Merge master into staging-next

This commit is contained in:
Frederik Rietdijk 2020-07-30 18:27:50 +02:00
commit ca63714c0f
545 changed files with 10650 additions and 8269 deletions

31
.github/workflows/wait-ofborg.yml vendored Normal file

@ -0,0 +1,31 @@
name: "Wait for ofborg"
on:
pull_request:
jobs:
tests:
runs-on: ubuntu-latest
steps:
- name: Wait for ofborg CI
run: |
# wait for ~30min...
# ..in future a better fix would be to make ofborg mark CI as pending right away.
for i in $(seq 360); do
res=$(curl --silent \
-H "Accept: application/vnd.github.antiope-preview+json" \
-H "Authorization: token ${GITHUB_TOKEN}" \
"https://api.github.com/repos/NixOS/nixpkgs/commits/${COMMIT}/check-runs" | \
jq ".check_runs | map(.app) | map(.id) | contains([${OFBORG_APP_ID}])")
if [[ "$res" == "true" ]]; then
exit 0
fi
sleep 5
echo "."
done
echo "Timeout!"
exit 1
# ofborg is not checking forks.
if: github.repository_owner == 'NixOS'
env:
GITHUB_TOKEN: ${{ github.token }}
COMMIT: ${{ github.event.pull_request.head.sha }}
OFBORG_APP_ID: 20500

@ -12,23 +12,30 @@
lib = import ./lib;
systems = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" ];
systems = [
"x86_64-linux"
"i686-linux"
"x86_64-darwin"
"aarch64-linux"
"armv6l-linux"
"armv7l-linux"
];
forAllSystems = f: lib.genAttrs systems (system: f system);
in
{
lib = lib // {
lib = lib.extend (final: prev: {
nixosSystem = { modules, ... } @ args:
import ./nixos/lib/eval-config.nix (args // {
modules = modules ++
[ { system.nixos.versionSuffix =
".${lib.substring 0 8 (self.lastModifiedDate or self.lastModified)}.${self.shortRev or "dirty"}";
system.nixos.revision = lib.mkIf (self ? rev) self.rev;
".${final.substring 0 8 (self.lastModifiedDate or self.lastModified)}.${self.shortRev or "dirty"}";
system.nixos.revision = final.mkIf (self ? rev) self.rev;
}
];
});
};
});
checks.x86_64-linux.tarball = jobs.tarball;

@ -313,6 +313,12 @@
githubId = 43479487;
name = "Titouan Biteau";
};
alerque = {
email = "caleb@alerque.com";
github = "alerque";
githubId = 173595;
name = "Caleb Maclennan";
};
alexarice = {
email = "alexrice999@hotmail.co.uk";
github = "alexarice";
@ -543,6 +549,12 @@
githubId = 750786;
name = "Justin Wood";
};
anna328p = {
email = "anna328p@gmail.com";
github = "anna328p";
githubId = 9790772;
name = "Anna";
};
anmonteiro = {
email = "anmonteiro@gmail.com";
github = "anmonteiro";
@ -673,6 +685,12 @@
githubId = 3965744;
name = "Arthur Lee";
};
arturcygan = {
email = "arczicygan@gmail.com";
github = "arcz";
githubId = 4679721;
name = "Artur Cygan";
};
artuuge = {
email = "artuuge@gmail.com";
github = "artuuge";
@ -1109,6 +1127,12 @@
githubId = 3465841;
name = "Boris Sukholitko";
};
bouk = {
name = "Bouke van der Bijl";
email = "i@bou.ke";
github = "bouk";
githubId = 97820;
};
bradediger = {
email = "brad@bradediger.com";
github = "bradediger";
@ -1406,6 +1430,16 @@
githubId = 30435868;
name = "Okina Matara";
};
Chili-Man = {
email = "dr.elhombrechile@gmail.com";
name = "Diego Rodriguez";
github = "Chili-Man";
githubId = 631802;
keys = [{
longkeyid = "rsa4096/0xE0EBAD78F0190BD9";
fingerprint = "099E 3F97 FA08 3D47 8C75 EBEC E0EB AD78 F019 0BD9";
}];
};
chkno = {
email = "chuck@intelligence.org";
github = "chkno";
@ -2052,12 +2086,6 @@
githubId = 1316469;
name = "Naomi Morse";
};
dkudriavtsev = {
email = "dkudriavtsev@gmail.com";
github = "dkudriavtsev";
githubId = 9790772;
name = "Dmitry Kudriavtsev";
};
dmalikov = {
email = "malikov.d.y@gmail.com";
github = "dmalikov";
@ -4717,6 +4745,12 @@
githubId = 1202012;
name = "Ignat Loskutov";
};
louisdk1 = {
email = "louis@louis.dk";
github = "louisdk1";
githubId = 4969294;
name = "Louis Tim Larsen";
};
lovek323 = {
email = "jason@oconal.id.au";
github = "lovek323";
@ -4769,6 +4803,12 @@
githubId = 59375051;
name = "Lucas Ransan";
};
lucperkins = {
email = "lucperkins@gmail.com";
github = "lucperkins";
githubId = 1523104;
name = "Luc Perkins";
};
lucus16 = {
email = "lars.jellema@gmail.com";
github = "Lucus16";
@ -6160,6 +6200,12 @@
githubId = 20792;
name = "Sebastian Galkin";
};
parasrah = {
email = "nixos@parasrah.com";
github = "parasrah";
githubId = 14935550;
name = "Brad Pfannmuller";
};
pashashocky = {
email = "pashashocky@gmail.com";
github = "pashashocky";
@ -6334,6 +6380,12 @@
githubId = 119460;
name = "Perry Barnoy";
};
pjjw = {
email = "peter@shortbus.org";
github = "pjjw";
githubId = 638;
name = "Peter Woodman";
};
pjones = {
email = "pjones@devalot.com";
github = "pjones";
@ -6828,6 +6880,12 @@
githubId = 2507744;
name = "Roland Koebler";
};
rizary = {
email = "andika@numtide.com";
github = "Rizary";
githubId = 7221768;
name = "Andika Demas Riyandi";
};
rkrzr = {
email = "ops+nixpkgs@channable.com";
github = "rkrzr";

@ -525,12 +525,37 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
automatically if <literal>stateVersion</literal> is 20.09 or higher.
</para>
</listitem>
<listitem>
<para>
<literal>udpt</literal> experienced a complete rewrite from C++ to rust. The configuration format changed from ini to toml.
The new configuration documentation can be found at
<link xlink:href="https://naim94a.github.io/udpt/config.html">the official website</link> and example
configuration is packaged in <literal>${udpt}/share/udpt/udpt.toml</literal>.
</para>
</listitem>
<listitem>
<para>
We now have a unified <xref linkend="opt-services.xserver.displayManager.autoLogin"/> option interface
to be used for every display-manager in NixOS.
</para>
</listitem>
<listitem>
<para>
The <literal>bitcoind</literal> module has changed to multi-instance, using submodules.
Therefore, it is now mandatory to name each instance, e.g.:
<programlisting>
services.bitcoind = {
enable = true;
};
</programlisting>
requires a name now:
<programlisting>
services.bitcoind."example-mainnet" = {
enable = true;
};
</programlisting>
</para>
</listitem>
</itemizedlist>
</section>

@ -5,21 +5,32 @@
config
, # The size of the disk, in megabytes.
diskSize
# if "auto" size is calculated based on the contents copied to it and
# additionalSpace is taken into account.
diskSize ? "auto"
# The files and directories to be placed in the target file system.
, # additional disk space to be added to the image if diskSize "auto"
# is used
additionalSpace ? "512M"
, # size of the boot partition, is only used if partitionTableType is
# either "efi" or "hybrid"
bootSize ? "256M"
, # The files and directories to be placed in the target file system.
# This is a list of attribute sets {source, target} where `source'
# is the file system object (regular file or directory) to be
# grafted in the file system at path `target'.
, contents ? []
contents ? []
, # Type of partition table to use; either "legacy", "efi", or "none".
# For "efi" images, the GPT partition table is used and a mandatory ESP
# partition of reasonable size is created in addition to the root partition.
# If `installBootLoader` is true, GRUB will be installed in EFI mode.
# For "legacy", the msdos partition table is used and a single large root
# partition is created. If `installBootLoader` is true, GRUB will be
# installed in legacy mode.
# partition is created.
# For "hybrid", the GPT partition table is used and a mandatory ESP
# partition of reasonable size is created in addition to the root partition.
# Also a legacy MBR will be present.
# For "none", no partition table is created. Enabling `installBootLoader`
# most likely fails as GRUB will probably refuse to install.
partitionTableType ? "legacy"
@ -43,7 +54,7 @@
format ? "raw"
}:
assert partitionTableType == "legacy" || partitionTableType == "efi" || partitionTableType == "none";
assert partitionTableType == "legacy" || partitionTableType == "efi" || partitionTableType == "hybrid" || partitionTableType == "none";
# We use -E offset=X below, which is only supported by e2fsprogs
assert partitionTableType != "none" -> fsType == "ext4";
@ -65,6 +76,7 @@ let format' = format; in let
rootPartition = { # switch-case
legacy = "1";
efi = "2";
hybrid = "3";
}.${partitionTableType};
partitionDiskScript = { # switch-case
@ -76,9 +88,18 @@ let format' = format; in let
efi = ''
parted --script $diskImage -- \
mklabel gpt \
mkpart ESP fat32 8MiB 256MiB \
mkpart ESP fat32 8MiB ${bootSize} \
set 1 boot on \
mkpart primary ext4 256MiB -1
mkpart primary ext4 ${bootSize} -1
'';
hybrid = ''
parted --script $diskImage -- \
mklabel gpt \
mkpart ESP fat32 8MiB ${bootSize} \
set 1 boot on \
mkpart no-fs 0 1024KiB \
set 2 bios_grub on \
mkpart primary ext4 ${bootSize} -1
'';
none = "";
}.${partitionTableType};
@ -129,19 +150,6 @@ let format' = format; in let
}
mkdir $out
diskImage=nixos.raw
truncate -s ${toString diskSize}M $diskImage
${partitionDiskScript}
${if partitionTableType != "none" then ''
# Get start & length of the root partition in sectors to $START and $SECTORS.
eval $(partx $diskImage -o START,SECTORS --nr ${rootPartition} --pairs)
mkfs.${fsType} -F -L ${label} $diskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K
'' else ''
mkfs.${fsType} -F -L ${label} $diskImage
''}
root="$PWD/root"
mkdir -p $root
@ -186,6 +194,31 @@ let format' = format; in let
nixos-install --root $root --no-bootloader --no-root-passwd \
--system ${config.system.build.toplevel} --channel ${channelSources} --substituters ""
diskImage=nixos.raw
${if diskSize == "auto" then ''
${if partitionTableType == "efi" || partitionTableType == "hybrid" then ''
additionalSpace=$(( ($(numfmt --from=iec '${additionalSpace}') + $(numfmt --from=iec '${bootSize}')) / 1000 ))
'' else ''
additionalSpace=$(( $(numfmt --from=iec '${additionalSpace}') / 1000 ))
''}
diskSize=$(( $(set -- $(du -d0 $root); echo "$1") + $additionalSpace ))
truncate -s "$diskSize"K $diskImage
'' else ''
truncate -s ${toString diskSize}M $diskImage
''}
${partitionDiskScript}
${if partitionTableType != "none" then ''
# Get start & length of the root partition in sectors to $START and $SECTORS.
eval $(partx $diskImage -o START,SECTORS --nr ${rootPartition} --pairs)
mkfs.${fsType} -F -L ${label} $diskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K
'' else ''
mkfs.${fsType} -F -L ${label} $diskImage
''}
echo "copying staging root to image..."
cptofs -p ${optionalString (partitionTableType != "none") "-P ${rootPartition}"} -t ${fsType} -i $diskImage $root/* /
'';
@ -219,7 +252,7 @@ in pkgs.vmTools.runInLinuxVM (
# Create the ESP and mount it. Unlike e2fsprogs, mkfs.vfat doesn't support an
# '-E offset=X' option, so we can't do this outside the VM.
${optionalString (partitionTableType == "efi") ''
${optionalString (partitionTableType == "efi" || partitionTableType == "hybrid") ''
mkdir -p /mnt/boot
mkfs.vfat -n ESP /dev/vda1
mount /dev/vda1 /mnt/boot

@ -2,9 +2,11 @@ pkgs: with pkgs.lib;
rec {
# Check whenever fileSystem is needed for boot
fsNeededForBoot = fs: fs.neededForBoot
|| elem fs.mountPoint [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ];
# Check whenever fileSystem is needed for boot. NOTE: Make sure
# pathsNeededForBoot is closed under the parent relationship, i.e. if /a/b/c
# is in the list, put /a and /a/b in as well.
pathsNeededForBoot = [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ];
fsNeededForBoot = fs: fs.neededForBoot || elem fs.mountPoint pathsNeededForBoot;
# Check whenever `b` depends on `a` as a fileSystem
fsBefore = a: b: a.mountPoint == b.device

@ -26,7 +26,7 @@ in
Whether to enable <command>uvcvideo</command> dynamic controls.
Note that enabling this brings the <command>uvcdynctrl</command> tool
into your environement and register all dynamic controls from
into your environment and register all dynamic controls from
specified <command>packages</command> to the <command>uvcvideo</command> driver.
'';
};

@ -814,6 +814,7 @@
./services/security/torsocks.nix
./services/security/usbguard.nix
./services/security/vault.nix
./services/security/yubikey-agent.nix
./services/system/cloud-init.nix
./services/system/dbus.nix
./services/system/earlyoom.nix
@ -885,6 +886,7 @@
./services/web-servers/meguca.nix
./services/web-servers/mighttpd2.nix
./services/web-servers/minio.nix
./services/web-servers/molly-brown.nix
./services/web-servers/nginx/default.nix
./services/web-servers/nginx/gitweb.nix
./services/web-servers/phpfpm/default.nix

@ -70,6 +70,7 @@ in
agent.pinentryFlavor = mkOption {
type = types.nullOr (types.enum pkgs.pinentry.flavors);
example = "gnome3";
default = defaultPinentryFlavor;
description = ''
Which pinentry interface to use. If not null, the path to the
pinentry binary will be passed to gpg-agent via commandline and
@ -91,8 +92,6 @@ in
};
config = mkIf cfg.agent.enable {
programs.gnupg.agent.pinentryFlavor = mkDefault defaultPinentryFlavor;
# This overrides the systemd user unit shipped with the gnupg package
systemd.user.services.gpg-agent = mkIf (cfg.agent.pinentryFlavor != null) {
serviceConfig.ExecStart = [ "" ''

@ -36,6 +36,17 @@ let
'';
};
p11Auth = mkOption {
default = config.security.pam.p11.enable;
type = types.bool;
description = ''
If set, keys listed in
<filename>~/.ssh/authorized_keys</filename> and
<filename>~/.eid/authorized_certificates</filename>
can be used to log in with the associated PKCS#11 tokens.
'';
};
u2fAuth = mkOption {
default = config.security.pam.u2f.enable;
type = types.bool;
@ -352,6 +363,8 @@ let
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"}
${optionalString cfg.fprintAuth
"auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"}
${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth
"auth ${p11.control} ${pkgs.pam_p11}/lib/security/pam_p11.so ${pkgs.opensc}/lib/opensc-pkcs11.so"}
${let u2f = config.security.pam.u2f; in optionalString cfg.u2fAuth
"auth ${u2f.control} ${pkgs.pam_u2f}/lib/security/pam_u2f.so ${optionalString u2f.debug "debug"} ${optionalString (u2f.authFile != null) "authfile=${u2f.authFile}"} ${optionalString u2f.interactive "interactive"} ${optionalString u2f.cue "cue"}"}
${optionalString cfg.usbAuth
@ -566,6 +579,39 @@ in
security.pam.enableOTPW = mkEnableOption "the OTPW (one-time password) PAM module";
security.pam.p11 = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Enables P11 PAM (<literal>pam_p11</literal>) module.
If set, users can log in with SSH keys and PKCS#11 tokens.
More information can be found <link
xlink:href="https://github.com/OpenSC/pam_p11">here</link>.
'';
};
control = mkOption {
default = "sufficient";
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
description = ''
This option sets pam "control".
If you want to have multi factor authentication, use "required".
If you want to use the PKCS#11 device instead of the regular password,
use "sufficient".
Read
<citerefentry>
<refentrytitle>pam.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
for better understanding of this option.
'';
};
};
security.pam.u2f = {
enable = mkOption {
default = false;
@ -747,6 +793,7 @@ in
++ optionals config.krb5.enable [pam_krb5 pam_ccreds]
++ optionals config.security.pam.enableOTPW [ pkgs.otpw ]
++ optionals config.security.pam.oath.enable [ pkgs.oathToolkit ]
++ optionals config.security.pam.p11.enable [ pkgs.pam_p11 ]
++ optionals config.security.pam.u2f.enable [ pkgs.pam_u2f ];
boot.supportedFilesystems = optionals config.security.pam.enableEcryptfs [ "ecryptfs" ];

@ -45,14 +45,14 @@ in {
environment.ROON_DATAROOT = "/var/lib/${name}";
serviceConfig = {
ExecStart = "${pkgs.roon-server}/opt/start.sh";
ExecStart = "${pkgs.roon-server}/start.sh";
LimitNOFILE = 8192;
User = cfg.user;
Group = cfg.group;
StateDirectory = name;
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPortRanges = [
{ from = 9100; to = 9200; }
@ -60,7 +60,7 @@ in {
allowedUDPPorts = [ 9003 ];
};
users.groups.${cfg.group} = {};
users.users.${cfg.user} =
if cfg.user == "roon-server" then {

@ -49,6 +49,8 @@ let
] ++ service.registrationFlags
++ optional (service.buildsDir != null)
"--builds-dir ${service.buildsDir}"
++ optional (service.cloneUrl != null)
"--clone-url ${service.cloneUrl}"
++ optional (service.preCloneScript != null)
"--pre-clone-script ${service.preCloneScript}"
++ optional (service.preBuildScript != null)
@ -377,6 +379,14 @@ in
in context of selected executor (Locally, Docker, SSH).
'';
};
cloneUrl = mkOption {
type = types.nullOr types.str;
default = null;
example = "http://gitlab.example.local";
description = ''
Overwrite the URL for the GitLab instance. Used if the Runner cant connect to GitLab on the URL GitLab exposes itself.
'';
};
dockerImage = mkOption {
type = types.nullOr types.str;
default = null;

@ -42,6 +42,7 @@ in {
# It has been possible since https://github.com/flatpak/flatpak/releases/tag/1.3.2
# to build a SELinux policy module.
# TODO: use sysusers.d
users.users.flatpak = {
description = "Flatpak system helper";
group = "flatpak";

@ -28,7 +28,10 @@ with lib;
malcontent-ui
];
services.dbus.packages = [ pkgs.malcontent ];
services.dbus.packages = [
# D-Bus services are in `out`, not the default `bin` output that would be picked up by `makeDbusConf`.
pkgs.malcontent.out
];
services.accounts-daemon.enable = true;

@ -125,7 +125,7 @@ in {
if [ ! -f '${registrationFile}' ]; then
${pkgs.mautrix-telegram}/bin/mautrix-telegram \
--generate-registration \
--base-config='${pkgs.mautrix-telegram}/example-config.yaml' \
--base-config='${pkgs.mautrix-telegram}/${pkgs.mautrix-telegram.pythonModule.sitePackages}/mautrix_telegram/example-config.yaml' \
--config='${settingsFile}' \
--registration='${registrationFile}'
fi

@ -4,6 +4,7 @@ with lib;
let
cfg = config.services.do-agent;
in
{
options.services.do-agent = {
@ -11,23 +12,13 @@ in
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.do-agent ];
systemd.packages = [ pkgs.do-agent ];
systemd.services.do-agent = {
description = "DigitalOcean Droplet Metrics Agent";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
ExecStart = "${pkgs.do-agent}/bin/do-agent --syslog";
Restart = "always";
OOMScoreAdjust = -900;
SyslogIdentifier = "DigitalOceanAgent";
PrivateTmp = "yes";
ProtectSystem = "full";
ProtectHome = "yes";
NoNewPrivileges = "yes";
DynamicUser = "yes";
ExecStart = [ "" "${pkgs.do-agent}/bin/do-agent --syslog" ];
DynamicUser = true;
};
};
};

@ -3,31 +3,8 @@
with lib;
let
cfg = config.services.bitcoind;
pidFile = "${cfg.dataDir}/bitcoind.pid";
configFile = pkgs.writeText "bitcoin.conf" ''
${optionalString cfg.testnet "testnet=1"}
${optionalString (cfg.dbCache != null) "dbcache=${toString cfg.dbCache}"}
${optionalString (cfg.prune != null) "prune=${toString cfg.prune}"}
# Connection options
${optionalString (cfg.port != null) "port=${toString cfg.port}"}
# RPC server options
${optionalString (cfg.rpc.port != null) "rpcport=${toString cfg.rpc.port}"}
${concatMapStringsSep "\n"
(rpcUser: "rpcauth=${rpcUser.name}:${rpcUser.passwordHMAC}")
(attrValues cfg.rpc.users)
}
# Extra config options (from bitcoind nixos service)
${cfg.extraConfig}
'';
cmdlineOptions = escapeShellArgs [
"-conf=${cfg.configFile}"
"-datadir=${cfg.dataDir}"
"-pid=${pidFile}"
];
eachBitcoind = config.services.bitcoind;
rpcUserOpts = { name, ... }: {
options = {
@ -39,11 +16,14 @@ let
'';
};
passwordHMAC = mkOption {
type = with types; uniq (strMatching "[0-9a-f]+\\$[0-9a-f]{64}");
type = types.uniq (types.strMatching "[0-9a-f]+\\$[0-9a-f]{64}");
example = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae";
description = ''
Password HMAC-SHA-256 for JSON-RPC connections. Must be a string of the
format &lt;SALT-HEX&gt;$&lt;HMAC-HEX&gt;.
Tool (Python script) for HMAC generation is available here:
<link xlink:href="https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py"/>
'';
};
};
@ -51,10 +31,10 @@ let
name = mkDefault name;
};
};
in {
options = {
services.bitcoind = {
bitcoindOpts = { config, lib, name, ...}: {
options = {
enable = mkEnableOption "Bitcoin daemon";
package = mkOption {
@ -63,12 +43,14 @@ in {
defaultText = "pkgs.bitcoind";
description = "The package providing bitcoin binaries.";
};
configFile = mkOption {
type = types.path;
default = configFile;
example = "/etc/bitcoind.conf";
type = types.nullOr types.path;
default = null;
example = "/var/lib/${name}/bitcoin.conf";
description = "The configuration file path to supply bitcoind.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
@ -79,20 +61,22 @@ in {
'';
description = "Additional configurations to be appended to <filename>bitcoin.conf</filename>.";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/bitcoind";
default = "/var/lib/bitcoind-${name}";
description = "The data directory for bitcoind.";
};
user = mkOption {
type = types.str;
default = "bitcoin";
default = "bitcoind-${name}";
description = "The user as which to run bitcoind.";
};
group = mkOption {
type = types.str;
default = cfg.user;
default = config.user;
description = "The group as which to run bitcoind.";
};
@ -110,29 +94,36 @@ in {
bob.passwordHMAC = "b2dd077cb54591a2f3139e69a897ac$4e71f08d48b4347cf8eff3815c0e25ae2e9a4340474079f55705f40574f4ec99";
}
'';
type = with types; loaOf (submodule rpcUserOpts);
description = ''
RPC user information for JSON-RPC connnections.
'';
type = types.attrsOf (types.submodule rpcUserOpts);
description = "RPC user information for JSON-RPC connnections.";
};
};
pidFile = mkOption {
type = types.path;
default = "${config.dataDir}/bitcoind.pid";
description = "Location of bitcoind pid file.";
};
testnet = mkOption {
type = types.bool;
default = false;
description = "Whether to use the test chain.";
description = "Whether to use the testnet instead of mainnet.";
};
port = mkOption {
type = types.nullOr types.port;
default = null;
description = "Override the default port on which to listen for connections.";
};
dbCache = mkOption {
type = types.nullOr (types.ints.between 4 16384);
default = null;
example = 4000;
description = "Override the default database cache size in megabytes.";
description = "Override the default database cache size in MiB.";
};
prune = mkOption {
type = types.nullOr (types.coercedTo
(types.enum [ "disable" "manual" ])
@ -149,45 +140,122 @@ in {
and -rescan. Warning: Reverting this setting requires re-downloading
the entire blockchain. ("disable" = disable pruning blocks, "manual"
= allow manual pruning via RPC, >=550 = automatically prune block files
to stay under the specified target size in MiB)
to stay under the specified target size in MiB).
'';
};
extraCmdlineOptions = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra command line options to pass to bitcoind.
Run bitcoind --help to list all available options.
'';
};
};
};
in
{
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -"
"L '${cfg.dataDir}/bitcoin.conf' - - - - '${cfg.configFile}'"
];
systemd.services.bitcoind = {
description = "Bitcoin daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = "${cfg.package}/bin/bitcoind ${cmdlineOptions}";
Restart = "on-failure";
# Hardening measures
PrivateTmp = "true";
ProtectSystem = "full";
NoNewPrivileges = "true";
PrivateDevices = "true";
MemoryDenyWriteExecute = "true";
};
options = {
services.bitcoind = mkOption {
type = types.attrsOf (types.submodule bitcoindOpts);
default = {};
description = "Specification of one or more bitcoind instances.";
};
users.users.${cfg.user} = {
};
config = mkIf (eachBitcoind != {}) {
assertions = flatten (mapAttrsToList (bitcoindName: cfg: [
{
assertion = (cfg.prune != null) -> (builtins.elem cfg.prune [ "disable" "manual" 0 1 ] || (builtins.isInt cfg.prune && cfg.prune >= 550));
message = ''
If set, services.bitcoind.${bitcoindName}.prune has to be "disable", "manual", 0 , 1 or >= 550.
'';
}
{
assertion = (cfg.rpc.users != {}) -> (cfg.configFile == null);
message = ''
You cannot set both services.bitcoind.${bitcoindName}.rpc.users and services.bitcoind.${bitcoindName}.configFile
as they are exclusive. RPC user setting would have no effect if custom configFile would be used.
'';
}
]) eachBitcoind);
environment.systemPackages = flatten (mapAttrsToList (bitcoindName: cfg: [
cfg.package
]) eachBitcoind);
systemd.services = mapAttrs' (bitcoindName: cfg: (
nameValuePair "bitcoind-${bitcoindName}" (
let
configFile = pkgs.writeText "bitcoin.conf" ''
# If Testnet is enabled, we need to add [test] section
# otherwise, some options (e.g.: custom RPC port) will not work
${optionalString cfg.testnet "[test]"}
# RPC users
${concatMapStringsSep "\n"
(rpcUser: "rpcauth=${rpcUser.name}:${rpcUser.passwordHMAC}")
(attrValues cfg.rpc.users)
}
# Extra config options (from bitcoind nixos service)
${cfg.extraConfig}
'';
in {
description = "Bitcoin daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = ''
${cfg.package}/bin/bitcoind \
${if (cfg.configFile != null) then
"-conf=${cfg.configFile}"
else
"-conf=${configFile}"
} \
-datadir=${cfg.dataDir} \
-pid=${cfg.pidFile} \
${optionalString cfg.testnet "-testnet"}\
${optionalString (cfg.port != null) "-port=${toString cfg.port}"}\
${optionalString (cfg.prune != null) "-prune=${toString cfg.prune}"}\
${optionalString (cfg.dbCache != null) "-dbcache=${toString cfg.dbCache}"}\
${optionalString (cfg.rpc.port != null) "-rpcport=${toString cfg.rpc.port}"}\
${toString cfg.extraCmdlineOptions}
'';
Restart = "on-failure";
# Hardening measures
PrivateTmp = "true";
ProtectSystem = "full";
NoNewPrivileges = "true";
PrivateDevices = "true";
MemoryDenyWriteExecute = "true";
};
}
))) eachBitcoind;
systemd.tmpfiles.rules = flatten (mapAttrsToList (bitcoindName: cfg: [
"d '${cfg.dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -"
]) eachBitcoind);
users.users = mapAttrs' (bitcoindName: cfg: (
nameValuePair "bitcoind-${bitcoindName}" {
name = cfg.user;
group = cfg.group;
description = "Bitcoin daemon user";
home = cfg.dataDir;
isSystemUser = true;
};
users.groups.${cfg.group} = {
name = cfg.group;
};
})) eachBitcoind;
users.groups = mapAttrs' (bitcoindName: cfg: (
nameValuePair "${cfg.group}" { }
)) eachBitcoind;
};
meta.maintainers = with maintainers; [ maintainers."1000101" ];
}

@ -11,7 +11,7 @@ let
''
default-lease-time 600;
max-lease-time 7200;
authoritative;
${optionalString (!cfg.authoritative) "not "}authoritative;
ddns-update-style interim;
log-facility local1; # see dhcpd.nix
@ -176,6 +176,16 @@ let
'';
};
authoritative = mkOption {
type = types.bool;
default = true;
description = ''
Whether the DHCP server shall send DHCPNAK messages to misconfigured
clients. If this is not done, clients may be unable to get a correct
IP address after changing subnets until their old lease has expired.
'';
};
};
in

@ -64,7 +64,7 @@ in {
extraConfig = mkOption {
default = {};
type = types.attrsOf types.str;
description = "Skydns attribute set of extra config options passed as environemnt variables.";
description = "Skydns attribute set of extra config options passed as environment variables.";
};
};

@ -4,7 +4,7 @@ with lib;
let
cfg = config.networking.wireless;
configFile = if cfg.networks != {} then pkgs.writeText "wpa_supplicant.conf" ''
configFile = if cfg.networks != {} || cfg.extraConfig != "" || cfg.userControlled.enable then pkgs.writeText "wpa_supplicant.conf" ''
${optionalString cfg.userControlled.enable ''
ctrl_interface=DIR=/run/wpa_supplicant GROUP=${cfg.userControlled.group}
update_config=1''}

@ -195,5 +195,8 @@ in {
# Make yggdrasilctl available on the command line.
environment.systemPackages = [ cfg.package ];
});
meta.maintainers = with lib.maintainers; [ gazally ehmry ];
meta = {
doc = ./yggdrasil.xml;
maintainers = with lib.maintainers; [ gazally ehmry ];
};
}

@ -0,0 +1,157 @@
<?xml version="1.0"?>
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="module-services-networking-yggdrasil">
<title>Yggdrasil</title>
<para>
<emphasis>Source:</emphasis>
<filename>modules/services/networking/yggdrasil/default.nix</filename>
</para>
<para>
<emphasis>Upstream documentation:</emphasis>
<link xlink:href="https://yggdrasil-network.github.io/"/>
</para>
<para>
Yggdrasil is an early-stage implementation of a fully end-to-end encrypted,
self-arranging IPv6 network.
</para>
<section xml:id="module-services-networking-yggdrasil-configuration">
<title>Configuration</title>
<section xml:id="module-services-networking-yggdrasil-configuration-simple">
<title>Simple ephemeral node</title>
<para>
An annotated example of a simple configuration:
<programlisting>
{
services.yggdrasil = {
enable = true;
persistentKeys = false;
# The NixOS module will generate new keys and a new IPv6 address each time
# it is started if persistentKeys is not enabled.
config = {
Peers = [
# Yggdrasil will automatically connect and "peer" with other nodes it
# discovers via link-local multicast annoucements. Unless this is the
# case (it probably isn't) a node needs peers within the existing
# network that it can tunnel to.
"tcp://1.2.3.4:1024"
"tcp://1.2.3.5:1024"
# Public peers can be found at
# https://github.com/yggdrasil-network/public-peers
];
};
};
}
</programlisting>
</para>
</section>
<section xml:id="module-services-networking-yggdrasil-configuration-prefix">
<title>Persistent node with prefix</title>
<para>
A node with a fixed address that announces a prefix:
<programlisting>
let
address = "210:5217:69c0:9afc:1b95:b9f:8718:c3d2";
prefix = "310:5217:69c0:9afc";
# taken from the output of "yggdrasilctl getself".
in {
services.yggdrasil = {
enable = true;
persistentKeys = true; # Maintain a fixed public key and IPv6 address.
config = {
Peers = [ "tcp://1.2.3.4:1024" "tcp://1.2.3.5:1024" ];
NodeInfo = {
# This information is visible to the network.
name = config.networking.hostName;
location = "The North Pole";
};
};
};
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# Forward traffic under the prefix.
networking.interfaces.${eth0}.ipv6.addresses = [{
# Set a 300::/8 address on the local physical device.
address = prefix + "::1";
prefixLength = 64;
}];
services.radvd = {
# Annouce the 300::/8 prefix to eth0.
enable = true;
config = ''
interface eth0
{
AdvSendAdvert on;
AdvDefaultLifetime 0;
prefix ${prefix}::/64 {
AdvOnLink on;
AdvAutonomous on;
};
route 200::/8 {};
};
'';
};
}
</programlisting>
</para>
</section>
<section xml:id="module-services-networking-yggdrasil-configuration-container">
<title>Yggdrasil attached Container</title>
<para>
A NixOS container attached to the Yggdrasil network via a node running on the
host:
<programlisting>
let
yggPrefix64 = "310:5217:69c0:9afc";
# Again, taken from the output of "yggdrasilctl getself".
in
{
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# Enable IPv6 forwarding.
networking = {
bridges.br0.interfaces = [ ];
# A bridge only to containers&#x2026;
interfaces.br0 = {
# &#x2026; configured with a prefix address.
ipv6.addresses = [{
address = "${yggPrefix64}::1";
prefixLength = 64;
}];
};
};
containers.foo = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
# Attach the container to the bridge only.
config = { config, pkgs, ... }: {
networking.interfaces.eth0.ipv6 = {
addresses = [{
# Configure a prefix address.
address = "${yggPrefix64}::2";
prefixLength = 64;
}];
routes = [{
# Configure the prefix route.
address = "200::";
prefixLength = 7;
via = "${yggPrefix64}::1";
}];
};
services.httpd.enable = true;
networking.firewall.allowedTCPPorts = [ 80 ];
};
};
}
</programlisting>
</para>
</section>
</section>
</chapter>

@ -0,0 +1,60 @@
# Global configuration for yubikey-agent.
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.yubikey-agent;
# reuse the pinentryFlavor option from the gnupg module
pinentryFlavor = config.programs.gnupg.agent.pinentryFlavor;
in
{
###### interface
meta.maintainers = with maintainers; [ philandstuff rawkode ];
options = {
services.yubikey-agent = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to start yubikey-agent when you log in. Also sets
SSH_AUTH_SOCK to point at yubikey-agent.
Note that yubikey-agent will use whatever pinentry is
specified in programs.gnupg.agent.pinentryFlavor.
'';
};
package = mkOption {
type = types.package;
default = pkgs.yubikey-agent;
defaultText = "pkgs.yubikey-agent";
description = ''
The package used for the yubikey-agent daemon.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.packages = [ cfg.package ];
# This overrides the systemd user unit shipped with the
# yubikey-agent package
systemd.user.services.yubikey-agent = mkIf (pinentryFlavor != null) {
path = [ pkgs.pinentry.${pinentryFlavor} ];
};
environment.extraInit = ''
if [ -z "$SSH_AUTH_SOCK" -a -n "$XDG_RUNTIME_DIR" ]; then
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/yubikey-agent/yubikey-agent.sock"
fi
'';
};
}

@ -0,0 +1,117 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.molly-brown;
settingsType = with types;
attrsOf (oneOf [
int
str
(listOf str)
(attrsOf (oneOf [ int str (listOf str) (attrsOf str) ]))
]) // {
description = "primitive expression convertable to TOML";
};
configFile = pkgs.runCommand "molly-brown.toml" {
buildInputs = [ pkgs.remarshal ];
preferLocalBuild = true;
passAsFile = [ "settings" ];
settings = builtins.toJSON cfg.settings;
} "remarshal -if json -of toml < $settingsPath > $out";
in {
options.services.molly-brown = {
enable = mkEnableOption "Molly-Brown Gemini server";
port = mkOption {
default = 1965;
type = types.port;
description = ''
TCP port for molly-brown to bind to.
'';
};
hostName = mkOption {
type = types.str;
example = literalExample "config.networking.hostName";
default = config.networking.hostName;
description = ''
The hostname to respond to requests for. Requests for URLs with
other hosts will result in a status 53 (PROXY REQUEST REFUSED)
response.
'';
};
certPath = mkOption {
type = types.path;
example = "/var/lib/acme/example.com/cert.pem";
description = ''
Path to TLS certificate. An ACME certificate and key may be
shared with an HTTP server, but only if molly-brown has
permissions allowing it to read such keys.
As an example:
<programlisting>
security.acme.certs."example.com".allowKeysForGroup = true;
systemd.services.molly-brown.serviceConfig.SupplementaryGroups =
[ config.security.acme.certs."example.com".group ];
</programlisting>
'';
};
keyPath = mkOption {
type = types.path;
example = "/var/lib/acme/example.com/key.pem";
description = "Path to TLS key. See <option>CertPath</option>.";
};
docBase = mkOption {
type = types.path;
example = "/var/lib/molly-brown";
description = "Base directory for Gemini content.";
};
settings = mkOption {
type = settingsType;
default = { };
description = ''
molly-brown configuration. Refer to
<link xlink:href="https://tildegit.org/solderpunk/molly-brown/src/branch/master/example.conf"/>
for details on supported values.
'';
};
};
config = mkIf cfg.enable {
services.molly-brown.settings = let logDir = "/var/log/molly-brown";
in {
Port = cfg.port;
Hostname = cfg.hostName;
CertPath = cfg.certPath;
KeyPath = cfg.keyPath;
DocBase = cfg.docBase;
AccessLog = "${logDir}/access.log";
ErrorLog = "${logDir}/error.log";
};
systemd.services.molly-brown = {
description = "Molly Brown gemini server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
LogsDirectory = "molly-brown";
ExecStart = "${pkgs.molly-brown}/bin/molly-brown -c ${configFile}";
Restart = "always";
};
};
};
}

@ -559,10 +559,12 @@ in
default = false;
type = types.bool;
description = ''
If set, this file system will be mounted in the initial
ramdisk. By default, this applies to the root file system
and to the file system containing
<filename>/nix/store</filename>.
If set, this file system will be mounted in the initial ramdisk.
Note that the file system will always be mounted in the initial
ramdisk if its mount point is one of the following:
${concatStringsSep ", " (
forEach utils.pathsNeededForBoot (i: "<filename>${i}</filename>")
)}.
'';
};
});

@ -37,7 +37,14 @@ let
default = null;
example = "/mnt-root/root/.swapkey";
type = types.nullOr types.str;
description = "File system location of keyfile. This unlocks the drive after the root has been mounted to <literal>/mnt-root</literal>.";
description = ''
Path to a keyfile used to unlock the backing encrypted
device. At the time this keyfile is accessed, the
<literal>neededForBoot</literal> filesystems (see
<literal>fileSystems.&lt;name?&gt;.neededForBoot</literal>)
will have been mounted under <literal>/mnt-root</literal>,
so the keyfile path should usually start with "/mnt-root/".
'';
};
};
};
@ -65,12 +72,16 @@ in
boot.initrd = {
luks = {
devices =
builtins.listToAttrs (map (dev: { name = dev.encrypted.label; value = { device = dev.encrypted.blkDev; }; }) keylessEncDevs);
builtins.listToAttrs (map (dev: {
name = dev.encrypted.label;
value = { device = dev.encrypted.blkDev; };
}) keylessEncDevs);
forceLuksSupportInInitrd = true;
};
postMountCommands =
concatMapStrings (dev: "cryptsetup luksOpen --key-file ${dev.encrypted.keyFile} ${dev.encrypted.blkDev} ${dev.encrypted.label};\n") keyedEncDevs;
concatMapStrings (dev:
"cryptsetup luksOpen --key-file ${dev.encrypted.keyFile} ${dev.encrypted.blkDev} ${dev.encrypted.label};\n"
) keyedEncDevs;
};
};
}

@ -22,7 +22,7 @@ in {
config = mkMerge [
(mkIf (!config.boot.isContainer) {
environment.etc."tmpfiles.d/lvm2.conf".source = "${cfg.package}/lib/tmpfiles.d/lvm2.conf";
systemd.tmpfiles.packages = [ cfg.package.out ];
environment.systemPackages = [ cfg.package ];
systemd.packages = [ cfg.package ];

@ -310,6 +310,11 @@ in rec {
services.xserver.desktopManager.gnome3.enable = true;
});
pantheon = makeClosure ({ ... }:
{ services.xserver.enable = true;
services.xserver.desktopManager.pantheon.enable = true;
});
# Linux/Apache/PostgreSQL/PHP stack.
lapp = makeClosure ({ pkgs, ... }:
{ services.httpd.enable = true;

@ -32,6 +32,7 @@ in
beanstalkd = handleTest ./beanstalkd.nix {};
bees = handleTest ./bees.nix {};
bind = handleTest ./bind.nix {};
bitcoind = handleTest ./bitcoind.nix {};
bittorrent = handleTest ./bittorrent.nix {};
blockbook-frontend = handleTest ./blockbook-frontend.nix {};
buildkite-agents = handleTest ./buildkite-agents.nix {};
@ -284,6 +285,7 @@ in
prosody = handleTest ./xmpp/prosody.nix {};
prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {};
proxy = handleTest ./proxy.nix {};
pt2-clone = handleTest ./pt2-clone.nix {};
qboot = handleTestOn ["x86_64-linux" "i686-linux"] ./qboot.nix {};
quagga = handleTest ./quagga.nix {};
quorum = handleTest ./quorum.nix {};
@ -319,6 +321,7 @@ in
sudo = handleTest ./sudo.nix {};
switchTest = handleTest ./switch-test.nix {};
sympa = handleTest ./sympa.nix {};
syncthing = handleTest ./syncthing.nix {};
syncthing-init = handleTest ./syncthing-init.nix {};
syncthing-relay = handleTest ./syncthing-relay.nix {};
systemd = handleTest ./systemd.nix {};

46
nixos/tests/bitcoind.nix Normal file

@ -0,0 +1,46 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "bitcoind";
meta = with pkgs.stdenv.lib; {
maintainers = with maintainers; [ maintainers."1000101" ];
};
machine = { ... }: {
services.bitcoind."mainnet" = {
enable = true;
rpc = {
port = 8332;
users.rpc.passwordHMAC = "acc2374e5f9ba9e62a5204d3686616cf$53abdba5e67a9005be6a27ca03a93ce09e58854bc2b871523a0d239a72968033";
users.rpc2.passwordHMAC = "1495e4a3ad108187576c68f7f9b5ddc5$accce0881c74aa01bb8960ff3bdbd39f607fd33178147679e055a4ac35f53225";
};
};
services.bitcoind."testnet" = {
enable = true;
configFile = "/test.blank";
testnet = true;
rpc = {
port = 18332;
};
extraCmdlineOptions = [ "-rpcuser=rpc" "-rpcpassword=rpc" "-rpcauth=rpc2:1495e4a3ad108187576c68f7f9b5ddc5$accce0881c74aa01bb8960ff3bdbd39f607fd33178147679e055a4ac35f53225" ];
};
};
testScript = ''
start_all()
machine.wait_for_unit("bitcoind-mainnet.service")
machine.wait_for_unit("bitcoind-testnet.service")
machine.wait_until_succeeds(
'curl --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' '
)
machine.wait_until_succeeds(
'curl --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' '
)
machine.wait_until_succeeds(
'curl --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' '
)
machine.wait_until_succeeds(
'curl --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' '
)
'';
})

@ -8,7 +8,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
services.blockbook-frontend."test" = {
enable = true;
};
services.bitcoind = {
services.bitcoind.mainnet = {
enable = true;
rpc = {
port = 8030;

@ -50,6 +50,12 @@ let
environment.systemPackages = with pkgs; [ gnome-desktop-testing ];
# The installed tests need to be added to the test VMs closure.
# Otherwise, their dependencies might not actually be registered
# as valid paths in the VMs Nix store database,
# and `nix-store --query` commands run as part of the tests
# (for example when building Flatpak runtimes) will fail.
environment.variables.TESTED_PACKAGE_INSTALLED_TESTS = "${tested.installedTests}/share";
};
testScript =

@ -5,14 +5,11 @@ makeInstalledTest {
withX11 = true;
testConfig = {
services.xserver.desktopManager.gnome3.enable = true; # TODO: figure out minimal environment where the tests work
# common/x11.nix enables the auto display manager (lightdm)
services.xserver.displayManager.gdm.enable = false;
services.gnome3.core-utilities.enable = false;
xdg.portal.enable = true;
services.flatpak.enable = true;
environment.systemPackages = with pkgs; [ gnupg ostree python2 ];
environment.systemPackages = with pkgs; [ gnupg ostree python3 ];
virtualisation.memorySize = 2047;
virtualisation.diskSize = 1024;
virtualisation.diskSize = 3072;
};
testRunnerFlags = "--timeout 3600";

@ -3,21 +3,10 @@
makeInstalledTest {
tested = pkgs.ostree;
# TODO: Wrap/patch the tests directly in the package
testConfig = {
environment.systemPackages = with pkgs; [
(python3.withPackages (p: with p; [ pyyaml ]))
gnupg
ostree
];
# for GJS tests
environment.variables.GI_TYPELIB_PATH = lib.makeSearchPath "lib/girepository-1.0" (with pkgs; [
gtk3
pango.out
ostree
gdk-pixbuf
atk
]);
};
}

@ -562,7 +562,7 @@ in {
"sleep 1",
"lvcreate --size 1G --name swap MyVolGroup",
"sleep 1",
"lvcreate --size 2G --name nixos MyVolGroup",
"lvcreate --size 3G --name nixos MyVolGroup",
"sleep 1",
"mkswap -f /dev/MyVolGroup/swap -L swap",
"swapon -L swap",

@ -0,0 +1,71 @@
import ./make-test-python.nix ({ pkgs, ... }:
let testString = "NixOS Gemini test successful";
in {
name = "molly-brown";
meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ ehmry ]; };
nodes = {
geminiServer = { config, pkgs, ... }:
let
inherit (config.networking) hostName;
cfg = config.services.molly-brown;
in {
environment.systemPackages = [
(pkgs.writeScriptBin "test-gemini" ''
#!${pkgs.python3}/bin/python
import socket
import ssl
import tempfile
import textwrap
import urllib.parse
url = "gemini://geminiServer/init.gmi"
parsed_url = urllib.parse.urlparse(url)
s = socket.create_connection((parsed_url.netloc, 1965))
context = ssl.SSLContext()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
s = context.wrap_socket(s, server_hostname=parsed_url.netloc)
s.sendall((url + "\r\n").encode("UTF-8"))
fp = s.makefile("rb")
print(fp.readline().strip())
print(fp.readline().strip())
print(fp.readline().strip())
'')
];
networking.firewall.allowedTCPPorts = [ cfg.settings.Port ];
services.molly-brown = {
enable = true;
docBase = "/tmp/docs";
certPath = "/tmp/cert.pem";
keyPath = "/tmp/key.pem";
};
systemd.services.molly-brown.preStart = ''
${pkgs.openssl}/bin/openssl genrsa -out "/tmp/key.pem"
${pkgs.openssl}/bin/openssl req -new \
-subj "/CN=${config.networking.hostName}" \
-key "/tmp/key.pem" -out /tmp/request.pem
${pkgs.openssl}/bin/openssl x509 -req -days 3650 \
-in /tmp/request.pem -signkey "/tmp/key.pem" -out "/tmp/cert.pem"
mkdir -p "${cfg.settings.DocBase}"
echo "${testString}" > "${cfg.settings.DocBase}/test.gmi"
'';
};
};
testScript = ''
geminiServer.wait_for_unit("molly-brown")
geminiServer.wait_for_open_port(1965)
geminiServer.succeed("test-gemini")
'';
})

@ -15,7 +15,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
node.wait_for_open_port(27017)
assert "hello" in node.succeed(
"mongo ${testQuery}"
"${pkg}/bin/mongo ${testQuery}"
)
node.execute(
@ -36,6 +36,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
mongodb-3_4
mongodb-3_6
mongodb-4_0
mongodb-4_2
];
};
};
@ -46,6 +47,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
+ runMongoDBTest pkgs.mongodb-3_4
+ runMongoDBTest pkgs.mongodb-3_6
+ runMongoDBTest pkgs.mongodb-4_0
+ runMongoDBTest pkgs.mongodb-4_2
+ ''
node.shutdown()
'';

@ -32,14 +32,14 @@ let
services.dhcpd4 = {
enable = true;
interfaces = map (n: "eth${toString n}") vlanIfs;
extraConfig = ''
'' + flip concatMapStrings vlanIfs (n: ''
extraConfig = flip concatMapStrings vlanIfs (n: ''
subnet 192.168.${toString n}.0 netmask 255.255.255.0 {
option routers 192.168.${toString n}.1;
range 192.168.${toString n}.2 192.168.${toString n}.254;
}
'')
;
machines = lib.flip map vlanIfs (vlan:
machines = flip map vlanIfs (vlan:
{
hostName = "client${toString vlan}";
ethernetAddress = qemu-flags.qemuNicMac vlan 1;

35
nixos/tests/pt2-clone.nix Normal file

@ -0,0 +1,35 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "pt2-clone";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ fgaz ];
};
machine = { config, pkgs, ... }: {
imports = [
./common/x11.nix
];
services.xserver.enable = true;
sound.enable = true;
environment.systemPackages = [ pkgs.pt2-clone ];
};
enableOCR = true;
testScript =
''
machine.wait_for_x()
# Add a dummy sound card, or the program won't start
machine.execute("modprobe snd-dummy")
machine.execute("pt2-clone &")
machine.wait_for_window(r"ProTracker")
machine.sleep(5)
# One of the few words that actually get recognized
if "LENGTH" not in machine.get_screen_text():
raise Exception("Program did not start successfully")
machine.screenshot("screen")
'';
})

65
nixos/tests/syncthing.nix Normal file

@ -0,0 +1,65 @@
import ./make-test-python.nix ({ lib, pkgs, ... }: {
name = "syncthing";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ chkno ];
nodes = rec {
a = {
environment.systemPackages = with pkgs; [ curl libxml2 syncthing ];
services.syncthing = {
enable = true;
openDefaultPorts = true;
};
};
b = a;
};
testScript = ''
import json
import shlex
confdir = "/var/lib/syncthing/.config/syncthing"
def addPeer(host, name, deviceID):
APIKey = host.succeed(
"xmllint --xpath 'string(configuration/gui/apikey)' %s/config.xml" % confdir
).strip()
oldConf = host.succeed(
"curl -Ss -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config" % APIKey
)
conf = json.loads(oldConf)
conf["devices"].append({"deviceID": deviceID, "id": name})
conf["folders"].append(
{
"devices": [{"deviceID": deviceID}],
"id": "foo",
"path": "/var/lib/syncthing/foo",
"rescanIntervalS": 1,
}
)
newConf = json.dumps(conf)
host.succeed(
"curl -Ss -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config -d %s"
% (APIKey, shlex.quote(newConf))
)
start_all()
a.wait_for_unit("syncthing.service")
b.wait_for_unit("syncthing.service")
a.wait_for_open_port(22000)
b.wait_for_open_port(22000)
aDeviceID = a.succeed("syncthing -home=%s -device-id" % confdir).strip()
bDeviceID = b.succeed("syncthing -home=%s -device-id" % confdir).strip()
addPeer(a, "b", bDeviceID)
addPeer(b, "a", aDeviceID)
a.wait_for_file("/var/lib/syncthing/foo")
b.wait_for_file("/var/lib/syncthing/foo")
a.succeed("echo a2b > /var/lib/syncthing/foo/a2b")
b.succeed("echo b2a > /var/lib/syncthing/foo/b2a")
a.wait_for_file("/var/lib/syncthing/foo/b2a")
b.wait_for_file("/var/lib/syncthing/foo/a2b")
'';
})

@ -7,6 +7,7 @@ let
SigningPrivateKey = "fe3add8da35316c05f6d90d3ca79bd2801e6ccab6d37e5339fef4152589398abe2c43349083bc1e998e4ec4535b4c6a8f44ca9a5a8e07336561267253b2be5f4";
};
bobIp6 = "201:ebbd:bde9:f138:c302:4afa:1fb6:a19a";
bobPrefix = "301:ebbd:bde9:f138";
bobConfig = {
InterfacePeers = {
eth1 = [ "tcp://192.168.1.200:12345" ];
@ -18,6 +19,7 @@ let
SigningPublicKey = "de111da0ec781e45bf6c63ecb45a78c24d7d4655abfaeea83b26c36eb5c0fd5b";
SigningPrivateKey = "2a6c21550f3fca0331df50668ffab66b6dce8237bcd5728e571e8033b363e247de111da0ec781e45bf6c63ecb45a78c24d7d4655abfaeea83b26c36eb5c0fd5b";
};
danIp6 = bobPrefix + "::2";
in import ./make-test-python.nix ({ pkgs, ...} : {
name = "yggdrasil";
@ -69,6 +71,41 @@ in import ./make-test-python.nix ({ pkgs, ...} : {
text = builtins.toJSON bobConfig;
});
};
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking = {
bridges.br0.interfaces = [ ];
interfaces.br0 = {
ipv6.addresses = [{
address = bobPrefix + "::1";
prefixLength = 64;
}];
};
};
# dan is a node inside a container running on bob's host.
containers.dan = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
config = { config, pkgs, ... }: {
networking.interfaces.eth0.ipv6 = {
addresses = [{
address = bobPrefix + "::2";
prefixLength = 64;
}];
routes = [{
address = "200::";
prefixLength = 7;
via = bobPrefix + "::1";
}];
};
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
};
};
};
# Carol only does local peering. Carol's yggdrasil config is all Nix.
@ -100,7 +137,7 @@ in import ./make-test-python.nix ({ pkgs, ...} : {
bob.start()
carol.start()
bob.wait_for_unit("yggdrasil.service")
bob.wait_for_unit("default.target")
carol.wait_for_unit("yggdrasil.service")
ip_addr_show = "ip -o -6 addr show dev ygg0 scope global"
@ -117,10 +154,13 @@ in import ./make-test-python.nix ({ pkgs, ...} : {
carol.succeed("ping -c 1 ${aliceIp6}")
carol.succeed("ping -c 1 ${bobIp6}")
carol.succeed("ping -c 1 ${bobPrefix}::1")
carol.succeed("ping -c 8 ${danIp6}")
carol.fail("journalctl -u dhcpcd | grep ygg0")
alice.wait_for_unit("httpd.service")
carol.succeed("curl --fail -g http://[${aliceIp6}]")
carol.succeed("curl --fail -g http://[${danIp6}]")
'';
})

@ -1,28 +1,21 @@
{ stdenv, fetchzip, wxGTK30, pkgconfig, file, gettext,
{ stdenv, fetchzip, wxGTK31, pkgconfig, file, gettext,
libvorbis, libmad, libjack2, lv2, lilv, serd, sord, sratom, suil, alsaLib, libsndfile, soxr, flac, lame,
expat, libid3tag, ffmpeg_3, soundtouch, /*, portaudio - given up fighting their portaudio.patch */
autoconf, automake, libtool
pcre, vamp-plugin-sdk, portmidi, twolame, git,
cmake, libtool
}:
with stdenv.lib;
stdenv.mkDerivation rec {
version = "2.4.1";
version = "2.4.2";
pname = "audacity";
src = fetchzip {
url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz";
sha256 = "1xk0piv72d2xd3p7igr916fhcbrm76fhjr418k1rlqdzzg1hfljn";
sha256 = "0lklcvqkxrr2gkb9gh3422iadzl2rv9v0a8s76rwq43lj2im7546";
};
preConfigure = /* we prefer system-wide libs */ ''
autoreconf -vi # use system libraries
# we will get a (possibly harmless) warning during configure without this
substituteInPlace configure \
--replace /usr/bin/file ${file}/bin/file
'';
configureFlags = [
"--with-libsamplerate"
];
@ -43,11 +36,12 @@ stdenv.mkDerivation rec {
"-lswscale"
];
nativeBuildInputs = [ pkgconfig autoconf automake libtool ];
nativeBuildInputs = [ pkgconfig cmake libtool git ];
buildInputs = [
file gettext wxGTK30 expat alsaLib
libsndfile soxr libid3tag libjack2 lv2 lilv serd sord sratom suil wxGTK30.gtk
file gettext wxGTK31 expat alsaLib
libsndfile soxr libid3tag libjack2 lv2 lilv serd sord sratom suil wxGTK31.gtk
ffmpeg_3 libmad lame libvorbis flac soundtouch
pcre vamp-plugin-sdk portmidi twolame
]; #ToDo: detach sbsms
enableParallelBuilding = true;

@ -1,5 +1,6 @@
{ lib
, fetchgit
, nix-update-script
, meson
, ninja
, pkgconfig
@ -91,6 +92,13 @@ python3.pkgs.buildPythonApplication rec {
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
passthru = {
updateScript = nix-update-script {
attrPath = pname;
};
};
meta = with lib; {
changelog = "https://gitlab.gnome.org/World/lollypop/tags/${version}";
description = "A modern music player for GNOME";

@ -52,7 +52,7 @@ mkDerivation rec {
homepage = "https://mixxx.org";
description = "Digital DJ mixing software";
license = licenses.gpl2Plus;
maintainers = [ maintainers.aszlig maintainers.goibhniu maintainers.bfortz ];
maintainers = [ maintainers.goibhniu maintainers.bfortz ];
platforms = platforms.linux;
};
}

@ -2,12 +2,12 @@
python3Packages.buildPythonApplication rec {
pname = "mopidy-youtube";
version = "3.0";
version = "3.1";
src = python3Packages.fetchPypi {
inherit version;
pname = "Mopidy-YouTube";
sha256 = "0x1q9rfnjx65n6hi8s5rw5ff4xv55h63zy52fwm8aksdnzppr7gd";
sha256 = "1bn3nxianbal9f81z9wf2cxi893hndvrz2zdqvh1zpxrhs0cr038";
};
patchPhase = "sed s/bs4/beautifulsoup4/ -i setup.cfg";

@ -2,14 +2,14 @@
, usePulseAudio ? config.pulseaudio or false, libpulseaudio }:
let
version = "0.5.0";
version = "0.5.1";
in stdenv.mkDerivation {
pname = "openmpt123";
inherit version;
src = fetchurl {
url = "https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-${version}+release.autotools.tar.gz";
sha256 = "0zl3djy9z7cpqk8g8pxrzmmikxsskb0y5qdabg6c683j7x5abjs3";
sha256 = "1vpalfsrkbx4vyrh1qy564lr91jwdxlbjivv5gzf8zcywxasf0xa";
};
enableParallelBuilding = true;

@ -1,24 +1,29 @@
{ stdenv
, fetchFromGitHub
, cmake
, nixosTests
, alsaLib
, SDL2
}:
stdenv.mkDerivation rec {
pname = "pt2-clone";
version = "1.20";
version = "1.22";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "pt2-clone";
rev = "v${version}";
sha256 = "0s4yk8w19qa58n5p558n6m7d5mslr9h9z5q3ayrgqcchdlm8cfky";
sha256 = "1w6lbq4366bawy975glvjizk57zhvl562xhxwzn7p5hpm2bvw09b";
};
nativeBuildInputs = [ cmake ];
buildInputs = [ SDL2 ] ++ stdenv.lib.optional stdenv.isLinux alsaLib;
passthru.tests = {
pt2-clone-opens = nixosTests.pt2-clone;
};
meta = with stdenv.lib; {
description = "A highly accurate clone of the classic ProTracker 2.3D software for Amiga";
homepage = "https://16-bits.org/pt2.php";

@ -29,11 +29,11 @@
# handle that.
mkDerivation rec {
name = "qmmp-1.4.0";
name = "qmmp-1.4.1";
src = fetchurl {
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
sha256 = "13rhnk55d44svksl13w23w2qkfpkq4mc0jy5mi89nzqkzshwvfd8";
sha256 = "0p18r2ri75vbyjzfa7bcl1dm372m6jvn9zj2p5ia2rh1g77fbm9a";
};
nativeBuildInputs = [ cmake pkgconfig ];

@ -0,0 +1,45 @@
{ stdenv, fetchFromGitHub, perlPackages, makeWrapper }:
stdenv.mkDerivation rec {
pname = "realTimeConfigQuickScan";
version = "unstable-2020-08-03";
src = fetchFromGitHub {
owner = "raboof";
repo = pname;
rev = "4b482db17f8d8567ba0abf33459ceb5f756f088c";
sha256 = "00l69gzwla9gjv5kpklgxlwnl48wnh8h6w0k8i69qr2cxigg4rhj";
};
buildInputs = [ perlPackages.perl makeWrapper ];
dontBuild = true;
installPhase = ''
mkdir -p $out/bin
mkdir -p $out/share/doc
# Install Script Files:
# *.pm files
for i in *.pm; do
install -Dm 755 "$i" "$out/share/$i"
done
# Install doc files:
install -D COPYING "$out/share/doc/COPYING"
install -D README.md "$out/share/doc/README.md"
# Install Executable scripts:
install -Dm 755 realTimeConfigQuickScan.pl "$out/bin/realTimeConfigQuickScan"
install -Dm 755 QuickScan.pl "$out/bin/QuickScan"
wrapProgram $out/bin/realTimeConfigQuickScan \
--set PERL5LIB "$out/share"
wrapProgram $out/bin/QuickScan \
--set PERL5LIB "$out/share:${with perlPackages; makePerlPath [ Tk ]}"
'';
meta = with stdenv.lib; {
description = "Linux configuration checker for systems to be used for real-time audio";
homepage = "https://github.com/raboof/realtimeconfigquickscan";
license = licenses.gpl2;
maintainers = with maintainers; [ magnetophon ];
platforms = platforms.linux ;
};
}

@ -20,13 +20,13 @@
stdenv.mkDerivation rec {
pname = "sooperlooper";
version = "unstable-2019-09-30";
version = "1.7.4";
src = fetchFromGitHub {
owner = "essej";
repo = "sooperlooper";
rev = "4d1da14176e16b0f56b727bb1e6c2e8957515625";
sha256 = "1gsgqa7hdymzw2al1ymzv0f33y161dyhh3fmy88lpjwv3bfchamg";
rev = "v${builtins.replaceStrings [ "." ] [ "_" ] version}";
sha256 = "1jng9bkb7iikad0dy1fkiq9wjjdhh1xi1p0cp2lvnz1dsc4yk6iw";
};
autoreconfPhase = ''
@ -51,6 +51,8 @@ stdenv.mkDerivation rec {
fftw
];
enableParallelBuilding = true;
meta = with stdenv.lib; {
description = "A live looping sampler capable of immediate loop recording, overdubbing, multiplying, reversing and more";
longDescription = ''

@ -6,18 +6,21 @@
, alsaLib
, SDL
, jack2
, audiofile
, goocanvas # graphical envelope editing
}:
stdenv.mkDerivation rec {
pname = "soundtracker";
version = "1.0.0.1";
version = "1.0.1";
src = fetchurl {
# Past releases get moved to the "old releases" directory.
# Only the latest release (currently a prerelease) is at the top level.
url = "mirror://sourceforge/soundtracker/old%20releases/soundtracker-${version}.tar.bz2";
sha256 = "1ggliswz5ngmlnrnyhv3x1arh5w77an0ww9p53cddp9aas5q11jm";
# Only the latest release is at the top level.
# Nonetheless, only the name of the file seems to affect which file is
# downloaded, so this path should be fine both for old and current releases.
url = "mirror://sourceforge/soundtracker/soundtracker-${version}.tar.bz2";
sha256 = "0m5iiqccch6w53khpvdldz59zymw13vmwqc5ggx3sn41riwbd6ks";
};
nativeBuildInputs = [
@ -28,9 +31,12 @@ stdenv.mkDerivation rec {
gtk2
SDL
jack2
audiofile
goocanvas
] ++ stdenv.lib.optional stdenv.isLinux alsaLib;
hardeningDisable = [ "format" ];
meta = with stdenv.lib; {
description = "A music tracking tool similar in design to the DOS program FastTracker and the Amiga legend ProTracker";
longDescription = ''

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "spotify-tui";
version = "0.20.0";
version = "0.21.0";
src = fetchFromGitHub {
owner = "Rigellute";
repo = "spotify-tui";
rev = "v${version}";
sha256 = "1gdsk620md5nv1r05jysmfhpbcidh15wzyiklkazsb6cppm6qsiy";
sha256 = "0pvgq8r1bb7bdxm50hxl0n7ajplpzp1gnf6j55dn6xwck0syml9y";
};
cargoSha256 = "0irfdmik6nrpfs9yzva5q351cfyf1cijxa2a08prwdccrivdk98a";
cargoSha256 = "07v1qm5ky99j2lwbl00g80z0f8hfrpwgyqsm8fnda6y9s3vzzdgz";
nativeBuildInputs = stdenv.lib.optionals stdenv.isLinux [ pkgconfig python3 ];
buildInputs = [ ]

@ -0,0 +1,60 @@
{ lib, python3Packages, gobject-introspection, gtk3, pango, wrapGAppsHook
, chromecastSupport ? false
, serverSupport ? false
, keyringSupport ? true
, notifySupport ? true, libnotify
, networkSupport ? true, networkmanager
}:
python3Packages.buildPythonApplication rec {
pname = "sublime-music";
version = "0.11.0";
src = python3Packages.fetchPypi {
inherit pname version;
sha256 = "1rnjc8pjfaq67mq10gy939g77azc80lxf77s9nsaxds4q5j1yrl2";
};
nativeBuildInputs = [
gobject-introspection
python3Packages.setuptools
wrapGAppsHook
];
buildInputs = [
gtk3
pango
]
++ lib.optional notifySupport libnotify
++ lib.optional networkSupport networkmanager
;
propagatedBuildInputs = with python3Packages; [
dataclasses-json
deepdiff
fuzzywuzzy
mpv
peewee
pygobject3
python-Levenshtein
python-dateutil
requests
semver
]
++ lib.optional chromecastSupport PyChromecast
++ lib.optional keyringSupport keyring
++ lib.optional serverSupport bottle
;
# hook for gobject-introspection doesn't like strictDeps
# https://github.com/NixOS/nixpkgs/issues/56943
strictDeps = false;
meta = with lib; {
description = "GTK3 Subsonic/Airsonic client";
homepage = "https://sublimemusic.app/";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ albakham ];
};
}

@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, nix-update-script
, cmake
, ninja
, vala
@ -61,7 +62,7 @@ stdenv.mkDerivation rec {
];
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "go-ethereum";
version = "1.9.17";
version = "1.9.18";
src = fetchFromGitHub {
owner = "ethereum";
repo = pname;
rev = "v${version}";
sha256 = "175cy5cqkdhvh3kv2d0madybbz2sdbgxhm8xfb3ydbaf2hzihxmx";
sha256 = "0nkzwmrzk0m9662cr18h5i54v07mw8v3fh0csvqx8n50z5fcvb7b";
};
usb = fetchFromGitHub {
@ -18,7 +18,7 @@ buildGoModule rec {
sha256 = "0asd5fz2rhzkjmd8wjgmla5qmqyz4jaa6qf0n2ycia16jsck6wc2";
};
vendorSha256 = "0w2214fllw93xbrlxayhl014aqbjsc8zz7mpik7w5b26m60hn5kr";
vendorSha256 = "13wh6r9zi5qw72xkbzy3mcgn7lv9l981x4lniypjbnkwhq2dj5iz";
overrideModAttrs = (_: {
postBuild = ''

@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, nix-update-script
, substituteAll
, plymouth
, pam
@ -127,6 +128,13 @@ stdenv.mkDerivation rec {
rm -rf $out/etc/apparmor.d $out/etc/init $out/etc/pam.d
'';
passthru = {
updateScript = nix-update-script {
attrPath = pname;
};
};
meta = {
homepage = "https://github.com/CanonicalLtd/lightdm";
description = "A cross-desktop display manager";

@ -18,9 +18,9 @@ let
sha256Hash = "11lkwcbzdl86cyz4lci65cx9z5jjhrc4z40maqx2r5hw1xka9290";
};
latestVersion = { # canary & dev
version = "4.2.0.4"; # "Android Studio 4.2 Canary 4"
build = "201.6636798";
sha256Hash = "1v3893g5kx2azmv0zj2k1rxpiksapnapy7rgfq6x6fq4d2q87wbc";
version = "4.2.0.5"; # "Android Studio 4.2 Canary 5"
build = "201.6682321";
sha256Hash = "076q6d7kmi0wcsqak7n6ggp1qns4xj1134xcpdzb92qk3dmg3wrh";
};
in {
# Attributes are named by their corresponding release channels

@ -2,6 +2,8 @@
, Xaw3d, libXcursor, pkgconfig, gettext, libXft, dbus, libpng, libjpeg, libungif
, libtiff, librsvg, gconf, libxml2, imagemagick, gnutls, libselinux
, alsaLib, cairo, acl, gpm, AppKit, GSS, ImageIO, m17n_lib, libotf
, jansson, harfbuzz
, libgccjit, targetPlatform, binutils, binutils-unwrapped, makeWrapper # native-comp params
, systemd ? null
, withX ? !stdenv.isDarwin
, withNS ? stdenv.isDarwin
@ -11,6 +13,7 @@
, withCsrc ? true
, srcRepo ? false, autoconf ? null, automake ? null, texinfo ? null
, siteStart ? ./site-start.el
, nativeComp ? false
, toolkit ? (
if withGTK2 then "gtk2"
else if withGTK3 then "gtk3"
@ -28,10 +31,13 @@ assert withGTK3 -> !withGTK2 && gtk3-x11 != null;
assert withXwidgets -> withGTK3 && webkitgtk != null;
stdenv.mkDerivation rec {
name = "emacs-${version}${versionModifier}";
let
version = "26.3";
versionModifier = "";
name = "emacs-${version}${versionModifier}";
in stdenv.mkDerivation {
inherit name version;
src = fetchurl {
url = "mirror://gnu/emacs/${name}.tar.xz";
@ -50,29 +56,50 @@ stdenv.mkDerivation rec {
})
];
postPatch = lib.optionalString srcRepo ''
rm -fr .git
'';
postPatch = lib.concatStringsSep "\n" [
(lib.optionalString srcRepo ''
rm -fr .git
'')
# Make native compilation work both inside and outside of nix build
(lib.optionalString nativeComp (let
libPath = lib.concatStringsSep ":" [
"${lib.getLib libgccjit}/lib/gcc/${targetPlatform.config}/${libgccjit.version}"
"${lib.getLib stdenv.cc.cc}/lib"
"${lib.getLib stdenv.glibc}/lib"
];
in ''
substituteInPlace lisp/emacs-lisp/comp.el --replace \
"(defcustom comp-async-env-modifier-form nil" \
"(defcustom comp-async-env-modifier-form '((setenv \"LIBRARY_PATH\" (string-join (seq-filter (lambda (v) (null (eq v nil))) (list (getenv \"LIBRARY_PATH\") \"${libPath}\")) \":\")))"
''))
""
];
CFLAGS = "-DMAC_OS_X_VERSION_MAX_ALLOWED=101200";
nativeBuildInputs = [ pkgconfig ]
LIBRARY_PATH = if nativeComp then "${lib.getLib stdenv.cc.libc}/lib" else "";
nativeBuildInputs = [ pkgconfig makeWrapper ]
++ lib.optionals srcRepo [ autoconf automake texinfo ]
++ lib.optional (withX && (withGTK3 || withXwidgets)) wrapGAppsHook;
buildInputs =
[ ncurses gconf libxml2 gnutls alsaLib acl gpm gettext ]
[ ncurses gconf libxml2 gnutls alsaLib acl gpm gettext jansson harfbuzz.dev ]
++ lib.optionals stdenv.isLinux [ dbus libselinux systemd ]
++ lib.optionals withX
[ xlibsWrapper libXaw Xaw3d libXpm libpng libjpeg libungif libtiff libXft
gconf ]
gconf cairo ]
++ lib.optionals (withX || withNS) [ imagemagick librsvg ]
++ lib.optionals (stdenv.isLinux && withX) [ m17n_lib libotf ]
++ lib.optional (withX && withGTK2) gtk2-x11
++ lib.optionals (withX && withGTK3) [ gtk3-x11 gsettings-desktop-schemas ]
++ lib.optional (stdenv.isDarwin && withX) cairo
++ lib.optionals (withX && withXwidgets) [ webkitgtk glib-networking ]
++ lib.optionals withNS [ AppKit GSS ImageIO ];
++ lib.optionals withNS [ AppKit GSS ImageIO ]
++ lib.optionals nativeComp [ libgccjit ]
;
hardeningDisable = [ "format" ];
@ -88,7 +115,9 @@ stdenv.mkDerivation rec {
then [ "--with-x-toolkit=${toolkit}" "--with-xft" ]
else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no"
"--with-gif=no" "--with-tiff=no" ])
++ lib.optional withXwidgets "--with-xwidgets";
++ lib.optional withXwidgets "--with-xwidgets"
++ lib.optional nativeComp "--with-nativecomp"
;
preConfigure = lib.optionalString srcRepo ''
./autogen.sh
@ -106,13 +135,16 @@ stdenv.mkDerivation rec {
postInstall = ''
mkdir -p $out/share/emacs/site-lisp
cp ${siteStart} $out/share/emacs/site-lisp/site-start.el
$out/bin/emacs --batch -f batch-byte-compile $out/share/emacs/site-lisp/site-start.el
siteVersionDir=`ls $out/share/emacs | grep -v site-lisp | head -n 1`
rm -rf $out/var
rm -rf $out/share/emacs/${version}/site-lisp
rm -rf $siteVersionDir
'' + lib.optionalString withCsrc ''
for srcdir in src lisp lwlib ; do
dstdir=$out/share/emacs/${version}/$srcdir
dstdir=$siteVersionDir/$srcdir
mkdir -p $dstdir
find $srcdir -name "*.[chm]" -exec cp {} $dstdir \;
cp $srcdir/TAGS $dstdir
@ -123,16 +155,24 @@ stdenv.mkDerivation rec {
mv nextstep/Emacs.app $out/Applications
'';
postFixup =
let libPath = lib.makeLibraryPath [
libXcursor
];
in lib.optionalString (stdenv.isLinux && withX && toolkit == "lucid") ''
postFixup = lib.concatStringsSep "\n" [
(lib.optionalString (stdenv.isLinux && withX && toolkit == "lucid") ''
patchelf --set-rpath \
"$(patchelf --print-rpath "$out/bin/emacs"):${libPath}" \
"$(patchelf --print-rpath "$out/bin/emacs"):${lib.makeLibraryPath [ libXcursor ]}" \
"$out/bin/emacs"
patchelf --add-needed "libXcursor.so.1" "$out/bin/emacs"
'';
'')
(lib.optionalString nativeComp ''
wrapProgram $out/bin/emacs-* --prefix PATH : "${lib.makeBinPath [ binutils binutils-unwrapped ]}"
'')
];
passthru = {
inherit nativeComp;
};
meta = with stdenv.lib; {
description = "The extensible, customizable GNU text editor";

@ -1,13 +1,13 @@
{ lib, stdenv, callPackage, fetchurl
, python
, jdk, cmake, libxml2, zlib, python3, ncurses5
, dotnet-sdk_3
}:
with stdenv.lib;
let
mkJetBrainsProduct = callPackage ./common.nix { };
# Sorted alphabetically
buildClion = { name, version, src, license, description, wmClass, ... }:
@ -223,6 +223,8 @@ let
# Patch built-in mono for ReSharperHost to start successfully
interpreter=$(echo ${stdenv.glibc.out}/lib/ld-linux*.so.2)
patchelf --set-interpreter "$interpreter" lib/ReSharperHost/linux-x64/mono/bin/mono-sgen
rm -rf lib/ReSharperHost/linux-x64/dotnet
ln -s ${dotnet-sdk_3} lib/ReSharperHost/linux-x64/dotnet
'');
});

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, pkgconfig, meson, ninja, python3, vala
{ stdenv, fetchFromGitHub, nix-update-script, pkgconfig, meson, ninja, python3, vala
, gtk3, desktop-file-utils, gtksourceview, webkitgtk, gtkspell3, pantheon
, libgee, discount, wrapGAppsHook }:
@ -40,7 +40,7 @@ stdenv.mkDerivation rec {
'';
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -11,8 +11,8 @@ let
archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "1c8gi2001p2f0zc165cqwwf9f8ls34fgg040qn9l08za7djb9hyv";
x86_64-darwin = "06n17s3qa2jkmg5qx3zvshz6rvdx33dhxn65j0x5mi62dv93gjgg";
x86_64-linux = "162qwjmm439zplcyjhbb961ircqpdfw13h9ybnik1q128f4650ky";
x86_64-darwin = "1kmg1h1gnx9kdnigjzpqd6rlzv7bz01h29ldla2srfr2q6nr0r9v";
}.${system};
in
callPackage ./generic.nix rec {
@ -21,7 +21,7 @@ in
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
version = "1.46.1";
version = "1.47.3";
pname = "vscode";
executableName = "code" + lib.optionalString isInsiders "-insiders";

@ -11,8 +11,8 @@ let
archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "0l9sg2d0657k9dacy7k2jn8z07z50v8d1czgy4bkzbrj9vz7c6a7";
x86_64-darwin = "0mnq0ykahwfrgs28rdy1jl366qyclipsr3apnmhym1xsylk0mpfx";
x86_64-linux = "01wzdwb6laa0kwgwwvqri06ckdixg1w4fwcx400vhg3mby4n9wvl";
x86_64-darwin = "1byh1x839w4r88yv0k7jpvxvida1xpf7pvnsp6vnawvqpbmdwlw0";
}.${system};
sourceRoot = {
@ -27,7 +27,7 @@ in
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
version = "1.46.1";
version = "1.47.3";
pname = "vscodium";
executableName = "codium";

@ -11,11 +11,11 @@
stdenv.mkDerivation rec {
pname = "drawio";
version = "13.4.5";
version = "13.5.1";
src = fetchurl {
url = "https://github.com/jgraph/drawio-desktop/releases/download/v${version}/draw.io-x86_64-${version}.rpm";
sha256 = "1vp5krgj0xzhkiidj658ij6j10d2p97l1nifx0nrqysblcz2km3g";
sha256 = "00ggm867c5005qfm35qf8a94d87ln91irb1ir6012am2k5bn8c8p";
};
nativeBuildInputs = [
@ -88,6 +88,7 @@ stdenv.mkDerivation rec {
description = "A desktop application for creating diagrams";
homepage = "https://about.draw.io/";
license = licenses.asl20;
changelog = "https://github.com/jgraph/drawio-desktop/releases/tag/v${version}";
maintainers = with maintainers; [ danieldk ];
platforms = [ "x86_64-linux" ];
};

@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, nix-update-script
, pantheon
, vala
, pkgconfig
@ -57,7 +58,7 @@ stdenv.mkDerivation rec {
'';
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, nix-update-script
, fetchpatch
, vala
, pkgconfig
@ -51,7 +52,7 @@ stdenv.mkDerivation rec {
'';
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -13,14 +13,14 @@ let
pythonPackages = python3Packages;
in
mkDerivation rec {
version = "1.8";
version = "1.9";
pname = "renderdoc";
src = fetchFromGitHub {
owner = "baldurk";
repo = "renderdoc";
rev = "v${version}";
sha256 = "177j893abplj8wd8j4ava58m1mr7qq8fsffsq0w4hf5xgl5w8fq8";
sha256 = "18nparkd435hdbm924jfdvmym7f3xd2fcy96jr4lrkl5rhj2sf85";
};
buildInputs = [

@ -17,6 +17,7 @@
, libgudev
, libraw
, glib
, glib-networking
, json-glib
, gcr
, libgee
@ -77,6 +78,7 @@ stdenv.mkDerivation rec {
libraw
json-glib
glib
glib-networking
gdk-pixbuf
librsvg
librest

@ -1,4 +1,4 @@
{ mkDerivation, stdenv, lib, qtbase, qtsvg, libglvnd, fetchurl, makeDesktopItem }:
{ mkDerivation, stdenv, lib, qtbase, qtsvg, libglvnd, libX11, libXi, fetchurl, makeDesktopItem }:
let
# taken from: https://www.iconfinder.com/icons/50835/edit_pencil_write_icon
# license: Free for commercial use
@ -9,7 +9,7 @@ let
in
mkDerivation rec {
pname = "write_stylus";
version = "209";
version = "300";
desktopItem = makeDesktopItem {
name = "Write";
@ -23,7 +23,7 @@ mkDerivation rec {
src = fetchurl {
url = "http://www.styluslabs.com/write/write${version}.tar.gz";
sha256 = "1p6glp4vdpwl8hmhypayc4cvs3j9jfmjfhhrgqm2xkgl5bfbv2qd";
sha256 = "1kg4qqxgg7iyxl13hkbl3j27dykra56dj67hbv0392mwdcgavihq";
};
sourceRoot = ".";
@ -44,7 +44,9 @@ mkDerivation rec {
qtbase # libQt5PrintSupport.so.5
qtsvg # libQt5Svg.so.5
stdenv.cc.cc.lib # libstdc++.so.6
libglvnd # ibGL.so.1
libglvnd # libGL.so.1
libX11 # libX11.so.6
libXi # libXi.so.6
];
in ''
patchelf \

@ -0,0 +1,38 @@
{ buildGoModule, fetchFromGitHub, installShellFiles, stdenv }:
let
humioCtlVersion = "0.25.0";
sha256 = "1x8354m410nf9g167v0i1c77s5w2by7smdlyjwl89ixgdjw04ay3";
vendorSha256 = "14bysjgvahr56hvd8walym11hh721i1q2g503n8m68wdzrrym4qy";
in buildGoModule {
name = "humioctl-${humioCtlVersion}";
pname = "humioctl";
version = humioCtlVersion;
vendorSha256 = vendorSha256;
src = fetchFromGitHub {
owner = "humio";
repo = "cli";
rev = "v${humioCtlVersion}";
sha256 = sha256;
};
buildFlagsArray = "-ldflags=-X main.version=${humioCtlVersion}";
nativeBuildInputs = [ installShellFiles ];
postInstall = ''
mv $out/bin/cli $out/bin/humioctl
$out/bin/humioctl completion bash > humioctl.bash
$out/bin/humioctl completion zsh > humioctl.zsh
installShellCompletion humioctl.{bash,zsh}
'';
meta = with stdenv.lib; {
homepage = "https://github.com/humio/cli";
description = "A CLI for managing and sending data to Humio";
license = licenses.asl20;
maintainers = with maintainers; [ lucperkins ];
};
}

@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, nix-update-script
, vala
, meson
, ninja
@ -51,7 +52,7 @@ stdenv.mkDerivation rec {
'';
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, nix-update-script
, meson
, ninja
, vala
@ -48,7 +49,7 @@ stdenv.mkDerivation rec {
'';
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -6,13 +6,13 @@
stdenv.mkDerivation rec {
pname = "clight";
version = "4.0";
version = "4.1";
src = fetchFromGitHub {
owner = "FedeDP";
repo = "Clight";
rev = version;
sha256 = "101fp9kwmfmfffpdvv41wf96kdjw0b16xk49g43w32a5wlr74zrq";
sha256 = "1j7va217g1k8lxl3lly13js8myf0shjc6knalq8q6lakc6j1mkxx";
};
# bash-completion.pc completionsdir=${bash-completion.out}

@ -1,14 +1,14 @@
{ stdenv, fetchFromGitHub, python3, installShellFiles }:
stdenv.mkDerivation rec {
version = "1.8.1";
version = "1.9";
pname = "ddgr";
src = fetchFromGitHub {
owner = "jarun";
repo = "ddgr";
rev = "v${version}";
sha256 = "0668wzh1gqin0xscy3fly9hz370n2ny175f3kya9bsld0x0jkd5p";
sha256 = "0qbdq7k0mmvkjp6qzz88n7vf29liqn6y5w4y39ldqdc8hzw5sld7";
};
nativeBuildInputs = [ installShellFiles ];

@ -6,13 +6,13 @@
stdenv.mkDerivation rec {
pname = "dunst";
version = "1.4.1";
version = "1.5.0";
src = fetchFromGitHub {
owner = "dunst-project";
repo = "dunst";
rev = "v${version}";
sha256 = "0xjj1f2jr1ja5grj6wrx5jjz1sx5fpqnvkw7nqi4452j3nc4p4l2";
sha256 = "0irwkqcgwkqaylcpvqgh25gn2ysbdm2kydipxfzcq1ddj9ns6f9c";
};
nativeBuildInputs = [ perl pkgconfig which systemd makeWrapper ];

@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, nix-update-script
, meson
, ninja
, vala
@ -62,7 +63,7 @@ stdenv.mkDerivation rec {
'';
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -3,13 +3,13 @@
stdenv.mkDerivation rec {
pname = "girara";
version = "0.3.4";
version = "0.3.5";
outputs = [ "out" "dev" ];
src = fetchurl {
url = "https://git.pwmt.org/pwmt/${pname}/-/archive/${version}/${pname}-${version}.tar.gz";
sha256 = "08zdsr4zwi49facsl5596l0g1xqqv2jk3sqk841gkxwawcggim44";
sha256 = "1n3i960b458172mc3pkq7m9dn5qxry6fms3c3k06v27cjp5whsyf";
};
nativeBuildInputs = [ meson ninja pkgconfig gettext check dbus xvfb_run ];

@ -1,16 +1,14 @@
{ stdenv, buildGoModule, fetchFromGitHub, libsass }:
{ stdenv, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "hugo";
version = "0.73.0";
buildInputs = [ libsass ];
version = "0.74.3";
src = fetchFromGitHub {
owner = "gohugoio";
repo = pname;
rev = "v${version}";
sha256 = "0qhv8kdv5k1xfk6106lxvsz7f92k7w6wk05ngz7qxbkb6zkcnshw";
sha256 = "0rikr4yrjvmrv8smvr8jdbcjqwf61y369wn875iywrj63pyr74r9";
};
golibsass = fetchFromGitHub {
@ -27,7 +25,7 @@ buildGoModule rec {
'';
});
vendorSha256 = "07dkmrldsxw59v6r4avj1gr4hsaxybhb14qv61hc777qix2kq9v1";
vendorSha256 = "031k8bvca1pb1naw922vg5h95gnwp76dii1cjcs0b1qj93isdibk";
buildFlags = [ "-tags" "extended" ];

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, vala, pkgconfig, meson, ninja, python3, pantheon
{ stdenv, fetchFromGitHub, nix-update-script, vala, pkgconfig, meson, ninja, python3, pantheon
, gtk3, gtksourceview, json-glib, libgee, wrapGAppsHook }:
stdenv.mkDerivation rec {
@ -35,7 +35,7 @@ stdenv.mkDerivation rec {
'';
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -0,0 +1,49 @@
{ stdenv
, fetchFromGitHub
, cmake
, gtkmm3
, meson
, ninja
, nlohmann_json
, pkgconfig
, swaylock
, makeWrapper
}:
stdenv.mkDerivation rec {
pname = "nwg-launchers";
version = "0.2.0";
src = fetchFromGitHub {
owner = "nwg-piotr";
repo = pname;
rev = "v${version}";
sha256 = "1mlym0mpg6njwgwniwlk95fk6wfwlzq8nwmkb5mkjlm2nqv5bdv1";
};
nativeBuildInputs = [
meson
ninja
pkgconfig
cmake
makeWrapper
];
buildInputs = [
gtkmm3
nlohmann_json
];
postInstall = ''
wrapProgram $out/bin/nwgbar \
--prefix PATH : "${swaylock}/bin"
'';
meta = with stdenv.lib; {
description = "GTK-based launchers: application grid, button bar, dmenu for sway and other window managers";
homepage = "https://github.com/nwg-piotr/nwg-launchers";
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = with maintainers; [ bbigras ];
};
}

@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, nix-update-script
, fetchpatch
, vala
, meson
@ -54,7 +55,7 @@ stdenv.mkDerivation rec {
'';
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "pdfsam-basic";
version = "4.1.3";
version = "4.1.4";
src = fetchurl {
url = "https://github.com/torakiki/pdfsam/releases/download/v${version}/pdfsam_${version}-1_amd64.deb";
sha256 = "1rhv6mf6pr9aaa8516i3b7v6h622qb1p8c4jsy3j0s5wrdry5l9l";
sha256 = "1gw3cmc8c1xxc55bm71v1dz9x9560lbhx9nkwprarhxlmn0m0zzp";
};
unpackPhase = ''

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub
{ stdenv, fetchFromGitHub, nix-update-script
, vala, meson, ninja, pkgconfig, pantheon, gettext, wrapGAppsHook, python3, desktop-file-utils
, gtk3, glib, libgee, libgda, gtksourceview, libxml2, libsecret, libssh2 }:
@ -30,7 +30,7 @@ in stdenv.mkDerivation rec {
'';
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -75,7 +75,7 @@ stdenv.mkDerivation rec {
description = "Share one mouse and keyboard between multiple computers";
homepage = "http://synergy-project.org/";
license = licenses.gpl2;
maintainers = with maintainers; [ aszlig enzime ];
maintainers = with maintainers; [ enzime ];
platforms = platforms.all;
};
}

@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, nix-update-script
, fetchpatch
, vala
, meson
@ -63,7 +64,7 @@ stdenv.mkDerivation rec {
'';
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -2,7 +2,7 @@
buildGoPackage rec {
pname = "tut";
version = "0.0.13";
version = "0.0.14";
goPackagePath = "github.com/RasmusLindroth/tut";
goDeps = ./deps.nix;
@ -11,7 +11,7 @@ buildGoPackage rec {
owner = "RasmusLindroth";
repo = pname;
rev = version;
sha256 = "085qiv9q2hzv1v6qmbddra23acsmmkbwmjqc3cp81gfgl893z7sm";
sha256 = "1l7lc6cjx97v9zhc0b6lfzqjmyv1i3qj83drkck36if3mc60vvwi";
};
meta = with stdenv.lib; {

@ -1,5 +1,6 @@
{ stdenv
, fetchurl
, nix-update-script
, python3Packages
, gdk-pixbuf
, glib
@ -103,6 +104,13 @@ python3Packages.buildPythonApplication rec {
gappsWrapperArgs+=(--prefix PATH : "${stdenv.lib.makeBinPath [ wmctrl ]}")
'';
passthru = {
updateScript = nix-update-script {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "A fast application launcher for Linux, written in Python, using GTK";
homepage = "https://ulauncher.io/";

@ -2,7 +2,7 @@
let
pname = "Sylk";
version = "2.7.2";
version = "2.8.0";
in
appimageTools.wrapType2 rec {
@ -10,7 +10,7 @@ appimageTools.wrapType2 rec {
src = fetchurl {
url = "http://download.ag-projects.com/Sylk/Sylk-${version}-x86_64.AppImage";
sha256 = "1hz41jan8hw56ahpaajlb1yy5zjkyxrclzmqhklm5x59b76pd0zx";
hash = "sha256:09j1kijs31yk3iw2lj7szv1nwkqiqydj3zkkmr49qlib1qj717wh";
};
profile = ''

@ -90,5 +90,6 @@ mkChromiumDerivation (base: rec {
platforms = platforms.linux;
hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else [];
timeout = 172800; # 48 hours
broken = channel == "dev"; # Requires LLVM 11
};
})

@ -44,7 +44,7 @@ let
sha256 = "00y2d35wvqmx9glaqhfb62wdgbfpwr77v0934nnvh9ks71vnsjqy";
};
});
} // lib.optionalAttrs (channel == "dev") {
} // lib.optionalAttrs (channel == "beta") {
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-05-19";
src = fetchgit {
@ -53,6 +53,15 @@ let
sha256 = "0197msabskgfbxvhzq73gc3wlr3n9cr4bzrhy5z5irbvy05lxk17";
};
});
} // lib.optionalAttrs (channel == "dev") {
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-07-20";
src = fetchgit {
url = "https://gn.googlesource.com/gn";
rev = "3028c6a426a4aaf6da91c4ebafe716ae370225fe";
sha256 = "0h3wf4152zdvrbb0jbj49q6814lfl3rcy5mj8b2pl9s0ahvkbc6q";
};
});
});
browser = callPackage ./browser.nix { inherit channel enableWideVine; };

@ -1,18 +1,18 @@
# This file is autogenerated from update.sh in the same directory.
{
beta = {
sha256 = "0yf6j0459qzr677zsa2apmfz0x0ndlscvwj1a5v40nqjijchv5qp";
sha256bin64 = "017ix9a74f2gzlg6in0x6fqgiw8bpk0rypr6wsqqkslywprypjd0";
version = "84.0.4147.89";
sha256 = "06cl77yi7cb6r7n8mn38d61zmgwxi690qxrkd56hg2773hn06wq5";
sha256bin64 = "0a6c44qb0n2hdc42p5xqybnbhgdxd51lyygkqz42fmym6id65v88";
version = "85.0.4183.39";
};
dev = {
sha256 = "1dbbr7s8vbhxd0sk4k2yqp630zp1r4gzkkd2a86pzlzq2mjhsk8a";
sha256bin64 = "0bphfwi6nkj9nzrjjaffiv27xfblgdikyifsbjl6vv2pawkh335q";
version = "85.0.4183.15";
sha256 = "1l2d3gk7si1djxn3901fjgykv7nzc8g970m3fb9pjflfrr8f17v6";
sha256bin64 = "0flsmy5blrc9gs6cikag7mdlvgkm6mzm745kcq0shfmhanvlkykn";
version = "86.0.4209.2";
};
stable = {
sha256 = "0yf6j0459qzr677zsa2apmfz0x0ndlscvwj1a5v40nqjijchv5qp";
sha256bin64 = "1hzhgvs2ykqsncpnbnhzh09sw1vlsdfjhs06z5gc80l47brdi3wz";
version = "84.0.4147.89";
sha256 = "1b6cqnwx76pp4y5hvz3qm8lm1ayaxr5578k76164acr35bmypx6a";
sha256bin64 = "0znxq5ncyvyysx3p8xikzg8jm8jr51k478y29m985x6c5p5a4zyw";
version = "84.0.4147.105";
};
}

@ -1,4 +1,4 @@
{ stdenv, fetchgit, meson, ninja, pkgconfig
{ stdenv, fetchgit, meson, ninja, pkgconfig, nix-update-script
, python3, gtk3, libsecret, gst_all_1, webkitgtk
, glib-networking, gtkspell3, hunspell, desktop-file-utils
, gobject-introspection, wrapGAppsHook }:
@ -57,6 +57,13 @@ python3.pkgs.buildPythonApplication rec {
patchPythonScript "$out/libexec/eolie-sp"
'';
passthru = {
updateScript = nix-update-script {
attrPath = pname;
};
};
meta = with stdenv.lib; {
description = "A new GNOME web browser";
homepage = "https://wiki.gnome.org/Apps/Eolie";

@ -1,5 +1,6 @@
{ stdenv
, fetchFromGitHub
, nix-update-script
, desktop-file-utils
, vala
, gettext
@ -55,7 +56,7 @@ stdenv.mkDerivation rec {
'';
passthru = {
updateScript = pantheon.updateScript {
updateScript = nix-update-script {
attrPath = pname;
};
};

@ -51,7 +51,7 @@
# https://github.com/NixOS/nixpkgs/issues/31843#issuecomment-346372756 we
# have permission to use the official firefox branding.
#
# Fur purposes of documentation the statement of @sylvestre:
# For purposes of documentation the statement of @sylvestre:
# > As the person who did part of the work described in the LWN article
# > and release manager working for Mozilla, I can confirm the statement
# > that I made in

@ -27,6 +27,7 @@ let
, nameSuffix ? ""
, icon ? browserName
, extraNativeMessagingHosts ? []
, pkcs11Modules ? []
, forceWayland ? false
, useGlvnd ? true
, cfg ? config.${browserName} or {}
@ -74,7 +75,8 @@ let
++ lib.optionals (cfg.enableQuakeLive or false)
(with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsaLib zlib ])
++ lib.optional (enableAdobeFlash && (cfg.enableAdobeFlashDRM or false)) hal-flash
++ lib.optional (config.pulseaudio or true) libpulseaudio;
++ lib.optional (config.pulseaudio or true) libpulseaudio
++ pkcs11Modules;
gtk_modules = [ libcanberra-gtk2 ];
in stdenv.mkDerivation {
@ -154,6 +156,11 @@ let
ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/*
done
mkdir -p $out/lib/mozilla/pkcs11-modules
for ext in ${toString pkcs11Modules}; do
ln -sLt $out/lib/mozilla/pkcs11-modules $ext/lib/mozilla/pkcs11-modules/*
done
# For manpages, in case the program supplies them
mkdir -p $out/nix-support
echo ${browser} > $out/nix-support/propagated-user-env-packages

@ -2,8 +2,9 @@
, mkDerivationWith, wrapQtAppsHook, wrapGAppsHook, qtbase, glib-networking
, asciidoc, docbook_xml_dtd_45, docbook_xsl, libxml2
, libxslt, gst_all_1 ? null
, withPdfReader ? true
, withMediaPlayback ? true
, withPdfReader ? true
, withMediaPlayback ? true
, backend ? "webengine"
}:
assert withMediaPlayback -> gst_all_1 != null;
@ -19,6 +20,14 @@ let
stripRoot = false;
};
backendPackage =
if backend == "webengine" then python3Packages.pyqtwebengine else
if backend == "webkit" then python3Packages.pyqt5_with_qtwebkit else
throw ''
Unknown qutebrowser backend "${backend}".
Valid choices are qtwebengine (recommended) or qtwebkit.
'';
in mkDerivationWith python3Packages.buildPythonApplication rec {
pname = "qutebrowser";
version = "1.13.0";
@ -46,16 +55,14 @@ in mkDerivationWith python3Packages.buildPythonApplication rec {
];
propagatedBuildInputs = with python3Packages; [
pyyaml pyqt5 pyqtwebengine jinja2 pygments
pyyaml backendPackage jinja2 pygments
pypeg2 cssutils pyopengl attrs setuptools
# scripts and userscripts libs
tldextract beautifulsoup4
pyreadability pykeepass stem
];
patches = [
./fix-restart.patch
];
patches = [ ./fix-restart.patch ];
dontWrapGApps = true;
dontWrapQtApps = true;
@ -101,7 +108,8 @@ in mkDerivationWith python3Packages.buildPythonApplication rec {
postFixup = ''
wrapProgram $out/bin/qutebrowser \
"''${gappsWrapperArgs[@]}" \
"''${qtWrapperArgs[@]}"
"''${qtWrapperArgs[@]}" \
--add-flags '--backend ${backend}'
'';
meta = with stdenv.lib; {

@ -46,7 +46,8 @@
# Hardening
, graphene-hardened-malloc
, useHardenedMalloc ? graphene-hardened-malloc != null && builtins.elem stdenv.system graphene-hardened-malloc.meta.platforms
# crashes with intel driver
, useHardenedMalloc ? false
# Whether to disable multiprocess support to work around crashing tabs
# TODO: fix the underlying problem instead of this terrible work-around

@ -4,7 +4,7 @@
, bzip2, flac, speex, libopus
, libevent, expat, libjpeg, snappy
, libpng, libcap
, xdg_utils, yasm, minizip, libwebp
, xdg_utils, yasm, nasm, minizip, libwebp
, libusb1, pciutils, nss, re2, zlib
, python2Packages, perl, pkgconfig
@ -13,10 +13,12 @@
, bison, gperf
, glib, gtk3, dbus-glib
, glibc
, xorg
, libXScrnSaver, libXcursor, libXtst, libGLU, libGL
, protobuf, speechd, libXdamage, cups
, ffmpeg_3, libxslt, libxml2, at-spi2-core
, jre
, pipewire_0_2
# optional dependencies
, libgcrypt ? null # gnomeSupport || cupsSupport
@ -74,7 +76,7 @@ let
in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
gnSystemLibraries = [
"flac" "libwebp" "libxslt" "yasm" "opus" "snappy" "libpng"
"flac" "libwebp" "libxslt" "opus" "snappy" "libpng"
# "zlib" # version 77 reports unresolved dependency on //third_party/zlib:zlib_config
# "libjpeg" # fails with multiple undefined references to chromium_jpeg_*
# "re2" # fails with linker errors
@ -91,9 +93,10 @@ let
bzip2 flac speex opusWithCustomModes
libevent expat libjpeg snappy
libpng libcap
xdg_utils yasm minizip libwebp
xdg_utils minizip libwebp
libusb1 re2 zlib
ffmpeg_3 libxslt libxml2
nasm
# harfbuzz # in versions over 63 harfbuzz and freetype are being built together
# so we can't build with one from system and other from source
];
@ -128,8 +131,9 @@ let
nativeBuildInputs = [
ninja which python2Packages.python perl pkgconfig
python2Packages.ply python2Packages.jinja2 nodejs
gnutar
] ++ optional (versionAtLeast version "83") python2Packages.setuptools;
gnutar python2Packages.setuptools
(xorg.xcbproto.override { python = python2Packages.python; })
];
buildInputs = defaultDependencies ++ [
nspr nss systemd
@ -139,6 +143,7 @@ let
libXScrnSaver libXcursor libXtst libGLU libGL
pciutils protobuf speechd libXdamage at-spi2-core
jre
pipewire_0_2
] ++ optional useVaapi libva
++ optional gnomeKeyringSupport libgnome-keyring3
++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
@ -161,13 +166,10 @@ let
#
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
] ++ optionals (useVaapi) ([ # Fixes for the VA-API build:
] ++ optionals (useVaapi) [ # Improvements for the VA-API build:
./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
] ++ optionals (versionRange "81" "82") [
(githubPatch "5b2ff215473e0526b5b24aeff4ad90d369b21c75" "0n00vh8wfpn2ay5fqsxcsx0zadnv7mihm72bcvnrfzh75nzbg902")
(githubPatch "98e343ab369e4262511b5fce547728e3e5eefba8" "00wwp653jk0k0yvix00vr7ymgck9dj7fxjwx4nc67ynn84dh6064")
]);
];
postPatch = ''
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
@ -187,6 +189,11 @@ let
'/usr/share/locale/' \
'${glibc}/share/locale/'
substituteInPlace ui/gfx/x/BUILD.gn \
--replace \
'/usr/share/xcb' \
'${xorg.xcbproto}/share/xcb/'
sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \
chrome/browser/shell_integration_linux.cc
@ -239,7 +246,6 @@ let
'';
gnFlags = mkGnFlags ({
linux_use_bundled_binutils = false;
use_lld = false;
use_gold = true;
gold_path = "${stdenv.cc}/bin";
@ -257,6 +263,8 @@ let
# added later in the wrapped -wv build or downloaded from Google.
enable_widevine = true;
use_cups = cupsSupport;
# Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture.
rtc_use_pipewire = true;
treat_warnings_as_errors = false;
is_clang = stdenv.cc.isClang;

@ -1,7 +1,8 @@
{ newScope, config, stdenv, llvmPackages_9, llvmPackages_10
, makeWrapper, ed
, makeWrapper, ed, gnugrep
, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit
, libva ? null
, pipewire_0_2
, gcc, nspr, nss, runCommand
, lib
@ -23,9 +24,7 @@
}:
let
llvmPackages = if channel != "stable"
then llvmPackages_10
else llvmPackages_9;
llvmPackages = llvmPackages_10;
stdenv = llvmPackages.stdenv;
callPackage = newScope chromium;
@ -38,8 +37,6 @@ let
mkChromiumDerivation = callPackage ./common.nix ({
inherit gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs cupsSupport pulseSupport useOzone;
inherit ungoogled;
gnChromium = gn;
} // lib.optionalAttrs (channel != "stable") {
# TODO: Remove after we can update gn for the stable channel (backward incompatible changes):
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-03-23";
@ -49,6 +46,15 @@ let
sha256 = "00y2d35wvqmx9glaqhfb62wdgbfpwr77v0934nnvh9ks71vnsjqy";
};
});
} // lib.optionalAttrs (channel == "dev") {
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-05-19";
src = fetchgit {
url = "https://gn.googlesource.com/gn";
rev = "d0a6f072070988e7b038496c4e7d6c562b649732";
sha256 = "0197msabskgfbxvhzq73gc3wlr3n9cr4bzrhy5z5irbvy05lxk17";
};
});
});
browser = callPackage ./browser.nix { inherit channel enableWideVine; };
@ -140,7 +146,7 @@ let
(!enableVaapi)
"--add-flags --disable-accelerated-video-decode --add-flags --disable-accelerated-video-encode";
in stdenv.mkDerivation {
name = "chromium${suffix}-${version}";
name = "ungoogled-chromium${suffix}-${version}";
inherit version;
buildInputs = [
@ -158,7 +164,7 @@ in stdenv.mkDerivation {
buildCommand = let
browserBinary = "${chromiumWV}/libexec/chromium/chromium";
getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")";
libPath = stdenv.lib.makeLibraryPath [ libva ];
libPath = stdenv.lib.makeLibraryPath [ libva pipewire_0_2 ];
in with stdenv.lib; ''
mkdir -p "$out/bin"
@ -185,7 +191,7 @@ in stdenv.mkDerivation {
'' + ''
# libredirect causes chromium to deadlock on startup
export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | tr ':' '\n' | grep -v /lib/libredirect\\\\.so$ | tr '\n' ':')"
export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | tr ':' '\n' | ${gnugrep}/bin/grep -v /lib/libredirect\\\\.so$ | tr '\n' ':')"
export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS

@ -31,15 +31,6 @@
// TODO(crbug.com/912295): Enable a better BufferAllocationMode for IMPORT
// |output_mode_| as well.
if (output_mode_ == VideoDecodeAccelerator::Config::OutputMode::IMPORT)
@@ -1105,7 +1113,7 @@ VaapiVideoDecodeAccelerator::DecideBufferAllocationMode() {
// depends on the bitstream and sometimes it's not enough to cover the amount
// of frames needed by the client pipeline (see b/133733739).
// TODO(crbug.com/911754): Enable for VP9 Profile 2.
- if (IsGeminiLakeOrLater() &&
+ if (false && IsGeminiLakeOrLater() &&
(profile_ == VP9PROFILE_PROFILE0 || profile_ == VP8PROFILE_ANY)) {
// Add one to the reference frames for the one being currently egressed, and
// an extra allocation for both |client_| and |decoder_|, see
--- a/media/gpu/vaapi/vaapi_video_decode_accelerator.h
+++ b/media/gpu/vaapi/vaapi_video_decode_accelerator.h
@@ -204,6 +204,7 @@ class MEDIA_GPU_EXPORT VaapiVideoDecodeAccelerator

@ -44,11 +44,11 @@ let
flash = stdenv.mkDerivation rec {
pname = "flashplayer-ppapi";
version = "32.0.0.371";
version = "32.0.0.403";
src = fetchzip {
url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/${version}/flash_player_ppapi_linux.x86_64.tar.gz";
sha256 = "1nks2wx74b21hv0l7bnrzkxn7c6p6r8zgwbqvy3cqpi8famyr5v9";
sha256 = "1xirngiqypylgm8f3ddvny2ghqxgj8i98bm1carcj2vryw53wwal";
stripRoot = false;
};

Some files were not shown because too many files have changed in this diff Show More