15 nixos/modules/services/hardware/trezord.nix
View file
@@ -44,20 +44,7 @@ in {
### implementation

config = mkIf cfg.enable {
services.udev.packages = lib.singleton (pkgs.writeTextFile {
name = "trezord-udev-rules";
destination = "/etc/udev/rules.d/51-trezor.rules";
text = ''
# TREZOR v1 (One)
SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0660", GROUP="trezord", TAG+="uaccess", SYMLINK+="trezor%n"
KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0660", GROUP="trezord", TAG+="uaccess"
# TREZOR v2 (T)
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0660", GROUP="trezord", TAG+="uaccess", SYMLINK+="trezor%n"
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="trezord", TAG+="uaccess", SYMLINK+="trezor%n"
KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="trezord", TAG+="uaccess"
'';
});
services.udev.packages = [ pkgs.trezor-udev-rules ];

systemd.services.trezord = {
description = "TREZOR Bridge";
5 nixos/modules/services/hardware/udisks2.nix
View file
@@ -34,10 +34,7 @@ with lib;

services.dbus.packages = [ pkgs.udisks2 ];

system.activationScripts.udisks2 =
''
mkdir -m 0755 -p /var/lib/udisks2
'';
systemd.tmpfiles.rules = [ "d /var/lib/udisks2 0755 root root -" ];

services.udev.packages = [ pkgs.udisks2 ];

8 nixos/modules/services/misc/gitlab.nix
View file
@@ -608,6 +608,8 @@ in {
# objects owners and extensions; for now we tack on what's needed
# here.
systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally ''
set -eu
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then
@@ -739,7 +741,6 @@ in {
gitlab-workhorse
];
serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root
Type = "simple";
User = cfg.user;
Group = cfg.group;
@@ -781,13 +782,18 @@ in {
ExecStartPre = let
preStartFullPrivileges = ''
shopt -s dotglob nullglob
set -eu
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/*
'';
preStart = ''
set -eu
cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
rm -rf ${cfg.statePath}/db/*
rm -rf ${cfg.statePath}/config/initializers/*
rm -f ${cfg.statePath}/lib
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db
2 nixos/modules/services/misc/nix-daemon.nix
View file
@@ -61,7 +61,7 @@ let
'' else ''
echo "Checking that Nix can read nix.conf..."
ln -s $out ./nix.conf
NIX_CONF_DIR=$PWD ${cfg.package}/bin/nix show-config ${optionalString isNix23 "--no-net"} >/dev/null
NIX_CONF_DIR=$PWD ${cfg.package}/bin/nix show-config ${optionalString isNix23 "--no-net --option experimental-features nix-command"} >/dev/null
'')
);

97 nixos/modules/services/network-filesystems/orangefs/client.nix
View file
@@ -0,0 +1,97 @@
{ config, lib, pkgs, ...} :

with lib;

let
cfg = config.services.orangefs.client;

in {
###### interface

options = {
services.orangefs.client = {
enable = mkEnableOption "OrangeFS client daemon";

extraOptions = mkOption {
type = with types; listOf str;
default = [];
description = "Extra command line options for pvfs2-client.";
};

fileSystems = mkOption {
description = ''
The orangefs file systems to be mounted.
This option is prefered over using <option>fileSystems</option> directly since
the pvfs client service needs to be running for it to be mounted.
'';

example = [{
mountPoint = "/orangefs";
target = "tcp://server:3334/orangefs";
}];

type = with types; listOf (submodule ({ ... } : {
options = {

mountPoint = mkOption {
type = types.str;
default = "/orangefs";
description = "Mount point.";
};

options = mkOption {
type = with types; listOf str;
default = [];
description = "Mount options";
};

target = mkOption {
type = types.str;
default = null;
example = "tcp://server:3334/orangefs";
description = "Target URL";
};
};
}));
};
};
};


###### implementation

config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.orangefs ];

boot.supportedFilesystems = [ "pvfs2" ];
boot.kernelModules = [ "orangefs" ];

systemd.services.orangefs-client = {
requires = [ "network-online.target" ];
after = [ "network-online.target" ];

serviceConfig = {
Type = "simple";

ExecStart = ''
${pkgs.orangefs}/bin/pvfs2-client-core \
--logtype=syslog ${concatStringsSep " " cfg.extraOptions}
'';

TimeoutStopSec = "120";
};
};

systemd.mounts = map (fs: {
requires = [ "orangefs-client.service" ];
after = [ "orangefs-client.service" ];
bindsTo = [ "orangefs-client.service" ];
wantedBy = [ "remote-fs.target" ];
type = "pvfs2";
options = concatStringsSep "," fs.options;
what = fs.target;
where = fs.mountPoint;
}) cfg.fileSystems;
};
}

225 nixos/modules/services/network-filesystems/orangefs/server.nix
View file
@@ -0,0 +1,225 @@
{ config, lib, pkgs, ...} :

with lib;

let
cfg = config.services.orangefs.server;

aliases = mapAttrsToList (alias: url: alias) cfg.servers;

# Maximum handle number is 2^63
maxHandle = 9223372036854775806;

# One range of handles for each meta/data instance
handleStep = maxHandle / (length aliases) / 2;

fileSystems = mapAttrsToList (name: fs: ''
<FileSystem>
Name ${name}
ID ${toString fs.id}
RootHandle ${toString fs.rootHandle}
${fs.extraConfig}
<MetaHandleRanges>
${concatStringsSep "\n" (
imap0 (i: alias:
let
begin = i * handleStep + 3;
end = begin + handleStep - 1;
in "Range ${alias} ${toString begin}-${toString end}") aliases
)}
</MetaHandleRanges>
<DataHandleRanges>
${concatStringsSep "\n" (
imap0 (i: alias:
let
begin = i * handleStep + 3 + (length aliases) * handleStep;
end = begin + handleStep - 1;
in "Range ${alias} ${toString begin}-${toString end}") aliases
)}
</DataHandleRanges>
<StorageHints>
TroveSyncMeta ${if fs.troveSyncMeta then "yes" else "no"}
TroveSyncData ${if fs.troveSyncData then "yes" else "no"}
${fs.extraStorageHints}
</StorageHints>
</FileSystem>
'') cfg.fileSystems;

configFile = ''
<Defaults>
LogType ${cfg.logType}
DataStorageSpace ${cfg.dataStorageSpace}
MetaDataStorageSpace ${cfg.metadataStorageSpace}
BMIModules ${concatStringsSep "," cfg.BMIModules}
${cfg.extraDefaults}
</Defaults>
${cfg.extraConfig}
<Aliases>
${concatStringsSep "\n" (mapAttrsToList (alias: url: "Alias ${alias} ${url}") cfg.servers)}
</Aliases>
${concatStringsSep "\n" fileSystems}
'';

in {
###### interface

options = {
services.orangefs.server = {
enable = mkEnableOption "OrangeFS server";

logType = mkOption {
type = with types; enum [ "file" "syslog" ];
default = "syslog";
description = "Destination for log messages.";
};

dataStorageSpace = mkOption {
type = types.str;
default = null;
example = "/data/storage";
description = "Directory for data storage.";
};

metadataStorageSpace = mkOption {
type = types.str;
default = null;
example = "/data/meta";
description = "Directory for meta data storage.";
};

BMIModules = mkOption {
type = with types; listOf str;
default = [ "bmi_tcp" ];
example = [ "bmi_tcp" "bmi_ib"];
description = "List of BMI modules to load.";
};

extraDefaults = mkOption {
type = types.lines;
default = "";
description = "Extra config for <literal>&lt;Defaults&gt;</literal> section.";
};

extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra config for the global section.";
};

servers = mkOption {
type = with types; attrsOf types.str;
default = {};
example = ''
{
node1="tcp://node1:3334";
node2="tcp://node2:3334";
}
'';
description = "URLs for storage server including port. The attribute names define the server alias.";
};

fileSystems = mkOption {
description = ''
These options will create the <literal>&lt;FileSystem&gt;</literal> sections of config file.
'';
default = { orangefs = {}; };
defaultText = literalExample "{ orangefs = {}; }";
example = literalExample ''
{
fs1 = {
id = 101;
};
fs2 = {
id = 102;
};
}
'';
type = with types; attrsOf (submodule ({ ... } : {
options = {
id = mkOption {
type = types.int;
default = 1;
description = "File system ID (must be unique within configuration).";
};

rootHandle = mkOption {
type = types.int;
default = 3;
description = "File system root ID.";
};

extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra config for <literal>&lt;FileSystem&gt;</literal> section.";
};

troveSyncMeta = mkOption {
type = types.bool;
default = true;
description = "Sync meta data.";
};

troveSyncData = mkOption {
type = types.bool;
default = false;
description = "Sync data.";
};

extraStorageHints = mkOption {
type = types.lines;
default = "";
description = "Extra config for <literal>&lt;StorageHints&gt;</literal> section.";
};
};
}));
};
};
};

###### implementation

config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.orangefs ];

# orangefs daemon will run as user
users.users.orangefs.isSystemUser = true;
users.groups.orangefs = {};

# To format the file system the config file is needed.
environment.etc."orangefs/server.conf" = {
text = configFile;
user = "orangefs";
group = "orangefs";
};

systemd.services.orangefs-server = {
wantedBy = [ "multi-user.target" ];
requires = [ "network-online.target" ];
after = [ "network-online.target" ];

serviceConfig = {
# Run as "simple" in forground mode.
# This is more reliable
ExecStart = ''
${pkgs.orangefs}/bin/pvfs2-server -d \
/etc/orangefs/server.conf
'';
TimeoutStopSec = "120";
User = "orangefs";
Group = "orangefs";
};
};
};

}
30 nixos/modules/services/networking/go-shadowsocks2.nix
View file
@@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:

with lib;
let
cfg = config.services.go-shadowsocks2.server;
in {
options.services.go-shadowsocks2.server = {
enable = mkEnableOption "go-shadowsocks2 server";

listenAddress = mkOption {
type = types.str;
description = "Server listen address or URL";
example = "ss://AEAD_CHACHA20_POLY1305:your-password@:8488";
};
};

config = mkIf cfg.enable {
systemd.services.go-shadowsocks2-server = {
description = "go-shadowsocks2 server";

after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];

serviceConfig = {
ExecStart = "${pkgs.go-shadowsocks2}/bin/go-shadowsocks2 -s '${cfg.listenAddress}'";
DynamicUser = true;
};
};
};
}
15 nixos/modules/services/networking/stunnel.nix
View file
@@ -57,7 +57,13 @@ let
};

CAPath = mkOption {
type = types.path;
type = types.nullOr types.path;
default = null;
description = "Path to a directory containing certificates to validate against.";
};

CAFile = mkOption {
type = types.nullOr types.path;
default = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
description = "Path to a file containing certificates to validate against.";
};
@@ -196,6 +202,7 @@ in
verifyChain = ${yesNo v.verifyChain}
verifyPeer = ${yesNo v.verifyPeer}
${optionalString (v.CAPath != null) "CApath = ${v.CAPath}"}
${optionalString (v.CAFile != null) "CAFile = ${v.CAFile}"}
${optionalString (v.verifyHostname != null) "checkHost = ${v.verifyHostname}"}
OCSPaia = yes
@@ -216,6 +223,12 @@ in
};
};

meta.maintainers = with maintainers; [
# Server side
lschuermann
# Client side
das_j
];
};

}
193 nixos/modules/services/networking/yggdrasil.nix
View file
@@ -0,0 +1,193 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.yggdrasil;
configProvided = (cfg.config != {});
configAsFile = (if configProvided then
toString (pkgs.writeTextFile {
name = "yggdrasil-conf";
text = builtins.toJSON cfg.config;
})
else null);
configFileProvided = (cfg.configFile != null);
generateConfig = (
if configProvided && configFileProvided then
"${pkgs.jq}/bin/jq -s add /run/yggdrasil/configFile.json ${configAsFile}"
else if configProvided then
"cat ${configAsFile}"
else if configFileProvided then
"cat /run/yggdrasil/configFile.json"
else
"${cfg.package}/bin/yggdrasil -genconf"
);

in {
options = with types; {
services.yggdrasil = {
enable = mkEnableOption "the yggdrasil system service";

configFile = mkOption {
type = nullOr str;
default = null;
example = "/run/keys/yggdrasil.conf";
description = ''
A file which contains JSON configuration for yggdrasil.
You do not have to supply a complete configuration, as
yggdrasil will use default values for anything which is
omitted. If the encryption and signing keys are omitted,
yggdrasil will generate new ones each time the service is
started, resulting in a random IPv6 address on the yggdrasil
network each time.
If both this option and <option>config</option> are
supplied, they will be combined, with values from
<option>config</option> taking precedence.
You can use the command <code>nix-shell -p yggdrasil --run
"yggdrasil -genconf -json"</code> to generate a default
JSON configuration.
'';
};

config = mkOption {
type = attrs;
default = {};
example = {
Peers = [
"tcp://aa.bb.cc.dd:eeeee"
"tcp://[aaaa:bbbb:cccc:dddd::eeee]:fffff"
];
Listen = [
"tcp://0.0.0.0:xxxxx"
];
};
description = ''
Configuration for yggdrasil, as a Nix attribute set.
Warning: this is stored in the WORLD-READABLE Nix store!
Therefore, it is not appropriate for private keys. If you
do not specify the keys, yggdrasil will generate a new set
each time the service is started, creating a random IPv6
address on the yggdrasil network each time.
If you wish to specify the keys, use
<option>configFile</option>. If both
<option>configFile</option> and <option>config</option> are
supplied, they will be combined, with values from
<option>config</option> taking precedence.
You can use the command <code>nix-shell -p yggdrasil --run
"yggdrasil -genconf"</code> to generate default
configuration values with documentation.
'';
};

openMulticastPort = mkOption {
type = bool;
default = false;
description = ''
Whether to open the UDP port used for multicast peer
discovery. The NixOS firewall blocks link-local
communication, so in order to make local peering work you
will also need to set <code>LinkLocalTCPPort</code> in your
yggdrasil configuration (<option>config</option> or
<option>configFile</option>) to a port number other than 0,
and then add that port to
<option>networking.firewall.allowedTCPPorts</option>.
'';
};

denyDhcpcdInterfaces = mkOption {
type = listOf str;
default = [];
example = [ "tap*" ];
description = ''
Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list. Use this
option to prevent the DHCP client from broadcasting requests
on the yggdrasil network. It is only necessary to do so
when yggdrasil is running in TAP mode, because TUN
interfaces do not support broadcasting.
'';
};

package = mkOption {
type = package;
default = pkgs.yggdrasil;
defaultText = "pkgs.yggdrasil";
description = "Yggdrasil package to use.";
};
};
};

config = mkIf cfg.enable {
assertions = [
{ assertion = config.networking.enableIPv6;
message = "networking.enableIPv6 must be true for yggdrasil to work";
}
];

environment.etc."yggdrasil.conf" = {
enable = true;
mode = "symlink";
source = "/run/yggdrasil/yggdrasil.conf";
};

systemd.services.yggdrasil = {
description = "Yggdrasil Network Service";
path = [ cfg.package ] ++ optional (configProvided && configFileProvided) pkgs.jq;
bindsTo = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];

preStart = ''
${generateConfig} | yggdrasil -normaliseconf -useconf > /run/yggdrasil/yggdrasil.conf
'';

serviceConfig = {
ExecStart = "${cfg.package}/bin/yggdrasil -useconffile /etc/yggdrasil.conf";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "always";

RuntimeDirectory = "yggdrasil";
RuntimeDirectoryMode = "0700";
BindReadOnlyPaths = mkIf configFileProvided
[ "${cfg.configFile}:/run/yggdrasil/configFile.json" ];

# TODO: as of yggdrasil 0.3.8 and systemd 243, yggdrasil fails
# to set up the network adapter when DynamicUser is set. See
# github.com/yggdrasil-network/yggdrasil-go/issues/557. The
# following options are implied by DynamicUser according to
# the systemd.exec documentation, and can be removed if the
# upstream issue is fixed and DynamicUser is set to true:
PrivateTmp = true;
RemoveIPC = true;
NoNewPrivileges = true;
ProtectSystem = "strict";
RestrictSUIDSGID = true;
# End of list of options implied by DynamicUser.

AmbientCapabilities = "CAP_NET_ADMIN";
CapabilityBoundingSet = "CAP_NET_ADMIN";
MemoryDenyWriteExecute = true;
ProtectControlGroups = true;
ProtectHome = "tmpfs";
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @resources";
};
};

networking.dhcpcd.denyInterfaces = cfg.denyDhcpcdInterfaces;
networking.firewall.allowedUDPPorts = mkIf cfg.openMulticastPort [ 9001 ];

# Make yggdrasilctl available on the command line.
environment.systemPackages = [ cfg.package ];
};
meta.maintainers = with lib.maintainers; [ gazally ];
}
2 nixos/modules/services/printing/cupsd.nix
View file
@@ -31,7 +31,7 @@ let
# part of CUPS itself, e.g. the SMB backend is part of Samba. Since
# we can't update ${cups.out}/lib/cups itself, we create a symlink tree
# here and add the additional programs. The ServerBin directive in
# cupsd.conf tells cupsd to use this tree.
# cups-files.conf tells cupsd to use this tree.
bindir = pkgs.buildEnv {
name = "cups-progs";
paths =
49 nixos/modules/services/web-apps/gotify-server.nix
View file
@@ -0,0 +1,49 @@
{ pkgs, lib, config, ... }:

with lib;

let
cfg = config.services.gotify;
in {
options = {
services.gotify = {
enable = mkEnableOption "Gotify webserver";

port = mkOption {
type = types.port;
description = ''
Port the server listens to.
'';
};

stateDirectoryName = mkOption {
type = types.str;
default = "gotify-server";
description = ''
The name of the directory below <filename>/var/lib</filename> where
gotify stores its runtime data.
'';
};
};
};

config = mkIf cfg.enable {
systemd.services.gotify-server = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "Simple server for sending and receiving messages";

environment = {
GOTIFY_SERVER_PORT = toString cfg.port;
};

serviceConfig = {
WorkingDirectory = "/var/lib/${cfg.stateDirectoryName}";
StateDirectory = cfg.stateDirectoryName;
Restart = "always";
DynamicUser = "yes";
ExecStart = "${pkgs.gotify-server}/bin/server";
};
};
};
}
2 nixos/modules/services/web-apps/matomo-doc.xml
View file
@@ -105,7 +105,7 @@ GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
<para>
You can use other web servers by forwarding calls for
<filename>index.php</filename> and <filename>piwik.php</filename> to the
<literal>/run/phpfpm-matomo.sock</literal> fastcgi unix socket. You can use
<literal><link linkend="opt-services.phpfpm.pools._name_.socket">services.phpfpm.pools.&lt;name&gt;.socket</link></literal> fastcgi unix socket. You can use
the nginx configuration in the module code as a reference to what else
should be configured.
</para>
56 nixos/modules/services/web-apps/matomo.nix
View file
@@ -2,15 +2,13 @@
with lib;
let
cfg = config.services.matomo;
fpm = config.services.phpfpm.pools.${pool};

user = "matomo";
dataDir = "/var/lib/${user}";
deprecatedDataDir = "/var/lib/piwik";

pool = user;
# it's not possible to use /run/phpfpm/${pool}.sock because /run/phpfpm/ is root:root 0770,
# and therefore is not accessible by the web server.
phpSocket = "/run/phpfpm-${pool}.sock";
phpExecutionUnit = "phpfpm-${pool}";
databaseService = "mysql.service";

@@ -50,7 +48,7 @@ in {
default = null;
example = "lighttpd";
description = ''
Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for Matomo if the nginx
Name of the web server user that forwards requests to <option>services.phpfpm.pools.&lt;name&gt;.socket</option> the fastcgi socket for Matomo if the nginx
option is not used. Either this option or the nginx option is mandatory.
If you want to use another webserver than nginx, you need to set this to that server's user
and pass fastcgi requests to `index.php`, `matomo.php` and `piwik.php` (legacy name) to this socket.
@@ -71,25 +69,6 @@ in {
'';
};

phpfpmProcessManagerConfig = mkOption {
type = types.str;
default = ''
; default phpfpm process manager settings
pm = dynamic
pm.max_children = 75
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 500
; log worker's stdout, but this has a performance hit
catch_workers_output = yes
'';
description = ''
Settings for phpfpm's process manager. You might need to change this depending on the load for Matomo.
'';
};

nginx = mkOption {
type = types.nullOr (types.submodule (
recursiveUpdate
@@ -233,15 +212,24 @@ in {
else if (cfg.webServerUser != null) then cfg.webServerUser else "";
in {
${pool} = {
listen = phpSocket;
extraConfig = ''
listen.owner = ${socketOwner}
listen.group = root
listen.mode = 0600
user = ${user}
env[PIWIK_USER_PATH] = ${dataDir}
${cfg.phpfpmProcessManagerConfig}
inherit user;
phpOptions = ''
error_log = 'stderr'
log_errors = on
'';
settings = mapAttrs (name: mkDefault) {
"listen.owner" = socketOwner;
"listen.group" = "root";
"listen.mode" = "0660";
"pm" = "dynamic";
"pm.max_children" = 75;
"pm.start_servers" = 10;
"pm.min_spare_servers" = 5;
"pm.max_spare_servers" = 20;
"pm.max_requests" = 500;
"catch_workers_output" = true;
};
phpEnv.PIWIK_USER_PATH = dataDir;
};
};

@@ -264,15 +252,15 @@ in {
};
# allow index.php for webinterface
locations."= /index.php".extraConfig = ''
fastcgi_pass unix:${phpSocket};
fastcgi_pass unix:${fpm.socket};
'';
# allow matomo.php for tracking
locations."= /matomo.php".extraConfig = ''
fastcgi_pass unix:${phpSocket};
fastcgi_pass unix:${fpm.socket};
'';
# allow piwik.php for tracking (deprecated name)
locations."= /piwik.php".extraConfig = ''
fastcgi_pass unix:${phpSocket};
fastcgi_pass unix:${fpm.socket};
'';
# Any other attempt to access any php files is forbidden
locations."~* ^.+\\.php$".extraConfig = ''
4 nixos/modules/services/web-apps/nextcloud.nix
View file
@@ -467,7 +467,7 @@ in {
};
"/" = {
priority = 200;
extraConfig = "rewrite ^ /index.php$request_uri;";
extraConfig = "rewrite ^ /index.php;";
};
"~ ^/store-apps" = {
priority = 201;
@@ -494,6 +494,7 @@ in {
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(\\/.*)$;
try_files $fastcgi_script_name =404;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS ${if cfg.https then "on" else "off"};
fastcgi_param modHeadersAvailable true;
@@ -531,6 +532,7 @@ in {
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
client_max_body_size ${cfg.maxUploadSize};
2 nixos/modules/system/boot/networkd.nix
View file
@@ -187,7 +187,7 @@ let
# Note: For DHCP the values both, none, v4, v6 are deprecated
(assertValueOneOf "DHCP" ["yes" "no" "ipv4" "ipv6" "both" "none" "v4" "v6"])
(assertValueOneOf "DHCPServer" boolValues)
(assertValueOneOf "LinkLocalAddressing" ["yes" "no" "ipv4" "ipv6"])
(assertValueOneOf "LinkLocalAddressing" ["yes" "no" "ipv4" "ipv6" "ipv4-fallback" "fallback"])
(assertValueOneOf "IPv4LLRoute" boolValues)
(assertValueOneOf "LLMNR" ["yes" "resolve" "no"])
(assertValueOneOf "MulticastDNS" ["yes" "resolve" "no"])
2 nixos/modules/tasks/network-interfaces-systemd.nix
View file
@@ -31,7 +31,7 @@ in
message = "networking.defaultGatewayWindowSize is not supported by networkd.";
} {
assertion = cfg.vswitches == {};
message = "networking.vswichtes are not supported by networkd.";
message = "networking.vswitches are not supported by networkd.";
} {
assertion = cfg.defaultGateway == null || cfg.defaultGateway.interface == null;
message = "networking.defaultGateway.interface is not supported by networkd.";
18 nixos/modules/virtualisation/ec2-amis.nix
View file
@@ -291,5 +291,21 @@ let self = {
"19.03".sa-east-1.hvm-ebs = "ami-0c6a43c6e0ad1f4e2";
"19.03".ap-south-1.hvm-ebs = "ami-0303deb1b5890f878";

latest = self."19.03";
# 19.09.981.205691b7cbe
"19.09".eu-west-1.hvm-ebs = "ami-0ebd3156e21e9642f";
"19.09".eu-west-2.hvm-ebs = "ami-02a2b5480a79084b7";
"19.09".eu-west-3.hvm-ebs = "ami-09aa175c7588734f7";
"19.09".eu-central-1.hvm-ebs = "ami-00a7fafd7e237a330";
"19.09".us-east-1.hvm-ebs = "ami-00a8eeaf232a74f84";
"19.09".us-east-2.hvm-ebs = "ami-093efd3a57a1e03a8";
"19.09".us-west-1.hvm-ebs = "ami-0913e9a2b677fac30";
"19.09".us-west-2.hvm-ebs = "ami-02d9a19f77b47882a";
"19.09".ca-central-1.hvm-ebs = "ami-0627dd3f7b3627a29";
"19.09".ap-southeast-1.hvm-ebs = "ami-083614e4d08f2164d";
"19.09".ap-southeast-2.hvm-ebs = "ami-0048c704185ded6dc";
"19.09".ap-northeast-1.hvm-ebs = "ami-0329e7fc2d7f60bd0";
"19.09".ap-northeast-2.hvm-ebs = "ami-03d4ae7d0b5fc364f";
"19.09".ap-south-1.hvm-ebs = "ami-0b599690b35aeef23";

latest = self."19.09";
}; in self
9 nixos/modules/virtualisation/virtualbox-host.nix
View file
@@ -149,5 +149,12 @@ in
# Make sure NetworkManager won't assume this interface being up
# means we have internet access.
networking.networkmanager.unmanaged = ["vboxnet0"];
})]);
}) (mkIf config.networking.useNetworkd {
systemd.network.networks."40-vboxnet0".extraConfig = ''
[Link]
RequiredForOnline=no
'';
})

]);
}
27 nixos/tests/acme.nix
View file
@@ -12,8 +12,11 @@ in import ./make-test.nix {
networking.extraHosts = ''
${config.networking.primaryIPAddress} standalone.com
'';
security.acme.certs."standalone.com" = {
webroot = "/var/lib/acme/acme-challenges";
security.acme = {
server = "https://acme-v02.api.letsencrypt.org/dir";
certs."standalone.com" = {
webroot = "/var/lib/acme/acme-challenges";
};
};
systemd.targets."acme-finished-standalone.com" = {};
systemd.services."acme-standalone.com" = {
@@ -54,6 +57,8 @@ in import ./make-test.nix {
'';
};

security.acme.server = "https://acme-v02.api.letsencrypt.org/dir";

nesting.clone = [
({pkgs, ...}: {

@@ -80,7 +85,7 @@ in import ./make-test.nix {
client = commonConfig;
};

testScript = {nodes, ...}:
testScript = {nodes, ...}:
let
newServerSystem = nodes.webserver2.config.system.build.toplevel;
switchToNewServer = "${newServerSystem}/bin/switch-to-configuration test";
@@ -91,25 +96,33 @@ in import ./make-test.nix {
# get pulled in by the oneshot units. The target units linger after activation, and hence we
# can use them to probe that a oneshot fired. It is a bit ugly, but it is the best we can do
''
$client->waitForUnit("default.target");
$client->start;
$letsencrypt->start;
$acmeStandalone->start;
$letsencrypt->waitForUnit("default.target");
$letsencrypt->waitForUnit("boulder.service");
$letsencrypt->waitForUnit("pebble.service");
subtest "can request certificate with HTTPS-01 challenge", sub {
$acmeStandalone->waitForUnit("default.target");
$acmeStandalone->succeed("systemctl start acme-standalone.com.service");
$acmeStandalone->waitForUnit("acme-finished-standalone.com.target");
};
$client->waitForUnit("default.target");
$client->succeed('curl https://acme-v02.api.letsencrypt.org:15000/roots/0 > /tmp/ca.crt');
$client->succeed('curl https://acme-v02.api.letsencrypt.org:15000/intermediate-keys/0 >> /tmp/ca.crt');
subtest "Can request certificate for nginx service", sub {
$webserver->waitForUnit("acme-finished-a.example.com.target");
$client->succeed('curl https://a.example.com/ | grep -qF "hello world"');
$client->succeed('curl --cacert /tmp/ca.crt https://a.example.com/ | grep -qF "hello world"');
};
subtest "Can add another certificate for nginx service", sub {
$webserver->succeed("/run/current-system/fine-tune/child-1/bin/switch-to-configuration test");
$webserver->waitForUnit("acme-finished-b.example.com.target");
$client->succeed('curl https://b.example.com/ | grep -qF "hello world"');
$client->succeed('curl --cacert /tmp/ca.crt https://b.example.com/ | grep -qF "hello world"');
};
'';
}
6 nixos/tests/all-tests.nix
View file
@@ -81,6 +81,7 @@ in
env = handleTest ./env.nix {};
etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {};
etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {};
fancontrol = handleTest ./fancontrol.nix {};
ferm = handleTest ./ferm.nix {};
firefox = handleTest ./firefox.nix {};
firewall = handleTest ./firewall.nix {};
@@ -93,6 +94,7 @@ in
fsck = handleTest ./fsck.nix {};
fwupd = handleTestOn ["x86_64-linux"] ./fwupd.nix {}; # libsmbios is unsupported on aarch64
gdk-pixbuf = handleTest ./gdk-pixbuf.nix {};
gotify-server = handleTest ./gotify-server.nix {};
gitea = handleTest ./gitea.nix {};
gitlab = handleTest ./gitlab.nix {};
gitolite = handleTest ./gitolite.nix {};
@@ -157,6 +159,7 @@ in
#logstash = handleTest ./logstash.nix {};
mailcatcher = handleTest ./mailcatcher.nix {};
mathics = handleTest ./mathics.nix {};
matomo = handleTest ./matomo.nix {};
matrix-synapse = handleTest ./matrix-synapse.nix {};
mediawiki = handleTest ./mediawiki.nix {};
memcached = handleTest ./memcached.nix {};
@@ -201,12 +204,14 @@ in
novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {};
nsd = handleTest ./nsd.nix {};
nzbget = handleTest ./nzbget.nix {};
openarena = handleTest ./openarena.nix {};
openldap = handleTest ./openldap.nix {};
opensmtpd = handleTest ./opensmtpd.nix {};
openssh = handleTest ./openssh.nix {};
# openstack-image-userdata doesn't work in a sandbox as the simulated openstack instance needs network access
#openstack-image-userdata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).userdata or {};
openstack-image-metadata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).metadata or {};
orangefs = handleTest ./orangefs.nix {};
os-prober = handleTestOn ["x86_64-linux"] ./os-prober.nix {};
osquery = handleTest ./osquery.nix {};
osrm-backend = handleTest ./osrm-backend.nix {};
@@ -291,5 +296,6 @@ in
xrdp = handleTest ./xrdp.nix {};
xss-lock = handleTest ./xss-lock.nix {};
yabar = handleTest ./yabar.nix {};
yggdrasil = handleTest ./yggdrasil.nix {};
zookeeper = handleTest ./zookeeper.nix {};
}
26 nixos/tests/common/letsencrypt/common.nix
View file
@@ -1,27 +1,9 @@
{ lib, nodes, ... }: {
{ lib, nodes, pkgs, ... }: let
letsencrypt-ca = nodes.letsencrypt.config.test-support.letsencrypt.caCert;
in {
networking.nameservers = [
nodes.letsencrypt.config.networking.primaryIPAddress
];

nixpkgs.overlays = lib.singleton (self: super: {
cacert = super.cacert.overrideDerivation (drv: {
installPhase = (drv.installPhase or "") + ''
cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
>> "$out/etc/ssl/certs/ca-bundle.crt"
'';
});

# Override certifi so that it accepts fake certificate for Let's Encrypt
# Need to override the attribute used by simp_le, which is python3Packages
python3Packages = (super.python3.override {
packageOverrides = lib.const (pysuper: {
certifi = pysuper.certifi.overridePythonAttrs (attrs: {
postPatch = (attrs.postPatch or "") + ''
cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
> certifi/cacert.pem
'';
});
});
}).pkgs;
});
security.pki.certificateFiles = [ letsencrypt-ca ];
}
370 nixos/tests/common/letsencrypt/default.nix
View file

Large diffs are not rendered by default.

2 nixos/tests/common/letsencrypt/mkcerts.nix
View file
@@ -1,7 +1,7 @@
{ pkgs ? import <nixpkgs> {}
, lib ? pkgs.lib

, domains ? [ "acme-v01.api.letsencrypt.org" "letsencrypt.org" ]
, domains ? [ "acme-v02.api.letsencrypt.org" "letsencrypt.org" ]
}:

pkgs.runCommand "letsencrypt-snakeoil-ca" {
451 nixos/tests/common/letsencrypt/snakeoil-certs.nix
View file

Large diffs are not rendered by default.

25 nixos/tests/fancontrol.nix
View file
@@ -0,0 +1,25 @@
import ./make-test.nix ({ pkgs, ... } : {
name = "fancontrol";

machine =
{ ... }:
{ hardware.fancontrol.enable = true;
hardware.fancontrol.config = ''
INTERVAL=42
DEVPATH=hwmon1=devices/platform/dummy
DEVNAME=hwmon1=dummy
FCTEMPS=hwmon1/device/pwm1=hwmon1/device/temp1_input
FCFANS=hwmon1/device/pwm1=hwmon1/device/fan1_input
MINTEMP=hwmon1/device/pwm1=25
MAXTEMP=hwmon1/device/pwm1=65
MINSTART=hwmon1/device/pwm1=150
MINSTOP=hwmon1/device/pwm1=0
'';
};

# This configuration cannot be valid for the test VM, so it's expected to get an 'outdated' error.
testScript = ''
$machine->waitForUnit("fancontrol.service");
$machine->waitUntilSucceeds("journalctl -eu fancontrol | grep 'Configuration appears to be outdated'");
'';
})
45 nixos/tests/gotify-server.nix
View file
@@ -0,0 +1,45 @@
import ./make-test.nix ({ pkgs, lib, ...} : {
name = "gotify-server";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
};

machine = { pkgs, ... }: {
environment.systemPackages = [ pkgs.jq ];

services.gotify = {
enable = true;
port = 3000;
};
};

testScript = ''
startAll;
$machine->waitForUnit("gotify-server");
$machine->waitForOpenPort(3000);
my $token = $machine->succeed(
"curl --fail -sS -X POST localhost:3000/application -F name=nixos " .
'-H "Authorization: Basic $(echo -ne "admin:admin" | base64 --wrap 0)" ' .
'| jq .token | xargs echo -n'
);
my $usertoken = $machine->succeed(
"curl --fail -sS -X POST localhost:3000/client -F name=nixos " .
'-H "Authorization: Basic $(echo -ne "admin:admin" | base64 --wrap 0)" ' .
'| jq .token | xargs echo -n'
);
$machine->succeed(
"curl --fail -sS -X POST 'localhost:3000/message?token=$token' -H 'Accept: application/json' " .
'-F title=Gotify -F message=Works'
);
my $title = $machine->succeed(
"curl --fail -sS 'localhost:3000/message?since=0&token=$usertoken' | jq '.messages|.[0]|.title' | xargs echo -n"
);
$title eq "Gotify" or die "Wrong title ($title), expected 'Gotify'!";
'';
})
4 nixos/tests/installer.nix
View file
@@ -54,8 +54,6 @@ let
hardware.enableAllFirmware = lib.mkForce false;
services.udisks2.enable = lib.mkDefault false;
${replaceChars ["\n"] ["\n "] extraConfig}
}
'';
@@ -295,8 +293,6 @@ let
++ optional (bootLoader == "grub" && grubVersion == 1) pkgs.grub
++ optionals (bootLoader == "grub" && grubVersion == 2) [ pkgs.grub2 pkgs.grub2_efi ];

services.udisks2.enable = mkDefault false;

nix.binaryCaches = mkForce [ ];
nix.extraOptions =
''
43 nixos/tests/matomo.nix
View file
@@ -0,0 +1,43 @@
{ system ? builtins.currentSystem, config ? { }
, pkgs ? import ../.. { inherit system config; } }:

with import ../lib/testing.nix { inherit system pkgs; };
with pkgs.lib;

let
matomoTest = package:
makeTest {
machine = { config, pkgs, ... }: {
services.matomo = {
package = package;
enable = true;
nginx = {
forceSSL = false;
enableACME = false;
};
};
services.mysql = {
enable = true;
package = pkgs.mysql;
};
services.nginx.enable = true;
};

testScript = ''
startAll;
$machine->waitForUnit("mysql.service");
$machine->waitForUnit("phpfpm-matomo.service");
$machine->waitForUnit("nginx.service");
$machine->succeed("curl -sSfL http://localhost/ | grep '<title>Matomo[^<]*Installation'");
'';
};
in {
matomo = matomoTest pkgs.matomo // {
name = "matomo";
meta.maintainers = with maintainers; [ florianjacob kiwi mmilata ];
};
matomo-beta = matomoTest pkgs.matomo-beta // {
name = "matomo-beta";
meta.maintainers = with maintainers; [ florianjacob kiwi mmilata ];
};
}
36 nixos/tests/openarena.nix
View file
@@ -0,0 +1,36 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "openarena";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ tomfitzhenry ];
};

machine =
{ pkgs, ... }:

{ imports = [];
environment.systemPackages = with pkgs; [
socat
];
services.openarena = {
enable = true;
extraFlags = [
"+set dedicated 2"
"+set sv_hostname 'My NixOS server'"
"+map oa_dm1"
];
};
};

testScript =
''
$machine->waitForUnit("openarena.service");
$machine->waitUntilSucceeds("ss --numeric --udp --listening | grep -q 27960");
# The log line containing 'resolve address' is last and only message that occurs after
# the server starts accepting clients.
$machine->waitUntilSucceeds("journalctl -u openarena.service | grep 'resolve address: dpmaster.deathmask.net'");
# Check it's possible to join the server.
$machine->succeed("echo -n -e '\\xff\\xff\\xff\\xffgetchallenge' | socat - UDP4-DATAGRAM:127.0.0.1:27960 | grep -q challengeResponse");
'';
})
88 nixos/tests/orangefs.nix
View file
@@ -0,0 +1,88 @@
import ./make-test.nix ({ ... } :

let
server = { pkgs, ... } : {
networking.firewall.allowedTCPPorts = [ 3334 ];
boot.initrd.postDeviceCommands = ''
${pkgs.e2fsprogs}/bin/mkfs.ext4 -L data /dev/vdb
'';

virtualisation.emptyDiskImages = [ 4096 ];

fileSystems = pkgs.lib.mkVMOverride
[ { mountPoint = "/data";
device = "/dev/disk/by-label/data";
fsType = "ext4";
}
];

services.orangefs.server = {
enable = true;
dataStorageSpace = "/data/storage";
metadataStorageSpace = "/data/meta";
servers = {
server1 = "tcp://server1:3334";
server2 = "tcp://server2:3334";
};
};
};

client = { lib, ... } : {
networking.firewall.enable = true;

services.orangefs.client = {
enable = true;
fileSystems = [{
target = "tcp://server1:3334/orangefs";
mountPoint = "/orangefs";
}];
};
};

in {
name = "orangefs";

nodes = {
server1 = server;
server2 = server;

client1 = client;
client2 = client;
};

testScript = ''
# format storage
foreach my $server (($server1,$server2))
{
$server->start();
$server->waitForUnit("multi-user.target");
$server->succeed("mkdir -p /data/storage /data/meta");
$server->succeed("chown orangefs:orangefs /data/storage /data/meta");
$server->succeed("chmod 0770 /data/storage /data/meta");
$server->succeed("sudo -g orangefs -u orangefs pvfs2-server -f /etc/orangefs/server.conf");
}
# start services after storage is formated on all machines
foreach my $server (($server1,$server2))
{
$server->succeed("systemctl start orangefs-server.service");
}
# Check if clients can reach and mount the FS
foreach my $client (($client1,$client2))
{
$client->start();
$client->waitForUnit("orangefs-client.service");
# Both servers need to be reachable
$client->succeed("pvfs2-check-server -h server1 -f orangefs -n tcp -p 3334");
$client->succeed("pvfs2-check-server -h server2 -f orangefs -n tcp -p 3334");
$client->waitForUnit("orangefs.mount");
}
# R/W test between clients
$client1->succeed("echo test > /orangefs/file1");
$client2->succeed("grep test /orangefs/file1");
'';
})
3 nixos/tests/os-prober.nix
View file
@@ -51,12 +51,11 @@ let
hashed-mirrors =
connect-timeout = 1
'';
services.udisks2.enable = lib.mkForce false;
};
# /etc/nixos/configuration.nix for the vm
configFile = pkgs.writeText "configuration.nix" ''
{config, pkgs, ...}: ({
imports =
imports =
[ ./hardware-configuration.nix
<nixpkgs/nixos/modules/testing/test-instrumentation.nix>
];
123 nixos/tests/yggdrasil.nix
View file
@@ -0,0 +1,123 @@
let
aliceIp6 = "200:3b91:b2d8:e708:fbf3:f06:fdd5:90d0";
aliceKeys = {
EncryptionPublicKey = "13e23986fe76bc3966b42453f479bc563348b7ff76633b7efcb76e185ec7652f";
EncryptionPrivateKey = "9f86947b15e86f9badac095517a1982e39a2db37ca726357f95987b898d82208";
SigningPublicKey = "e2c43349083bc1e998e4ec4535b4c6a8f44ca9a5a8e07336561267253b2be5f4";
SigningPrivateKey = "fe3add8da35316c05f6d90d3ca79bd2801e6ccab6d37e5339fef4152589398abe2c43349083bc1e998e4ec4535b4c6a8f44ca9a5a8e07336561267253b2be5f4";
};
bobIp6 = "201:ebbd:bde9:f138:c302:4afa:1fb6:a19a";
bobConfig = {
InterfacePeers = {
eth1 = [ "tcp://192.168.1.200:12345" ];
};
MulticastInterfaces = [ "eth1" ];
LinkLocalTCPPort = 54321;
EncryptionPublicKey = "c99d6830111e12d1b004c52fe9e5a2eef0f6aefca167aca14589a370b7373279";
EncryptionPrivateKey = "2e698a53d3fdce5962d2ff37de0fe77742a5c8b56cd8259f5da6aa792f6e8ba3";
SigningPublicKey = "de111da0ec781e45bf6c63ecb45a78c24d7d4655abfaeea83b26c36eb5c0fd5b";
SigningPrivateKey = "2a6c21550f3fca0331df50668ffab66b6dce8237bcd5728e571e8033b363e247de111da0ec781e45bf6c63ecb45a78c24d7d4655abfaeea83b26c36eb5c0fd5b";
};

in import ./make-test.nix ({ pkgs, ...} : {
name = "yggdrasil";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ gazally ];
};

nodes = rec {
# Alice is listening for peerings on a specified port,
# but has multicast peering disabled. Alice has part of her
# yggdrasil config in Nix and part of it in a file.
alice =
{ ... }:
{
networking = {
interfaces.eth1.ipv4.addresses = [{
address = "192.168.1.200";
prefixLength = 24;
}];
firewall.allowedTCPPorts = [ 80 12345 ];
};
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";

services.yggdrasil = {
enable = true;
config = {
Listen = ["tcp://0.0.0.0:12345"];
MulticastInterfaces = [ ];
};
configFile = toString (pkgs.writeTextFile {
name = "yggdrasil-alice-conf";
text = builtins.toJSON aliceKeys;
});
};
};

# Bob is set up to peer with Alice, and also to do local multicast
# peering. Bob's yggdrasil config is in a file.
bob =
{ ... }:
{
networking.firewall.allowedTCPPorts = [ 54321 ];
services.yggdrasil = {
enable = true;
openMulticastPort = true;
configFile = toString (pkgs.writeTextFile {
name = "yggdrasil-bob-conf";
text = builtins.toJSON bobConfig;
});
};
};

# Carol only does local peering. Carol's yggdrasil config is all Nix.
carol =
{ ... }:
{
networking.firewall.allowedTCPPorts = [ 43210 ];
services.yggdrasil = {
enable = true;
denyDhcpcdInterfaces = [ "ygg0" ];
config = {
IfTAPMode = true;
IFName = "ygg0";
MulticastInterfaces = [ "eth1" ];
LinkLocalTCPPort = 43210;
};
};
};
};

testScript =
''
# Give Alice a head start so she is ready when Bob calls.
$alice->start;
$alice->waitForUnit("yggdrasil.service");
$bob->start;
$carol->start;
$bob->waitForUnit("yggdrasil.service");
$carol->waitForUnit("yggdrasil.service");
$carol->waitUntilSucceeds("[ `ip -o -6 addr show dev ygg0 scope global | grep -v tentative | wc -l` -ge 1 ]");
my $carolIp6 = (split /[ \/]+/, $carol->succeed("ip -o -6 addr show dev ygg0 scope global"))[3];
# If Alice can talk to Carol, then Bob's outbound peering and Carol's
# local peering have succeeded and everybody is connected.
$alice->waitUntilSucceeds("ping -c 1 $carolIp6");
$alice->succeed("ping -c 1 ${bobIp6}");
$bob->succeed("ping -c 1 ${aliceIp6}");
$bob->succeed("ping -c 1 $carolIp6");
$carol->succeed("ping -c 1 ${aliceIp6}");
$carol->succeed("ping -c 1 ${bobIp6}");
$carol->fail("journalctl -u dhcpcd | grep ygg0");
$alice->waitForUnit("httpd.service");
$carol->succeed("curl --fail -g http://[${aliceIp6}]");
'';
})
71 pkgs/applications/accessibility/contrast/default.nix
View file
@@ -0,0 +1,71 @@
{ stdenv
, fetchFromGitLab
, cairo
, dbus
, desktop-file-utils
, gettext
, glib
, gtk3
, libhandy
, meson
, ninja
, pango
, pkgconfig
, python3
, rustc
, rustPlatform
, wrapGAppsHook
}:

rustPlatform.buildRustPackage rec {
pname = "contrast";
version = "0.0.2";

src = fetchFromGitLab {
domain = "gitlab.gnome.org";
group = "World";
owner = "design";
repo = "contrast";
rev = version;
sha256 = "0rm705zrk9rfv31pwbqxrswi5v6vhnghxa8dgxjmcrh00l8dm6j9";
};

cargoSha256 = "06vgc89d93fhjcyy9d1v6lf8kr34pl5bbpwbv2jpfahpj9y84bgj";

nativeBuildInputs = [
desktop-file-utils
gettext
meson
ninja
pkgconfig
python3
wrapGAppsHook
];

buildInputs = [
cairo
dbus
glib
gtk3
libhandy
pango
];

postPatch = ''
patchShebangs build-aux/meson_post_install.py
'';

# Don't use buildRustPackage phases, only use it for rust deps setup
configurePhase = null;
buildPhase = null;
checkPhase = null;
installPhase = null;

meta = with stdenv.lib; {
description = "Checks whether the contrast between two colors meet the WCAG requirements";
homepage = https://gitlab.gnome.org/World/design/contrast;
license = licenses.gpl3;
maintainers = with maintainers; [ jtojnar ];
};
}

28 pkgs/applications/audio/bsequencer/default.nix
View file
@@ -0,0 +1,28 @@
{ stdenv, fetchFromGitHub, xorg, cairo, lv2, pkgconfig }:

stdenv.mkDerivation rec {
pname = "BSEQuencer";
version = "0.4";

src = fetchFromGitHub {
owner = "sjaehn";
repo = pname;
rev = "v${version}";
sha256 = "0c3bm2z6z2bjjv1cy50383zr81h99rcb2frmxad0r7lhi27mjyqn";
};

nativeBuildInputs = [ pkgconfig ];
buildInputs = [
xorg.libX11 cairo lv2
];

installFlags = [ "PREFIX=$(out)" ];

meta = with stdenv.lib; {
homepage = https://github.com/sjaehn/BSEQuencer;
description = "Multi channel MIDI step sequencer LV2 plugin";
maintainers = [ maintainers.magnetophon ];
platforms = platforms.linux;
license = licenses.gpl3;
};
}
28 pkgs/applications/audio/bshapr/default.nix
View file
@@ -0,0 +1,28 @@
{ stdenv, fetchFromGitHub, xorg, cairo, lv2, pkgconfig }:

stdenv.mkDerivation rec {
pname = "BShapr";
version = "0.4";

src = fetchFromGitHub {
owner = "sjaehn";
repo = pname;
rev = "v${version}";
sha256 = "02b4wdfhr9y7z2k6ls086gv3vz4sjf7b1k8ryh573bzd8nr4896v";
};

nativeBuildInputs = [ pkgconfig ];
buildInputs = [
xorg.libX11 cairo lv2
];

installFlags = [ "PREFIX=$(out)" ];

meta = with stdenv.lib; {
homepage = https://github.com/sjaehn/BShapr;
description = "Beat / envelope shaper LV2 plugin";
maintainers = [ maintainers.magnetophon ];
platforms = platforms.linux;
license = licenses.gpl3;
};
}
28 pkgs/applications/audio/bslizr/default.nix
View file
@@ -0,0 +1,28 @@
{ stdenv, fetchFromGitHub, xorg, cairo, lv2, pkgconfig }:

stdenv.mkDerivation rec {
pname = "BSlizr";
version = "1.2.0";

src = fetchFromGitHub {
owner = "sjaehn";
repo = pname;
rev = "${version}";
sha256 = "1xqhpppfj47nzmyksbqgfvvi5j807g96hqla544w2f752zz4yi0s";
};

nativeBuildInputs = [ pkgconfig ];
buildInputs = [
xorg.libX11 cairo lv2
];

installFlags = [ "PREFIX=$(out)" ];

meta = with stdenv.lib; {
homepage = https://github.com/sjaehn/BSlizr;
description = "Sequenced audio slicing effect LV2 plugin (step sequencer effect)";
maintainers = [ maintainers.magnetophon ];
platforms = platforms.linux;
license = licenses.gpl3;
};
}
7 pkgs/applications/audio/lollypop/default.nix
View file
@@ -19,7 +19,7 @@

python3.pkgs.buildPythonApplication rec {
pname = "lollypop";
version = "1.1.4.16";
version = "1.2.2";

format = "other";
doCheck = false;
@@ -28,7 +28,7 @@ python3.pkgs.buildPythonApplication rec {
url = "https://gitlab.gnome.org/World/lollypop";
rev = "refs/tags/${version}";
fetchSubmodules = true;
sha256 = "1azfxc1vc1j4ph0zrfsgz2gac1vwmbj65j6wjlxx3nr8kia4mccl";
sha256 = "02dgp3b10yaw0yqzdzd15msjgxayvjkg9m652is0d7rwgjq1pk6v";
};

nativeBuildInputs = [
@@ -42,7 +42,6 @@ python3.pkgs.buildPythonApplication rec {
];

buildInputs = with gst_all_1; [
gobject-introspection
gst-libav
gst-plugins-bad
gst-plugins-base
@@ -73,6 +72,8 @@ python3.pkgs.buildPythonApplication rec {
wrapPythonProgramsIn $out/libexec "$out $propagatedBuildInputs"
'';

strictDeps = false;

# Produce only one wrapper using wrap-python passing
# gappsWrapperArgs to wrap-python additional wrapper
# argument
4 pkgs/applications/audio/mpg123/default.nix
View file
@@ -3,11 +3,11 @@
}:

stdenv.mkDerivation rec {
name = "mpg123-1.25.11";
name = "mpg123-1.25.12";

src = fetchurl {
url = "mirror://sourceforge/mpg123/${name}.tar.bz2";
sha256 = "1cpal2zsm3zgi6f48vvwpg6wgkv42ndi7lk3zsg7sz52z83k61nz";
sha256 = "1l9iwwgqzw6yg5zk9pqmlbfyq6d8dqysbmj0j3m8dyrxd34wgzhz";
};

buildInputs = stdenv.lib.optional (!stdenv.isDarwin) alsaLib;
4 pkgs/applications/audio/openmpt123/default.nix
View file
@@ -2,14 +2,14 @@
, usePulseAudio ? config.pulseaudio or false, libpulseaudio }:

let
version = "0.4.1";
version = "0.4.9";
in stdenv.mkDerivation {
pname = "openmpt123";
inherit version;

src = fetchurl {
url = "https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-${version}+release.autotools.tar.gz";
sha256 = "1k1m1adjh4s2q9lxgkf836k5243akxrzq1hsdjhrkg4idd3pxzp4";
sha256 = "02kjwwh9d9i4rnfzqzr18pvcklc46yrs9mvdmjqx7kxg3c28hkqm";
};

enableParallelBuilding = true;
4 pkgs/applications/audio/qtractor/default.nix
View file
@@ -5,11 +5,11 @@

stdenv.mkDerivation rec {
pname = "qtractor";
version = "0.9.9";
version = "0.9.10";

src = fetchurl {
url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz";
sha256 = "0qlbccdxyfy0f09y6qg1xkg12fm67bf2f2c27c22cg8lzk9ang5j";
sha256 = "00fj762qdna4bm8hshdhkwfa48s01bi5sk4f030rfk77mivl09jk";
};

nativeBuildInputs = [
8 pkgs/applications/audio/spotify-tui/default.nix
View file
@@ -2,16 +2,18 @@

rustPlatform.buildRustPackage rec {
pname = "spotify-tui";
version = "0.6.2";
version = "0.8.0";

src = fetchFromGitHub {
owner = "Rigellute";
repo = "spotify-tui";
rev = "v${version}";
sha256 = "0ksrdavnvjpph7h0lcc2hvxhygfbn0dmsabq2ilslvpa80ph2c53";
sha256 = "0pgmcld48sd34jpsc4lr8dbqs8iwk0xp9aa3b15m61mv3lf04qc6";
};

cargoSha256 = "029g80mcqvmckszpbzm4hxs5w63n41ah4rc1b93i9c1nzvncd811";
cargoSha256 = "1rb4dl9zn3xx2yrapx5cfsli93ggmdq8w9fqi8cy8giyja1mnqfl";

cargoPatches = [ ./fix-cargo-lock-version.patch ];

nativeBuildInputs = [ pkgconfig ];
buildInputs = [ openssl ]
13 pkgs/applications/audio/spotify-tui/fix-cargo-lock-version.patch
View file
@@ -0,0 +1,13 @@
diff --git i/Cargo.lock w/Cargo.lock
index e1eae72..e004898 100644
--- i/Cargo.lock
+++ w/Cargo.lock
@@ -1310,7 +1310,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"

[[package]]
name = "spotify-tui"
-version = "0.7.5"
+version = "0.8.0"
dependencies = [
"backtrace 0.3.40 (registry+https://github.com/rust-lang/crates.io-index)",
"clap 2.33.0 (registry+https://github.com/rust-lang/crates.io-index)",
10 pkgs/applications/audio/strawberry/default.nix
View file
@@ -35,13 +35,13 @@

mkDerivation rec {
pname = "strawberry";
version = "0.6.3";
version = "0.6.5";

src = fetchFromGitHub {
owner = "jonaski";
repo = pname;
rev = version;
sha256 = "01j5jzzicy895kg9sjy46lbcm5kvf3642d3q5wwb2fyvyq1fbcv0";
sha256 = "1kqx0q99n1p5pm6skvqjihz11byhxdid1qw6gqp67dh2na62z1lm";
};

buildInputs = [
@@ -89,9 +89,11 @@ mkDerivation rec {

meta = with lib; {
description = "Music player and music collection organizer";
license = licenses.gpl2;
homepage = "https://www.strawberrymusicplayer.org/";
changelog = "https://raw.githubusercontent.com/jonaski/strawberry/${version}/Changelog";
license = licenses.gpl3;
maintainers = with maintainers; [ peterhoeg ];
# upstream says darwin should work but they lack maintainers as of 0.6.3
# upstream says darwin should work but they lack maintainers as of 0.6.5
platforms = platforms.linux;
};
}
56 pkgs/applications/audio/tomahawk/default.nix
View file

This file was deleted.

54 pkgs/applications/audio/vcv-rack/default.nix
View file
@@ -7,16 +7,11 @@ let
name = "glfw-git-${version}";
version = "2019-06-30";
src = fetchFromGitHub {
owner = "AndrewBelt";
owner = "glfw";
repo = "glfw";
rev = "d9ab59efc781c392128a449361a381fcc93cf6f3";
sha256 = "1ykkq6qq8y6j5hlfj2zp1p87kr33vwhywziprz20v5avx1q7rjm8";
rev = "d25248343e248337284dfbe5ecd1eddbd37ae66d";
sha256 = "0gbz353bfmqbpm0af2nqf5draz3k4f3lqwiqj68s8nwn7878aqm3";
};
# We patch the source to export a function that was added to the glfw fork
# for Rack so it is present when we build glfw as a shared library.
# See https://github.com/AndrewBelt/glfw/pull/1 for discussion of this issue
# with upstream.
patches = [ ./glfw.patch ];
buildInputs = oldAttrs.buildInputs ++ [ libXext libXi ];
});
pfft-source = fetchFromBitbucket {
@@ -25,6 +20,30 @@ let
rev = "29e4f76ac53bef048938754f32231d7836401f79";
sha256 = "084csgqa6f1a270bhybjayrh3mpyi2jimc87qkdgsqcp8ycsx1l1";
};
nanovg-source = fetchFromGitHub {
owner = "memononen";
repo = "nanovg";
rev = "1f9c8864fc556a1be4d4bf1d6bfe20cde25734b4";
sha256 = "08r15zrr6p1kxigxzxrg5rgya7wwbdx7d078r362qbkmws83wk27";
};
nanosvg-source = fetchFromGitHub {
owner = "memononen";
repo = "nanosvg";
rev = "25241c5a8f8451d41ab1b02ab2d865b01600d949";
sha256 = "114qgfmazsdl53rm4pgqif3gv8msdmfwi91lyc2jfadgzfd83xkg";
};
osdialog-source = fetchFromGitHub {
owner = "AndrewBelt";
repo = "osdialog";
rev = "e5db5de6444f4b2c4e1390c67b3efd718080c3da";
sha256 = "0iqxn1md053nl19hbjk8rqsdcmjwa5l5z0ci4fara77q43rc323i";
};
oui-blendish-source = fetchFromGitHub {
owner = "AndrewBelt";
repo = "oui-blendish";
rev = "79ec59e6bc7201017fc13a20c6e33380adca1660";
sha256 = "17kd0lh2x3x12bxkyhq6z8sg6vxln8m9qirf0basvcsmylr6rb64";
};
in
with stdenv.lib; stdenv.mkDerivation rec {
pname = "VCV-Rack";
@@ -34,17 +53,26 @@ with stdenv.lib; stdenv.mkDerivation rec {
owner = "VCVRack";
repo = "Rack";
rev = "v${version}";
sha256 = "172v66v2vb6l9dpsq6fb6xn035igwhpjci8w3kz2na3rvmz1bc5w";
fetchSubmodules = true;
sha256 = "1g3mkghgiycbxyvzjhanc1b10jynkfkw03bpnha06qgd6gd9wv7k";
};

patches = [ ./rack-minimize-vendoring.patch ];
patches = [
./rack-minimize-vendoring.patch
# We patch out a call to a custom function, that is not needed on Linux.
# This avoids needing a patched version of glfw. The version we previously used disappeared
# on GitHub. See https://github.com/NixOS/nixpkgs/issues/71189
./remove-custom-glfw-function.patch
];

prePatch = ''
cp -r ${pfft-source} dep/jpommier-pffft-source
mkdir -p dep/include
cp -r ${pfft-source} dep/jpommier-pffft-source
cp -r ${nanovg-source}/* dep/nanovg
cp -r ${nanosvg-source}/* dep/nanosvg
cp -r ${osdialog-source}/* dep/osdialog
cp -r ${oui-blendish-source}/* dep/oui-blendish
cp dep/jpommier-pffft-source/*.h dep/include
cp dep/nanosvg/**/*.h dep/include
cp dep/nanovg/src/*.h dep/include
13 pkgs/applications/audio/vcv-rack/glfw.patch
View file

This file was deleted.

16 pkgs/applications/audio/vcv-rack/remove-custom-glfw-function.patch
View file
@@ -0,0 +1,16 @@
diff --git a/src/main.cpp b/src/main.cpp
index 0954ae6..a8299f7 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -162,11 +162,6 @@ int main(int argc, char* argv[]) {
INFO("Initializing app");
appInit();

- const char* openedFilename = glfwGetOpenedFilename();
- if (openedFilename) {
- patchPath = openedFilename;
- }
-
if (!settings::headless) {
APP->patch->init(patchPath);
}
4 pkgs/applications/audio/x42-plugins/default.nix
View file
@@ -3,12 +3,12 @@
, libGLU, lv2, gtk2, cairo, pango, fftwFloat, zita-convolver }:

stdenv.mkDerivation rec {
version = "20190820";
version = "20191013";
pname = "x42-plugins";

src = fetchurl {
url = "https://gareus.org/misc/x42-plugins/${pname}-${version}.tar.xz";
sha256 = "0dqsa5yxm3nx50j9k28iillj4sx2mjndzyspymxx0ghir1qmi4vh";
sha256 = "18kn1bmc0s6dp834kc51ibifzzn3bxwya4p8s8yq9f4mpmkghi24";
};

nativeBuildInputs = [ pkgconfig ];
11 pkgs/applications/blockchains/clightning.nix
View file
@@ -1,19 +1,19 @@
{ stdenv, python3, pkgconfig, which, libtool, autoconf, automake,
autogen, sqlite, gmp, zlib, fetchurl, unzip, fetchpatch }:
autogen, sqlite, gmp, zlib, fetchurl, unzip, fetchpatch, gettext }:

with stdenv.lib;
stdenv.mkDerivation rec {
pname = "clightning";
version = "0.7.2.1";
version = "0.7.3";

src = fetchurl {
url = "https://github.com/ElementsProject/lightning/releases/download/v${version}/clightning-v${version}.zip";
sha256 = "3be716948efc1208b5e6a41e3034e4e4eecc5abbdac769fd1d999a104ac3a2ec";
sha256 = "ef2193940146d1b8ff0cc03602842c4d81db9ca6a5e73927e4f8932715e931a4";
};

enableParallelBuilding = true;

nativeBuildInputs = [ autoconf autogen automake libtool pkgconfig which unzip ];
nativeBuildInputs = [ autoconf autogen automake libtool pkgconfig which unzip gettext ];
buildInputs =
let py3 = python3.withPackages (p: [ p.Mako ]);
in [ sqlite gmp zlib py3 ];
@@ -28,7 +28,8 @@ stdenv.mkDerivation rec {
patchShebangs \
tools/generate-wire.py \
tools/update-mocks.sh \
tools/mockup.sh
tools/mockup.sh \
devtools/sql-rewrite.py
'';

doCheck = false;
3 pkgs/applications/blockchains/go-ethereum.nix
View file
@@ -10,9 +10,6 @@ buildGoPackage rec {
propagatedBuildInputs =
stdenv.lib.optionals stdenv.isDarwin [ libobjc IOKit ];

# Fixes Cgo related build failures (see https://github.com/NixOS/nixpkgs/issues/25959 )
hardeningDisable = [ "fortify" ];

src = fetchFromGitHub {
owner = "ethereum";
repo = pname;
6 pkgs/applications/blockchains/jormungandr/default.nix
View file
@@ -10,16 +10,16 @@

rustPlatform.buildRustPackage rec {
pname = "jormungandr";
version = "0.6.5";
version = "0.7.0-rc3";

src = fetchgit {
url = "https://github.com/input-output-hk/${pname}";
rev = "v${version}";
sha256 = "16s6ks63194w35xlgzbhjdb3h606hkj049bap52sd6qf637bw2p7";
sha256 = "09hfmzgz1imz22w27c0aal6v7m4yfivh0sk63mawcd4m7sa6045c";
fetchSubmodules = true;
};

cargoSha256 = "1kba65rnm2vyqsjhcnfwy1m44x1w3xxlzinykmb89jy6qr8gvp42";
cargoSha256 = "0syfwykwzfm9nqpna0qrmjiv4dp0rxxbpxv8qawq9ivs9z8fbq2m";

nativeBuildInputs = [ pkgconfig protobuf ];
buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security ];
8 pkgs/applications/editors/android-studio/default.nix
View file
@@ -12,12 +12,16 @@ let
build = "191.5900203";
sha256Hash = "0afxlif8pkrl6m1lhiqri1qv4vf5mfm1yg6qk5rad0442hm3kz4l";
};
betaVersion = latestVersion;
latestVersion = { # canary & dev
betaVersion = {
version = "3.6.0.13"; # "Android Studio 3.6 Beta 1"
build = "192.5916306";
sha256Hash = "0kvz3mgpfb3wqr1pw9847d5syswlzls3b4nilzgk6w127k2zmkfy";
};
latestVersion = { # canary & dev
version = "4.0.0.1"; # "Android Studio 4.0 Canary 1"
build = "192.5959023";
sha256Hash = "1d9hvyk0wnfiip1612ci4sbw58rq93cyy026cx6s33rvjk3cwfrl";
};
in {
# Attributes are named by their corresponding release channels

56 pkgs/applications/editors/emacs-modes/melpa-packages.nix
View file
@@ -394,52 +394,22 @@ env NIXPKGS_ALLOW_BROKEN=1 nix-instantiate --show-trace ../../../../ -A emacsPac
(attrs.nativeBuildInputs or []) ++ [ external.git ];
});

vterm = let
emacsSources = pkgs.stdenv.mkDerivation {
name = self.emacs.name + "-sources";
src = self.emacs.src;

dontConfigure = true;
dontBuild = true;
doCheck = false;
fixupPhase = ":";

installPhase = ''
mkdir -p $out
cp -a * $out
'';

};

libvterm = pkgs.libvterm-neovim.overrideAttrs(old: rec {
pname = "libvterm-neovim";
version = "2019-04-27";
name = pname + "-" + version;
src = pkgs.fetchFromGitHub {
owner = "neovim";
repo = "libvterm";
rev = "89675ffdda615ffc3f29d1c47a933f4f44183364";
sha256 = "0l9ixbj516vl41v78fi302ws655xawl7s94gmx1kb3fmfgamqisy";
};
});

in pkgs.stdenv.mkDerivation {
inherit (super.vterm) name version src;

nativeBuildInputs = [ pkgs.cmake ];
buildInputs = [ self.emacs libvterm ];

vterm = super.vterm.overrideAttrs(old: {
buildInputs = old.buildInputs ++ [ self.emacs pkgs.cmake pkgs.libvterm-neovim ];
cmakeFlags = [
"-DEMACS_SOURCE=${emacsSources}"
"-DUSE_SYSTEM_LIBVTERM=True"
"-DEMACS_SOURCE=${self.emacs.src}"
"-DUSE_SYSTEM_LIBVTERM=ON"
];

installPhase = ''
install -d $out/share/emacs/site-lisp
install ../*.el $out/share/emacs/site-lisp
install ../*.so $out/share/emacs/site-lisp
# we need the proper out directory to exist, so we do this in the
# postInstall instead of postBuild
postInstall = ''
pushd source/build >/dev/null
make
install -m444 -t $out/share/emacs/site-lisp/elpa/vterm-** ../*.so
popd > /dev/null
rm -rf $out/share/emacs/site-lisp/elpa/vterm-**/{CMake*,build,*.c,*.h}
'';
};
});
# Legacy alias
emacs-libvterm = unstable.vterm;

4,353 pkgs/applications/editors/emacs-modes/recipes-archive-melpa.json
View file

Large diffs are not rendered by default.

17 pkgs/applications/editors/music/tuxguitar/default.nix
View file
@@ -1,12 +1,12 @@
{ stdenv, fetchurl, swt, jdk, makeWrapper, alsaLib }:
{ stdenv, fetchurl, swt, jdk, makeWrapper, alsaLib, jack2, fluidsynth, libpulseaudio }:

let metadata = assert stdenv.hostPlatform.system == "i686-linux" || stdenv.hostPlatform.system == "x86_64-linux";
if stdenv.hostPlatform.system == "i686-linux" then
{ arch = "x86"; sha256 = "1qmb51k0538pn7gv4nsvhfv33xik4l4af0qmpllkzrikmj8wvzlb"; }
{ arch = "x86"; sha256 = "27675c358db237df74d20e8676000c25a87b9de0bb0a6d1c325e8d6db807d296"; }
else
{ arch = "x86_64"; sha256 = "12af47jhlrh9aq5b3d13l7cdhlndgnfpy61gz002hajbq7i00ixh"; };
{ arch = "x86_64"; sha256 = "298555a249adb3ad72f3aef72a124e30bfa01cd069c7b5d152a738140e7903a2"; };
in stdenv.mkDerivation rec {
version = "1.2";
version = "1.5.2";
pname = "tuxguitar";

src = fetchurl {
@@ -18,15 +18,16 @@ in stdenv.mkDerivation rec {

installPhase = ''
mkdir -p $out/bin
cp -r lib share $out/
cp tuxguitar $out/bin/tuxguitar
cp tuxguitar.jar $out/lib
cp -r dist lib share $out/
cp tuxguitar.sh $out/bin/tuxguitar
ln -s $out/dist $out/bin/dist
ln -s $out/lib $out/bin/lib
ln -s $out/share $out/bin/share
wrapProgram $out/bin/tuxguitar \
--set JAVA "${jdk}/bin/java" \
--prefix LD_LIBRARY_PATH : "$out/lib/:${stdenv.lib.makeLibraryPath [ swt alsaLib ]}" \
--prefix LD_LIBRARY_PATH : "$out/lib/:${stdenv.lib.makeLibraryPath [ swt alsaLib jack2 fluidsynth libpulseaudio ]}" \
--prefix CLASSPATH : "${swt}/jars/swt.jar:$out/lib/tuxguitar.jar:$out/lib/itext.jar"
'';

35 pkgs/applications/editors/texmacs/default.nix
View file
@@ -1,7 +1,13 @@
{ stdenv, callPackage,
fetchurl, guile_1_8, qt4, xmodmap, which, makeWrapper, freetype,
libjpeg,
sqlite,
tex ? null,
aspell ? null,
git ? null,
python3 ? null,
cmake,
pkgconfig,
ghostscriptX ? null,
extraFonts ? false,
chineseFonts ? false,
@@ -10,7 +16,7 @@

let
pname = "TeXmacs";
version = "1.99.2";
version = "1.99.10";
common = callPackage ./common.nix {
inherit tex extraFonts chineseFonts japaneseFonts koreanFonts;
};
@@ -19,17 +25,38 @@ stdenv.mkDerivation {
name = "${pname}-${version}";

src = fetchurl {
url = "http://www.texmacs.org/Download/ftp/tmftp/source/TeXmacs-${version}-src.tar.gz";
sha256 = "0l48g9746igiaxw657shm8g3xxk565vzsviajlrxqyljbh6py0fs";
url = "https://www.texmacs.org/Download/ftp/tmftp/source/TeXmacs-${version}-src.tar.gz";
sha256 = "1k12bkcik7mv93q0j7q3b77x8s6rmvlb23s3v7nnzdwjxlp5lph2";
};

buildInputs = [ guile_1_8 qt4 makeWrapper ghostscriptX freetype ];
cmakeFlags = [
# Texmacs' cmake build as of writing defaults to Qt5,
# but we haven't updated to that yet.
"-DTEXMACS_GUI=Qt4"
];

enableParallelBuilding = true;

nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = [
guile_1_8
qt4
makeWrapper
ghostscriptX
freetype
libjpeg
sqlite
git
python3
];
NIX_LDFLAGS = [ "-lz" ];

postInstall = "wrapProgram $out/bin/texmacs --suffix PATH : " +
(if ghostscriptX == null then "" else "${ghostscriptX}/bin:") +
(if aspell == null then "" else "${aspell}/bin:") +
(if tex == null then "" else "${tex}/bin:") +
(if git == null then "" else "${git}/bin:") +
(if python3 == null then "" else "${python3}/bin:") +
"${xmodmap}/bin:${which}/bin";

inherit (common) postPatch;
4 pkgs/applications/editors/tiled/default.nix
View file
@@ -3,13 +3,13 @@

mkDerivation rec {
pname = "tiled";
version = "1.2.4";
version = "1.2.5";

src = fetchFromGitHub {
owner = "bjorn";
repo = pname;
rev = "v${version}";
sha256 = "18a0pkq8j20v1njrl0sswm0ch10c6c4fas7q9kk2d2fd610ga6gh";
sha256 = "0sz8klz0nz60dhvz7pdn44zwr9q578pq50sxsbynz7irhrv02b52";
};

nativeBuildInputs = [ pkgconfig qmake ];
4 pkgs/applications/editors/vim/common.nix
View file
@@ -1,12 +1,12 @@
{ lib, fetchFromGitHub }:
rec {
version = "8.1.1967";
version = "8.1.2188";

src = fetchFromGitHub {
owner = "vim";
repo = "vim";
rev = "v${version}";
sha256 = "0cdfi67jwv8j982i1jxdfqv4aqglig8f0hzadgygk69i0wwkymwk";
sha256 = "0ixq96l991b84sj66v63ds61yr75gx5zz411213yn6bz3s2fvlcv";
};

enableParallelBuilding = true;
9 pkgs/applications/gis/openorienteering-mapper/default.nix
View file
@@ -4,7 +4,7 @@

stdenv.mkDerivation rec {
pname = "OpenOrienteering-Mapper";
version = "0.8.4";
version = "0.9.0";

buildInputs = [ gdal qtbase qttools qtlocation qtimageformats
qtsensors clipper zlib proj doxygen cups];
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
owner = "OpenOrienteering";
repo = "mapper";
rev = "v${version}";
sha256 = "0rw34kp2vd1la97vnk9plwvis6lvyib2bvs7lgkhpnm4p5l7dp1g";
sha256 = "0wnxj2xf529941dwss6ygb1krfx18lzl6rf67060b0zndc7n6l8f";
};

cmakeFlags =
@@ -40,9 +40,6 @@ stdenv.mkDerivation rec {
"-DMapper_PACKAGE_GDAL=0"
]);

# Needs to be available when proj_api.h gets evaluted by CPP
NIX_CFLAGS_COMPILE = [ "-DACCEPT_USE_OF_DEPRECATED_PROJ_API_H" ];

postInstall =
stdenv.lib.optionalString stdenv.isDarwin ''
# Fixes "This application failed to start because it could not find or load the Qt
@@ -60,6 +57,6 @@ stdenv.mkDerivation rec {
homepage = https://www.openorienteering.org/apps/mapper/;
license = licenses.gpl3;
platforms = with platforms; linux ++ darwin;
maintainers = with maintainers; [mpickering];
maintainers = with maintainers; [ mpickering sikmir ];
};
}
4 pkgs/applications/gis/qgis/unwrapped.nix
View file
@@ -10,15 +10,15 @@ let
[ qscintilla-qt5 gdal jinja2 numpy psycopg2
chardet dateutil pyyaml pytz requests urllib3 pygments pyqt5 sip owslib six ];
in mkDerivation rec {
version = "3.8.3";
version = "3.10.0";
pname = "qgis";
name = "${pname}-unwrapped-${version}";

src = fetchFromGitHub {
owner = "qgis";
repo = "QGIS";
rev = "final-${lib.replaceStrings ["."] ["_"] version}";
sha256 = "16axjih48qn8ri3p71d8f7k0y3rd05wghmg1fcbyda871b45b2f8";
sha256 = "0qq4dznxxbpj8b4ypkz7dixc0b0v6rmf3c5hs4m3ka3rzck8jsqc";
};

passthru = {
4 pkgs/applications/graphics/drawio/default.nix
View file
@@ -11,11 +11,11 @@

stdenv.mkDerivation rec {
pname = "drawio";
version = "12.1.0";
version = "12.1.7";

src = fetchurl {
url = "https://github.com/jgraph/drawio-desktop/releases/download/v${version}/draw.io-x86_64-${version}.rpm";
sha256 = "02gwhnbl9fzgf1z8c9bkm3rxzyncp7v57yqc322r85vg0wxir3f8";
sha256 = "1vac0cz99yjlz7b186wyy4wk4sxkvlirpjmh3vw65xaxamn8spn3";
};

nativeBuildInputs = [
53 pkgs/applications/graphics/tev/default.nix
View file
@@ -0,0 +1,53 @@
{ stdenv, fetchFromGitHub
, cmake, wrapGAppsHook
, libX11, xorg, libzip, glfw, gnome3
}:

stdenv.mkDerivation rec {
pname = "tev";
version = "1.13";

src = fetchFromGitHub {
owner = "Tom94";
repo = pname;
rev = "v${version}";
fetchSubmodules = true;
sha256 = "0c8md6yv1q449aszs05xfby6a2aiw8pac7x0zs169i5mpqrrbfa9";
};

nativeBuildInputs = [ cmake wrapGAppsHook ];
buildInputs = [ libX11 libzip glfw ]
++ (with xorg; [ libXrandr libXinerama libXcursor libXi libXxf86vm ]);

dontWrapGApps = true; # We also need zenity (see below)

postPatch = ''
substituteInPlace CMakeLists.txt \
--replace "/usr/" "''${out}/"
'';

postInstall = ''
wrapProgram $out/bin/tev \
"''${gappsWrapperArgs[@]}" \
--prefix PATH ":" "${gnome3.zenity}/bin"
'';

meta = with stdenv.lib; {
description = "A high dynamic range (HDR) image comparison tool";
longDescription = ''
A high dynamic range (HDR) image comparison tool for graphics people. tev
allows viewing images through various tonemapping operators and inspecting
the values of individual pixels. Often, it is important to find exact
differences between pairs of images. For this purpose, tev allows rapidly
switching between opened images and visualizing various error metrics (L1,
L2, and relative versions thereof). To avoid clutter, opened images and
their layers can be filtered by keywords.
While the predominantly supported file format is OpenEXR certain other
types of images can also be loaded.
'';
inherit (src.meta) homepage;
license = licenses.bsd3;
platforms = platforms.unix;
maintainers = with maintainers; [ primeos ];
};
}
4 pkgs/applications/graphics/yed/default.nix
View file
@@ -2,11 +2,11 @@

stdenv.mkDerivation rec {
pname = "yEd";
version = "3.19";
version = "3.19.1";

src = fetchzip {
url = "https://www.yworks.com/resources/yed/demo/${pname}-${version}.zip";
sha256 = "0l70pc7wl2ghfkjab9w2mbx7crwha7xwkrpmspsi5c6q56dw7s33";
sha256 = "19bnzpwszfrlpi5ssgfsv29gdmfj7pvxad9z8fdjf9k61187dgqj";
};

nativeBuildInputs = [ makeWrapper unzip ];
8 pkgs/applications/misc/1password/default.nix
View file
@@ -2,24 +2,24 @@

stdenv.mkDerivation rec {
pname = "1password";
version = "0.6.2";
version = "0.7.0";
src =
if stdenv.hostPlatform.system == "i686-linux" then
fetchzip {
url = "https://cache.agilebits.com/dist/1P/op/pkg/v${version}/op_linux_386_v${version}.zip";
sha256 = "08ha4qr064jyivsp8z3q2cwmmm6klqyicc1i9vpf7zd9xmmx72rd";
sha256 = "1lhp0ws543855rvpvh84rjvyi471259lg618cciqj8j6k04ls1g0";
stripRoot = false;
}
else if stdenv.hostPlatform.system == "x86_64-linux" then
fetchzip {
url = "https://cache.agilebits.com/dist/1P/op/pkg/v${version}/op_linux_amd64_v${version}.zip";
sha256 = "1fjhn1k9h6rlrgin5czvpig8h70dh14i5k20g77jvxq24bf0sn9m";
sha256 = "1sjv5qrc80fk9yz0cn2yj0cdm47ab3ch8n9hzj9hv9d64gjv4w8n";
stripRoot = false;
}
else if stdenv.hostPlatform.system == "x86_64-darwin" then
fetchzip {
url = "https://cache.agilebits.com/dist/1P/op/pkg/v${version}/op_darwin_amd64_v${version}.zip";
sha256 = "1x7pj41a4wra3ws09cyc063ai5isf12qbkm2hxiiiq5glnacpvpl";
sha256 = "1hnixmq7mrc6ky79k3s61vv89v4qhkm31kyni3rscibfrab0r8ir";
stripRoot = false;
}
else throw "Architecture not supported";
4 pkgs/applications/misc/buku/default.nix
View file
@@ -18,7 +18,7 @@ with python3.pkgs; buildPythonApplication rec {
pylint
flake8
pyyaml
mypy_extensions
mypy-extensions
];

propagatedBuildInputs = [
@@ -54,6 +54,8 @@ with python3.pkgs; buildPythonApplication rec {
--replace "@pytest.mark.slowtest" "@unittest.skip('skipping')" \
--replace "self.assertEqual(shorturl, 'http://tny.im/yt')" "" \
--replace "self.assertEqual(url, 'https://www.google.com')" ""
substituteInPlace setup.py \
--replace mypy-extensions==0.4.1 mypy-extensions>=0.4.1
'';

postInstall = ''
38 pkgs/applications/misc/calibre/default.nix
View file
@@ -1,16 +1,20 @@
{ stdenv, mkDerivation, fetchurl, poppler_utils, pkgconfig, libpng
{ lib, mkDerivation, fetchurl, poppler_utils, pkgconfig, libpng
, imagemagick, libjpeg, fontconfig, podofo, qtbase, qmake, icu, sqlite
, unrarSupport ? false, chmlib, python2Packages, libusb1, libmtp
, xdg_utils, makeDesktopItem, wrapGAppsHook, removeReferencesTo, qt5
, xdg_utils, makeDesktopItem, removeReferencesTo
}:

let
pypkgs = python2Packages;

in
mkDerivation rec {
pname = "calibre";
version = "3.47.1";
version = "3.48.0";

src = fetchurl {
url = "https://download.calibre-ebook.com/${version}/${pname}-${version}.tar.xz";
sha256 = "17lz6rawlv268vv8i5kj59rswsipq3c14066adaz1paw54zr62dk";
sha256 = "034m89h7j2088p324i1kya33dfldmqyynjxk3w98xiqkz7q2hi82";
};

patches = [
@@ -20,10 +24,10 @@ mkDerivation rec {
# - switches the version update from enabled to disabled by default
./no_updates_dialog.patch
# the unrar patch is not from debian
] ++ stdenv.lib.optional (!unrarSupport) ./dont_build_unrar_plugin.patch;
] ++ lib.optional (!unrarSupport) ./dont_build_unrar_plugin.patch;

prePatch = ''
sed -i "/pyqt_sip_dir/ s:=.*:= '${python2Packages.pyqt5_with_qtwebkit}/share/sip/PyQt5':" \
sed -i "/pyqt_sip_dir/ s:=.*:= '${pypkgs.pyqt5_with_qtwebkit}/share/sip/PyQt5':" \
setup/build_environment.py

# Remove unneeded files and libs
@@ -35,17 +39,21 @@ mkDerivation rec {

enableParallelBuilding = true;

nativeBuildInputs = [ pkgconfig qmake removeReferencesTo wrapGAppsHook ];
nativeBuildInputs = [ pkgconfig qmake removeReferencesTo ];

CALIBRE_PY3_PORT = builtins.toString pypkgs.isPy3k;

buildInputs = [
poppler_utils libpng imagemagick libjpeg
fontconfig podofo qtbase chmlib icu sqlite libusb1 libmtp xdg_utils
] ++ (with python2Packages; [
apsw cssselect css-parser dateutil dnspython html5-parser lxml mechanize netifaces pillow
] ++ (with pypkgs; [
apsw cssselect css-parser dateutil dnspython html5-parser lxml netifaces pillow
python pyqt5_with_qtwebkit sip
regex msgpack beautifulsoup4
regex msgpack beautifulsoup4 html2text
# the following are distributed with calibre, but we use upstream instead
odfpy
]) ++ lib.optionals (!pypkgs.isPy3k) (with pypkgs; [
mechanize
]);

installPhase = ''
@@ -60,8 +68,8 @@ mkDerivation rec {
export FC_LIB_DIR=${fontconfig.lib}/lib
export PODOFO_INC_DIR=${podofo.dev}/include/podofo
export PODOFO_LIB_DIR=${podofo.lib}/lib
export SIP_BIN=${python2Packages.sip}/bin/sip
${python2Packages.python.interpreter} setup.py install --prefix=$out
export SIP_BIN=${pypkgs.sip}/bin/sip
${pypkgs.python.interpreter} setup.py install --prefix=$out

PYFILES="$out/bin/* $out/lib/calibre/calibre/web/feeds/*.py
$out/lib/calibre/calibre/ebooks/metadata/*.py
@@ -111,7 +119,7 @@ mkDerivation rec {
genericName = "E-book library management";
icon = "@out@/share/calibre/images/library.png";
comment = "Manage, convert, edit, and read e-books";
mimeType = stdenv.lib.concatStringsSep ";" [
mimeType = lib.concatStringsSep ";" [
"application/x-mobipocket-subscription"
"application/vnd.openxmlformats-officedocument.wordprocessingml.document"
"text/html"
@@ -174,9 +182,9 @@ mkDerivation rec {
extraEntries = "NoDisplay=true";
};

meta = with stdenv.lib; {
meta = with lib; {
description = "Comprehensive e-book software";
homepage = https://calibre-ebook.com;
homepage = "https://calibre-ebook.com";
license = with licenses; if unrarSupport then unfreeRedistributable else gpl3;
maintainers = with maintainers; [ domenkozar pSub AndersonTorres ];
platforms = platforms.linux;
28 pkgs/applications/misc/cheat/default.nix
View file
@@ -1,36 +1,24 @@
{ stdenv, python3, fetchFromGitHub }:
{ stdenv, fetchFromGitHub, buildGoModule }:

with python3.pkgs;
buildPythonApplication rec {
buildGoModule rec {
pname = "cheat";
version = "2.5.1";

propagatedBuildInputs = [ docopt pygments termcolor ];
version = "3.0.3";

src = fetchFromGitHub {
owner = "chrisallenlane";
repo = "cheat";
rev = version;
sha256 = "1i543hvg1yizamfd83bawflfcb500hvc72i59ikck8j1hjk50hsl";
sha256 = "19w1admdcgld9vlc4fsyc5d9bi6rmwhr2x2ji43za2vjlk34hnnx";
};
# no tests available
doCheck = false;

postInstall = ''
install -D man1/cheat.1.gz $out/share/man/man1/cheat.1.gz
mv $out/${python3.sitePackages}/etc $out/
mv $out/${python3.sitePackages}/usr/share/* $out/share/
rm -r $out/${python3.sitePackages}/usr
'';
subPackages = [ "cmd/cheat" ];

makeWrapperArgs = [
"--suffix" "CHEAT_PATH" ":" "$out/share/cheat"
];
modSha256 = "189cqnfl403f4lk7g9v68mwk93ciglqli639dk4x9091lvn5gq5q";

meta = with stdenv.lib; {
description = "cheat allows you to create and view interactive cheatsheets on the command-line";
description = "Create and view interactive cheatsheets on the command-line";
maintainers = with maintainers; [ mic92 ];
license = with licenses; [ gpl3 mit ];
homepage = https://github.com/chrisallenlane/cheat;
homepage = "https://github.com/chrisallenlane/cheat";
};
}
28 pkgs/applications/misc/cherrytree/default.nix
View file
@@ -1,8 +1,6 @@
{ stdenv, fetchurl, pythonPackages, gettext }:

with stdenv.lib;
stdenv.mkDerivation rec {
{ lib, fetchurl, pythonPackages, gettext }:

pythonPackages.buildPythonApplication rec {
pname = "cherrytree";
version = "0.38.9";

@@ -11,26 +9,15 @@ stdenv.mkDerivation rec {
sha256 = "0xal09ijgxbzvp003s40xbrfnpq3ald1fw8nnpqq3yg7h6g6c5pw";
};

buildInputs = with pythonPackages;
[ python gettext wrapPython pygtk dbus-python pygtksourceview ];
nativeBuildInputs = [ gettext ];

pythonPath = with pythonPackages;
[ pygtk dbus-python pygtksourceview ];
propagatedBuildInputs = with pythonPackages; [ pygtk dbus-python pygtksourceview ];

patches = [ ./subprocess.patch ];

installPhase = ''
python setup.py install --prefix="$out"

for file in "$out"/bin/*; do
wrapProgram "$file" \
--prefix PYTHONPATH : "$(toPythonPath $out):$PYTHONPATH"
done
'';

doCheck = false;

meta = {
meta = with lib; {
description = "An hierarchical note taking application";
longDescription = ''
Cherrytree is an hierarchical note taking application,
@@ -42,9 +29,8 @@ stdenv.mkDerivation rec {
around your hard drive can be conveniently placed into a
Cherrytree document where you can easily find it.
'';
homepage = http://www.giuspen.com/cherrytree;
homepage = "http://www.giuspen.com/cherrytree";
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = [ maintainers.AndersonTorres ];
maintainers = with maintainers; [ AndersonTorres ];
};
}
4 pkgs/applications/misc/exercism/default.nix
View file
@@ -2,13 +2,13 @@

buildGoModule rec {
pname = "exercism";
version = "3.0.12";
version = "3.0.13";

src = fetchFromGitHub {
owner = "exercism";
repo = "cli";
rev = "v${version}";
sha256 = "1xvxcl7j5izx5lgmjd97zd28lg2sydwgbgn2cnisz5r0d27pj3ra";
sha256 = "17gvz9a0sn4p36hf4l77bxhhfipf4x998iay31layqwbnzmb4xy7";
};

modSha256 = "0pg0hxrr6jjd03wbjn5y65x02md3h352mnm1gr6vyiv7hn4ws14m";
8 pkgs/applications/misc/firestarter/default.nix
View file
@@ -1,21 +1,21 @@
{ stdenv, fetchFromGitHub, python3, cudatoolkit,
{ stdenv, fetchFromGitHub, glibc, python3, cudatoolkit,
withCuda ? true
}:

with stdenv.lib;
stdenv.mkDerivation rec {
pname = "firestarter";
version = "1.7.3";
version = "1.7.4";

src = fetchFromGitHub {
owner = "tud-zih-energy";
repo = "FIRESTARTER";
rev = "v${version}";
sha256 = "1gc7kmzx9nw22lyfmpyz72p974jf1hvw5nvszcaq7x6h8cz9ip15";
sha256 = "161mg0h1hvp6bxfjdhyfqrljvphys896mfd36254rbgzxm38ibi7";
};

nativeBuildInputs = [ python3 ];
buildInputs = optionals withCuda [ cudatoolkit ];
buildInputs = [ glibc.static ] ++ optionals withCuda [ cudatoolkit ];
preBuild = ''
mkdir -p build
cd build
4 pkgs/applications/misc/gpxsee/default.nix
View file
@@ -2,13 +2,13 @@

mkDerivation rec {
pname = "gpxsee";
version = "7.15";
version = "7.16";

src = fetchFromGitHub {
owner = "tumic0";
repo = "GPXSee";
rev = version;
sha256 = "036g17479nqy3kvy3dy3cn7yi7r57rsp28gkcay0qhf9h0az76p3";
sha256 = "1mkfhb2c9qafjpva600nyn6yik49l4q1k6id1xvrci37wsn6ijav";
};

nativeBuildInputs = [ qmake ];
6 pkgs/applications/misc/hubstaff/revision.json
View file
@@ -1,5 +1,5 @@
{
"url": "https://hubstaff-production.s3.amazonaws.com/downloads/HubstaffClient/Builds/Release/1.4.11-a12e5bad/Hubstaff-1.4.11-a12e5bad.sh",
"version": "1.4.11-a12e5bad",
"sha256": "0nqmw02spplqppvz2jniq5p5y69l8n5xp9wji4032kn4qsba33jn"
"url": "https://hubstaff-production.s3.amazonaws.com/downloads/HubstaffClient/Builds/Release/1.5.0-4309ed45/Hubstaff-1.5.0-4309ed45.sh",
"version": "1.5.0-4309ed45",
"sha256": "1rfxizb28b8r344d18jh6shfcxz35vx8vh10c3j6zdcc998zkcr1"
}
4 pkgs/applications/misc/keepassx/community.nix
View file
@@ -32,13 +32,13 @@ with stdenv.lib;

stdenv.mkDerivation rec {
pname = "keepassxc";
version = "2.4.3";
version = "2.5.0";

src = fetchFromGitHub {
owner = "keepassxreboot";
repo = "keepassxc";
rev = version;
sha256 = "1r63bl0cam04rps1bjr107qvwsmay4254nv00gwhh9n45s6cslac";
sha256 = "053z6mzcn22w3vkf09i7kdi5p0c6zcd9g62v3p5i3yhd14cgviqr";
};

NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.cc.isClang [
2 pkgs/applications/misc/lutris/chrootenv.nix
View file
@@ -29,7 +29,7 @@ in buildFHSUserEnv {

# Dolphin
bluez ffmpeg gettext portaudio wxGTK30 miniupnpc mbedtls lzo sfml gsm
wavpack gnutls-kdh orc nettle gmp pcre vulkan-loader
wavpack orc nettle gmp pcre vulkan-loader

# DOSBox
SDL_net SDL_sound
26 pkgs/applications/misc/mu-repo/default.nix
View file
@@ -0,0 +1,26 @@
{ lib, fetchFromGitHub, buildPythonApplication, pytest, git }:

buildPythonApplication rec {
pname = "mu-repo";
version = "1.8.0";

src = fetchFromGitHub {
owner = "fabioz";
repo = pname;
rev = with lib;
"mu_repo_" + concatStringsSep "_" (splitVersion version);
sha256 = "1dxfggzbhiips0ww2s93yba9842ycp0i3x2i8vvcx0vgicv3rv6f";
};

checkInputs = [ pytest git ];
# disable test which assumes it's a git repo
checkPhase = "py.test mu_repo --ignore=mu_repo/tests/test_checkout.py";

meta = with lib; {
description = "Tool to help in dealing with multiple git repositories";
homepage = "http://fabioz.github.io/mu-repo/";
license = licenses.gpl3;
platforms = platforms.unix;
maintainers = with maintainers; [ sikmir ];
};
}
1 pkgs/applications/misc/mupdf/default.nix
View file
@@ -64,6 +64,7 @@ in stdenv.mkDerivation rec {
EOF

moveToOutput "bin" "$bin"
ln -s "$bin/bin/mupdf-x11" "$bin/bin/mupdf"
mkdir -p $bin/share/applications
cat > $bin/share/applications/mupdf.desktop <<EOF
[Desktop Entry]
4 pkgs/applications/misc/pdfsam-basic/default.nix
View file
@@ -2,11 +2,11 @@

stdenv.mkDerivation rec {
pname = "pdfsam-basic";
version = "4.0.4";
version = "4.0.5";

src = fetchurl {
url = "https://github.com/torakiki/pdfsam/releases/download/v${version}/pdfsam_${version}-1_amd64.deb";
sha256 = "17lhzxlgr4l4dljy0b0avfrgbj9rsfzk1dzg0abqvld4w4igkqbq";
sha256 = "1znadsg65312h8yyxvj8k0c4pl3g9daif50vk50acwpblq49wm1v";
};

unpackPhase = ''
6 pkgs/applications/misc/qpdfview/default.nix
View file
@@ -22,8 +22,12 @@ mkDerivation {
src = fetchurl {
inherit (s) url sha256;
};

preConfigure = ''
qmakeFlags+=(*.pro)
'';

qmakeFlags = [
"*.pro"
"TARGET_INSTALL_PATH=${placeholder "out"}/bin"
"PLUGIN_INSTALL_PATH=${placeholder "out"}/lib/qpdfview"
"DATA_INSTALL_PATH=${placeholder "out"}/share/qpdfview"
4 pkgs/applications/misc/qtpass/default.nix
View file
@@ -5,13 +5,13 @@

mkDerivation rec {
pname = "qtpass";
version = "1.3.1";
version = "1.3.2";

src = fetchFromGitHub {
owner = "IJHack";
repo = "QtPass";
rev = "v${version}";
sha256 = "025sdk4fq71jgfs54zj7ssgvlci8vvjkqdckgbwz0nqrynlljy08";
sha256 = "0748hjvhjrybi33ci3c8hcr74k9pdrf5jv8npf9hrsrmdyy1kr9x";
};

buildInputs = [ git gnupg pass qtbase qtsvg ];
30 pkgs/applications/misc/wofi/default.nix
View file
@@ -0,0 +1,30 @@
{ stdenv, lib, fetchhg, pkg-config, wayland, gtk3 }:

stdenv.mkDerivation rec {
pname = "wofi";
version = "2019-10-28";

src = fetchhg {
url = "https://hg.sr.ht/~scoopta/wofi";
rev = "3fac708b2b541bb9927ec1b2389c4eb294e1b35b";
sha256 = "0sp9hqm1lv9wyxj8z7vazs25nvl6yznd5vfhmwb51axwkr79s2ym";
};

nativeBuildInputs = [ pkg-config ];
buildInputs = [ wayland gtk3 ];

sourceRoot = "hg-archive/Release";

installPhase = ''
mkdir -p $out/bin
cp wofi $out/bin/
'';

meta = with lib; {
description = "A launcher/menu program for wlroots based wayland compositors such as sway";
homepage = "https://hg.sr.ht/~scoopta/wofi";
license = licenses.gpl3;
maintainers = with maintainers; [ erictapen ];
platforms = with platforms; linux;
};
}
4 pkgs/applications/misc/xmrig/default.nix
View file
@@ -4,13 +4,13 @@

stdenv.mkDerivation rec {
pname = "xmrig";
version = "3.1.3";
version = "3.2.0";

src = fetchFromGitHub {
owner = "xmrig";
repo = "xmrig";
rev = "v${version}";
sha256 = "05z3hpz42609zsrqwd9sbxkgzm4f28ajhvgk69jvcfw7azg5jcfq";
sha256 = "1qb20v3wvd6scx0dnlcqvj947ng4h0lxlvl9kpz0a2a3l5425rjf";
};

nativeBuildInputs = [ cmake ];
4 pkgs/applications/misc/xmrig/proxy.nix
View file
@@ -4,13 +4,13 @@

stdenv.mkDerivation rec {
pname = "xmrig-proxy";
version = "3.1.1";
version = "3.2.0";

src = fetchFromGitHub {
owner = "xmrig";
repo = "xmrig-proxy";
rev = "v${version}";
sha256 = "1qiwarf0bqc17w3r88ysxxpm71gm861zx1fnzp0xi4q3rbh3nfmd";
sha256 = "0scz78cc5zcdd6z4gm0zqsb36jf0z8fyn2ki52814ndxrk7nr4xg";
};

nativeBuildInputs = [ cmake ];
9 pkgs/applications/networking/browsers/chromium/common.nix
View file
@@ -140,15 +140,6 @@ let
./patches/widevine.patch
] ++ optionals (channel == "dev") [
./patches/widevine-79.patch
] ++ optionals (channel == "stable") [
# Revert "Implement GetFallbackFont on Linux" to fix a performance regression
# Remove after https://bugs.chromium.org/p/chromium/issues/detail?id=1003997 is fixed
(fetchpatch {
url = "https://github.com/chromium/chromium/commit/5a32abe4247f80fdb55c55a289b906b0e42faa5f.patch";
sha256 = "1a4jqmki6cyi2dwvaszh01db2diqnz1d50mhpdpby3dd1cw0xmfy";
revert = true;
})

# Unfortunately, chromium regularly breaks on major updates and
# then needs various patches backported in order to be compiled with GCC.
# Good sources for such patches and other hints:
10 pkgs/applications/networking/browsers/chromium/default.nix
View file
@@ -60,7 +60,7 @@ in let
unpackCmd = let
soPath =
if upstream-info.channel == "stable" then
"./opt/google/chrome/libwidevinecdm.so"
"./opt/google/chrome/WidevineCdm/_platform_specific/linux_x64/libwidevinecdm.so"
else if upstream-info.channel == "beta" then
"./opt/google/chrome-beta/WidevineCdm/_platform_specific/linux_x64/libwidevinecdm.so"
else if upstream-info.channel == "dev" then
@@ -112,12 +112,8 @@ in let
mkdir -p $out
cp -a ${browser}/* $out/
chmod u+w $out/libexec/chromium
if [[ ${channel} != "dev" ]]; then
cp ${widevine}/lib/libwidevinecdm.so $out/libexec/chromium/
else
mkdir -p $out/libexec/chromium/WidevineCdm/_platform_specific/linux_x64
cp ${widevine}/lib/libwidevinecdm.so $out/libexec/chromium/WidevineCdm/_platform_specific/linux_x64/
fi
mkdir -p $out/libexec/chromium/WidevineCdm/_platform_specific/linux_x64
cp ${widevine}/lib/libwidevinecdm.so $out/libexec/chromium/WidevineCdm/_platform_specific/linux_x64/
''
else browser;
in stdenv.mkDerivation {
18 pkgs/applications/networking/browsers/chromium/upstream-info.nix
View file
@@ -1,18 +1,18 @@
# This file is autogenerated from update.sh in the same directory.
{
beta = {
sha256 = "0al26nfcxa00gvgn02iasjm53wq089r3c6b3rqqanljffng565y7";
sha256bin64 = "0qfj08adqn19sxsgd98fy5l23cikvfkpzkz9mqq90mlabmhhrp0z";
version = "78.0.3904.50";
sha256 = "0qklm2wyixa5xkaykbxp71xix4h8gc2w4ng33afa2nynjx07kifx";
sha256bin64 = "1y18fcql8sv0vg8zc97f1iasx660hhgdfpr3k1rlan8jzlzdnrkk";
version = "78.0.3904.70";
};
dev = {
sha256 = "0ck52j5acdns7vqqvb665xpc68yl6qz0ca8lwjfhriw5hn8g1pjy";
sha256bin64 = "073gxyfayrb1dqsq8ngmnrs8ajwwrr2qbs311ns64davn1z3sscf";
version = "79.0.3928.4";
sha256 = "01g05pqcxrk6110jfi8arkh4cq5y18n0mgbxrjd3acyirpl43s75";
sha256bin64 = "1xm9fhqlc15wrz96f1zp00jwm1hkrjql41bbs95yvdmpdjvif34b";
version = "79.0.3941.4";
};
stable = {
sha256 = "1y3ay0ppwakbw2hqrmxbv4ykil8dahf62ypld17ddkqxkfqgk4np";
sha256bin64 = "0j1sk36nfmhx6nk8lmsdi93vcrmn58pidhb5hzkapx8mgk6xraq7";
version = "77.0.3865.120";
sha256 = "0qklm2wyixa5xkaykbxp71xix4h8gc2w4ng33afa2nynjx07kifx";
sha256bin64 = "0vwgi8q0zs0aclvdi91g8b0knbrlaj6dwgzb0qh6c1n5blx0dmkm";
version = "78.0.3904.70";
};
}
4 pkgs/applications/networking/browsers/firefox/packages.nix
View file
@@ -17,10 +17,10 @@ rec {

firefox = common rec {
pname = "firefox";
ffversion = "69.0.2";
ffversion = "70.0";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
sha512 = "2ag1syrvlkch7vl151hkq8abf86p9v6b6gmgcbh26b8wfva1p1ss1x09h4w50zmcc6jq4q5mcxgf1sd9zna552jl90k1y4rqvrrzwl6";
sha512 = "1rjji7w0rf4b7h6hyllwav1xcbaiv37jmf5s0n0c3cwf9b76yhf8nhygm1a97m26f6rvbmhcv0dx4l8bh06cz9mcbbxy4lhsn43sr62";
};

patches = [
4 pkgs/applications/networking/browsers/vivaldi/default.nix
View file
@@ -17,11 +17,11 @@ let
vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
in stdenv.mkDerivation rec {
pname = "vivaldi";
version = "2.8.1664.44-1";
version = "2.9.1705.31-1";

src = fetchurl {
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}_amd64.deb";
sha256 = "0z1d03zw0jhvi14n06qfdr1n63idq56ly7mgiv27s21zvdma887k";
sha256 = "113bycfygyx09bc5bgsmdniffp3282004yrl7gr16dssxrw52al2";
};

unpackPhase = ''
6 pkgs/applications/networking/cawbird/default.nix
View file
@@ -1,16 +1,16 @@
{ stdenv, fetchFromGitHub, glib, gtk3, json-glib, sqlite, libsoup, gettext, vala
, meson, ninja, pkgconfig, gnome3, gst_all_1, wrapGAppsHook, gobject-introspection
, glib-networking, python3, fetchpatch }:
, glib-networking, python3 }:

stdenv.mkDerivation rec {
version = "1.0.2";
version = "1.0.3.1";
pname = "cawbird";

src = fetchFromGitHub {
owner = "IBBoard";
repo = "cawbird";
rev = "v${version}";
sha256 = "sha256:0b79ngwilicqkgacva93cir4rmk15yzgsih56yb3a4n6bqjispay";
sha256 = "sha256:1v1y4bx0mm518b9vlpsry12fw1qz2j28jfhjqq73blvzd89lgb0y";
};

nativeBuildInputs = [
4 pkgs/applications/networking/cluster/helm/default.nix
View file
@@ -1,14 +1,14 @@
{ stdenv, buildGoPackage, fetchFromGitHub }:

buildGoPackage rec {
version = "2.14.3";
version = "2.15.1";
pname = "helm";

src = fetchFromGitHub {
owner = "helm";
repo = "helm";
rev = "v${version}";
sha256 = "18ly31db2kxybjlisz8dfz3cdxs7j2wsh4rx5lwhbm5hpp42h17d";
sha256 = "1afbymgpax7kgjjv1c9xb4dm7gcrhn2g69piamdq1k0ng348k5w0";
};

goPackagePath = "k8s.io/helm";