs with platform parameters: - ${hostPlatformLine - }${buildPlatformLine - }''; legacyOptionsDefined = optional (opt.localSystem.highestPrio < (mkDefault {}).priority) opt.system -- cgit v1.2.3 From a356511f1ade96ba4c7b1adae371693db8ea026b Mon Sep 17 00:00:00 2001 From: figsoda Date: Wed, 30 Nov 2022 17:29:36 -0500 Subject: nixos/crossfire-server: remove unnecessary parentheses --- nixos/modules/services/games/crossfire-server.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/games/crossfire-server.nix b/nixos/modules/services/games/crossfire-server.nix index 7820a08be40b..0849667e61c9 100644 --- a/nixos/modules/services/games/crossfire-server.nix +++ b/nixos/modules/services/games/crossfire-server.nix @@ -131,9 +131,9 @@ in { exp_table = ""; forbid = ""; metaserver2 = ""; - motd = (fileContents "${cfg.package}/etc/crossfire/motd"); - news = (fileContents "${cfg.package}/etc/crossfire/news"); - rules = (fileContents "${cfg.package}/etc/crossfire/rules"); + motd = fileContents "${cfg.package}/etc/crossfire/motd"; + news = fileContents "${cfg.package}/etc/crossfire/news"; + rules = fileContents "${cfg.package}/etc/crossfire/rules"; settings = ""; stat_bonus = ""; } // cfg.configFiles); -- cgit v1.2.3 From 1b9b057d9248539e20c25609edc690d457d42b4e Mon Sep 17 00:00:00 2001 From: figsoda Date: Wed, 30 Nov 2022 17:31:28 -0500 Subject: nixos/buildbot: syntax clean up --- nixos/modules/services/continuous-integration/buildbot/master.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/continuous-integration/buildbot/master.nix b/nixos/modules/services/continuous-integration/buildbot/master.nix index d9055149b77f..d00e0ba39565 100644 --- a/nixos/mo