mirror/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-09-29 15:43:00 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into staging-next

Browse Source 
; Conflicts:
;	maintainers/scripts/luarocks-packages.csv
;	pkgs/development/lua-modules/generated-packages.nix
This commit is contained in:
Jan Tojnar 2024-05-11 12:47:40 +02:00
commit 4be4408157
489 changed files with 7307 additions and 12511 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.git-blame-ignore-revs
View File

@ -111,3 +111,6 @@ fb0e5be84331188a69b3edd31679ca6576edb75a
# pkgs/os-specific/bsd: Reformat with nixfmt-rfc-style 2024-03-01
3fe3b055adfc020e6a923c466b6bcd978a13069a
# k3s: format with nixfmt-rfc-style
0b7900d5e8e0bcac89e14a52d3e840f9201e9f47

9
.github/CODEOWNERS vendored
View File

@ -137,9 +137,9 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius @ma27
/pkgs/top-level/haskell-packages.nix @sternenseemann @maralorn @ncfavier
# Perl
/pkgs/development/interpreters/perl @stigtsp @zakame @dasJ
/pkgs/top-level/perl-packages.nix @stigtsp @zakame @dasJ
/pkgs/development/perl-modules @stigtsp @zakame @dasJ
/pkgs/development/interpreters/perl @stigtsp @zakame @dasJ @marcusramberg
/pkgs/top-level/perl-packages.nix @stigtsp @zakame @dasJ @marcusramberg
/pkgs/development/perl-modules @stigtsp @zakame @dasJ @marcusramberg
# R
/pkgs/applications/science/math/R @jbedo
@ -345,8 +345,11 @@ pkgs/development/tools/continuous-integration/buildbot @Mic92 @zowoq
# Pretix
pkgs/by-name/pr/pretix/ @mweinelt
pkgs/by-name/pr/pretalx/ @mweinelt
nixos/modules/services/web-apps/pretix.nix @mweinelt
nixos/modules/services/web-apps/pretalx.nix @mweinelt
nixos/tests/web-apps/pretix.nix @mweinelt
nixos/tests/web-apps/pretalx.nix @mweinelt
# incus/lxc/lxd
nixos/maintainers/scripts/lxd/ @adamcstephens

4
.github/workflows/check-nix-format.yml vendored
View File

@ -39,6 +39,10 @@ jobs:
pkgs/development/cuda-modules
pkgs/test/cuda
pkgs/top-level/cuda-packages.nix
NIX_FMT_PATHS_K3S: |
nixos/modules/services/cluster/k3s
nixos/tests/k3s
pkgs/applications/networking/cluster/k3s
NIX_FMT_PATHS_VSCODE_EXTS: pkgs/applications/editors/vscode/extensions
NIX_FMT_PATHS_PHP_PACKAGES: pkgs/development/php-packages
NIX_FMT_PATHS_BUILD_SUPPORT_PHP: pkgs/build-support/php

2
doc/languages-frameworks/go.section.md
View File

@ -2,7 +2,7 @@
## Building Go modules with `buildGoModule` {#ssec-language-go}
The function `buildGoModule` builds Go programs managed with Go modules. It builds [Go Modules](https://github.com/golang/go/wiki/Modules) through a two phase build:
The function `buildGoModule` builds Go programs managed with Go modules. It builds [Go Modules](https://go.dev/wiki/Modules) through a two phase build:
- An intermediate fetcher derivation called `goModules`. This derivation will be used to fetch all the dependencies of the Go module.
- A final derivation will use the output of the intermediate derivation to build the binaries and produce the final output.

26
maintainers/maintainer-list.nix
View File

@ -1962,7 +1962,7 @@
};
atry = {
name = "Bo Yang";
email = "atry@fb.com";
email = "yang-bo@yang-bo.com";
github = "Atry";
githubId = 601530;
};
@ -5383,6 +5383,12 @@
githubId = 472846;
name = "Sebastian Krohn";
};
drawbu = {
email = "clement21.boillot@gmail.com";
github = "drawbu";
githubId = 69208565;
name = "Clément Boillot";
};
drets = {
email = "dmitryrets@gmail.com";
github = "drets";
@ -13808,6 +13814,12 @@
githubId = 133448;
name = "Mikołaj Siedlarek";
};
msladecek = {
email = "martin.sladecek+nixpkgs@gmail.com";
name = "Martin Sladecek";
github = "msladecek";
githubId = 7304317;
};
mslingsby = {
email = "morten.slingsby@eviny.no";
github = "MortenSlingsby";
@ -15435,6 +15447,12 @@
githubId = 72527881;
name = "PassiveLemon";
};
pathob = {
email = "patrick@hobusch.net";
github = "pathob";
githubId = 4580157;
name = "Patrick Hobusch";
};
patka = {
email = "patka@patka.dev";
github = "patka-123";
@ -22103,6 +22121,12 @@
githubId = 2242427;
name = "Yoann Ono";
};
yah = {
email = "yah@singularpoint.cc";
github = "wangxiaoerYah";
githubId = 48443038;
name = "Yah";
};
yajo = {
email = "yajo.sk8@gmail.com";
github = "yajo";

4
maintainers/scripts/kde/collect-missing-deps.py
View File

@ -28,6 +28,7 @@ OK_MISSING_BY_PACKAGE = {
"discover": {
"rpm-ostree-1", # we don't have rpm-ostree (duh)
"Snapd", # we don't have snaps and probably never will
"packagekitqt6", # intentionally disabled
},
"elisa": {
"UPNPQT", # upstream says it's broken
@ -36,6 +37,9 @@ OK_MISSING_BY_PACKAGE = {
"Sphinx", # only used for docs, bloats closure size
"QCollectionGenerator"
},
"gwenview": {
"Tiff", # duplicate?
},
"kio-extras-kf5": {
"KDSoapWSDiscoveryClient", # actually vendored on KF5 version
},

2
maintainers/scripts/luarocks-packages.csv
View File

@ -78,6 +78,7 @@ luaossl,,,,,5.1,
luaposix,,,,34.1.1-1,,vyp lblasc
luarepl,,,,,,
luarocks-build-rust-mlua,,,,,,mrcjkb
luarocks-build-treesitter-parser,,,,,,mrcjkb
luasec,,,,,,flosse
luasnip,,,,,,
luasocket,,,,,,
@ -131,6 +132,7 @@ tiktoken_core,,,,,,natsukium
tl,,,,,,mephistophiles
toml,,,,,,mrcjkb
toml-edit,,,,,5.1,mrcjkb
tree-sitter-norg,,,,,5.1,mrcjkb
vstruct,,,,,,
vusted,,,,,,figsoda
xml2lua,,,,,,teto

1 name rockspec ref server version luaversion maintainers
78 luaposix 34.1.1-1 vyp lblasc
79 luarepl
80 luarocks-build-rust-mlua mrcjkb
81 luarocks-build-treesitter-parser mrcjkb
82 luasec flosse
83 luasnip
84 luasocket
132 tl mephistophiles
133 toml mrcjkb
134 toml-edit 5.1 mrcjkb
135 tree-sitter-norg 5.1 mrcjkb
136 vstruct
137 vusted figsoda
138 xml2lua teto

53
nixos/doc/manual/release-notes/rl-2405.section.md
View File

@ -16,7 +16,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- `linuxPackages_testing_bcachefs` is now fully deprecated by `linuxPackages_latest`, and is therefore no longer available.
- (TODO not sure what path to use here) The default kernel package has been updated from 6.1 to 6.6. All supported kernels remain available.
- The default kernel package has been updated from 6.1 to 6.6. All supported kernels remain available.
- NixOS now installs a stub ELF loader that prints an informative error message when users attempt to run binaries not made for NixOS.
- This can be disabled through the `environment.stub-ld.enable` option.
@ -98,13 +98,13 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- [clatd](https://github.com/toreanderson/clatd), a CLAT / SIIT-DC Edge Relay implementation for Linux.
- [pyLoad](https://pyload.net/), a FOSS download manager written in Python. Available as [services.pyload](#opt-services.pyload.enable)
- [pyLoad](https://pyload.net/), a FOSS download manager written in Python. Available as [services.pyload](#opt-services.pyload.enable).
- [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable).
- [ryzen-monitor-ng](https://github.com/mann1x/ryzen_monitor_ng), a desktop AMD CPU power monitor and controller, similar to Ryzen Master but for Linux. Available as [programs.ryzen-monitor-ng](#opt-programs.ryzen-monitor-ng.enable)
- [ryzen-monitor-ng](https://github.com/mann1x/ryzen_monitor_ng), a desktop AMD CPU power monitor and controller, similar to Ryzen Master but for Linux. Available as [programs.ryzen-monitor-ng](#opt-programs.ryzen-monitor-ng.enable).
- [ryzen-smu](https://gitlab.com/leogx9r/ryzen_smu), Linux kernel driver to expose the SMU (System Management Unit) for certain AMD Ryzen Processors. Includes the userspace program `monitor_cpu`. Available at [hardward.cpu.amd.ryzen-smu](#opt-hardware.cpu.amd.ryzen-smu.enable)
- [ryzen-smu](https://gitlab.com/leogx9r/ryzen_smu), Linux kernel driver to expose the SMU (System Management Unit) for certain AMD Ryzen Processors. Includes the userspace program `monitor_cpu`. Available at [hardward.cpu.amd.ryzen-smu](#opt-hardware.cpu.amd.ryzen-smu.enable).
- `systemd`'s `gateway`, `upload`, and `remote` services, which provide ways of sending journals across the network. Enable using [services.journald.gateway](#opt-services.journald.gateway.enable), [services.journald.upload](#opt-services.journald.upload.enable), and [services.journald.remote](#opt-services.journald.remote.enable).
@ -128,7 +128,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- [Python Matter Server](https://github.com/home-assistant-libs/python-matter-server), a
Matter Controller Server exposing websocket connections for use with other services, notably Home Assistant.
Available as [services.matter-server](#opt-services.matter-server.enable)
Available as [services.matter-server](#opt-services.matter-server.enable).
- [db-rest](https://github.com/derhuerst/db-rest), a wrapper around Deutsche Bahn's internal API for public transport data. Available as [services.db-rest](#opt-services.db-rest.enable).
@ -137,7 +137,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).
The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server software.
- [mautrix-meta](https://github.com/mautrix/meta), a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge. Available as services.mautrix-meta
- [mautrix-meta](https://github.com/mautrix/meta), a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge. Available as services.mautrix-meta.
- [Jottacloud Command-line Tool](https://docs.jottacloud.com/en/articles/1436834-jottacloud-command-line-tool), a CLI for the [Jottacloud](https://jottacloud.com/) cloud storage provider. Available as [services.jotta-cli](#opt-services.jotta-cli.enable).
@ -161,7 +161,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [Monado](https://monado.freedesktop.org/), an open source XR runtime. Available as [services.monado](#opt-services.monado.enable).
- [intel-gpu-tools](https://drm.pages.freedesktop.org/igt-gpu-tools), tools for development and testing of the Intel DRM driver. Available as [hardware.intel-gpu-tools](#opt-hardware.intel-gpu-tools.enable)
- [intel-gpu-tools](https://drm.pages.freedesktop.org/igt-gpu-tools), tools for development and testing of the Intel DRM driver. Available as [hardware.intel-gpu-tools](#opt-hardware.intel-gpu-tools.enable).
- [Pretix](https://pretix.eu/about/en/), an open source ticketing software for events. Available as [services.pretix](#opt-services.pretix.enable).
@ -183,7 +183,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [nh](https://github.com/viperML/nh), yet another Nix CLI helper. Available as [programs.nh](#opt-programs.nh.enable).
- [ALVR](https://github.com/alvr-org/alvr), a VR desktop streamer. Available as [programs.alvr](#opt-programs.alvr.enable)
- [ALVR](https://github.com/alvr-org/alvr), a VR desktop streamer. Available as [programs.alvr](#opt-programs.alvr.enable).
- [xdg-terminal-exec](https://github.com/Vladimir-csp/xdg-terminal-exec), the proposed Default Terminal Execution Specification.
@ -193,17 +193,17 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [davis](https://github.com/tchapi/davis), a simple CardDav and CalDav server inspired by Baïkal. Available as [services.davis](#opt-services.davis.enable).
- [Firefly-iii](https://www.firefly-iii.org), a free and open source personal finance manager. Available as [services.firefly-iii](#opt-services.firefly-iii.enable)
- [Firefly-iii](https://www.firefly-iii.org), a free and open source personal finance manager. Available as [services.firefly-iii](#opt-services.firefly-iii.enable).
- [systemd-lock-handler](https://git.sr.ht/~whynothugo/systemd-lock-handler/), a bridge between logind D-Bus events and systemd targets. Available as [services.systemd-lock-handler.enable](#opt-services.systemd-lock-handler.enable).
- [wastebin](https://github.com/matze/wastebin), a pastebin server written in rust. Available as [services.wastebin](#opt-services.wastebin.enable).
- [Mealie](https://nightly.mealie.io/), a self-hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in NuxtJS for a pleasant user experience for the whole family. Available as [services.mealie](#opt-services.mealie.enable)
- [Mealie](https://nightly.mealie.io/), a self-hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in NuxtJS for a pleasant user experience for the whole family. Available as [services.mealie](#opt-services.mealie.enable).
- [Sunshine](https://app.lizardbyte.dev/Sunshine), a self-hosted game stream host for Moonlight. Available as [services.sunshine](#opt-services.sunshine.enable).
- [Uni-Sync](https://github.com/EightB1ts/uni-sync), a synchronization tool for Lian Li Uni Controllers. Available as [hardware.uni-sync](#opt-hardware.uni-sync.enable)
- [Uni-Sync](https://github.com/EightB1ts/uni-sync), a synchronization tool for Lian Li Uni Controllers. Available as [hardware.uni-sync](#opt-hardware.uni-sync.enable).
- [prometheus-nats-exporter](https://github.com/nats-io/prometheus-nats-exporter), a Prometheus exporter for NATS. Available as [services.prometheus.exporters.nats](#opt-services.prometheus.exporters.nats.enable).
@ -270,7 +270,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `idris2` was updated to v0.7.0. This version introduces breaking changes. Check out the [changelog](https://github.com/idris-lang/Idris2/blob/v0.7.0/CHANGELOG.md#v070) for details.
- `nvtop` family of packages was reorganized into nested attrset. `nvtop` has been renamed to `nvtopPackages.full`, and all `nvtop-{amd,nvidia,intel,msm}` packages are now named as `nvtopPackages.{amd,nvidia,intel,msm}`
- `nvtop` family of packages was reorganized into nested attrset. `nvtop` has been renamed to `nvtopPackages.full`, and all `nvtop-{amd,nvidia,intel,msm}` packages are now named as `nvtopPackages.{amd,nvidia,intel,msm}`.
- `neo4j` has been updated to version 5. You may want to read the [release notes for Neo4j 5](https://neo4j.com/release-notes/database/neo4j-5/).
@ -300,7 +300,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `buildGoModule` now throws an error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias.
- `services.invidious.settings.db.user`, the default database username has changed from `kemal` to `invidious`. Setups involving an externally-provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857)
- `services.invidious.settings.db.user`, the default database username has changed from `kemal` to `invidious`. Setups involving an externally-provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857).
- `writeReferencesToFile` is deprecated in favour of the new trivial build helper `writeClosure`. The latter accepts a list of paths and has an unambiguous name and cleaner implementation.
@ -462,6 +462,11 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `firefox-devedition`, `firefox-beta`, `firefox-esr` executable file names for now match their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher.
- `chromium` and `ungoogled-chromium` had a long stanging issue regarding Widevine DRM handling in nixpkgs fixed.
`chromium` now no longer automatically downloads Widevine when encountering DRM protected content.
To be able to play DRM protected content in `chromium` now, you have to explicitly opt-in as originally intended using `chromium.override { enableWideVine = true; }`.
This override has been added almost 10 years ago.
- switch-to-configuration does not directly call systemd-tmpfiles anymore.
Instead, the new artificial sysinit-reactivation.target is introduced which
allows to restart multiple services that are ordered before sysinit.target
@ -470,11 +475,11 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `systemd.oomd` module behavior is changed as:
- Raise ManagedOOMMemoryPressureLimit from 50% to 80%. This should make systemd-oomd kill things less often, and fix issues like [this](https://pagure.io/fedora-workstation/issue/358).
Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/806c95e1c70af18f81d499b24cd7acfa4c36ffd6?branch=806c95e1c70af18f81d499b24cd7acfa4c36ffd6)
Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/806c95e1c70af18f81d499b24cd7acfa4c36ffd6?branch=806c95e1c70af18f81d499b24cd7acfa4c36ffd6).
- Remove swap policy. This helps prevent killing processes when user's swap is small.
- Expand the memory pressure policy to system.slice, user-.slice, and all user owned slices. Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/7665e1796f915dedbf8e014f0a78f4f576d609bb)
- Expand the memory pressure policy to system.slice, user-.slice, and all user owned slices. Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/7665e1796f915dedbf8e014f0a78f4f576d609bb).
- `systemd.oomd.enableUserServices` is renamed to `systemd.oomd.enableUserSlices`.
@ -535,7 +540,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `cinnamon` has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release and could potentially [affect Xorg sessions](https://blog.linuxmint.com/?p=4639). We suggest a reboot when switching between sessions.
- (TODO awaiting feedback on code-casing package names) MATE has been updated to 1.28.
- `mate` has been updated to 1.28.
- To properly support panel plugins built with Wayland (in-process) support, we are introducing `services.xserver.desktopManager.mate.extraPanelApplets` option, please use that for installing panel applets.
- Similarly, please use `services.xserver.desktopManager.mate.extraCajaExtensions` option for installing Caja extensions.
- To use the Wayland session, enable `services.xserver.desktopManager.mate.enableWaylandSession`. This is opt-in for now as it is in early stage and introduces a new set of Wayfire closure. Due to [known issues with LightDM](https://github.com/canonical/lightdm/issues/63), we suggest using SDDM for display manager.
@ -571,7 +576,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
The `nimPackages` and `nim2Packages` sets have been removed.
See https://nixos.org/manual/nixpkgs/unstable#nim for more information.
- [TODO: reword to place an attribute at the front] Programs written in [D](https://dlang.org/) using the `dub` build system and package manager can now be built using `buildDubPackage` utilizing lockfiles provided by the new `dub-to-nix` helper program.
- `buildDubPackage` can now be used to build Programs written in [D](https://dlang.org/) using the `dub` build system and package manager.
See the [D section](https://nixos.org/manual/nixpkgs/unstable#dlang) in the manual for more information.
- [`portunus`](https://github.com/majewsky/portunus) has been updated to major version 2.
@ -587,7 +592,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `garage` has been updated to v1.x.x. Users should read the [upstream release notes](https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.0) and follow the documentation when changing over their `services.garage.package` and performing this manual upgrade.
- [TODO: reword to place an attribute at the front] The EC2 image module now enables the [Amazon SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) by default.
- The EC2 image module now enables the [Amazon SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) by default.
- The following options of the Nextcloud module were moved into [`services.nextcloud.settings`](#opt-services.nextcloud.settings) and renamed to match the name from Nextcloud's `config.php`:
- `logLevel` -> [`loglevel`](#opt-services.nextcloud.settings.loglevel),
@ -622,7 +627,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `sonarr` version bumped to from 3.0.10 to 4.0.3. Consequently existing config database files will be upgraded automatically, but note that some old apparently-working configs [might actually be corrupt and fail to upgrade cleanly](https://forums.sonarr.tv/t/sonarr-v4-released/33089).
- [TODO: reword to place an attribute at the front] The Yama LSM is now enabled by default in the kernel, which prevents ptracing
- The kernel Yama LSM is now enabled by default, which prevents ptracing
non-child processes. This means you will not be able to attach gdb to an
existing process, but will need to start that process from gdb (so it is a
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
@ -640,7 +645,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [](#opt-boot.kernel.sysctl._net.core.wmem_max_) changed from a string to an integer because of the addition of a custom merge option (taking the highest value defined to avoid conflicts between 2 services trying to set that value), just as [](#opt-boot.kernel.sysctl._net.core.rmem_max_) since 22.11.
- [TODO: reword to place an attribute at the front] A new top-level package set, `pkgsExtraHardening` is added. This is a set of packages built with stricter hardening flags - those that have not yet received enough testing to be applied universally, those that are more likely to cause build failures or those that have drawbacks to their use (e.g. performance or required hardware features).
- `pkgsExtraHardening`, a new top-level package set, was added. This is a set of packages built with stricter hardening flags - those that have not yet received enough testing to be applied universally, those that are more likely to cause build failures or those that have drawbacks to their use (e.g. performance or required hardware features).
- `services.zfs.zed.enableMail` now uses the global `sendmail` wrapper defined by an email module
(such as msmtp or Postfix). It no longer requires using a special ZFS build with email support.
@ -696,16 +701,16 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `youtrack` is bumped to 2023.3. The update is not performed automatically, it requires manual interaction. See the YouTrack section in the manual for details.
- QtMultimedia has changed its default backend to `QT_MEDIA_BACKEND=ffmpeg` (previously `gstreamer` on Linux or `darwin` on MacOS).
- `qt6.qtmultimedia` has changed its default backend to `QT_MEDIA_BACKEND=ffmpeg` (previously `gstreamer` on Linux or `darwin` on MacOS).
The previous native backends remain available but are now minimally maintained. Refer to [upstream documentation](https://doc.qt.io/qt-6/qtmultimedia-index.html#ffmpeg-as-the-default-backend) for further details about each platform.
- `drbd` out-of-tree Linux kernel driver has been added in version 9.2.7. With it the DRBD 9.x features can be used instead of the 8.x features provided by the 8.4.11 in-tree driver.
- [TODO: reword to place an attribute at the front] The oil shell's c++ version is now available as `oils-for-unix`. The python version is still available as `oil`
- `oils-for-unix`, the oil shell's c++ version is now available. The python version is still available as `oil`.
- `documentation.man.mandoc` now by default uses `MANPATH` to set the directories where mandoc will search for manual pages.
This enables mandoc to find manual pages in Nix profiles. To set the manual search paths via the `mandoc.conf` configuration file like before, use `documentation.man.mandoc.settings.manpath` instead.
- `grafana-loki` package was updated to 3.0.0 which includes [breaking changes](https://github.com/grafana/loki/releases/tag/v3.0.0)
- `grafana-loki` package was updated to 3.0.0 which includes [breaking changes](https://github.com/grafana/loki/releases/tag/v3.0.0).
- `programs.fish.package` now allows you to override the package used in the `fish` module
- `programs.fish.package` now allows you to override the package used in the `fish` module.

162
nixos/modules/services/audio/navidrome.nix
View File

@ -1,11 +1,17 @@
{ config, lib, pkgs, ... }:
with lib;
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkPackageOption mkOption maintainers;
inherit (lib.types) bool str;
cfg = config.services.navidrome;
settingsFormat = pkgs.formats.json {};
in {
settingsFormat = pkgs.formats.json { };
in
{
options = {
services.navidrome = {
@ -13,9 +19,8 @@ in {
package = mkPackageOption pkgs "navidrome" { };
settings = mkOption rec {
settings = mkOption {
type = settingsFormat.type;
apply = recursiveUpdate default;
default = {
Address = "127.0.0.1";
Port = 4533;
@ -23,62 +28,111 @@ in {
example = {
MusicFolder = "/mnt/music";
};
description = ''
Configuration for Navidrome, see <https://www.navidrome.org/docs/usage/configuration-options/> for supported values.
'';
description = "Configuration for Navidrome, see <https://www.navidrome.org/docs/usage/configuration-options/> for supported values.";
};
user = mkOption {
type = str;
default = "navidrome";
description = "User under which Navidrome runs.";
};
group = mkOption {
type = str;
default = "navidrome";
description = "Group under which Navidrome runs.";
};
openFirewall = mkOption {
type = types.bool;
type = bool;
default = false;
description = "Whether to open the TCP port in the firewall";
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [cfg.settings.Port];
systemd.services.navidrome = {
description = "Navidrome Media Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${cfg.package}/bin/navidrome --configfile ${settingsFormat.generate "navidrome.json" cfg.settings}
'';
DynamicUser = true;
StateDirectory = "navidrome";
WorkingDirectory = "/var/lib/navidrome";
RuntimeDirectory = "navidrome";
RootDirectory = "/run/navidrome";
ReadWritePaths = "";
BindPaths = lib.optional (cfg.settings ? DataFolder) cfg.settings.DataFolder;
BindReadOnlyPaths = [
# navidrome uses online services to download additional album metadata / covers
"${config.environment.etc."ssl/certs/ca-certificates.crt".source}:/etc/ssl/certs/ca-certificates.crt"
builtins.storeDir
"/etc"
] ++ lib.optional (cfg.settings ? MusicFolder) cfg.settings.MusicFolder;
CapabilityBoundingSet = "";
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged" ];
RestrictRealtime = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
UMask = "0066";
ProtectHostname = true;
config =
let
inherit (lib) mkIf optional getExe;
WorkingDirectory = "/var/lib/navidrome";
in
mkIf cfg.enable {
systemd = {
tmpfiles.settings.navidromeDirs = {
"${cfg.settings.DataFolder or WorkingDirectory}"."d" = {
mode = "700";
inherit (cfg) user group;
};
"${cfg.settings.CacheFolder or (WorkingDirectory + "/cache")}"."d" = {
mode = "700";
inherit (cfg) user group;
};
};
services.navidrome = {
description = "Navidrome Media Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${getExe cfg.package} --configfile ${settingsFormat.generate "navidrome.json" cfg.settings}
'';
User = cfg.user;
Group = cfg.group;
StateDirectory = "navidrome";
inherit WorkingDirectory;
RuntimeDirectory = "navidrome";
RootDirectory = "/run/navidrome";
ReadWritePaths = "";
BindPaths =
optional (cfg.settings ? DataFolder) cfg.settings.DataFolder
++ optional (cfg.settings ? CacheFolder) cfg.settings.CacheFolder;
BindReadOnlyPaths = [
# navidrome uses online services to download additional album metadata / covers
"${
config.environment.etc."ssl/certs/ca-certificates.crt".source
}:/etc/ssl/certs/ca-certificates.crt"
builtins.storeDir
"/etc"
] ++ optional (cfg.settings ? MusicFolder) cfg.settings.MusicFolder;
CapabilityBoundingSet = "";
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
RestrictRealtime = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
UMask = "0066";
ProtectHostname = true;
};
};
};
users.users = mkIf (cfg.user == "navidrome") {
navidrome = {
inherit (cfg) group;
isSystemUser = true;
};
};
users.groups = mkIf (cfg.group == "navidrome") { navidrome = { }; };
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.Port ];
};
};
meta.maintainers = with maintainers; [ nu-nu-ko ];
}

44
nixos/modules/services/cluster/k3s/default.nix
View File

@ -1,15 +1,25 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.k3s;
removeOption = config: instruction:
lib.mkRemovedOptionModule ([ "services" "k3s" ] ++ config) instruction;
removeOption =
config: instruction:
lib.mkRemovedOptionModule (
[
"services"
"k3s"
]
++ config
) instruction;
in
{
imports = [
(removeOption [ "docker" ] "k3s docker option is no longer supported.")
];
imports = [ (removeOption [ "docker" ] "k3s docker option is no longer supported.") ];
# interface
options.services.k3s = {
@ -33,7 +43,10 @@ in
- `serverAddr` is required.
'';
default = "server";
type = types.enum [ "server" "agent" ];
type = types.enum [
"server"
"agent"
];
};
serverAddr = mkOption {
@ -125,7 +138,8 @@ in
message = "serverAddr or configPath (with 'server' key) should be set if role is 'agent'";
}
{
assertion = cfg.role == "agent" -> cfg.configPath != null || cfg.tokenFile != null || cfg.token != "";
assertion =
cfg.role == "agent" -> cfg.configPath != null || cfg.tokenFile != null || cfg.token != "";
message = "token or tokenFile or configPath (with 'token' or 'token-file' keys) should be set if role is 'agent'";
}
{
@ -142,8 +156,14 @@ in
systemd.services.k3s = {
description = "k3s service";
after = [ "firewall.service" "network-online.target" ];
wants = [ "firewall.service" "network-online.target" ];
after = [
"firewall.service"
"network-online.target"
];
wants = [
"firewall.service"
"network-online.target"
];
wantedBy = [ "multi-user.target" ];
path = optional config.boot.zfs.enabled config.boot.zfs.package;
serviceConfig = {
@ -159,9 +179,7 @@ in
TasksMax = "infinity";
EnvironmentFile = cfg.environmentFile;
ExecStart = concatStringsSep " \\\n " (
[
"${cfg.package}/bin/k3s ${cfg.role}"
]
[ "${cfg.package}/bin/k3s ${cfg.role}" ]
++ (optional cfg.clusterInit "--cluster-init")
++ (optional cfg.disableAgent "--disable-agent")
++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}")

14
nixos/modules/services/misc/portunus.nix
View File

@ -231,12 +231,14 @@ in
};
systemd.services = {
dex.serviceConfig = mkIf cfg.dex.enable {
# `dex.service` is super locked down out of the box, but we need some
# place to write the SQLite database. This creates $STATE_DIRECTORY below
# /var/lib/private because DynamicUser=true, but it gets symlinked into
# /var/lib/dex inside the unit
StateDirectory = "dex";
dex = mkIf cfg.dex.enable {
serviceConfig = {
# `dex.service` is super locked down out of the box, but we need some
# place to write the SQLite database. This creates $STATE_DIRECTORY below
# /var/lib/private because DynamicUser=true, but it gets symlinked into
# /var/lib/dex inside the unit
StateDirectory = "dex";
};
};
portunus = {

49
nixos/modules/services/web-apps/pretalx.nix
View File

@ -24,7 +24,7 @@ in
{
meta = with lib; {
maintainers = teams.c3d2.members;
maintainers = with maintainers; [ hexa] ++ teams.c3d2.members;
};
options.services.pretalx = {
@ -329,10 +329,47 @@ in
serviceConfig = {
User = "pretalx";
Group = "pretalx";
StateDirectory = [ "pretalx" "pretalx/media" ];
StateDirectory = [
"pretalx"
"pretalx/media"
];
StateDirectoryMode = "0750";
LogsDirectory = "pretalx";
WorkingDirectory = cfg.settings.filesystem.data;
SupplementaryGroups = [ "redis-pretalx" ];
AmbientCapabilities = "";
CapabilityBoundingSet = [ "" ];
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
ProcSubset = "pid";
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
"@chown"
];
UMask = "0027";
};
};
in {
@ -395,6 +432,8 @@ in
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${lib.getExe' pythonEnv "celery"} -A pretalx.celery_app worker ${cfg.celery.extraArgs}";
});
nginx.serviceConfig.SupplementaryGroups = lib.mkIf cfg.nginx.enable [ "pretalx" ];
};
systemd.sockets.pretalx-web.socketConfig = {
@ -403,11 +442,9 @@ in
};
users = {
groups."${cfg.group}" = {};
users."${cfg.user}" = {
groups.${cfg.group} = {};
users.${cfg.user} = {
isSystemUser = true;
createHome = true;
home = cfg.settings.filesystem.data;
inherit (cfg) group;
};
};

12
nixos/modules/services/web-apps/pretix.nix
View File

@ -468,7 +468,7 @@ in
StateDirectory = [
"pretix"
];
StateDirectoryMode = "0755";
StateDirectoryMode = "0750";
CacheDirectory = "pretix";
LogsDirectory = "pretix";
WorkingDirectory = cfg.settings.pretix.datadir;
@ -507,7 +507,7 @@ in
"~@privileged"
"@chown"
];
UMask = "0022";
UMask = "0027";
};
};
in {
@ -561,6 +561,8 @@ in
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${getExe' pythonEnv "celery"} -A pretix.celery_app worker ${cfg.celery.extraArgs}";
};
nginx.serviceConfig.SupplementaryGroups = mkIf cfg.nginx.enable [ "pretix" ];
};
systemd.sockets.pretix-web.socketConfig = {
@ -569,11 +571,9 @@ in
};
users = {
groups."${cfg.group}" = {};
users."${cfg.user}" = {
groups.${cfg.group} = {};
users.${cfg.user} = {
isSystemUser = true;
createHome = true;
home = cfg.settings.pretix.datadir;
inherit (cfg) group;
};
};

2
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -352,7 +352,7 @@ let
# The acme-challenge location doesn't need to be added if we are not using any automated
# certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge
acmeName = if vhost.useACMEHost != null then vhost.useACMEHost else vhostName;
acmeName = if vhost.useACMEHost != null then vhost.useACMEHost else vhost.serverName;
acmeLocation = optionalString ((vhost.enableACME || vhost.useACMEHost != null) && config.security.acme.certs.${acmeName}.dnsProvider == null)
# Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
# We use ^~ here, so that we don't check any regexes (which could

34
nixos/modules/tasks/filesystems/zfs.nix
View File

@ -441,21 +441,45 @@ in
{manpage}`systemd.time(7)`.
'';
};
randomizedDelaySec = mkOption {
default = "6h";
type = types.str;
example = "12h";
description = ''
Add a randomized delay before each ZFS trim.
The delay will be chosen between zero and this value.
This value must be a time span in the format specified by
{manpage}`systemd.time(7)`
'';
};
};
services.zfs.autoScrub = {
enable = mkEnableOption "periodic scrubbing of ZFS pools";
interval = mkOption {
default = "Sun, 02:00";
default = "monthly";
type = types.str;
example = "daily";
example = "quarterly";
description = ''
Systemd calendar expression when to scrub ZFS pools. See
{manpage}`systemd.time(7)`.
'';
};
randomizedDelaySec = mkOption {
default = "6h";
type = types.str;
example = "12h";
description = ''
Add a randomized delay before each ZFS autoscrub.
The delay will be chosen between zero and this value.
This value must be a time span in the format specified by
{manpage}`systemd.time(7)`
'';
};
pools = mkOption {
default = [];
type = types.listOf types.str;
@ -862,6 +886,7 @@ in
timerConfig = {
OnCalendar = cfgScrub.interval;
Persistent = "yes";
RandomizedDelaySec = cfgScrub.randomizedDelaySec;
};
};
})
@ -879,7 +904,10 @@ in
serviceConfig.ExecStart = "${pkgs.runtimeShell} -c 'for pool in $(zpool list -H -o name); do zpool trim $pool; done || true' ";
};
systemd.timers.zpool-trim.timerConfig.Persistent = "yes";
systemd.timers.zpool-trim.timerConfig = {
Persistent = "yes";
RandomizedDelaySec = cfgTrim.randomizedDelaySec;
};
})
];
}

2
nixos/modules/testing/test-instrumentation.nix
View File

@ -218,6 +218,8 @@ in
services.displayManager.logToJournal = true;
services.logrotate.enable = mkOverride 150 false;
# Make sure we use the Guest Agent from the QEMU package for testing
# to reduce the closure size required for the tests.
services.qemuGuest.package = pkgs.qemu_test.ga;

74
nixos/modules/virtualisation/incus.nix
View File

@ -105,6 +105,37 @@ let
path = "${pkgs.OVMFFull.fd}/FV/${ovmf-prefix}_VARS.fd";
}
];
environment = lib.mkMerge [
{
INCUS_LXC_TEMPLATE_CONFIG = "${pkgs.lxcfs}/share/lxc/config";
INCUS_OVMF_PATH = ovmf;
INCUS_USBIDS_PATH = "${pkgs.hwdata}/share/hwdata/usb.ids";
PATH = lib.mkForce serverBinPath;
}
(lib.mkIf (cfg.ui.enable) { "INCUS_UI" = cfg.ui.package; })
];
incus-startup = pkgs.writeShellScript "incus-startup" ''
case "$1" in
start)
systemctl is-active incus.service -q && exit 0
exec incusd activateifneeded
;;
stop)
systemctl is-active incus.service -q || exit 0
exec incusd shutdown
;;
*)
echo "unknown argument \`$1'" >&2
exit 1
;;
esac
exit 0
'';
in
{
meta = {
@ -137,6 +168,14 @@ in
description = "The incus client package to use. This package is added to PATH.";
};
softDaemonRestart = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Allow for incus.service to be stopped without affecting running instances.
'';
};
preseed = lib.mkOption {
type = lib.types.nullOr (lib.types.submodule { freeformType = preseedFormat.type; });
@ -282,6 +321,8 @@ in
systemd.services.incus = {
description = "Incus Container and Virtual Machine Management Daemon";
inherit environment;
wantedBy = lib.mkIf (!cfg.socketActivation) [ "multi-user.target" ];
after = [
"network-online.target"
@ -296,20 +337,10 @@ in
wants = [ "network-online.target" ];
environment = lib.mkMerge [
{
INCUS_LXC_TEMPLATE_CONFIG = "${pkgs.lxcfs}/share/lxc/config";
INCUS_OVMF_PATH = ovmf;
INCUS_USBIDS_PATH = "${pkgs.hwdata}/share/hwdata/usb.ids";
PATH = lib.mkForce serverBinPath;
}
(lib.mkIf (cfg.ui.enable) { "INCUS_UI" = cfg.ui.package; })
];
serviceConfig = {
ExecStart = "${cfg.package}/bin/incusd --group incus-admin";
ExecStartPost = "${cfg.package}/bin/incusd waitready --timeout=${cfg.startTimeout}";
ExecStop = "${cfg.package}/bin/incus admin shutdown";
ExecStop = lib.optionalString (!cfg.softDaemonRestart) "${cfg.package}/bin/incus admin shutdown";
KillMode = "process"; # when stopping, leave the containers alone
Delegate = "yes";
@ -324,6 +355,27 @@ in
};
};
systemd.services.incus-startup = lib.mkIf cfg.softDaemonRestart {
description = "Incus Instances Startup/Shutdown";
inherit environment;
after = [
"incus.service"
"incus.socket"
];
requires = [ "incus.socket" ];
serviceConfig = {
ExecStart = "${incus-startup} start";
ExecStop = "${incus-startup} stop";
RemainAfterExit = true;
TimeoutStartSec = "600s";
TimeoutStopSec = "600s";
Type = "oneshot";
};
};
systemd.sockets.incus = {
description = "Incus UNIX socket";
wantedBy = [ "sockets.target" ];

32
nixos/tests/acme.nix
View File

@ -99,7 +99,14 @@
serverAliases = [ "${server}-wildcard-alias.example.test" ];
useACMEHost = "example.test";
};
};
} // (lib.optionalAttrs (server == "nginx") {
# The nginx module supports using a different key than the hostname
different-key = vhostBaseData // {
serverName = "${server}-different-key.example.test";
serverAliases = [ "${server}-different-key-alias.example.test" ];
enableACME = true;
};
});
};
# Used to determine if service reload was triggered
@ -653,20 +660,20 @@ in {
webserver.succeed("systemctl restart caddy.service")
check_connection_key_bits(client, "a.example.test", "384")
domains = ["http", "dns", "wildcard"]
for server, logsrc in [
("nginx", "journalctl -n 30 -u nginx.service"),
("httpd", "tail -n 30 /var/log/httpd/*.log"),
common_domains = ["http", "dns", "wildcard"]
for server, logsrc, domains in [
("nginx", "journalctl -n 30 -u nginx.service", common_domains + ["different-key"]),
("httpd", "tail -n 30 /var/log/httpd/*.log", common_domains),
]:
wait_for_server = lambda: webserver.wait_for_unit(f"{server}.service")
with subtest(f"Works with {server}"):
try:
switch_to(webserver, server)
# Skip wildcard domain for this check ([:-1])
for domain in domains[:-1]:
webserver.wait_for_unit(
f"acme-finished-{server}-{domain}.example.test.target"
)
for domain in domains:
if domain != "wildcard":
webserver.wait_for_unit(
f"acme-finished-{server}-{domain}.example.test.target"
)
except Exception as err:
_, output = webserver.execute(
f"{logsrc} && ls -al /var/lib/acme/acme-challenge"
@ -676,8 +683,9 @@ in {
wait_for_server()
for domain in domains[:-1]:
check_issuer(webserver, f"{server}-{domain}.example.test", "pebble")
for domain in domains:
if domain != "wildcard":
check_issuer(webserver, f"{server}-{domain}.example.test", "pebble")
for domain in domains:
check_connection(client, f"{server}-{domain}.example.test")
check_connection(client, f"{server}-{domain}-alias.example.test")

3
nixos/tests/all-tests.nix
View File

@ -424,7 +424,8 @@ in {
icingaweb2 = handleTest ./icingaweb2.nix {};
iftop = handleTest ./iftop.nix {};
incron = handleTest ./incron.nix {};
incus = pkgs.recurseIntoAttrs (handleTest ./incus { inherit handleTestOn; });
incus = pkgs.recurseIntoAttrs (handleTest ./incus { inherit handleTestOn; inherit (pkgs) incus; });
incus-lts = pkgs.recurseIntoAttrs (handleTest ./incus { inherit handleTestOn; });
influxdb = handleTest ./influxdb.nix {};
influxdb2 = handleTest ./influxdb2.nix {};
initrd-network-openvpn = handleTestOn [ "x86_64-linux" "i686-linux" ] ./initrd-network-openvpn {};

4
nixos/tests/firefox.nix
View File

@ -1,4 +1,4 @@
import ./make-test-python.nix ({ pkgs, firefoxPackage, ... }:
import ./make-test-python.nix ({ lib, pkgs, firefoxPackage, ... }:
{
name = firefoxPackage.pname;
@ -55,7 +55,7 @@ import ./make-test-python.nix ({ pkgs, firefoxPackage, ... }:
};
testScript = let
exe = firefoxPackage.unwrapped.binaryName;
exe = lib.getExe firefoxPackage;
in ''
from contextlib import contextmanager

88
nixos/tests/incus/container.nix
View File

@ -1,4 +1,4 @@
import ../make-test-python.nix ({ pkgs, lib, extra ? {}, name ? "incus-container", ... } :
import ../make-test-python.nix ({ pkgs, lib, extra ? {}, name ? "incus-container", incus ? pkgs.incus-lts, ... } :
let
releases = import ../../release.nix {
@ -28,7 +28,10 @@ in
memorySize = 1024;
diskSize = 4096;
incus.enable = true;
incus = {
enable = true;
package = incus;
};
};
networking.nftables.enable = true;
};
@ -70,51 +73,60 @@ in
machine.succeed("incus exec container mount | grep 'lxcfs on /proc/cpuinfo type fuse.lxcfs'")
machine.succeed("incus exec container mount | grep 'lxcfs on /proc/meminfo type fuse.lxcfs'")
with subtest("Container CPU limits can be managed"):
set_container("limits.cpu 1")
cpuinfo = machine.succeed("incus exec container grep -- -c ^processor /proc/cpuinfo").strip()
assert cpuinfo == "1", f"Wrong number of CPUs reported from /proc/cpuinfo, want: 1, got: {cpuinfo}"
with subtest("resource limits"):
with subtest("Container CPU limits can be managed"):
set_container("limits.cpu 1")
cpuinfo = machine.succeed("incus exec container grep -- -c ^processor /proc/cpuinfo").strip()
assert cpuinfo == "1", f"Wrong number of CPUs reported from /proc/cpuinfo, want: 1, got: {cpuinfo}"
set_container("limits.cpu 2")
cpuinfo = machine.succeed("incus exec container grep -- -c ^processor /proc/cpuinfo").strip()
assert cpuinfo == "2", f"Wrong number of CPUs reported from /proc/cpuinfo, want: 2, got: {cpuinfo}"
set_container("limits.cpu 2")
cpuinfo = machine.succeed("incus exec container grep -- -c ^processor /proc/cpuinfo").strip()
assert cpuinfo == "2", f"Wrong number of CPUs reported from /proc/cpuinfo, want: 2, got: {cpuinfo}"
with subtest("Container memory limits can be managed"):
set_container("limits.memory 64MB")
meminfo = machine.succeed("incus exec container grep -- MemTotal /proc/meminfo").strip()
meminfo_bytes = " ".join(meminfo.split(' ')[-2:])
assert meminfo_bytes == "62500 kB", f"Wrong amount of memory reported from /proc/meminfo, want: '62500 kB', got: '{meminfo_bytes}'"
with subtest("Container memory limits can be managed"):
set_container("limits.memory 64MB")
meminfo = machine.succeed("incus exec container grep -- MemTotal /proc/meminfo").strip()
meminfo_bytes = " ".join(meminfo.split(' ')[-2:])
assert meminfo_bytes == "62500 kB", f"Wrong amount of memory reported from /proc/meminfo, want: '62500 kB', got: '{meminfo_bytes}'"
set_container("limits.memory 128MB")
meminfo = machine.succeed("incus exec container grep -- MemTotal /proc/meminfo").strip()
meminfo_bytes = " ".join(meminfo.split(' ')[-2:])
assert meminfo_bytes == "125000 kB", f"Wrong amount of memory reported from /proc/meminfo, want: '125000 kB', got: '{meminfo_bytes}'"
set_container("limits.memory 128MB")
meminfo = machine.succeed("incus exec container grep -- MemTotal /proc/meminfo").strip()
meminfo_bytes = " ".join(meminfo.split(' ')[-2:])
assert meminfo_bytes == "125000 kB", f"Wrong amount of memory reported from /proc/meminfo, want: '125000 kB', got: '{meminfo_bytes}'"
with subtest("lxc-container generator configures plain container"):
# reuse the existing container to save some time
machine.succeed("incus exec container test -- -e /run/systemd/system/service.d/zzz-lxc-service.conf")
check_sysctl("container")
with subtest("lxc-generator"):
with subtest("lxc-container generator configures plain container"):
# reuse the existing container to save some time
machine.succeed("incus exec container test -- -e /run/systemd/system/service.d/zzz-lxc-service.conf")
check_sysctl("container")
with subtest("lxc-container generator configures nested container"):
machine.execute("incus delete --force container")
machine.succeed("incus launch nixos container --config security.nesting=true")
with machine.nested("Waiting for instance to start and be usable"):
retry(instance_is_up)
with subtest("lxc-container generator configures nested container"):
machine.execute("incus delete --force container")
machine.succeed("incus launch nixos container --config security.nesting=true")
with machine.nested("Waiting for instance to start and be usable"):
retry(instance_is_up)
machine.fail("incus exec container test -- -e /run/systemd/system/service.d/zzz-lxc-service.conf")
target = machine.succeed("incus exec container readlink -- -f /run/systemd/system/systemd-binfmt.service").strip()
assert target == "/dev/null", "lxc generator did not correctly mask /run/systemd/system/systemd-binfmt.service"
machine.fail("incus exec container test -- -e /run/systemd/system/service.d/zzz-lxc-service.conf")
target = machine.succeed("incus exec container readlink -- -f /run/systemd/system/systemd-binfmt.service").strip()
assert target == "/dev/null", "lxc generator did not correctly mask /run/systemd/system/systemd-binfmt.service"
check_sysctl("container")
check_sysctl("container")
with subtest("lxc-container generator configures privileged container"):
machine.execute("incus delete --force container")
machine.succeed("incus launch nixos container --config security.privileged=true")
with machine.nested("Waiting for instance to start and be usable"):
retry(instance_is_up)
with subtest("lxc-container generator configures privileged container"):
machine.execute("incus delete --force container")
machine.succeed("incus launch nixos container --config security.privileged=true")
with machine.nested("Waiting for instance to start and be usable"):
retry(instance_is_up)
machine.succeed("incus exec container test -- -e /run/systemd/system/service.d/zzz-lxc-service.conf")
machine.succeed("incus exec container test -- -e /run/systemd/system/service.d/zzz-lxc-service.conf")
check_sysctl("container")
check_sysctl("container")
with subtest("softDaemonRestart"):
with subtest("Instance remains running when softDaemonRestart is enabled and services is stopped"):
pid = machine.succeed("incus info container | grep 'PID'").split(":")[1].strip()
machine.succeed(f"ps {pid}")
machine.succeed("systemctl stop incus")
machine.succeed(f"ps {pid}")
'';
})

21
nixos/tests/incus/default.nix
View File

@ -3,24 +3,27 @@
config ? { },
pkgs ? import ../../.. { inherit system config; },
handleTestOn,
incus ? pkgs.incus-lts,
}:
{
container-legacy-init = import ./container.nix {
name = "container-legacy-init";
inherit system pkgs;
inherit incus system pkgs;
};
container-systemd-init = import ./container.nix {
name = "container-systemd-init";
inherit system pkgs;
inherit incus system pkgs;
extra = {
boot.initrd.systemd.enable = true;
};
};
lxd-to-incus = import ./lxd-to-incus.nix { inherit system pkgs; };
openvswitch = import ./openvswitch.nix { inherit system pkgs; };
preseed = import ./preseed.nix { inherit system pkgs; };
socket-activated = import ./socket-activated.nix { inherit system pkgs; };
storage = import ./storage.nix { inherit system pkgs; };
ui = import ./ui.nix { inherit system pkgs; };
virtual-machine = handleTestOn [ "x86_64-linux" ] ./virtual-machine.nix { inherit system pkgs; };
incusd-options = import ./incusd-options.nix { inherit incus system pkgs; };
lxd-to-incus = import ./lxd-to-incus.nix { inherit incus system pkgs; };
openvswitch = import ./openvswitch.nix { inherit incus system pkgs; };
socket-activated = import ./socket-activated.nix { inherit incus system pkgs; };
storage = import ./storage.nix { inherit incus system pkgs; };
ui = import ./ui.nix { inherit incus system pkgs; };
virtual-machine = handleTestOn [ "x86_64-linux" ] ./virtual-machine.nix {
inherit incus system pkgs;
};
}

110
nixos/tests/incus/incusd-options.nix Normal file
View File

@ -0,0 +1,110 @@
# this is a set of tests for non-default options. typically the default options
# will be handled by the other tests
import ../make-test-python.nix (
{
pkgs,
lib,
incus ? pkgs.incus-lts,
...
}:
let
releases = import ../../release.nix {
configuration = {
# Building documentation makes the test unnecessarily take a longer time:
documentation.enable = lib.mkForce false;
};
};
container-image-metadata = releases.lxdContainerMeta.${pkgs.stdenv.hostPlatform.system};
container-image-rootfs = releases.lxdContainerImage.${pkgs.stdenv.hostPlatform.system};
in
{
name = "incusd-options";
meta = {
maintainers = lib.teams.lxc.members;
};
nodes.machine = {
virtualisation = {
cores = 2;
memorySize = 1024;
diskSize = 4096;
incus = {
enable = true;
package = incus;
softDaemonRestart = false;
preseed = {
networks = [
{
name = "nixostestbr0";
type = "bridge";
config = {
"ipv4.address" = "10.0.100.1/24";
"ipv4.nat" = "true";
};
}
];
profiles = [
{
name = "default";
devices = {
eth0 = {
name = "eth0";
network = "nixostestbr0";
type = "nic";
};
root = {
path = "/";
pool = "nixostest_pool";
size = "35GiB";
type = "disk";
};
};
}
];
storage_pools = [
{
name = "nixostest_pool";
driver = "dir";
}
];
};
};
};
networking.nftables.enable = true;
};
testScript = ''
def instance_is_up(_) -> bool:
status, _ = machine.execute("incus exec container --disable-stdin --force-interactive /run/current-system/sw/bin/systemctl -- is-system-running")
return status == 0
machine.wait_for_unit("incus.service")
machine.wait_for_unit("incus-preseed.service")
with subtest("Container image can be imported"):
machine.succeed("incus image import ${container-image-metadata}/*/*.tar.xz ${container-image-rootfs}/*/*.tar.xz --alias nixos")
with subtest("Container can be launched and managed"):
machine.succeed("incus launch nixos container")
with machine.nested("Waiting for instance to start and be usable"):
retry(instance_is_up)
machine.succeed("echo true | incus exec container /run/current-system/sw/bin/bash -")
with subtest("Verify preseed resources created"):
machine.succeed("incus profile show default")
machine.succeed("incus network info nixostestbr0")
machine.succeed("incus storage show nixostest_pool")
with subtest("Instance is stopped when softDaemonRestart is disabled and services is stopped"):
pid = machine.succeed("incus info container | grep 'PID'").split(":")[1].strip()
machine.succeed(f"ps {pid}")
machine.succeed("systemctl stop incus")
machine.fail(f"ps {pid}")
'';
}
)

12
nixos/tests/incus/lxd-to-incus.nix
View File

@ -1,6 +1,11 @@
import ../make-test-python.nix (
{ pkgs, lib, ... }:
{
pkgs,
lib,
incus ? pkgs.incus-lts,
...
}:
let
releases = import ../../release.nix { configuration.documentation.enable = lib.mkForce false; };
@ -65,7 +70,10 @@ import ../make-test-python.nix (
];
};
incus.enable = true;
incus = {
enable = true;
package = incus;
};
};
networking.nftables.enable = true;
};

8
nixos/tests/incus/openvswitch.nix
View File

@ -1,4 +1,4 @@
import ../make-test-python.nix ({ pkgs, lib, ... } :
import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... } :
{
name = "incus-openvswitch";
@ -9,7 +9,11 @@ import ../make-test-python.nix ({ pkgs, lib, ... } :
nodes.machine = { lib, ... }: {
virtualisation = {
incus.enable = true;
incus = {
enable = true;
package = incus;
};
vswitch.enable = true;
incus.preseed = {
networks = [

63
nixos/tests/incus/preseed.nix
View File

@ -1,63 +0,0 @@
import ../make-test-python.nix ({ pkgs, lib, ... } :
{
name = "incus-preseed";
meta = {
maintainers = lib.teams.lxc.members;
};
nodes.machine = { lib, ... }: {
virtualisation = {
incus.enable = true;
incus.preseed = {
networks = [
{
name = "nixostestbr0";
type = "bridge";
config = {
"ipv4.address" = "10.0.100.1/24";
"ipv4.nat" = "true";
};
}
];
profiles = [
{
name = "nixostest_default";
devices = {
eth0 = {
name = "eth0";
network = "nixostestbr0";
type = "nic";
};
root = {
path = "/";
pool = "default";
size = "35GiB";
type = "disk";
};
};
}
];
storage_pools = [
{
name = "nixostest_pool";
driver = "dir";
}
];
};
};
networking.nftables.enable = true;
};
testScript = ''
machine.wait_for_unit("incus.service")
machine.wait_for_unit("incus-preseed.service")
with subtest("Verify preseed resources created"):
machine.succeed("incus profile show nixostest_default")
machine.succeed("incus network info nixostestbr0")
machine.succeed("incus storage show nixostest_pool")
'';
})

9
nixos/tests/incus/socket-activated.nix
View File

@ -1,4 +1,4 @@
import ../make-test-python.nix ({ pkgs, lib, ... } :
import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... } :
{
name = "incus-socket-activated";
@ -9,8 +9,11 @@ import ../make-test-python.nix ({ pkgs, lib, ... } :
nodes.machine = { lib, ... }: {
virtualisation = {
incus.enable = true;
incus.socketActivation = true;
incus = {
enable = true;
package = incus;
socketActivation = true;
};
};
networking.nftables.enable = true;
};

12
nixos/tests/incus/storage.nix
View File

@ -1,5 +1,10 @@
import ../make-test-python.nix (
{ pkgs, lib, ... }:
{
pkgs,
lib,
incus ? pkgs.incus-lts,
...
}:
{
name = "incus-storage";
@ -19,7 +24,10 @@ import ../make-test-python.nix (
virtualisation = {
emptyDiskImages = [ 2048 ];
incus.enable = true;
incus = {
enable = true;
package = incus;
};
};
};

7
nixos/tests/incus/ui.nix
View File

@ -1,4 +1,4 @@
import ../make-test-python.nix ({ pkgs, lib, ... }: {
import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... }: {
name = "incus-ui";
meta = {
@ -7,7 +7,10 @@ import ../make-test-python.nix ({ pkgs, lib, ... }: {
nodes.machine = { lib, ... }: {
virtualisation = {
incus.enable = true;
incus = {
enable = true;
package = incus;
};
incus.ui.enable = true;
};
networking.nftables.enable = true;

13
nixos/tests/incus/virtual-machine.nix
View File

@ -1,4 +1,4 @@
import ../make-test-python.nix ({ pkgs, lib, ... }:
import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... }:
let
releases = import ../../release.nix {
@ -33,7 +33,10 @@ in
# Provide a TPM to test vTPM support for guests
tpm.enable = true;
incus.enable = true;
incus = {
enable = true;
package = incus;
};
};
networking.nftables.enable = true;
};
@ -75,5 +78,11 @@ in
machine.succeed("incus config set ${instance-name} limits.cpu=2")
count = int(machine.succeed("incus exec ${instance-name} -- nproc").strip())
assert count == 2, f"Wrong number of CPUs reported, want: 2, got: {count}"
with subtest("Instance remains running when softDaemonRestart is enabled and services is stopped"):
pid = machine.succeed("incus info ${instance-name} | grep 'PID'").split(":")[1].strip()
machine.succeed(f"ps {pid}")
machine.succeed("systemctl stop incus")
machine.succeed(f"ps {pid}")
'';
})

18
nixos/tests/k3s/default.nix
View File

@ -1,16 +1,20 @@
{ system ? builtins.currentSystem
, pkgs ? import ../../.. { inherit system; }
, lib ? pkgs.lib
{
system ? builtins.currentSystem,
pkgs ? import ../../.. { inherit system; },
lib ? pkgs.lib,
}:
let
allK3s = lib.filterAttrs (n: _: lib.strings.hasPrefix "k3s_" n) pkgs;
in
{
# Testing K3s with Etcd backend
etcd = lib.mapAttrs (_: k3s: import ./etcd.nix {
inherit system pkgs k3s;
inherit (pkgs) etcd;
}) allK3s;
etcd = lib.mapAttrs (
_: k3s:
import ./etcd.nix {
inherit system pkgs k3s;
inherit (pkgs) etcd;
}
) allK3s;
# Run a single node k3s cluster and verify a pod can run
single-node = lib.mapAttrs (_: k3s: import ./single-node.nix { inherit system pkgs k3s; }) allK3s;
# Run a multi-node k3s cluster and verify pod networking works across nodes

196
nixos/tests/k3s/etcd.nix
View File

@ -1,100 +1,130 @@
import ../make-test-python.nix ({ pkgs, lib, k3s, etcd, ... }:
import ../make-test-python.nix (
{
pkgs,
lib,
k3s,
etcd,
...
}:
{
name = "${k3s.name}-etcd";
{
name = "${k3s.name}-etcd";
nodes = {
nodes = {
etcd = { ... }: {
services.etcd = {
enable = true;
openFirewall = true;
listenClientUrls = [ "http://192.168.1.1:2379" "http://127.0.0.1:2379" ];
listenPeerUrls = [ "http://192.168.1.1:2380" ];
initialAdvertisePeerUrls = [ "http://192.168.1.1:2380" ];
initialCluster = [ "etcd=http://192.168.1.1:2380" ];
};
networking = {
useDHCP = false;
defaultGateway = "192.168.1.1";
interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{ address = "192.168.1.1"; prefixLength = 24; }
];
};
};
k3s = { pkgs, ... }: {
environment.systemPackages = with pkgs; [ jq ];
# k3s uses enough resources the default vm fails.
virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096;
services.k3s = {
enable = true;
role = "server";
extraFlags = builtins.toString [
"--datastore-endpoint=\"http://192.168.1.1:2379\""
"--disable" "coredns"
"--disable" "local-storage"
"--disable" "metrics-server"
"--disable" "servicelb"
"--disable" "traefik"
"--node-ip" "192.168.1.2"
];
};
networking = {
firewall = {
allowedTCPPorts = [ 2379 2380 6443 ];
allowedUDPPorts = [ 8472 ];
etcd =
{ ... }:
{
services.etcd = {
enable = true;
openFirewall = true;
listenClientUrls = [
"http://192.168.1.1:2379"
"http://127.0.0.1:2379"
];
listenPeerUrls = [ "http://192.168.1.1:2380" ];
initialAdvertisePeerUrls = [ "http://192.168.1.1:2380" ];
initialCluster = [ "etcd=http://192.168.1.1:2380" ];
};
networking = {
useDHCP = false;
defaultGateway = "192.168.1.1";
interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{
address = "192.168.1.1";
prefixLength = 24;
}
];
};
};
k3s =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ jq ];
# k3s uses enough resources the default vm fails.
virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096;
services.k3s = {
enable = true;
role = "server";
extraFlags = builtins.toString [
"--datastore-endpoint=\"http://192.168.1.1:2379\""
"--disable"
"coredns"
"--disable"
"local-storage"
"--disable"
"metrics-server"
"--disable"
"servicelb"
"--disable"
"traefik"
"--node-ip"
"192.168.1.2"
];
};
networking = {
firewall = {
allowedTCPPorts = [
2379
2380
6443
];
allowedUDPPorts = [ 8472 ];
};
useDHCP = false;
defaultGateway = "192.168.1.2";
interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{
address = "192.168.1.2";
prefixLength = 24;
}
];
};
};
useDHCP = false;
defaultGateway = "192.168.1.2";
interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{ address = "192.168.1.2"; prefixLength = 24; }
];
};
};
};
testScript = ''
with subtest("should start etcd"):
etcd.start()
etcd.wait_for_unit("etcd.service")
testScript = ''
with subtest("should start etcd"):
etcd.start()
etcd.wait_for_unit("etcd.service")
with subtest("should wait for etcdctl endpoint status to succeed"):
etcd.wait_until_succeeds("etcdctl endpoint status")
with subtest("should wait for etcdctl endpoint status to succeed"):
etcd.wait_until_succeeds("etcdctl endpoint status")
with subtest("should start k3s"):
k3s.start()
k3s.wait_for_unit("k3s")
with subtest("should start k3s"):
k3s.start()
k3s.wait_for_unit("k3s")
with subtest("should test if kubectl works"):
k3s.wait_until_succeeds("k3s kubectl get node")
with subtest("should test if kubectl works"):
k3s.wait_until_succeeds("k3s kubectl get node")
with subtest("should wait for service account to show up; takes a sec"):
k3s.wait_until_succeeds("k3s kubectl get serviceaccount default")
with subtest("should wait for service account to show up; takes a sec"):
k3s.wait_until_succeeds("k3s kubectl get serviceaccount default")
with subtest("should create a sample secret object"):
k3s.succeed("k3s kubectl create secret generic nixossecret --from-literal thesecret=abacadabra")
with subtest("should create a sample secret object"):
k3s.succeed("k3s kubectl create secret generic nixossecret --from-literal thesecret=abacadabra")
with subtest("should check if secret is correct"):
k3s.wait_until_succeeds("[[ $(kubectl get secrets nixossecret -o json | jq -r .data.thesecret | base64 -d) == abacadabra ]]")
with subtest("should check if secret is correct"):
k3s.wait_until_succeeds("[[ $(kubectl get secrets nixossecret -o json | jq -r .data.thesecret | base64 -d) == abacadabra ]]")
with subtest("should have a secret in database"):
etcd.wait_until_succeeds("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]")
with subtest("should have a secret in database"):
etcd.wait_until_succeeds("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]")
with subtest("should delete the secret"):
k3s.succeed("k3s kubectl delete secret nixossecret")
with subtest("should delete the secret"):
k3s.succeed("k3s kubectl delete secret nixossecret")
with subtest("should not have a secret in database"):
etcd.wait_until_fails("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]")
with subtest("should not have a secret in database"):
etcd.wait_until_fails("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]")
with subtest("should shutdown k3s and etcd"):
k3s.shutdown()
etcd.shutdown()
'';
with subtest("should shutdown k3s and etcd"):
k3s.shutdown()
etcd.shutdown()
'';
meta.maintainers = etcd.meta.maintainers ++ k3s.meta.maintainers;
})
meta.maintainers = etcd.meta.maintainers ++ k3s.meta.maintainers;
}
)

218
nixos/tests/k3s/multi-node.nix
View File

@ -1,14 +1,30 @@
import ../make-test-python.nix ({ pkgs, lib, k3s, ... }:
import ../make-test-python.nix (
{
pkgs,
lib,
k3s,
...
}:
let
imageEnv = pkgs.buildEnv {
name = "k3s-pause-image-env";
paths = with pkgs; [ tini bashInteractive coreutils socat ];
paths = with pkgs; [
tini
bashInteractive
coreutils
socat
];
};
pauseImage = pkgs.dockerTools.streamLayeredImage {
name = "test.local/pause";
tag = "local";
contents = imageEnv;
config.Entrypoint = [ "/bin/tini" "--" "/bin/sleep" "inf" ];
config.Entrypoint = [
"/bin/tini"
"--"
"/bin/sleep"
"inf"
];
};
# A daemonset that responds 'server' on port 8000
networkTestDaemonset = pkgs.writeText "test.yml" ''
@ -42,90 +58,135 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, ... }:
name = "${k3s.name}-multi-node";
nodes = {
server = { pkgs, ... }: {
environment.systemPackages = with pkgs; [ gzip jq ];
# k3s uses enough resources the default vm fails.
virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096;
server =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gzip
jq
];
# k3s uses enough resources the default vm fails.
virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096;
services.k3s = {
inherit tokenFile;
enable = true;
role = "server";
package = k3s;
clusterInit = true;
extraFlags = builtins.toString [
"--disable" "coredns"
"--disable" "local-storage"
"--disable" "metrics-server"
"--disable" "servicelb"
"--disable" "traefik"
"--node-ip" "192.168.1.1"
"--pause-image" "test.local/pause:local"
services.k3s = {
inherit tokenFile;
enable = true;
role = "server";
package = k3s;
clusterInit = true;
extraFlags = builtins.toString [
"--disable"
"coredns"
"--disable"
"local-storage"
"--disable"
"metrics-server"
"--disable"
"servicelb"
"--disable"
"traefik"
"--node-ip"
"192.168.1.1"
"--pause-image"
"test.local/pause:local"
];
};
networking.firewall.allowedTCPPorts = [
2379
2380
6443
];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.1";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{
address = "192.168.1.1";
prefixLength = 24;
}
];
};
networking.firewall.allowedTCPPorts = [ 2379 2380 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.1";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{ address = "192.168.1.1"; prefixLength = 24; }
];
};
server2 = { pkgs, ... }: {
environment.systemPackages = with pkgs; [ gzip jq ];
virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096;
server2 =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gzip
jq
];
virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096;
services.k3s = {
inherit tokenFile;
enable = true;
serverAddr = "https://192.168.1.1:6443";
clusterInit = false;
extraFlags = builtins.toString [
"--disable" "coredns"
"--disable" "local-storage"
"--disable" "metrics-server"
"--disable" "servicelb"
"--disable" "traefik"
"--node-ip" "192.168.1.3"
"--pause-image" "test.local/pause:local"
services.k3s = {
inherit tokenFile;
enable = true;
serverAddr = "https://192.168.1.1:6443";
clusterInit = false;
extraFlags = builtins.toString [
"--disable"
"coredns"
"--disable"
"local-storage"
"--disable"
"metrics-server"
"--disable"
"servicelb"
"--disable"
"traefik"
"--node-ip"
"192.168.1.3"
"--pause-image"
"test.local/pause:local"
];
};
networking.firewall.allowedTCPPorts = [
2379
2380
6443
];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.3";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{
address = "192.168.1.3";
prefixLength = 24;
}
];
};
networking.firewall.allowedTCPPorts = [ 2379 2380 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.3";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{ address = "192.168.1.3"; prefixLength = 24; }
];
};
agent = { pkgs, ... }: {
virtualisation.memorySize = 1024;
virtualisation.diskSize = 2048;
services.k3s = {
inherit tokenFile;
enable = true;
role = "agent";
serverAddr = "https://192.168.1.3:6443";
extraFlags = lib.concatStringsSep " " [
"--pause-image" "test.local/pause:local"
"--node-ip" "192.168.1.2"
agent =
{ pkgs, ... }:
{
virtualisation.memorySize = 1024;
virtualisation.diskSize = 2048;
services.k3s = {
inherit tokenFile;
enable = true;
role = "agent";
serverAddr = "https://192.168.1.3:6443";
extraFlags = lib.concatStringsSep " " [
"--pause-image"
"test.local/pause:local"
"--node-ip"
"192.168.1.2"
];
};
networking.firewall.allowedTCPPorts = [ 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.2";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{
address = "192.168.1.2";
prefixLength = 24;
}
];
};
networking.firewall.allowedTCPPorts = [ 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.2";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{ address = "192.168.1.2"; prefixLength = 24; }
];
};
};
meta.maintainers = k3s.meta.maintainers;
@ -178,4 +239,5 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, ... }:
for m in machines:
m.shutdown()
'';
})
}
)

139
nixos/tests/k3s/single-node.nix
View File

@ -1,14 +1,29 @@
import ../make-test-python.nix ({ pkgs, lib, k3s, ... }:
import ../make-test-python.nix (
{
pkgs,
lib,
k3s,
...
}:
let
imageEnv = pkgs.buildEnv {
name = "k3s-pause-image-env";
paths = with pkgs; [ tini (hiPrio coreutils) busybox ];
paths = with pkgs; [
tini
(hiPrio coreutils)
busybox
];
};
pauseImage = pkgs.dockerTools.streamLayeredImage {
name = "test.local/pause";
tag = "local";
contents = imageEnv;
config.Entrypoint = [ "/bin/tini" "--" "/bin/sleep" "inf" ];
config.Entrypoint = [
"/bin/tini"
"--"
"/bin/sleep"
"inf"
];
};
testPodYaml = pkgs.writeText "test.yml" ''
apiVersion: v1
@ -27,69 +42,83 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, ... }:
name = "${k3s.name}-single-node";
meta.maintainers = k3s.meta.maintainers;
nodes.machine = { pkgs, ... }: {
environment.systemPackages = with pkgs; [ k3s gzip ];
nodes.machine =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
k3s
gzip
];
# k3s uses enough resources the default vm fails.
virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096;
# k3s uses enough resources the default vm fails.
virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096;
services.k3s.enable = true;
services.k3s.role = "server";
services.k3s.package = k3s;
# Slightly reduce resource usage
services.k3s.extraFlags = builtins.toString [
"--disable" "coredns"
"--disable" "local-storage"
"--disable" "metrics-server"
"--disable" "servicelb"
"--disable" "traefik"
"--pause-image" "test.local/pause:local"
];
services.k3s.enable = true;
services.k3s.role = "server";
services.k3s.package = k3s;
# Slightly reduce resource usage
services.k3s.extraFlags = builtins.toString [
"--disable"
"coredns"
"--disable"
"local-storage"
"--disable"
"metrics-server"
"--disable"
"servicelb"
"--disable"
"traefik"
"--pause-image"
"test.local/pause:local"
];
users.users = {
noprivs = {
isNormalUser = true;
description = "Can't access k3s by default";
password = "*";
users.users = {
noprivs = {
isNormalUser = true;
description = "Can't access k3s by default";
password = "*";
};
};
};
};
testScript = ''
start_all()
testScript =
''
start_all()
machine.wait_for_unit("k3s")
machine.succeed("kubectl cluster-info")
machine.fail("sudo -u noprivs kubectl cluster-info")
machine.wait_for_unit("k3s")
machine.succeed("kubectl cluster-info")
machine.fail("sudo -u noprivs kubectl cluster-info")
'' # Fix-Me: Tests fail for 'aarch64-linux' as: "CONFIG_CGROUP_FREEZER: missing (fail)"
+ lib.optionalString (!pkgs.stdenv.isAarch64) ''machine.succeed("k3s check-config")'' + ''
+ lib.optionalString (!pkgs.stdenv.isAarch64) ''machine.succeed("k3s check-config")''
+ ''
machine.succeed(
"${pauseImage} | ctr image import -"
)
machine.succeed(
"${pauseImage} | ctr image import -"
)
# Also wait for our service account to show up; it takes a sec
machine.wait_until_succeeds("kubectl get serviceaccount default")
machine.succeed("kubectl apply -f ${testPodYaml}")
machine.succeed("kubectl wait --for 'condition=Ready' pod/test")
machine.succeed("kubectl delete -f ${testPodYaml}")
# Also wait for our service account to show up; it takes a sec
machine.wait_until_succeeds("kubectl get serviceaccount default")
machine.succeed("kubectl apply -f ${testPodYaml}")
machine.succeed("kubectl wait --for 'condition=Ready' pod/test")
machine.succeed("kubectl delete -f ${testPodYaml}")
# regression test for #176445
machine.fail("journalctl -o cat -u k3s.service | grep 'ipset utility not found'")
# regression test for #176445
machine.fail("journalctl -o cat -u k3s.service | grep 'ipset utility not found'")
with subtest("Run k3s-killall"):
# Call the killall script with a clean path to assert that
# all required commands are wrapped
output = machine.succeed("PATH= ${k3s}/bin/k3s-killall.sh 2>&1 | tee /dev/stderr")
assert "command not found" not in output, "killall script contains unknown command"
with subtest("Run k3s-killall"):
# Call the killall script with a clean path to assert that
# all required commands are wrapped
output = machine.succeed("PATH= ${k3s}/bin/k3s-killall.sh 2>&1 | tee /dev/stderr")
assert "command not found" not in output, "killall script contains unknown command"
# Check that killall cleaned up properly
machine.fail("systemctl is-active k3s.service")
machine.fail("systemctl list-units | grep containerd")
machine.fail("ip link show | awk -F': ' '{print $2}' | grep -e flannel -e cni0")
machine.fail("ip netns show | grep cni-")
# Check that killall cleaned up properly
machine.fail("systemctl is-active k3s.service")
machine.fail("systemctl list-units | grep containerd")
machine.fail("ip link show | awk -F': ' '{print $2}' | grep -e flannel -e cni0")
machine.fail("ip netns show | grep cni-")
machine.shutdown()
'';
})
machine.shutdown()
'';
}
)

90
nixos/tests/logrotate.nix
View File

@ -16,52 +16,60 @@ import ./make-test-python.nix ({ pkgs, ... }: rec {
};
nodes = {
defaultMachine = { ... }: { };
defaultMachine = { ... }: {
services.logrotate.enable = true;
};
failingMachine = { ... }: {
services.logrotate.configFile = pkgs.writeText "logrotate.conf" ''
# self-written config file
su notarealuser notagroupeither
'';
services.logrotate = {
enable = true;
configFile = pkgs.writeText "logrotate.conf" ''
# self-written config file
su notarealuser notagroupeither
'';
};
};
machine = { config, ... }: {
imports = [ importTest ];
services.logrotate.settings = {
# remove default frequency header and add another
header = {
frequency = null;
delaycompress = true;
};
# extra global setting... affecting nothing
last_line = {
global = true;
priority = 2000;
shred = true;
};
# using mail somewhere should add --mail to logrotate invocation
sendmail = {
mail = "user@domain.tld";
};
# postrotate should be suffixed by 'endscript'
postrotate = {
postrotate = "touch /dev/null";
};
# check checkConfig works as expected: there is nothing to check here
# except that the file build passes
checkConf = {
su = "root utmp";
createolddir = "0750 root utmp";
create = "root utmp";
"create " = "0750 root utmp";
};
# multiple paths should be aggregated
multipath = {
files = [ "file1" "file2" ];
};
# overriding imported path should keep existing attributes
# (e.g. olddir is still set)
import = {
notifempty = true;
services.logrotate = {
enable = true;
settings = {
# remove default frequency header and add another
header = {
frequency = null;
delaycompress = true;
};
# extra global setting... affecting nothing
last_line = {
global = true;
priority = 2000;
shred = true;
};
# using mail somewhere should add --mail to logrotate invocation
sendmail = {
mail = "user@domain.tld";
};
# postrotate should be suffixed by 'endscript'
postrotate = {
postrotate = "touch /dev/null";
};
# check checkConfig works as expected: there is nothing to check here
# except that the file build passes
checkConf = {
su = "root utmp";
createolddir = "0750 root utmp";
create = "root utmp";
"create " = "0750 root utmp";
};
# multiple paths should be aggregated
multipath = {
files = [ "file1" "file2" ];
};
# overriding imported path should keep existing attributes
# (e.g. olddir is still set)
import = {
notifempty = true;
};
};
};
};

4
nixos/tests/web-apps/pretalx.nix
View File

@ -27,5 +27,9 @@
pretalx.wait_for_unit("pretalx-worker.service")
pretalx.wait_until_succeeds("curl -q --fail http://talks.local/orga/")
pretalx.succeed("pretalx-manage --help")
pretalx.log(pretalx.succeed("systemd-analyze security pretalx-web.service"))
'';
}

187
pkgs/applications/audio/beast/patch.patch
View File

@ -1,187 +0,0 @@
Index: beast-0.7.1/shell/Makefile.in
===================================================================
--- beast-0.7.1.orig/shell/Makefile.in
+++ beast-0.7.1/shell/Makefile.in
@@ -859,10 +859,7 @@ check-before: check-installation
check-installation:
@for p in $(bin_PROGRAMS) ; do \
pp="$(DESTDIR)$(bindir)/$$p" ; \
- echo "TEST: test -x \"$$pp\"" ; \
- test -x "$$pp" || \
- { echo "Failed to verify installation of executable: $$pp"; \
- exit 1 ; } \
+ echo "TEST: test -x \"$$pp\" Test disabled" ; \
done
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
Index: beast-0.7.1/shell/Makefile.am
===================================================================
--- beast-0.7.1.orig/shell/Makefile.am
+++ beast-0.7.1/shell/Makefile.am
@@ -859,10 +859,7 @@ check-before: check-installation
check-installation:
@for p in $(bin_PROGRAMS) ; do \
pp="$(DESTDIR)$(bindir)/$$p" ; \
- echo "TEST: test -x \"$$pp\"" ; \
- test -x "$$pp" || \
- { echo "Failed to verify installation of executable: $$pp"; \
- exit 1 ; } \
+ echo "TEST: test -x \"$$pp\" Test disabled" ; \
done
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
Index: beast-0.7.1/birnet/birnettests.h
===================================================================
--- beast-0.7.1.orig/birnet/birnettests.h
+++ beast-0.7.1/birnet/birnettests.h
@@ -27,6 +27,7 @@
#include <glib.h>
#include <string.h>
+#include <signal.h>
BIRNET_EXTERN_C_BEGIN();
Index: beast-0.7.1/tools/bseloopfuncs.c
===================================================================
--- beast-0.7.1.orig/tools/bseloopfuncs.c
+++ beast-0.7.1/tools/bseloopfuncs.c
@@ -21,6 +21,7 @@
#include <string.h>
#include <stdio.h>
#include <math.h>
+#include <signal.h>
typedef struct {
gdouble score;
--- beast-0.7.1.orig/bse/Makefile.am 2008-06-01 13:12:28.116708321 +0200
+++ beast-0.7.1/bse/Makefile.am 2008-06-01 13:12:40.000000000 +0200
@@ -10,7 +10,7 @@
# need -I$(top_builddir) for <sfi/sficonfig.h>
# need -I$(srcdir) for "bseserver.h" in .genprc.c
# need -I. (builddir) for "bsecore.genidl.hh" in bsecore.cc
-INCLUDES += -I$(top_srcdir) -I$(top_builddir) -I$(srcdir) -I. $(BSE_CFLAGS) -DG_DISABLE_DEPRECATED -DG_DISABLE_CONST_RETURNS
+INCLUDES += -I$(top_srcdir) -I$(top_builddir) -I$(srcdir) -I. $(BSE_CFLAGS) -DG_DISABLE_CONST_RETURNS
DEFS += $(strip \
$(patsubst %, -DG_LOG_DOMAIN=\"BSE\" -DBSE_COMPILATION, \
$(filter $(<F), $(bse_sources) $(bse_sources))) \
--- beast-0.7.1.orig/bse/zintern/Makefile.am 2008-06-01 13:14:25.880028999 +0200
+++ beast-0.7.1/bse/zintern/Makefile.am 2008-06-01 13:14:38.000000000 +0200
@@ -4,7 +4,7 @@
## GNU Lesser General Public License version 2 or any later version.
include $(top_srcdir)/Makefile.decl
-INCLUDES += -I$(top_srcdir) -I$(top_builddir) $(BSE_CFLAGS) -DG_DISABLE_DEPRECATED -DG_DISABLE_CONST_RETURNS
+INCLUDES += -I$(top_srcdir) -I$(top_builddir) $(BSE_CFLAGS) -DG_DISABLE_CONST_RETURNS
ZFILE_DEFS = $(strip \
wave-mono $(srcdir)/wave-mono.bse \
--- a/configure.in 2008-06-01 15:19:46.000000000 +0200
+++ b/configure.in 2008-06-01 15:27:45.000000000 +0200
@@ -159,39 +159,33 @@
dnl # Define package requirements.
dnl #
dnl ## include acintltool.m4 to provide IT_PROG_INTLTOOL
-builtin(include, acintltool.m4)dnl
-AC_DEFUN([AC_I18N_REQUIREMENTS],
-[
- ALL_LINGUAS=`cat "$srcdir/po/LINGUAS" | grep -v '^#' | xargs echo -n `
- AC_SUBST(ALL_LINGUAS)
- AC_SUBST([CONFIG_STATUS_DEPENDENCIES], ['$(top_srcdir)/po/LINGUAS'])
-
- dnl # versioned BEAST gettext domain (po/)
- BST_GETTEXT_DOMAIN=beast-v$BIN_VERSION # version without -rcZ
- AC_SUBST(BST_GETTEXT_DOMAIN)
- AC_DEFINE_UNQUOTED(BST_GETTEXT_DOMAIN, "$BST_GETTEXT_DOMAIN", [Versioned BEAST gettext domain])
- GETTEXT_PACKAGE=$BST_GETTEXT_DOMAIN
- AC_SUBST(GETTEXT_PACKAGE)
-
- dnl # locale directory for all domains
- dnl # (AM_GLIB_DEFINE_LOCALEDIR() could do this if it would do AC_SUBST())
- saved_prefix="$prefix"
- saved_exec_prefix="$exec_prefix"
- test "x$prefix" = xNONE && prefix=$ac_default_prefix
- test "x$exec_prefix" = xNONE && exec_prefix=$prefix
- if test "x$CATOBJEXT" = "x.mo" ; then
- beastlocaledir=`eval echo "${libdir}/locale"`
- else
- beastlocaledir=`eval echo "${datadir}/locale"`
- fi
- exec_prefix="$saved_exec_prefix"
- prefix="$saved_prefix"
- AC_SUBST(beastlocaledir)
-
- dnl # do gettext checks and prepare for intltool
- AM_GLIB_GNU_GETTEXT
- IT_PROG_INTLTOOL
-])
+IT_PROG_INTLTOOL([0.35.0])
+
+dnl # versioned BEAST gettext domain (po/)
+BST_GETTEXT_DOMAIN=beast-v$BIN_VERSION # version without -rcZ
+AC_SUBST(BST_GETTEXT_DOMAIN)
+AC_DEFINE_UNQUOTED(BST_GETTEXT_DOMAIN, "$BST_GETTEXT_DOMAIN", [Versioned BEAST gettext domain])
+GETTEXT_PACKAGE=$BST_GETTEXT_DOMAIN
+AC_SUBST(GETTEXT_PACKAGE)
+
+dnl # locale directory for all domains
+dnl # (AM_GLIB_DEFINE_LOCALEDIR() could do this if it would do AC_SUBST())
+saved_prefix="$prefix"
+saved_exec_prefix="$exec_prefix"
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+test "x$exec_prefix" = xNONE && exec_prefix=$prefix
+if test "x$CATOBJEXT" = "x.mo" ; then
+ beastlocaledir=`eval echo "${libdir}/locale"`
+else
+ beastlocaledir=`eval echo "${datadir}/locale"`
+fi
+exec_prefix="$saved_exec_prefix"
+prefix="$saved_prefix"
+AC_SUBST(beastlocaledir)
+
+dnl # do gettext checks and prepare for intltool
+AM_GLIB_GNU_GETTEXT
+
AC_DEFUN([AC_SFI_REQUIREMENTS],
[
dnl # check for GLib libs, libbirnet already provides gthread-2.0 and glib-2.0
@@ -570,7 +564,6 @@
AC_BIRNET_REQUIREMENTS
# Check requirement sets
-AC_I18N_REQUIREMENTS
AC_SFI_REQUIREMENTS
AC_BSE_REQUIREMENTS
AC_BSESCM_REQUIREMENTS
--- a/po/POTFILES.in 2008-06-22 15:12:10.000000000 +0200
+++ b/po/POTFILES.in 2008-06-22 15:13:28.000000000 +0200
@@ -131,3 +131,29 @@
plugins/davxtalstrings.c
plugins/freeverb/bsefreeverb.c
tools/bsewavetool.cc
+
+beast-gtk/bstgentypes.c
+birnet/birnetcpu.cc
+birnet/birnetutils.hh
+bse/bsebus.genprc.c
+bse/bsebusmodule.genidl.hh
+bse/bsecontainer.genprc.c
+bse/bsecore.genidl.hh
+bse/bseieee754.h
+bse/bseladspamodule.c
+bse/bseparasite.genprc.c
+bse/bsesong.genprc.c
+bse/bsesource.genprc.c
+bse/bsetrack.genprc.c
+plugins/artscompressor.genidl.hh
+plugins/bseamplifier.genidl.hh
+plugins/bsebalance.genidl.hh
+plugins/bsecontribsampleandhold.genidl.hh
+plugins/bsenoise.genidl.hh
+plugins/bsequantizer.genidl.hh
+plugins/bsesummation.genidl.hh
+plugins/davbassfilter.genidl.hh
+plugins/davchorus.genidl.hh
+plugins/standardguspatchenvelope.genidl.hh
+plugins/standardsaturator.genidl.hh
+tests/latency/bselatencytest.genidl.hh

5
pkgs/applications/audio/ensemble-chorus/default.nix
View File

@ -12,6 +12,11 @@ stdenv.mkDerivation rec {
fetchSubmodules = true;
};
patches = [
# fix compile error regarding packed attribute in 3rd party juice library
./juice-cxx-packing-fix.diff
];
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [

55
pkgs/applications/audio/ensemble-chorus/juice-cxx-packing-fix.diff Normal file
View File

@ -0,0 +1,55 @@
diff --git a/thirdparty/JUCE/modules/juce_graphics/colour/juce_PixelFormats.h b/thirdparty/JUCE/modules/juce_graphics/colour/juce_PixelFormats.h
index 69a66e4..3e50635 100644
--- a/thirdparty/JUCE/modules/juce_graphics/colour/juce_PixelFormats.h
+++ b/thirdparty/JUCE/modules/juce_graphics/colour/juce_PixelFormats.h
@@ -111,18 +111,10 @@ public:
forcedinline uint8 getGreen() const noexcept { return components.g; }
forcedinline uint8 getBlue() const noexcept { return components.b; }
- #if JUCE_GCC
- // NB these are here as a workaround because GCC refuses to bind to packed values.
- forcedinline uint8& getAlpha() noexcept { return comps [indexA]; }
- forcedinline uint8& getRed() noexcept { return comps [indexR]; }
- forcedinline uint8& getGreen() noexcept { return comps [indexG]; }
- forcedinline uint8& getBlue() noexcept { return comps [indexB]; }
- #else
forcedinline uint8& getAlpha() noexcept { return components.a; }
forcedinline uint8& getRed() noexcept { return components.r; }
forcedinline uint8& getGreen() noexcept { return components.g; }
forcedinline uint8& getBlue() noexcept { return components.b; }
- #endif
//==============================================================================
/** Copies another pixel colour over this one.
@@ -336,21 +328,22 @@ private:
uint8 b, g, r, a;
#endif
#endif
- } JUCE_PACKED;
+ };
+
+ // structure must be packed but using the packed attribute causes compile
+ // failures with newer c++ compilers. Verify default packing produces same layout
+ static_assert(sizeof(Components) == 4, "Components struct is not packed");
union
{
uint32 internal;
Components components;
- #if JUCE_GCC
- uint8 comps[4]; // helper struct needed because gcc does not allow references to packed union members
- #endif
};
-}
-#ifndef DOXYGEN
- JUCE_PACKED
-#endif
-;
+};
+
+// class must be packed but using the packed attribute causes compile
+// failures with newer c++ compilers. Verify default packing produces same layout
+static_assert(sizeof(PixelARGB) == 4, "PixelARGB class is not packed");
//==============================================================================

22
pkgs/applications/audio/flac123/default.nix
View File

@ -1,22 +0,0 @@
{ lib, stdenv, fetchurl, autoreconfHook, flac, libao, libogg, popt }:
stdenv.mkDerivation rec {
pname = "flac123";
version = "0.0.12";
src = fetchurl {
url = "mirror://sourceforge/flac-tools/${pname}-${version}-release.tar.gz";
sha256 = "0zg4ahkg7v81za518x32wldf42g0rrvlrcqhrg9sv3li9bayyxhr";
};
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ flac libao libogg popt ];
meta = with lib; {
homepage = "https://flac-tools.sourceforge.net/";
description = "A command-line program for playing FLAC audio files";
license = licenses.gpl2Plus;
platforms = platforms.all;
mainProgram = "flac123";
};
}

4
pkgs/applications/audio/ft2-clone/default.nix
View File

@ -13,13 +13,13 @@
stdenv.mkDerivation rec {
pname = "ft2-clone";
version = "1.82";
version = "1.83";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "ft2-clone";
rev = "v${version}";
hash = "sha256-qEwPKrgmWYMIwIdgKozG9kghCYp4aoYTX28GqKbuDu4=";
hash = "sha256-JMHLB/a86rfxTxl3GXU+lhYtliR8WOAzWilbWei0K2A=";
};
nativeBuildInputs = [ cmake ];

3
pkgs/applications/audio/mopidy/youtube.nix
View File

@ -2,6 +2,7 @@
, fetchFromGitHub
, python3
, mopidy
, extraPkgs ? pkgs: []
}:
python3.pkgs.buildPythonApplication rec {
@ -25,7 +26,7 @@ python3.pkgs.buildPythonApplication rec {
ytmusicapi
] ++ [
mopidy
];
] ++ extraPkgs pkgs;
nativeCheckInputs = with python3.pkgs; [
vcrpy

2
pkgs/applications/audio/muse/default.nix
View File

@ -81,7 +81,7 @@ stdenv.mkDerivation (finalAttrs: {
it is published under the GNU General Public License.
'';
license = lib.licenses.gpl2Plus;
maintainers = with lib.maintainers; [ eclairevoyant orivej ];
maintainers = with lib.maintainers; [ orivej ];
platforms = lib.platforms.linux;
mainProgram = "muse4";
};

4
pkgs/applications/audio/pyradio/default.nix
View File

@ -6,13 +6,13 @@
python3Packages.buildPythonApplication rec {
pname = "pyradio";
version = "0.9.3.4";
version = "0.9.3.6";
src = fetchFromGitHub {
owner = "coderholic";
repo = "pyradio";
rev = "refs/tags/${version}";
hash = "sha256-QifBzQsvYU5kP5mnidOgWGBh3h2MvJm8Wo0i1v6j/cU=";
hash = "sha256-As4xjwJtEKlnFuBigC7nN0kAPe0+99rE9KZ0F6i7qIQ=";
};
nativeBuildInputs = [

4
pkgs/applications/audio/surge-XT/default.nix
View File

@ -16,14 +16,14 @@
stdenv.mkDerivation rec {
pname = "surge-XT";
version = "1.3.1";
version = "1.3.2";
src = fetchFromGitHub {
owner = "surge-synthesizer";
repo = "surge";
rev = "release_xt_${version}";
fetchSubmodules = true;
sha256 = "sha256-xcbZ5TC2W2PVzAkpoKPFIgW1oRGaC+ynQYot3cb5NAQ=";
sha256 = "sha256-r8CZxjmH9lfCizc95jRB4je+R/74zMqRMlGIZxxxriw=";
};
nativeBuildInputs = [

24
pkgs/applications/backup/areca/fix-javah-bug.diff
View File

@ -1,24 +0,0 @@
diff --git a/build.xml b/build.xml
index 1ba08e0..9248b76 100644
--- a/build.xml
+++ b/build.xml
@@ -56,10 +56,16 @@
<target name="compilejni" unless="isWindows">
<description>JNI compilation task (builds libarecafs.so ... for unix-like operating systems only)</description>
+
<!--Generate the JNI header-->
- <javah destdir="${root}/jni" force="yes" classpath="${root}/lib/areca.jar">
- <class name="com.myJava.file.metadata.posix.jni.wrapper.FileAccessWrapper"/>
- </javah>
+ <exec executable="javah">
+ <arg value="-d"/>
+ <arg value="${root}/jni"/>
+ <arg value="-force"/>
+ <arg value="-classpath"/>
+ <arg value="${root}/lib/areca.jar"/>
+ <arg value="com.myJava.file.metadata.posix.jni.wrapper.FileAccessWrapper"/>
+ </exec>
<!-- Compile the JNI code -->
<exec dir="${root}/jni" executable="gcc">

4
pkgs/applications/blockchains/exodus/default.nix
View File

@ -27,13 +27,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "exodus";
version = "24.17.5";
version = "24.19.3";
src = fetchurl {
name = "exodus-linux-x64-${finalAttrs.version}.zip";
url = "https://downloads.exodus.com/releases/exodus-linux-x64-${finalAttrs.version}.zip";
curlOptsList = [ "--user-agent" "Mozilla/5.0" ];
hash = "sha256-HlyscqoxGucoQoFgSWN3vEjAnkdAmtBLOhjhWbScPFc=";
hash = "sha256-zqi1En22H3b2pD95C747gF9TtyMCX4TzXC10mP7iUoM=";
};
nativeBuildInputs = [ unzip ];

6
pkgs/applications/editors/emacs/elisp-packages/manual-packages/lsp-bridge/default.nix
View File

@ -16,7 +16,7 @@
}:
let
rev = "75b1431c1e0f6c221dbfdb0ecd0f62f183b02254";
rev = "b8768c4a76525d82360d124c829774acd26634c3";
python = python3.withPackages (ps: with ps; [
epc
orjson
@ -28,13 +28,13 @@ let
in
melpaBuild {
pname = "lsp-bridge";
version = "20240502.2306";
version = "20240510.1618";
src = fetchFromGitHub {
owner = "manateelazycat";
repo = "lsp-bridge";
inherit rev;
hash = "sha256-8MqGwHVBE+87IQfsUA6b3ffrVWjypiH3shwELBCUBDQ=";
hash = "sha256-f+JnzW4XrDC3QP9iuhKAmy+T2adoFx+0q03GI7VO0/s=";
};
commit = rev;

4
pkgs/applications/editors/vscode/extensions/default.nix
View File

@ -2205,8 +2205,8 @@ let
mktplcRef = {
name = "Ionide-fsharp";
publisher = "Ionide";
version = "7.18.2";
hash = "sha256-CEeTLiZktp5YzCRxDXa+s8W9N971iQla/FyCr8Co0SQ=";
version = "7.19.1";
hash = "sha256-QyGt3q00IEXw6YNvx7pFhLS1s44aeiB/U0m3Ow1UdlM=";
};
meta = {
changelog = "https://marketplace.visualstudio.com/items/Ionide.Ionide-fsharp/changelog";

16
pkgs/applications/editors/vscode/vscode.nix
View File

@ -30,21 +30,21 @@ let
archive_fmt = if stdenv.isDarwin then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "0hy1ppv7wzyy581k3skmckaas0lwkx5l6w4hk1ml5f2cpkkxhq5w";
x86_64-darwin = "1mybfp2hg93wp3iwgwgkh84gcaj1vgs3gkmgb5yp38jhwxj5wrhk";
aarch64-linux = "16d0qqm7fm1bm58n7n2cscs619mbxr0bbglgz3prr2cmr7bwmx87";
aarch64-darwin = "1pp668rf5a06rdb8fd06ajrzxp02z7v6lmr3y77i5n2hs5xnpm0b";
armv7l-linux = "1cqhlm64gw08rn45ryizx1vypyybsrm9v8piapym5clwswbaxqs5";
x86_64-linux = "1zfh48g6prjhjcyrz5impsnm6khw7s75k8k54bp0cszl81ddsysx";
x86_64-darwin = "1w5fzq8dmzrs2ggxvcbcs03psxxi1dbzx5l0jn52szi1g5y3daxi";
aarch64-linux = "0rs4zzddfpwbf86cjl4r65cxccs4ypz1s7lw98vq0j8pfx8vkgqi";
aarch64-darwin = "0gha1b6q3k57yrbp7qrrknlbbbbhcjd6slbyrzlwjcz1ddvs7c8s";
armv7l-linux = "01s1vxbmg3zp47kwlsjr781v6c51l5bcpf9pc91id0qcrhax703k";
}.${system} or throwSystem;
in
callPackage ./generic.nix rec {
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
version = "1.89.0";
version = "1.89.1";
pname = "vscode" + lib.optionalString isInsiders "-insiders";
# This is used for VS Code - Remote SSH test
rev = "b58957e67ee1e712cebf466b995adf4c5307b2bd";
rev = "dc96b837cf6bb4af9cd736aa3af08cf8279f7685";
executableName = "code" + lib.optionalString isInsiders "-insiders";
longName = "Visual Studio Code" + lib.optionalString isInsiders " - Insiders";
@ -68,7 +68,7 @@ in
src = fetchurl {
name = "vscode-server-${rev}.tar.gz";
url = "https://update.code.visualstudio.com/commit:${rev}/server-linux-x64/stable";
sha256 = "17563d413czlqpy3921gq5ja7mi3lgb8yjgvsqfn3fkaj70gr1hq";
sha256 = "05gvq96vw69lb8ip8pfd9g43j8kvfwlrdmm11b41fpdafhi45f89";
};
};

4
pkgs/applications/emulators/cemu/default.nix
View File

@ -46,13 +46,13 @@ let
in stdenv.mkDerivation rec {
pname = "cemu";
version = "2.0-80";
version = "2.0-82";
src = fetchFromGitHub {
owner = "cemu-project";
repo = "Cemu";
rev = "v${version}";
hash = "sha256-uNGRiotitt+fWpJFCno04XiCSD1p38QEqw042Bq/IGc=";
hash = "sha256-rmlkit7ZNUM0ErqoclivfBHolV0tRWyToLmsvoTslbI=";
};
patches = [

6
pkgs/applications/graphics/komikku/default.nix
View File

@ -19,7 +19,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "komikku";
version = "1.39.0";
version = "1.45.1";
format = "other";
@ -28,7 +28,7 @@ python3.pkgs.buildPythonApplication rec {
owner = "valos";
repo = "Komikku";
rev = "v${version}";
hash = "sha256-bAk+F81q0sPSgU8LkpniVJyKaQt6cxUaUzNSZ3f5v0Q=";
hash = "sha256-gTZ2LuCsYFIUASfjzLi4t0PbjyriU9FR7d2G+PcLDVc=";
};
nativeBuildInputs = [
@ -62,7 +62,7 @@ python3.pkgs.buildPythonApplication rec {
natsort
piexif
pillow
pure-protobuf
curl-cffi
pygobject3
python-magic
rarfile

4
pkgs/applications/graphics/snapshot/default.nix
View File

@ -18,11 +18,11 @@
stdenv.mkDerivation (finalAttrs: {
pname = "snapshot";
version = "46.2";
version = "46.3";
src = fetchurl {
url = "mirror://gnome/sources/snapshot/${lib.versions.major finalAttrs.version}/snapshot-${finalAttrs.version}.tar.xz";
hash = "sha256-Ef55oSuzQFHionnajB9FRYfQEaFPwkI35FTGT0S6z00=";
hash = "sha256-RZV6BBX0VNY1MUkaoEeVzuDO1O3d1dj6DQAPXvBzW2c=";
};
nativeBuildInputs = [

4
pkgs/applications/graphics/vengi-tools/default.nix
View File

@ -29,13 +29,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "vengi-tools";
version = "0.0.30";
version = "0.0.31";
src = fetchFromGitHub {
owner = "mgerhardy";
repo = "vengi";
rev = "v${finalAttrs.version}";
hash = "sha256-Qdjwop92udrPiczMInhvRUMn9uZu6iBMAWzqDWySy94=";
hash = "sha256-0ta7rBWc4qUqsKDU/KSzx2x+fF2GVw77lQvRgt4bkpI=";
};
nativeBuildInputs = [

4
pkgs/applications/misc/cobang/default.nix
View File

@ -24,14 +24,14 @@
buildPythonApplication rec {
pname = "cobang";
version = "0.10.9";
version = "0.12.0";
pyproject = true;
src = fetchFromGitHub {
owner = "hongquan";
repo = "CoBang";
rev = "refs/tags/v${version}";
hash = "sha256-xOP2XkmHOGMe50dn4StX/9veTdloLHq76ENWEUK4Keo=";
hash = "sha256-4INScFnYSwVnGjaohgDL3Sv/NeIwiiyLux8c9/Y/Wq4=";
};
postPatch = ''

6
pkgs/applications/misc/cotp/default.nix
View File

@ -8,16 +8,16 @@
rustPlatform.buildRustPackage rec {
pname = "cotp";
version = "1.6.0";
version = "1.6.1";
src = fetchFromGitHub {
owner = "replydev";
repo = "cotp";
rev = "v${version}";
hash = "sha256-X3o3KgTHnhekdiSFdrCwLOrd0HKvCd8Z5jR2WpY1D6Q=";
hash = "sha256-QWx42uSjN6Dev5JTa8vPTXOxr8qw5kerLepTWhJTb1I=";
};
cargoHash = "sha256-zaVNfgWXqHQaogGTaR1eE5u3gYU9SQ0nk0VO7NL5mvg=";
cargoHash = "sha256-5PUVg08D8cZdUIt1A9wjpi9bc/XsB9P7S6L8M054MCg=";
buildInputs = lib.optionals stdenv.isLinux [ libxcb ]
++ lib.optionals stdenv.isDarwin [ AppKit ];

5
pkgs/applications/misc/hmm/default.nix
View File

@ -14,11 +14,14 @@ rustPlatform.buildRustPackage rec {
hash = "sha256-WPePzqZ2iGeJ7kzTj8eg7q1JEjw91WY7gViJJ46SLRY=";
};
cargoHash = "sha256-9Z49aPfcIdMfYCFAXsxFxcfhaLjtPod+nMFHDmvgDY0=";
cargoHash = "sha256-CQnM7pFnk4LcstKllhbeohbrggKV6MBQy03oq7DEkP4=";
nativeCheckInputs = [
perl
];
# FIXME: remove patch when upstream version of rustc-serialize is updated
# https://github.com/NixOS/nixpkgs/pull/310673
cargoPatches = [ ./rustc-serialize-fix.patch ];
preCheck = ''
export HOME=$(mktemp -d)

16
pkgs/applications/misc/hmm/rustc-serialize-fix.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/Cargo.lock b/Cargo.lock
index b1cc23695b30..ffdeb1c90618 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -996,9 +996,9 @@ dependencies = [
[[package]]
name = "rustc-serialize"
-version = "0.3.24"
+version = "0.3.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcf128d1287d2ea9d80910b5f1120d0b8eede3fbf1abe91c40d39ea7d51e6fda"
+checksum = "fe834bc780604f4674073badbad26d7219cadfb4a2275802db12cbae17498401"
[[package]]
name = "rustix"

4
pkgs/applications/misc/k40-whisperer/default.nix
View File

@ -23,12 +23,12 @@ let
in stdenv.mkDerivation rec {
pname = "k40-whisperer";
version = "0.67";
version = "0.68";
src = fetchzip {
url = "https://www.scorchworks.com/K40whisperer/K40_Whisperer-${version}_src.zip";
stripRoot = true;
sha256 = "sha256-jyny5uNZ5eL4AV47uAgOhBe4Zqg8GK3e86Z9gZbC68s=";
sha256 = "sha256-Pc6iqBQUoI0dsrf+2dA1ZbxX+4Eks/lVgMGC4SR+oFI=";
};
nativeBuildInputs = [ makeWrapper ];

4
pkgs/applications/misc/nwg-panel/default.nix
View File

@ -16,13 +16,13 @@
python3Packages.buildPythonApplication rec {
pname = "nwg-panel";
version = "0.9.27";
version = "0.9.31";
src = fetchFromGitHub {
owner = "nwg-piotr";
repo = "nwg-panel";
rev = "refs/tags/v${version}";
hash = "sha256-GCaqFqoZ7lfyE3VD3Dgz8jVt9TtUq3XVzVeI6g3SO5E=";
hash = "sha256-g3O+jWLwMBNfk0vAi/wq/YnGTAIscDJH2QV7bequyNU=";
};
# No tests

4
pkgs/applications/misc/qcad/default.nix
View File

@ -18,14 +18,14 @@
mkDerivation rec {
pname = "qcad";
version = "3.29.6.2";
version = "3.29.6.4";
src = fetchFromGitHub {
name = "qcad-${version}-src";
owner = "qcad";
repo = "qcad";
rev = "v${version}";
hash = "sha256-NKWuvhVGtlhWOfV0MWyViTgk0luA8mvnwQS0TZj7Ulc=";
hash = "sha256-/Tz3brcny9wp8DnCvO7GpPczglJpJD0kWzBR6exRlPA=";
};
patches = [

3
pkgs/applications/misc/remarkable/rmview/default.nix
View File

@ -3,6 +3,7 @@
python3Packages.buildPythonApplication rec {
pname = "rmview";
version = "3.1.3";
pyproject = true;
src = fetchFromGitHub {
owner = "bordaigorl";
@ -11,7 +12,7 @@ python3Packages.buildPythonApplication rec {
sha256 = "sha256-V26zmu8cQkLs0IMR7eFO8x34McnT3xYyzlZfntApYkk=";
};
nativeBuildInputs = with python3Packages; [ pyqt5 wrapQtAppsHook ];
nativeBuildInputs = with python3Packages; [ pyqt5 setuptools wrapQtAppsHook ];
propagatedBuildInputs = with python3Packages; [ pyqt5 paramiko twisted pyjwt pyopenssl service-identity sshtunnel ];
preBuild = ''

29
pkgs/applications/networking/browsers/chromium/common.nix
View File

@ -241,8 +241,26 @@ let
./patches/cross-compile.patch
# Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed):
./patches/no-build-timestamps.patch
# For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags:
./patches/widevine-79.patch
] ++ lib.optionals (packageName == "chromium") [
# This patch is limited to chromium and ungoogled-chromium because electron-source sets
# enable_widevine to false.
#
# The patch disables the automatic Widevine download (component) that happens at runtime
# completely (~/.config/chromium/WidevineCdm/). This would happen if chromium encounters DRM
# protected content or when manually opening chrome://components.
#
# It also prevents previously downloaded Widevine blobs in that location from being loaded and
# used at all, while still allowing the use of our -wv wrapper. This is because those old
# versions are out of out our control and may be vulnerable, given we literally disable their
# auto updater.
#
# bundle_widevine_cdm is available as gn flag, but we cannot use it, as it expects a bunch of
# files Widevine files at configure/compile phase that we don't have. Changing the value of the
# BUNDLE_WIDEVINE_CDM build flag does work in the way we want though.
# We also need enable_widevine_cdm_component to be false. Unfortunately it isn't exposed as gn
# flag (declare_args) so we simply hardcode it to false.
./patches/widevine-disable-auto-download-allow-bundle.patch
] ++ [
# Required to fix the build with a more recent wayland-protocols version
# (we currently package 1.26 in Nixpkgs while Chromium bundles 1.21):
# Source: https://bugs.chromium.org/p/angleproject/issues/detail?id=7582#c1
@ -418,10 +436,11 @@ let
# Feature overrides:
# Native Client support was deprecated in 2020 and support will end in June 2021:
enable_nacl = false;
# Enabling the Widevine component here doesn't affect whether we can
# redistribute the chromium package; the Widevine component is either
# added later in the wrapped -wv build or downloaded from Google:
} // lib.optionalAttrs (packageName == "chromium") {
# Enabling the Widevine here doesn't affect whether we can redistribute the chromium package.
# Widevine in this drv is a bit more complex than just that. See Widevine patch somewhere above.
enable_widevine = true;
} // {
# Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture:
rtc_use_pipewire = true;
# Disable PGO because the profile data requires a newer compiler version (LLVM 14 isn't sufficient):

13
pkgs/applications/networking/browsers/chromium/patches/widevine-79.patch
View File

@ -1,13 +0,0 @@
diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn
index ed0e2f5208b..5b431a030d5 100644
--- a/third_party/widevine/cdm/BUILD.gn
+++ b/third_party/widevine/cdm/BUILD.gn
@@ -14,7 +14,7 @@ buildflag_header("buildflags") {
flags = [
"ENABLE_WIDEVINE=$enable_widevine",
- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm",
+ "BUNDLE_WIDEVINE_CDM=true",
"ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component",
]
}

27
pkgs/applications/networking/browsers/chromium/patches/widevine-disable-auto-download-allow-bundle.patch Normal file
View File

@ -0,0 +1,27 @@
diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn
index 525693b6c10ab..245491e137d39 100644
--- a/third_party/widevine/cdm/BUILD.gn
+++ b/third_party/widevine/cdm/BUILD.gn
@@ -22,7 +22,7 @@ buildflag_header("buildflags") {
flags = [
"ENABLE_WIDEVINE=$enable_widevine",
- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm",
+ "BUNDLE_WIDEVINE_CDM=true",
"ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component",
"ENABLE_MEDIA_FOUNDATION_WIDEVINE_CDM=$enable_media_foundation_widevine_cdm",
]
diff --git a/third_party/widevine/cdm/widevine.gni b/third_party/widevine/cdm/widevine.gni
index 58f073ca562ca..4b242c2618dfb 100644
--- a/third_party/widevine/cdm/widevine.gni
+++ b/third_party/widevine/cdm/widevine.gni
@@ -41,8 +41,7 @@ enable_library_widevine_cdm =
# Widevine CDM can be deployed as a component. Currently only supported on
# desktop platforms. The CDM can be bundled regardless whether
# it's a component. See below.
-enable_widevine_cdm_component =
- enable_library_widevine_cdm && (is_win || is_mac || is_linux || is_chromeos)
+enable_widevine_cdm_component = false
# Enable (Windows) Media Foundation Widevine CDM component.
declare_args() {

24
pkgs/applications/networking/browsers/chromium/upstream-info.nix
View File

@ -1,11 +1,11 @@
{
stable = {
chromedriver = {
hash_darwin = "sha256-4MZwD2jgjOrBTtkjxW0XH+lZfP8wj7Z6eg7LwFziCPU=";
hash_darwin = "sha256-jnWmH6MzqZzzIAblvJFv5jKFJ2LILyGy+eOqb6sWmWc=";
hash_darwin_aarch64 =
"sha256-P9qi8rR8DW+WOT+ev2EgA93StnGrBiIHu2UbkEhS+0M=";
hash_linux = "sha256-eudgRu3OMuTBTeX8zrm6ShgmjcsNhzaBYEAP/4n1SJk=";
version = "124.0.6367.155";
"sha256-FO0kncAPj/cBwlGN2RdFGR7Bn5pKzTRlf2IQ422mm5c=";
hash_linux = "sha256-3khPV+WPcYHrlGNFXhmRrja2+wWsr77BVgHLbSe0IF8=";
version = "124.0.6367.201";
};
deps = {
gn = {
@ -15,9 +15,9 @@
version = "2024-03-14";
};
};
hash = "sha256-Qv1xYofY4Tgj+WT1a8ehOo7R52CwZz2vCK9MDSnjmsg=";
hash_deb_amd64 = "sha256-lFG5l3K2Yo1BYbXS9bK+9gWx6JxFrPxpT+zI7dBXQ6E=";
version = "124.0.6367.155";
hash = "sha256-nSI+tkJxOedMtYgtiqW37v0ZjgxxU5o/0sH9bPAchBg=";
hash_deb_amd64 = "sha256-RvQdpDmWRcsASh1b8M0Zg+AvZprE5qhi14shfo0WlfE=";
version = "124.0.6367.201";
};
ungoogled-chromium = {
deps = {
@ -28,12 +28,12 @@
version = "2024-03-14";
};
ungoogled-patches = {
hash = "sha256-RS6flauUQjd+NPqUIppwlgtjOKxJa5+OTnL4aI3gRcs=";
rev = "124.0.6367.155-1";
hash = "sha256-fy4SydGRRyDhJZ7IADG54+rGWh2i+2SrSkuCglphhm8=";
rev = "124.0.6367.201-1";
};
};
hash = "sha256-Qv1xYofY4Tgj+WT1a8ehOo7R52CwZz2vCK9MDSnjmsg=";
hash_deb_amd64 = "sha256-lFG5l3K2Yo1BYbXS9bK+9gWx6JxFrPxpT+zI7dBXQ6E=";
version = "124.0.6367.155";
hash = "sha256-nSI+tkJxOedMtYgtiqW37v0ZjgxxU5o/0sH9bPAchBg=";
hash_deb_amd64 = "sha256-RvQdpDmWRcsASh1b8M0Zg+AvZprE5qhi14shfo0WlfE=";
version = "124.0.6367.201";
};
}

63
pkgs/applications/networking/browsers/dillo/default.nix
View File

@ -1,63 +0,0 @@
{ lib
, stdenv
, fetchhg
, autoreconfHook
, fltk
, libXcursor
, libXi
, libXinerama
, libjpeg
, libpng
, mbedtls_2
, openssl
, perl
, pkg-config
, which
}:
stdenv.mkDerivation {
pname = "dillo";
version = "unstable-2021-02-09";
src = fetchhg {
url = "https://hg.sr.ht/~seirdy/dillo-mirror";
rev = "67b70f024568b505633524be61fcfbde5337849f";
sha256 = "sha256-lbn5u9oEL0zt9yBhznBS9Dz9/6kSwRDJeNXKEojty1g=";
};
nativeBuildInputs = [
autoreconfHook
pkg-config
which
];
buildInputs = [
fltk
libXcursor
libXi
libXinerama
libjpeg
libpng
mbedtls_2
openssl
perl
];
# Workaround build failure on -fno-common toolchains:
# ld: main.o:/build/dillo-3.0.5/dpid/dpid.h:64: multiple definition of `sock_set';
# dpid.o:/build/dillo-3.0.5/dpid/dpid.h:64: first defined here
env.NIX_CFLAGS_COMPILE = "-fcommon";
configureFlags = [ "--enable-ssl=yes" ];
meta = with lib; {
homepage = "https://hg.sr.ht/~seirdy/dillo-mirror";
description = "A fast graphical web browser with a small footprint";
longDescription = ''
Dillo is a small, fast web browser, tailored for older machines.
'';
maintainers = [ maintainers.AndersonTorres ];
platforms = platforms.linux;
license = licenses.gpl3Plus;
};
}

12
pkgs/applications/networking/browsers/microsoft-edge/default.nix
View File

@ -1,20 +1,20 @@
{
beta = import ./browser.nix {
channel = "beta";
version = "124.0.2478.67";
version = "125.0.2535.13";
revision = "1";
hash = "sha256-EywgM3G0Yph3dofullSVZpXSvT2MHc4uPyGAoaXCgN8=";
hash = "sha256-vO7crYX/QW+S1fjT37JtyRJyziauG+H3LWOasX4VaKM=";
};
dev = import ./browser.nix {
channel = "dev";
version = "125.0.2535.6";
version = "126.0.2552.0";
revision = "1";
hash = "sha256-iD/e7AuPG0uNZY20wFQRbvAaKmaUw2RKeRJADU1MFRI=";
hash = "sha256-TQHTqCweP0mEkEYRxlU7YtYS6Y6ooZ4V6peCsVvcIjg=";
};
stable = import ./browser.nix {
channel = "stable";
version = "124.0.2478.67";
version = "124.0.2478.80";
revision = "1";
hash = "sha256-PRL2aiebCoK0eGJWlvI+Gsk14FltV+GaQdojLuDFimU=";
hash = "sha256-p+t12VcwxSDuyZj3VfzEJ6m0rGoVC7smeyHoODttwQU=";
};
}

4
pkgs/applications/networking/cluster/arkade/default.nix
View File

@ -7,13 +7,13 @@
buildGoModule rec {
pname = "arkade";
version = "0.11.10";
version = "0.11.11";
src = fetchFromGitHub {
owner = "alexellis";
repo = "arkade";
rev = version;
hash = "sha256-Uw+/pVhbGYjFTcrh90Gstu5KddlkXKuzL2lbQ7CFLGs=";
hash = "sha256-Pevsq/u6sI00k874PiAVwzgTqzzja1D2zsfebIFJv/0=";
};
CGO_ENABLED = 0;

4
pkgs/applications/networking/cluster/fn-cli/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "fn";
version = "0.6.32";
version = "0.6.33";
src = fetchFromGitHub {
owner = "fnproject";
repo = "cli";
rev = version;
hash = "sha256-mXHDxmjQdfO6uZ1ROcxwtDaPvbv2kFV+qLbejn3Kycs=";
hash = "sha256-f8EYiTXS9ByELWWV2EF4jrDamoKRGejKhYVyNscHZvo=";
};
vendorHash = null;

16
pkgs/applications/networking/cluster/k3s/1_26/chart-versions.nix
View File

@ -1,10 +1,10 @@
{
traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.2+up25.0.0.tgz";
sha256 = "0jygzsn5pxzf7423x5iqfffgx5xvm7c7hfck46y7vpv1fdkiipcq";
};
traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.2+up25.0.0.tgz";
sha256 = "1g9n19lnqdkmbbr3rnbwc854awha0kqqfwyxanyx1lg5ww8ldp89";
};
traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.2+up25.0.0.tgz";
sha256 = "0jygzsn5pxzf7423x5iqfffgx5xvm7c7hfck46y7vpv1fdkiipcq";
};
traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.2+up25.0.0.tgz";
sha256 = "1g9n19lnqdkmbbr3rnbwc854awha0kqqfwyxanyx1lg5ww8ldp89";
};
}

16
pkgs/applications/networking/cluster/k3s/1_27/chart-versions.nix
View File

@ -1,10 +1,10 @@
{
traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz";
sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw";
};
traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz";
sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if";
};
traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz";
sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw";
};
traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz";
sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if";
};
}

16
pkgs/applications/networking/cluster/k3s/1_28/chart-versions.nix
View File

@ -1,10 +1,10 @@
{
traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz";
sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw";
};
traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz";
sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if";
};
traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz";
sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw";
};
traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz";
sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if";
};
}

16
pkgs/applications/networking/cluster/k3s/1_29/chart-versions.nix
View File

@ -1,10 +1,10 @@
{
traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz";
sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw";
};
traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz";
sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if";
};
traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz";
sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw";
};
traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz";
sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if";
};
}

106
pkgs/applications/networking/cluster/k3s/builder.nix
View File

@ -29,41 +29,42 @@ lib:
# currently.
# It is likely we will have to split out additional builders for additional
# versions in the future, or customize this one further.
{ lib
, makeWrapper
, socat
, iptables
, iproute2
, ipset
, bridge-utils
, btrfs-progs
, conntrack-tools
, buildGoModule
, runc
, rsync
, kmod
, libseccomp
, pkg-config
, ethtool
, util-linux
, fetchFromGitHub
, fetchurl
, fetchzip
, fetchgit
, zstd
, yq-go
, sqlite
, nixosTests
, pkgsBuildBuild
, go
, runCommand
, bash
, procps
, coreutils
, gnugrep
, findutils
, gnused
, systemd
{
lib,
makeWrapper,
socat,
iptables,
iproute2,
ipset,
bridge-utils,
btrfs-progs,
conntrack-tools,
buildGoModule,
runc,
rsync,
kmod,
libseccomp,
pkg-config,
ethtool,
util-linux,
fetchFromGitHub,
fetchurl,
fetchzip,
fetchgit,
zstd,
yq-go,
sqlite,
nixosTests,
pkgsBuildBuild,
go,
runCommand,
bash,
procps,
coreutils,
gnugrep,
findutils,
gnused,
systemd,
}:
# k3s is a kinda weird derivation. One of the main points of k3s is the
@ -91,7 +92,13 @@ let
description = "A lightweight Kubernetes distribution";
license = licenses.asl20;
homepage = "https://k3s.io";
maintainers = with maintainers; [ euank mic92 superherointj yajo ];
maintainers = with maintainers; [
euank
mic92
superherointj
wrmilling
yajo
];
platforms = platforms.linux;
# resolves collisions with other installations of kubectl, crictl, ctr
@ -231,12 +238,19 @@ let
vendorHash = k3sVendorHash;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libseccomp sqlite.dev ];
buildInputs = [
libseccomp
sqlite.dev
];
subPackages = [ "cmd/server" ];
ldflags = versionldflags;
tags = [ "ctrd" "libsqlite3" "linux" ];
tags = [
"ctrd"
"libsqlite3"
"linux"
];
# create the multicall symlinks for k3s
postInstall = ''
@ -282,7 +296,11 @@ buildGoModule rec {
pname = "k3s";
version = k3sVersion;
tags = [ "libsqlite3" "linux" "ctrd" ];
tags = [
"libsqlite3"
"linux"
"ctrd"
];
src = k3sRepo;
vendorHash = k3sVendorHash;
@ -400,15 +418,17 @@ buildGoModule rec {
passthru.updateScript = updateScript;
passthru.mkTests = version:
let k3s_version = "k3s_" + lib.replaceStrings ["."] ["_"] (lib.versions.majorMinor version);
in {
passthru.mkTests =
version:
let
k3s_version = "k3s_" + lib.replaceStrings [ "." ] [ "_" ] (lib.versions.majorMinor version);
in
{
etcd = nixosTests.k3s.etcd.${k3s_version};
single-node = nixosTests.k3s.single-node.${k3s_version};
multi-node = nixosTests.k3s.multi-node.${k3s_version};
};
passthru.tests = passthru.mkTests k3sVersion;
meta = baseMeta;
}

48
pkgs/applications/networking/cluster/k3s/default.nix
View File

@ -12,22 +12,46 @@ let
extraArgs = builtins.removeAttrs args [ "callPackage" ];
in
{
k3s_1_26 = common ((import ./1_26/versions.nix) // {
updateScript = [ ./update-script.sh "26" ];
}) extraArgs;
k3s_1_26 = common (
(import ./1_26/versions.nix)
// {
updateScript = [
./update-script.sh
"26"
];
}
) extraArgs;
# 1_27 can be built with the same builder as 1_26
k3s_1_27 = common ((import ./1_27/versions.nix) // {
updateScript = [ ./update-script.sh "27" ];
}) extraArgs;
k3s_1_27 = common (
(import ./1_27/versions.nix)
// {
updateScript = [
./update-script.sh
"27"
];
}
) extraArgs;
# 1_28 can be built with the same builder as 1_26
k3s_1_28 = common ((import ./1_28/versions.nix) // {
updateScript = [ ./update-script.sh "28" ];
}) extraArgs;
k3s_1_28 = common (
(import ./1_28/versions.nix)
// {
updateScript = [
./update-script.sh
"28"
];
}
) extraArgs;
# 1_29 can be built with the same builder as 1_26
k3s_1_29 = common ((import ./1_29/versions.nix) // {
updateScript = [ ./update-script.sh "29" ];
}) extraArgs;
k3s_1_29 = common (
(import ./1_29/versions.nix)
// {
updateScript = [
./update-script.sh
"29"
];
}
) extraArgs;
}

16
pkgs/applications/networking/cluster/k3s/update-script.sh
View File

@ -57,14 +57,14 @@ CHARTS_URL=https://k3s.io/k3s-charts/assets
rm -f chart-versions.nix.update
cat > chart-versions.nix.update <<EOF
{
traefik-crd = {
url = "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}";
sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}")";
};
traefik = {
url = "${CHARTS_URL}/traefik/${CHART_FILES[1]}";
sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik/${CHART_FILES[1]}")";
};
traefik-crd = {
url = "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}";
sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}")";
};
traefik = {
url = "${CHARTS_URL}/traefik/${CHART_FILES[1]}";
sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik/${CHART_FILES[1]}")";
};
}
EOF
mv chart-versions.nix.update chart-versions.nix

4
pkgs/applications/networking/cluster/kubeconform/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "kubeconform";
version = "0.6.4";
version = "0.6.5";
src = fetchFromGitHub {
owner = "yannh";
repo = pname;
rev = "v${version}";
sha256 = "sha256-PUZ3zwgOQ362ikoX1D7SLThiaFpXJh9TKOdjZqZDtSg=";
sha256 = "sha256-4rHEkzoO0AuuFB6G/z1WjGqfYMaHF3Z1YDAhIbBVCts=";
};
vendorHash = null;

6
pkgs/applications/networking/cluster/kubectl-gadget/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "kubectl-gadget";
version = "0.27.0";
version = "0.28.0";
src = fetchFromGitHub {
owner = "inspektor-gadget";
repo = "inspektor-gadget";
rev = "v${version}";
hash = "sha256-u5lzCIbSIOrhI2OE2PprvNZv7KetYGntyADVftSJrkY=";
hash = "sha256-iQ+9CN6De2jz3+dZ26jgqbXAx9Fef8ROgVX8kKYMAG0=";
};
vendorHash = "sha256-ZsSzLIVVoKZZEZOIYJTNl0DGere3sKfXsjXbRVmeYC4=";
vendorHash = "sha256-0XByai7fEnkmEEkH1koVM1+z3UNFLbsUCK3sP4KBe+A=";
CGO_ENABLED = 0;

6
pkgs/applications/networking/cluster/linkerd/edge.nix
View File

@ -2,7 +2,7 @@
(callPackage ./generic.nix { }) {
channel = "edge";
version = "24.4.5";
sha256 = "0cxjilxsvbwahqh3wb3cw4z8fmq6lhxi531abrncs74kgasgcfam";
vendorHash = "sha256-YxavLLYppV991AgFb2WaQDbqnsr3UfrvWefvkSf+W1Q=";
version = "24.5.1";
sha256 = "1l358gmivhpjyibcar8z4c3jlz6rwmlyzki71ar5j2k9irdjzqa3";
vendorHash = "sha256-sLLgTZN7Zvxkf9J1omh/YGMBUgAtvQD+nbhSuR7/PZg=";
}

4
pkgs/applications/networking/cluster/yor/default.nix
View File

@ -5,13 +5,13 @@
buildGoModule rec {
pname = "yor";
version = "0.1.193";
version = "0.1.194";
src = fetchFromGitHub {
owner = "bridgecrewio";
repo = pname;
rev = version;
hash = "sha256-6IdCnuW49DVeOJKBD6AYxr2kbv7CmpFReja3PweDSmU=";
hash = "sha256-8JkxCkDYalu3IMoGbyNOEJ28CgU87gTq0bX+o+5sV2Q=";
};
vendorHash = "sha256-uT/jGD4hDVes4h+mlSIT2p+C9TjxnUWsmKv9haPjjLc=";

6
pkgs/applications/networking/cluster/zarf/default.nix
View File

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "zarf";
version = "0.33.1";
version = "0.33.2";
src = fetchFromGitHub {
owner = "defenseunicorns";
repo = "zarf";
rev = "v${version}";
hash = "sha256-JmUJUZn4mnTKdAVzYaCGZXDJmIeGfyn8Z+OfLfXp/S0=";
hash = "sha256-BafS+++8iTVT38pneqCfAQFg15PpXOW/Bv8anmdHZTg=";
};
vendorHash = "sha256-fpseCFQjLhUbhisjOYmLfznKGea5+E8CzjtbE7CEsk8=";
vendorHash = "sha256-4AN/0OgFX+5uymN/QfOr0sZipTmszhieOPmReKciFtg=";
proxyVendor = true;
preBuild = ''

6
pkgs/applications/networking/instant-messengers/beeper/default.nix
View File

@ -11,11 +11,11 @@
}:
let
pname = "beeper";
version = "3.103.36";
version = "3.104.7";
name = "${pname}-${version}";
src = fetchurl {
url = "https://download.todesktop.com/2003241lzgn20jd/beeper-3.103.36-build-240411hw9xbpc7s-x86_64.AppImage";
hash = "sha256-qxu/a8eeWeOKCsno51J2IHUXTXH82KXBNajfoEkkid8=";
url = "https://download.todesktop.com/2003241lzgn20jd/beeper-3.104.7-build-2405024h1b4qoap-x86_64.AppImage";
hash = "sha256-VjN9bKxFokExEjMGz42d/VVwVWJzowI42ONsNyXEbnc=";
};
appimage = appimageTools.wrapType2 {
inherit version pname src;

3
pkgs/applications/networking/instant-messengers/signal-desktop/generic.nix
View File

@ -158,7 +158,8 @@ stdenv.mkDerivation rec {
# Fix the desktop link
substituteInPlace $out/share/applications/${pname}.desktop \
--replace "/opt/${dir}/${pname}" $out/bin/${pname}
--replace "/opt/${dir}/${pname}" $out/bin/${pname} \
--replace-fail "StartupWMClass=Signal" "StartupWMClass=signal"
# Note: The following path contains bundled libraries:
# $out/lib/${dir}/resources/app.asar.unpacked/node_modules/

4
pkgs/applications/networking/instant-messengers/signalbackup-tools/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "signalbackup-tools";
version = "20240504";
version = "20240506";
src = fetchFromGitHub {
owner = "bepaald";
repo = pname;
rev = version;
hash = "sha256-ojV/taYV5J4nHfDg//lJ78ltJv7nIG1H9iXo95nA/n8=";
hash = "sha256-rPM5Qz1n9bTOF//sqpT+LvEjBSCT2BjyQBIxjV6CkGU=";
};
postPatch = ''

8
pkgs/applications/networking/irc/srain/default.nix
View File

@ -4,7 +4,7 @@
, pkg-config
, gtk3
, libconfig
, libsoup
, libsoup_3
, libsecret
, libayatana-appindicator
, openssl
@ -21,13 +21,13 @@
stdenv.mkDerivation rec {
pname = "srain";
version = "1.6.0";
version = "1.7.0";
src = fetchFromGitHub {
owner = "SrainApp";
repo = "srain";
rev = version;
hash = "sha256-IGAb24aDeBXyxuyb/EWUetQZJg28GJLT0WK7ZmmHgyg=";
hash = "sha256-mhnlHnF23+VZvSPNuTYYUVcA6Md4y2AGqEuJphY1/IY=";
};
nativeBuildInputs = [
@ -46,7 +46,7 @@ stdenv.mkDerivation rec {
glib-networking
dbus-glib
libconfig
libsoup
libsoup_3
libsecret
libayatana-appindicator
openssl

4
pkgs/applications/networking/syncthing/default.nix
View File

@ -13,13 +13,13 @@ let
common = { stname, target, postInstall ? "" }:
buildGoModule rec {
pname = stname;
version = "1.27.6";
version = "1.27.7";
src = fetchFromGitHub {
owner = "syncthing";
repo = "syncthing";
rev = "v${version}";
hash = "sha256-BZAje6dA3wmJ6feHWIYPPYTA3sp1WGwl4MjUJS7iZCo=";
hash = "sha256-Y/gwQfb3ShOsXsNLomtqUlmYaw7FQQ6IUN1fHSYOouQ=";
};
vendorHash = "sha256-xVSSFFTqU7jww8YTeXKfa3096c2FmEgkcXvuqFHb12E=";

4
pkgs/applications/networking/trayscale/default.nix
View File

@ -11,13 +11,13 @@
buildGoModule rec {
pname = "trayscale";
version = "0.12.0";
version = "0.12.3";
src = fetchFromGitHub {
owner = "DeedleFake";
repo = "trayscale";
rev = "v${version}";
hash = "sha256-GAK95XlRVGpoVcEmeFO3SddHpdn0qO7qs2IOj7qzRXQ=";
hash = "sha256-2mGPbH74a9d1uhRGMSEfrzCnwjgdgbopu20K9/g6wg0=";
};
vendorHash = "sha256-Iedd8WsJPAVQexRqDSLAmv7MAWc4IFQXHk6XpnStMps=";

4
pkgs/applications/office/appflowy/default.nix
View File

@ -13,11 +13,11 @@
stdenv.mkDerivation rec {
pname = "appflowy";
version = "0.5.5";
version = "0.5.6";
src = fetchzip {
url = "https://github.com/AppFlowy-IO/appflowy/releases/download/${version}/AppFlowy-${version}-linux-x86_64.tar.gz";
hash = "sha256-sDA//ARuzU0q2V3jhFXGhaQaeF0jsDRbtdHCBTgIL8U=";
hash = "sha256-6eolLBWVpnEvjA+C6R5gpkxG/G59atrkwOP7CWhs7oI=";
stripRoot = false;
};

4
pkgs/applications/office/timeular/default.nix
View File

@ -5,12 +5,12 @@
}:
let
version = "6.7.6";
version = "6.7.8";
pname = "timeular";
src = fetchurl {
url = "https://s3.amazonaws.com/timeular-desktop-packages/linux/production/Timeular-${version}.AppImage";
hash = "sha256-wQUR2jLJi1peXqXJJj/72X9xNaD2DzNiB0mGFiaEWBE=";
hash = "sha256-nMvbr2PQBWyrhY3mv/4wsdWPhNx5hLFaAp0Ey3nvp7g=";
};
appimageContents = appimageTools.extractType2 {

4
pkgs/applications/science/chemistry/octopus/default.nix
View File

@ -30,13 +30,13 @@ assert (blas.isILP64 == arpack.isILP64);
stdenv.mkDerivation rec {
pname = "octopus";
version = "14.0";
version = "14.1";
src = fetchFromGitLab {
owner = "octopus-code";
repo = "octopus";
rev = version;
sha256 = "sha256-wQ2I+10ZHLKamW3j6AUtq2KZVm6d29+JxYgwvBKz9DU=";
sha256 = "sha256-8wZR+bYdxJFsUPMWbIGYxRdNzjLgHm+KFLjY7fSN7io=";
};
nativeBuildInputs = [

4
pkgs/applications/science/electronics/nvc/default.nix
View File

@ -15,13 +15,13 @@
stdenv.mkDerivation rec {
pname = "nvc";
version = "1.12.0";
version = "1.12.1";
src = fetchFromGitHub {
owner = "nickg";
repo = "nvc";
rev = "r${version}";
hash = "sha256-7g4Ki5lhmX/13XCv0on1PgvEthCTfe9wh8EFjMcP1+c=";
hash = "sha256-9ZbX2G4IR/SYSA4DOsTBIRrJeYublyrDUXT+V+KgaC0=";
};
nativeBuildInputs = [

6
pkgs/applications/science/math/sage/sagelib.nix
View File

@ -6,6 +6,7 @@
, perl
, pkg-config
, sage-setup
, pythonRelaxDepsHook
, gd
, iml
, libpng
@ -102,6 +103,11 @@ buildPythonPackage rec {
pip # needed to query installed packages
pkg-config
sage-setup
pythonRelaxDepsHook
];
pythonRelaxDeps = [
"networkx"
];
buildInputs = [

4
pkgs/applications/science/math/wxmaxima/default.nix
View File

@ -12,13 +12,13 @@
stdenv.mkDerivation (finalAttrs:{
pname = "wxmaxima";
version = "24.02.2";
version = "24.05.0";
src = fetchFromGitHub {
owner = "wxMaxima-developers";
repo = "wxmaxima";
rev = "Version-${finalAttrs.version}";
hash = "sha256-ewyg+ZhbRbPjJkYTZFuhbOWMDNZGW7ejmSv38zxcTsw=";
hash = "sha256-pl3sO28HANL9F41aaJznxUsH2Y7W/FO82Rik2/ik2Ag=";
};
buildInputs = [

12
pkgs/applications/version-management/gitlab/data.json
View File

@ -1,15 +1,15 @@
{
"version": "16.10.4",
"repo_hash": "sha256-ieS2MO5jBNBK0hmuWLfaDjRNhn98927hlTFrDbV0zCQ=",
"version": "16.10.5",
"repo_hash": "sha256-w2cXFIm588Q/SB1kO9dGCmxO3+Xee7BaCCipuVcnfXg=",
"yarn_hash": "0yzywfg4lqxjwm5cqsm4bn97zcrfvpnrs8rjrv9wv3xqvi9h9skd",
"owner": "gitlab-org",
"repo": "gitlab",
"rev": "v16.10.4-ee",
"rev": "v16.10.5-ee",
"passthru": {
"GITALY_SERVER_VERSION": "16.10.4",
"GITLAB_PAGES_VERSION": "16.10.4",
"GITALY_SERVER_VERSION": "16.10.5",
"GITLAB_PAGES_VERSION": "16.10.5",
"GITLAB_SHELL_VERSION": "14.34.0",
"GITLAB_ELASTICSEARCH_INDEXER_VERSION": "4.8.0",
"GITLAB_WORKHORSE_VERSION": "16.10.4"
"GITLAB_WORKHORSE_VERSION": "16.10.5"
}
}

6
pkgs/applications/version-management/gitlab/gitaly/default.nix
View File

@ -6,7 +6,7 @@
}:
let
version = "16.10.4";
version = "16.10.5";
package_version = "v${lib.versions.major version}";
gitaly_package = "gitlab.com/gitlab-org/gitaly/${package_version}";
@ -18,10 +18,10 @@ let
owner = "gitlab-org";
repo = "gitaly";
rev = "v${version}";
hash = "sha256-dzHGnZwXomCUrlup9VD/0l084Swp9CVi4nJi6MtOwi8=";
hash = "sha256-ctJfw4aU5qsv+I3rR9xZPGssYQpTnbn4MdTVOYapHqQ=";
};
vendorHash = "sha256-mPoz+y1LWpGr+zYqAhxzznMyKIPehsDW+WFxklYSC10=";
vendorHash = "sha256-6gZr0/0ZGcFwwAY4IuW2puL/7akMZvaU0ONJGYyyJas=";
ldflags = [ "-X ${gitaly_package}/internal/version.version=${version}" "-X ${gitaly_package}/internal/version.moduleVersion=${version}" ];

6
pkgs/applications/version-management/gitlab/gitlab-container-registry/default.nix
View File

@ -2,7 +2,7 @@
buildGoModule rec {
pname = "gitlab-container-registry";
version = "3.93.0";
version = "4.1.0";
rev = "v${version}-gitlab";
# nixpkgs-update: no auto update
@ -10,10 +10,10 @@ buildGoModule rec {
owner = "gitlab-org";
repo = "container-registry";
inherit rev;
hash = "sha256-4jsnfkHXs9FSnyQ6JP/zmW51x8fHyQ0n+B8EPOoTSAA=";
hash = "sha256-t+i9IuBH94PpfriIAaqqWYZHxKJJDOedJ3BQXGEPp0A=";
};
vendorHash = "sha256-KZWdM8Q8ipsgm7OoLyOuHo+4Vg2Nve+yZtTSUDgjOW4=";
vendorHash = "sha256-sybppXCoTrc196xLBW1+sUg9Y5uA0GAptlJ7RjhzuGc=";
postPatch = ''
# Disable flaky inmemory storage driver test

4
pkgs/applications/version-management/gitlab/gitlab-pages/default.nix
View File

@ -2,14 +2,14 @@
buildGoModule rec {
pname = "gitlab-pages";
version = "16.10.4";
version = "16.10.5";
# nixpkgs-update: no auto update
src = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitlab-pages";
rev = "v${version}";
hash = "sha256-Jdg1cxHra4lHvf8+cojaE9OXR40w24OiwMhDYvmUBkI=";
hash = "sha256-wuEYcwAKYO7YZs88NvE0AI5+aZ9JeLBAeXITc2jLGVo=";
};
vendorHash = "sha256-WrR4eZRAuYkhr7ZqP7OXqJ6uwvxzn+t+3OdBNcNaq0M=";

2
pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
View File

@ -5,7 +5,7 @@ in
buildGoModule rec {
pname = "gitlab-workhorse";
version = "16.10.4";
version = "16.10.5";
# nixpkgs-update: no auto update
src = fetchFromGitLab {

6
pkgs/applications/version-management/hut/default.nix
View File

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "hut";
version = "0.4.0";
version = "0.5.0";
src = fetchFromSourcehut {
owner = "~emersion";
repo = "hut";
rev = "v${version}";
sha256 = "sha256-9RSJ+SRXYBjdiuHScgFm5i0/Xi81pJfURPKAGCk+l04=";
sha256 = "sha256-Gkxe9B48nwHOlqkgjMdFLBy7OiR7cwDDE3qLvWxJK+Y=";
};
vendorHash = "sha256-OxnplvBx2sFctdNSVd0S0tgiRt5Yah3ga4mORT2Kz6U=";
vendorHash = "sha256-OYXRQEP4ACkypXmrorf2ew18819DB38SsYOM0u0steg=";
nativeBuildInputs = [
scdoc

Some files were not shown because too many files have changed in this diff Show More