mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 22:50:49 +00:00
Code Issues Wiki Activity

Merge master into staging-next

Browse source
This commit is contained in:
Frederik Rietdijk 2020-04-21 08:28:19 +02:00
parent d96487b9ca 529165cfac
commit b71232fc53
257 changed files with 4706 additions and 2331 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/CONTRIBUTING.md vendored
View file

@ -53,9 +53,9 @@ For package version upgrades and such a one-line commit message is usually suffi
To [backport a change into a release branch](https://nixos.org/nixpkgs/manual/#submitting-changes-stable-release-branches):
1. Take note of the commit in which the change was introduced into `master`.
2. Check out the target _release branch_, e.g. `release-19.09`. Do not use a _channel branch_ like `nixos-19.09` or `nixpkgs-19.09`.
2. Check out the target _release branch_, e.g. `release-20.03`. Do not use a _channel branch_ like `nixos-20.03` or `nixpkgs-20.03`.
3. Use `git cherry-pick -x <original commit>`.
4. Open your backport PR. Make sure to select the release branch (e.g. `release-19.09`) as the target branch of the PR, and link to the PR in which the original change was made to `master`.
4. Open your backport PR. Make sure to select the release branch (e.g. `release-20.03`) as the target branch of the PR, and link to the PR in which the original change was made to `master`.
## Reviewing contributions

4
README.md
View file

@ -45,9 +45,9 @@ Nixpkgs and NixOS are built and tested by our continuous integration
system, [Hydra](https://hydra.nixos.org/).
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for the NixOS 19.09 release](https://hydra.nixos.org/jobset/nixos/release-19.09)
* [Continuous package builds for the NixOS 20.03 release](https://hydra.nixos.org/jobset/nixos/release-20.03)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for the NixOS 19.09 release](https://hydra.nixos.org/job/nixos/release-19.09/tested#tabs-constituents)
* [Tests for the NixOS 20.03 release](https://hydra.nixos.org/job/nixos/release-20.03/tested#tabs-constituents)
Artifacts successfully built with Hydra are published to cache at
https://cache.nixos.org/. When successful build and test criteria are

2
doc/builders/images/appimagetools.xml
View file

@ -63,7 +63,7 @@ type2.AppImage: ELF 64-bit LSB executable, x86-64, version 1 (SYSV) (Lepton 3.x)
appimageTools.wrapType2 { # or wrapType1
name = "patchwork"; <co xml:id='ex-appimageTools-wrapping-1' />
src = fetchurl { <co xml:id='ex-appimageTools-wrapping-2' />
url = https://github.com/ssbc/patchwork/releases/download/v3.11.4/Patchwork-3.11.4-linux-x86_64.AppImage;
url = "https://github.com/ssbc/patchwork/releases/download/v3.11.4/Patchwork-3.11.4-linux-x86_64.AppImage";
sha256 = "1blsprpkvm0ws9b96gb36f0rbf8f5jgmw4x6dsb1kswr4ysf591s";
};
extraPkgs = pkgs: with pkgs; [ ]; <co xml:id='ex-appimageTools-wrapping-3' />

2
doc/languages-frameworks/python.section.md
View file

@ -412,7 +412,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
homepage = http://hgomersall.github.com/pyFFTW;
homepage = "http://hgomersall.github.com/pyFFTW";
license = with licenses; [ bsd2 bsd3 ];
maintainers = with maintainers; [ fridh ];
};

4
doc/languages-frameworks/ruby.xml
View file

@ -32,7 +32,7 @@ bundlerEnv rec {
meta = with lib; {
description = "A monitoring framework that aims to be simple, malleable, and scalable";
homepage = http://sensuapp.org/;
homepage = "http://sensuapp.org/";
license = with licenses; mit;
maintainers = with maintainers; [ theuni ];
platforms = platforms.unix;
@ -69,7 +69,7 @@ bundlerApp {
meta = with lib; {
description = "Tool and libraries for maintaining Ruby gems.";
homepage = https://github.com/nyarly/corundum;
homepage = "https://github.com/nyarly/corundum";
license = licenses.mit;
maintainers = [ maintainers.nyarly ];
platforms = platforms.unix;

27
doc/languages-frameworks/texlive.xml
View file

@ -149,31 +149,4 @@ EOF
]]></programlisting>
</para>
</section>
<section xml:id="sec-language-texlive-known-problems">
<title>Known problems</title>
<itemizedlist>
<listitem>
<para>
Some tools are still missing, e.g. luajittex;
</para>
</listitem>
<listitem>
<para>
some apps aren't packaged/tested yet (asymptote, biber, etc.);
</para>
</listitem>
<listitem>
<para>
feature/bug: when a package is rejected by <varname>pkgFilter</varname>, its dependencies are still propagated;
</para>
</listitem>
<listitem>
<para>
in case of any bugs or feature requests, file a github issue or better a pull request and /cc @vcunat.
</para>
</listitem>
</itemizedlist>
</section>
</section>

4
doc/old/cross.txt
View file

@ -60,7 +60,7 @@ stdenv.mkDerivation {
name = "binutils-2.16.1-arm";
builder = ./builder.sh;
src = fetchurl {
url = http://ftp.nluug.nl/gnu/binutils/binutils-2.16.1.tar.bz2;
url = "http://ftp.nluug.nl/gnu/binutils/binutils-2.16.1.tar.bz2";
sha256 = "1ian3kwh2vg6hr3ymrv48s04gijs539vzrq62xr76bxbhbwnz2np";
};
inherit noSysDirs;
@ -84,7 +84,7 @@ stdenv.mkDerivation {
name = "linux-headers-2.6.13.1-arm";
builder = ./builder.sh;
src = fetchurl {
url = http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.1.tar.bz2;
url = "http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.1.tar.bz2";
sha256 = "12qxmc827fjhaz53kjy7vyrzsaqcg78amiqsb3qm20z26w705lma";
};
}

2
doc/release-notes.xml
View file

@ -190,7 +190,7 @@ preConfigure = "configureFlagsArray=(\"CFLAGS=-O0 -g\")";</programlisting>
The function <function>fetchurl</function> now has support for two different kinds of mirroring of files. First, it has support for <emphasis>content-addressable mirrors</emphasis>. For example, given the <function>fetchurl</function> call
<programlisting>
fetchurl {
url = http://releases.mozilla.org/<replaceable>...</replaceable>/firefox-2.0.0.6-source.tar.bz2;
url = "http://releases.mozilla.org/<replaceable>...</replaceable>/firefox-2.0.0.6-source.tar.bz2";
sha1 = "eb72f55e4a8bf08e8c6ef227c0ade3d068ba1082";
}</programlisting>
<function>fetchurl</function> will first try to download this file from <link

2
doc/stdenv/stdenv.xml
View file

@ -14,7 +14,7 @@
stdenv.mkDerivation {
name = "libfoo-1.2.3";
src = fetchurl {
url = http://example.org/libfoo-1.2.3.tar.bz2;
url = "http://example.org/libfoo-1.2.3.tar.bz2";
sha256 = "0x2g1jqygyr5wiwg4ma1nd7w4ydpy82z9gkcv8vh2v8dn3y58v5m";
};
}</programlisting>

35
lib/licenses.nix
View file

@ -2,7 +2,7 @@
let
spdx = lic: lic // {
url = "http://spdx.org/licenses/${lic.spdxId}.html";
url = "https://spdx.org/licenses/${lic.spdxId}.html";
};
in
@ -40,13 +40,13 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
amazonsl = {
fullName = "Amazon Software License";
url = "http://aws.amazon.com/asl/";
url = "https://aws.amazon.com/asl/";
free = false;
};
amd = {
fullName = "AMD License Agreement";
url = "http://developer.amd.com/amd-license-agreement/";
url = "https://developer.amd.com/amd-license-agreement/";
free = false;
};
@ -230,7 +230,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
eapl = {
fullName = "EPSON AVASYS PUBLIC LICENSE";
url = "http://avasys.jp/hp/menu000000700/hpg000000603.htm";
url = "https://avasys.jp/hp/menu000000700/hpg000000603.htm";
free = false;
};
@ -271,6 +271,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
fullName = "European Union Public License 1.1";
};
eupl12 = spdx {
spdxId = "EUPL-1.2";
fullName = "European Union Public License 1.2";
};
fdl12 = spdx {
spdxId = "GFDL-1.2-only";
fullName = "GNU Free Documentation License v1.2 only";
@ -293,7 +298,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
ffsl = {
fullName = "Floodgap Free Software License";
url = "http://www.floodgap.com/software/ffsl/license.html";
url = "https://www.floodgap.com/software/ffsl/license.html";
free = false;
};
@ -370,7 +375,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
# Intel's license, seems free
iasl = {
fullName = "iASL";
url = "http://www.calculate-linux.org/packages/licenses/iASL";
url = "https://old.calculate-linux.org/packages/licenses/iASL";
};
ijg = spdx {
@ -385,13 +390,13 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
inria-compcert = {
fullName = "INRIA Non-Commercial License Agreement for the CompCert verified compiler";
url = "http://compcert.inria.fr/doc/LICENSE";
url = "http://compcert.inria.fr/doc/LICENSE"; # https is broken
free = false;
};
inria-icesl = {
fullName = "INRIA Non-Commercial License Agreement for IceSL";
url = "http://shapeforge.loria.fr/icesl/EULA_IceSL_binary.pdf";
url = "http://shapeforge.loria.fr/icesl/EULA_IceSL_binary.pdf"; # https is broken
free = false;
};
@ -469,7 +474,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
llgpl21 = {
fullName = "Lisp LGPL; GNU Lesser General Public License version 2.1 with Franz Inc. preamble for clarification of LGPL terms in context of Lisp";
url = "http://opensource.franz.com/preamble.html";
url = "https://opensource.franz.com/preamble.html";
};
lppl12 = spdx {
@ -493,7 +498,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
};
# spdx.org does not (yet) differentiate between the X11 and Expat versions
# for details see http://en.wikipedia.org/wiki/MIT_License#Various_versions
# for details see https://en.wikipedia.org/wiki/MIT_License#Various_versions
mit = spdx {
spdxId = "MIT";
fullName = "MIT License";
@ -596,7 +601,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
psfl = spdx {
spdxId = "Python-2.0";
fullName = "Python Software Foundation License version 2";
#url = http://docs.python.org/license.html;
url = "https://docs.python.org/license.html";
};
publicDomain = {
@ -620,7 +625,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
qwt = {
fullName = "Qwt License, Version 1.0";
url = "http://qwt.sourceforge.net/qwtlicense.html";
url = "https://qwt.sourceforge.io/qwtlicense.html";
};
ruby = spdx {
@ -646,7 +651,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
smail = {
shortName = "smail";
fullName = "SMAIL General Public License";
url = "http://metadata.ftp-master.debian.org/changelogs/main/d/debianutils/debianutils_4.8.1_copyright";
url = "https://sources.debian.org/copyright/license/debianutils/4.9.1/";
};
sspl = {
@ -663,7 +668,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
ufl = {
fullName = "Ubuntu Font License 1.0";
url = "http://font.ubuntu.com/ufl/ubuntu-font-licence-1.0.txt";
url = "https://ubuntu.com/legal/font-licence";
};
unfree = {
@ -740,7 +745,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
xfig = {
fullName = "xfig";
url = "http://mcj.sourceforge.net/authors.html#xfig";
url = "http://mcj.sourceforge.net/authors.html#xfig"; # https is broken
};
zlib = spdx {

6
maintainers/maintainer-list.nix
View file

@ -7816,6 +7816,12 @@
githubId = 563054;
name = "Thomas Tuegel";
};
turion = {
email = "programming@manuelbaerenz.de";
github = "turion";
githubId = 303489;
name = "Manuel Bärenz";
};
tv = {
email = "tv@krebsco.de";
github = "4z3";

16
nixos/doc/manual/installation/upgrading.xml
View file

@ -14,7 +14,7 @@
<para>
<emphasis>Stable channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-19.09">nixos-19.09</literal>.
xlink:href="https://nixos.org/channels/nixos-20.03">nixos-20.03</literal>.
These only get conservative bug fixes and package upgrades. For instance,
a channel update may cause the Linux kernel on your system to be upgraded
from 4.19.34 to 4.19.38 (a minor bug fix), but not from
@ -38,7 +38,7 @@
<para>
<emphasis>Small channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-19.09-small">nixos-19.09-small</literal>
xlink:href="https://nixos.org/channels/nixos-20.03-small">nixos-20.03-small</literal>
or
<literal
xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>.
@ -63,8 +63,8 @@
<para>
When you first install NixOS, youre automatically subscribed to the NixOS
channel that corresponds to your installation source. For instance, if you
installed from a 19.09 ISO, you will be subscribed to the
<literal>nixos-19.09</literal> channel. To see which NixOS channel youre
installed from a 20.03 ISO, you will be subscribed to the
<literal>nixos-20.03</literal> channel. To see which NixOS channel youre
subscribed to, run the following as root:
<screen>
# nix-channel --list | grep nixos
@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable
# nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
</screen>
(Be sure to include the <literal>nixos</literal> parameter at the end.) For
instance, to use the NixOS 19.09 stable channel:
instance, to use the NixOS 20.03 stable channel:
<screen>
# nix-channel --add https://nixos.org/channels/nixos-19.09 nixos
# nix-channel --add https://nixos.org/channels/nixos-20.03 nixos
</screen>
If you have a server, you may want to use the “small” channel instead:
<screen>
# nix-channel --add https://nixos.org/channels/nixos-19.09-small nixos
# nix-channel --add https://nixos.org/channels/nixos-20.03-small nixos
</screen>
And if you want to live on the bleeding edge:
<screen>
@ -132,7 +132,7 @@ nixos https://nixos.org/channels/nixos-unstable
kernel, initrd or kernel modules.
You can also specify a channel explicitly, e.g.
<programlisting>
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-19.09;
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.03;
</programlisting>
</para>
</section>

2
nixos/doc/manual/release-notes/rl-2003.xml
View file

@ -3,7 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.03">
<title>Release 20.03 (“Markhor”, 2020.03/??)</title>
<title>Release 20.03 (“Markhor”, 2020.04/20)</title>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"

1
nixos/doc/manual/release-notes/rl-2009.xml
View file

@ -255,6 +255,7 @@ environment.systemPackages = [
# sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
</programlisting>
</para>
</listitem>
</itemizedlist>
</section>

26
nixos/modules/hardware/opengl.nix
View file

@ -10,14 +10,6 @@ let
videoDrivers = config.services.xserver.videoDrivers;
makePackage = p: pkgs.buildEnv {
name = "mesa-drivers+txc-${p.mesa.version}";
paths =
[ p.mesa.drivers
(if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
];
};
package = pkgs.buildEnv {
name = "opengl-drivers";
paths = [ cfg.package ] ++ cfg.extraPackages;
@ -34,6 +26,9 @@ in
imports = [
(mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
(mkRemovedOptionModule [ "hardware" "opengl" "s3tcSupport" ] ''
S3TC support is now always enabled in Mesa.
'')
];
options = {
@ -74,17 +69,6 @@ in
'';
};
s3tcSupport = mkOption {
type = types.bool;
default = false;
description = ''
Make S3TC(S3 Texture Compression) via libtxc_dxtn available
to OpenGL drivers instead of the patent-free S2TC replacement.
Using this library may require a patent license depending on your location.
'';
};
package = mkOption {
type = types.package;
internal = true;
@ -166,8 +150,8 @@ in
environment.sessionVariables.LD_LIBRARY_PATH = mkIf cfg.setLdLibraryPath
([ "/run/opengl-driver/lib" ] ++ optional cfg.driSupport32Bit "/run/opengl-driver-32/lib");
hardware.opengl.package = mkDefault (makePackage pkgs);
hardware.opengl.package32 = mkDefault (makePackage pkgs.pkgsi686Linux);
hardware.opengl.package = mkDefault pkgs.mesa.drivers;
hardware.opengl.package32 = mkDefault pkgs.pkgsi686Linux.mesa.drivers;
boot.extraModulePackages = optional (elem "virtualbox" videoDrivers) kernelPackages.virtualboxGuestAdditions;
};

8
nixos/modules/installer/tools/nixos-generate-config.pl
View file

@ -180,7 +180,7 @@ sub pciCheck {
) )
{
# we need e.g. brcmfmac43602-pcie.bin
push @imports, "<nixpkgs/nixos/modules/hardware/network/broadcom-43xx.nix>";
push @imports, "(modulesPath + \"/hardware/network/broadcom-43xx.nix\")";
}
# Can't rely on $module here, since the module may not be loaded
@ -279,7 +279,7 @@ if ($virt eq "oracle") {
# Likewise for QEMU.
if ($virt eq "qemu" || $virt eq "kvm" || $virt eq "bochs") {
push @imports, "<nixpkgs/nixos/modules/profiles/qemu-guest.nix>";
push @imports, "(modulesPath + \"/profiles/qemu-guest.nix\")";
}
# Also for Hyper-V.
@ -296,7 +296,7 @@ if ($virt eq "systemd-nspawn") {
# Provide firmware for devices that are not detected by this script,
# unless we're in a VM/container.
push @imports, "<nixpkgs/nixos/modules/installer/scan/not-detected.nix>"
push @imports, "(modulesPath + \"/installer/scan/not-detected.nix\")"
if $virt eq "none";
@ -549,7 +549,7 @@ my $hwConfig = <<EOF;
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, modulesPath, ... }:
{
imports =${\multiLineList(" ", @imports)};

1
nixos/modules/module-list.nix
View file

@ -546,6 +546,7 @@
./services/monitoring/teamviewer.nix
./services/monitoring/telegraf.nix
./services/monitoring/thanos.nix
./services/monitoring/tuptime.nix
./services/monitoring/ups.nix
./services/monitoring/uptime.nix
./services/monitoring/vnstat.nix

39
nixos/modules/profiles/hardened.nix
View file

@ -7,7 +7,7 @@ with lib;
{
meta = {
maintainers = [ maintainers.joachifm ];
maintainers = [ maintainers.joachifm maintainers.emily ];
};
boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened;
@ -21,8 +21,6 @@ with lib;
security.lockKernelModules = mkDefault true;
security.allowUserNamespaces = mkDefault false;
security.protectKernelImage = mkDefault true;
security.allowSimultaneousMultithreading = mkDefault false;
@ -37,15 +35,9 @@ with lib;
# Slab/slub sanity checks, redzoning, and poisoning
"slub_debug=FZP"
# Disable slab merging to make certain heap overflow attacks harder
"slab_nomerge"
# Overwrite free'd memory
"page_poison=1"
# Disable legacy virtual syscalls
"vsyscall=none"
# Enable page allocator randomization
"page_alloc.shuffle=1"
];
@ -82,38 +74,12 @@ with lib;
# (e.g., parent/child)
boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;
# Restrict access to kernel ring buffer (information leaks)
boot.kernel.sysctl."kernel.dmesg_restrict" = mkDefault true;
# Hide kptrs even for processes with CAP_SYSLOG
boot.kernel.sysctl."kernel.kptr_restrict" = mkOverride 500 2;
# Unprivileged access to bpf() has been used for privilege escalation in
# the past
boot.kernel.sysctl."kernel.unprivileged_bpf_disabled" = mkDefault true;
# Disable bpf() JIT (to eliminate spray attacks)
boot.kernel.sysctl."net.core.bpf_jit_enable" = mkDefault false;
# ... or at least apply some hardening to it
boot.kernel.sysctl."net.core.bpf_jit_harden" = mkDefault true;
# Raise ASLR entropy for 64bit & 32bit, respectively.
#
# Note: mmap_rnd_compat_bits may not exist on 64bit.
boot.kernel.sysctl."vm.mmap_rnd_bits" = mkDefault 32;
boot.kernel.sysctl."vm.mmap_rnd_compat_bits" = mkDefault 16;
# Allowing users to mmap() memory starting at virtual address 0 can turn a
# NULL dereference bug in the kernel into code execution with elevated
# privilege. Mitigate by enforcing a minimum base addr beyond the NULL memory
# space. This breaks applications that require mapping the 0 page, such as
# dosemu or running 16bit applications under wine. It also breaks older
# versions of qemu.
#
# The value is taken from the KSPP recommendations (Debian uses 4096).
boot.kernel.sysctl."vm.mmap_min_addr" = mkDefault 65536;
# Disable ftrace debugging
boot.kernel.sysctl."kernel.ftrace_enabled" = mkDefault false;
@ -140,7 +106,4 @@ with lib;
# Ignore outgoing ICMP redirects (this is ipv4 only)
boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = mkDefault false;
boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = mkDefault false;
# Restrict userfaultfd syscalls to processes with the SYS_PTRACE capability
boot.kernel.sysctl."vm.unprivileged_userfaultfd" = mkDefault false;
}

7
nixos/modules/security/acme.nix
View file

@ -343,7 +343,9 @@ in
# Test that existing cert is older than new cert
KEY=${spath}/certificates/${keyName}.key
KEY_CHANGED=no
if [ -e $KEY -a $KEY -nt key.pem ]; then
KEY_CHANGED=yes
cp -p ${spath}/certificates/${keyName}.key key.pem
cp -p ${spath}/certificates/${keyName}.crt fullchain.pem
cp -p ${spath}/certificates/${keyName}.issuer.crt chain.pem
@ -354,7 +356,10 @@ in
chmod ${fileMode} *.pem
chown '${data.user}:${data.group}' *.pem
${data.postRun}
if [ "$KEY_CHANGED" = "yes" ]; then
: # noop in case postRun is empty
${data.postRun}
fi
'';
in
"+${script}";

2
nixos/modules/services/databases/cockroachdb.nix
View file

@ -153,7 +153,7 @@ in
defaultText = "pkgs.cockroachdb";
description = ''
The CockroachDB derivation to use for running the service.
This would primarily be useful to enable Enterprise Edition features
in your own custom CockroachDB build (Nixpkgs CockroachDB binaries
only contain open source features and open source code).

2
nixos/modules/services/mail/rss2email.nix
View file

@ -91,6 +91,8 @@ in {
};
};
environment.systemPackages = with pkgs; [ rss2email ];
services.rss2email.config.to = cfg.to;
systemd.tmpfiles.rules = [

4
nixos/modules/services/misc/redmine.nix
View file

@ -132,7 +132,7 @@ in
example = literalExample ''
{
dkuk-redmine_alex_skin = builtins.fetchurl {
url = https://bitbucket.org/dkuk/redmine_alex_skin/get/1842ef675ef3.zip;
url = "https://bitbucket.org/dkuk/redmine_alex_skin/get/1842ef675ef3.zip";
sha256 = "0hrin9lzyi50k4w2bd2b30vrf1i4fi1c0gyas5801wn8i7kpm9yl";
};
}
@ -146,7 +146,7 @@ in
example = literalExample ''
{
redmine_env_auth = builtins.fetchurl {
url = https://github.com/Intera/redmine_env_auth/archive/0.6.zip;
url = "https://github.com/Intera/redmine_env_auth/archive/0.6.zip";
sha256 = "0yyr1yjd8gvvh832wdc8m3xfnhhxzk2pk3gm2psg5w9jdvd6skak";
};
}

84
nixos/modules/services/monitoring/tuptime.nix Normal file
View file

@ -0,0 +1,84 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.tuptime;
in {
options.services.tuptime = {
enable = mkEnableOption "the total uptime service";
timer = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to regularly log uptime to detect bad shutdowns.";
};
period = mkOption {
type = types.str;
default = "*:0/5";
description = "systemd calendar event";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.tuptime ];
users.users.tuptime.description = "tuptime database owner";
systemd = {
services = {
tuptime = {
description = "the total uptime service";
documentation = [ "man:tuptime(1)" ];
after = [ "time-sync.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
StateDirectory = "tuptime";
Type = "oneshot";
User = "tuptime";
RemainAfterExit = true;
ExecStart = "${pkgs.tuptime}/bin/tuptime -x";
ExecStop = "${pkgs.tuptime}/bin/tuptime -xg";
};
};
tuptime-oneshot = mkIf cfg.timer.enable {
description = "the tuptime scheduled execution unit";
serviceConfig = {
StateDirectory = "tuptime";
Type = "oneshot";
User = "tuptime";
ExecStart = "${pkgs.tuptime}/bin/tuptime -x";
};
};
};
timers.tuptime = mkIf cfg.timer.enable {
description = "the tuptime scheduled execution timer";
# this timer should be started if the service is started
# even if the timer was previously stopped
wantedBy = [ "tuptime.service" "timers.target" ];
# this timer should be stopped if the service is stopped
partOf = [ "tuptime.service" ];
timerConfig = {
OnBootSec = "1min";
OnCalendar = cfg.timer.period;
Unit = "tuptime-oneshot.service";
};
};
};
};
meta.maintainers = [ maintainers.evils ];
}

14
nixos/modules/services/networking/ntp/chrony.nix
View file

@ -92,6 +92,11 @@ in
systemd.services.systemd-timedated.environment = { SYSTEMD_TIMEDATED_NTP_SERVICES = "chronyd.service"; };
systemd.tmpfiles.rules = [
"d ${stateDir} 0755 chrony chrony - -"
"f ${keyFile} 0640 chrony chrony -"
];
systemd.services.chronyd =
{ description = "chrony NTP daemon";
@ -103,13 +108,6 @@ in
path = [ pkgs.chrony ];
preStart = ''
mkdir -m 0755 -p ${stateDir}
touch ${keyFile}
chmod 0640 ${keyFile}
chown chrony:chrony ${stateDir} ${keyFile}
'';
unitConfig.ConditionCapability = "CAP_SYS_TIME";
serviceConfig =
{ Type = "simple";
@ -118,7 +116,7 @@ in
ProtectHome = "yes";
ProtectSystem = "full";
PrivateTmp = "yes";
StateDirectory = "chrony";
};
};

2
nixos/modules/services/security/bitwarden_rs/default.nix
View file

@ -58,7 +58,7 @@ in {
default = {};
example = literalExample ''
{
domain = https://bw.domain.tld:8443;
domain = "https://bw.domain.tld:8443";
signupsAllowed = true;
rocketPort = 8222;
rocketLog = "critical";

516
nixos/modules/services/web-apps/dokuwiki.nix
View file

@ -3,13 +3,14 @@
let
inherit (lib) mkEnableOption mkForce mkIf mkMerge mkOption optionalAttrs recursiveUpdate types;
inherit (lib) concatMapStringsSep flatten mapAttrs mapAttrs' mapAttrsToList nameValuePair concatMapStringSep;
cfg = config.services.dokuwiki;
eachSite = config.services.dokuwiki;
user = config.services.nginx.user;
user = "dokuwiki";
group = config.services.nginx.group;
dokuwikiAclAuthConfig = pkgs.writeText "acl.auth.php" ''
dokuwikiAclAuthConfig = cfg: pkgs.writeText "acl.auth.php" ''
# acl.auth.php
# <?php exit()?>
#
@ -18,244 +19,353 @@ let
${toString cfg.acl}
'';
dokuwikiLocalConfig = pkgs.writeText "local.php" ''
dokuwikiLocalConfig = cfg: pkgs.writeText "local.php" ''
<?php
$conf['savedir'] = '${cfg.stateDir}';
$conf['superuser'] = '${toString cfg.superUser}';
$conf['useacl'] = '${toString cfg.aclUse}';
$conf['disableactions'] = '${cfg.disableActions}';
${toString cfg.extraConfig}
'';
dokuwikiPluginsLocalConfig = pkgs.writeText "plugins.local.php" ''
dokuwikiPluginsLocalConfig = cfg: pkgs.writeText "plugins.local.php" ''
<?php
${cfg.pluginsConfig}
'';
pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec {
pname = "dokuwiki-${hostName}";
version = src.version;
src = cfg.package;
installPhase = ''
mkdir -p $out
cp -r * $out/
# symlink the dokuwiki config
ln -s ${dokuwikiLocalConfig cfg} $out/share/dokuwiki/local.php
# symlink plugins config
ln -s ${dokuwikiPluginsLocalConfig cfg} $out/share/dokuwiki/plugins.local.php
# symlink acl
ln -s ${dokuwikiAclAuthConfig cfg} $out/share/dokuwiki/acl.auth.php
# symlink additional plugin(s) and templates(s)
${concatMapStringsSep "\n" (template: "ln -s ${template} $out/share/dokuwiki/lib/tpl/${template.name}") cfg.templates}
${concatMapStringsSep "\n" (plugin: "ln -s ${plugin} $out/share/dokuwiki/lib/plugins/${plugin.name}") cfg.plugins}
'';
};
siteOpts = { config, lib, name, ...}: {
options = {
enable = mkEnableOption "DokuWiki web application.";
package = mkOption {
type = types.package;
default = pkgs.dokuwiki;
description = "Which dokuwiki package to use.";
};
hostName = mkOption {
type = types.str;
default = "localhost";
description = "FQDN for the instance.";
};
stateDir = mkOption {
type = types.path;
default = "/var/lib/dokuwiki/${name}/data";
description = "Location of the dokuwiki state directory.";
};
acl = mkOption {
type = types.nullOr types.lines;
default = null;
example = "* @ALL 8";
description = ''
Access Control Lists: see <link xlink:href="https://www.dokuwiki.org/acl"/>
Mutually exclusive with services.dokuwiki.aclFile
Set this to a value other than null to take precedence over aclFile option.
Warning: Consider using aclFile instead if you do not
want to store the ACL in the world-readable Nix store.
'';
};
aclFile = mkOption {
type = with types; nullOr str;
default = if (config.aclUse && config.acl == null) then "/var/lib/dokuwiki/${name}/users.auth.php" else null;
description = ''
Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl
Mutually exclusive with services.dokuwiki.acl which is preferred.
Consult documentation <link xlink:href="https://www.dokuwiki.org/acl"/> for further instructions.
Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/acl.auth.php.dist"/>
'';
example = "/var/lib/dokuwiki/${name}/acl.auth.php";
};
aclUse = mkOption {
type = types.bool;
default = true;
description = ''
Necessary for users to log in into the system.
Also limits anonymous users. When disabled,
everyone is able to create and edit content.
'';
};
pluginsConfig = mkOption {
type = types.lines;
default = ''
$plugins['authad'] = 0;
$plugins['authldap'] = 0;
$plugins['authmysql'] = 0;
$plugins['authpgsql'] = 0;
'';
description = ''
List of the dokuwiki (un)loaded plugins.
'';
};
superUser = mkOption {
type = types.nullOr types.str;
default = "@admin";
description = ''
You can set either a username, a list of usernames (admin1,admin2),
or the name of a group by prepending an @ char to the groupname
Consult documentation <link xlink:href="https://www.dokuwiki.org/config:superuser"/> for further instructions.
'';
};
usersFile = mkOption {
type = with types; nullOr str;
default = if config.aclUse then "/var/lib/dokuwiki/${name}/users.auth.php" else null;
description = ''
Location of the dokuwiki users file. List of users. Format:
login:passwordhash:Real Name:email:groups,comma,separated
Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1`
Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist"/>
'';
example = "/var/lib/dokuwiki/${name}/users.auth.php";
};
disableActions = mkOption {
type = types.nullOr types.str;
default = "";
example = "search,register";
description = ''
Disable individual action modes. Refer to
<link xlink:href="https://www.dokuwiki.org/config:action_modes"/>
for details on supported values.
'';
};
extraConfig = mkOption {
type = types.nullOr types.lines;
default = null;
example = ''
$conf['title'] = 'My Wiki';
$conf['userewrite'] = 1;
'';
description = ''
DokuWiki configuration. Refer to
<link xlink:href="https://www.dokuwiki.org/config"/>
for details on supported values.
'';
};
plugins = mkOption {
type = types.listOf types.path;
default = [];
description = ''
List of path(s) to respective plugin(s) which are copied from the 'plugin' directory.
<note><para>These plugins need to be packaged before use, see example.</para></note>
'';
example = ''
# Let's package the icalevents plugin
plugin-icalevents = pkgs.stdenv.mkDerivation {
name = "icalevents";
# Download the plugin from the dokuwiki site
src = pkgs.fetchurl {
url = https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip;
sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8";
};
sourceRoot = ".";
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
# And then pass this theme to the plugin list like this:
plugins = [ plugin-icalevents ];
'';
};
templates = mkOption {
type = types.listOf types.path;
default = [];
description = ''
List of path(s) to respective template(s) which are copied from the 'tpl' directory.
<note><para>These templates need to be packaged before use, see example.</para></note>
'';
example = ''
# Let's package the bootstrap3 theme
template-bootstrap3 = pkgs.stdenv.mkDerivation {
name = "bootstrap3";
# Download the theme from the dokuwiki site
src = pkgs.fetchurl {
url = https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip;
sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6";
};
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
# And then pass this theme to the template list like this:
templates = [ template-bootstrap3 ];
'';
};
poolConfig = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]);
default = {
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4;
"pm.max_requests" = 500;
};
description = ''
Options for the dokuwiki PHP pool. See the documentation on <literal>php-fpm.conf</literal>
for details on configuration directives.
'';
};
nginx = mkOption {
type = types.submodule (
recursiveUpdate
(import ../web-servers/nginx/vhost-options.nix { inherit config lib; })
{
# Enable encryption by default,
options.forceSSL.default = true;
options.enableACME.default = true;
}
);
default = {forceSSL = true; enableACME = true;};
example = {
serverAliases = [
"wiki.\${config.networking.domain}"
];
enableACME = false;
};
description = ''
With this option, you can customize the nginx virtualHost which already has sensible defaults for DokuWiki.
'';
};
};
};
in
{
options.services.dokuwiki = {
enable = mkEnableOption "DokuWiki web application.";
hostName = mkOption {
type = types.str;
default = "localhost";
description = "FQDN for the instance.";
};
stateDir = mkOption {
type = types.path;
default = "/var/lib/dokuwiki/data";
description = "Location of the dokuwiki state directory.";
};
acl = mkOption {
type = types.nullOr types.lines;
default = null;
example = "* @ALL 8";
description = ''
Access Control Lists: see <link xlink:href="https://www.dokuwiki.org/acl"/>
Mutually exclusive with services.dokuwiki.aclFile
Set this to a value other than null to take precedence over aclFile option.
'';
};
aclFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl
Mutually exclusive with services.dokuwiki.acl which is preferred.
Consult documentation <link xlink:href="https://www.dokuwiki.org/acl"/> for further instructions.
Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/acl.auth.php.dist"/>
'';
};
aclUse = mkOption {
type = types.bool;
default = true;
description = ''
Necessary for users to log in into the system.
Also limits anonymous users. When disabled,
everyone is able to create and edit content.
'';
};
pluginsConfig = mkOption {
type = types.lines;
default = ''
$plugins['authad'] = 0;
$plugins['authldap'] = 0;
$plugins['authmysql'] = 0;
$plugins['authpgsql'] = 0;
'';
description = ''
List of the dokuwiki (un)loaded plugins.
'';
};
superUser = mkOption {
type = types.nullOr types.str;
default = "@admin";
description = ''
You can set either a username, a list of usernames (admin1,admin2),
or the name of a group by prepending an @ char to the groupname
Consult documentation <link xlink:href="https://www.dokuwiki.org/config:superuser"/> for further instructions.
'';
};
usersFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Location of the dokuwiki users file. List of users. Format:
login:passwordhash:Real Name:email:groups,comma,separated
Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1`
Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist"/>
'';
};
extraConfig = mkOption {
type = types.nullOr types.lines;
default = null;
example = ''
$conf['title'] = 'My Wiki';
$conf['userewrite'] = 1;
'';
description = ''
DokuWiki configuration. Refer to
<link xlink:href="https://www.dokuwiki.org/config"/>
for details on supported values.
'';
};
poolConfig = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]);
default = {
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4;
"pm.max_requests" = 500;
};
description = ''
Options for the dokuwiki PHP pool. See the documentation on <literal>php-fpm.conf</literal>
for details on configuration directives.
'';
};
nginx = mkOption {
type = types.submodule (
recursiveUpdate
(import ../web-servers/nginx/vhost-options.nix { inherit config lib; })
{
# Enable encryption by default,
options.forceSSL.default = true;
options.enableACME.default = true;
}
);
default = {forceSSL = true; enableACME = true;};
example = {
serverAliases = [
"wiki.\${config.networking.domain}"
];
enableACME = false;
};
description = ''
With this option, you can customize the nginx virtualHost which already has sensible defaults for DokuWiki.
'';
# interface
options = {
services.dokuwiki = mkOption {
type = types.attrsOf (types.submodule siteOpts);
default = {};
description = "Sepcification of one or more dokuwiki sites to service.";
};
};
# implementation
config = mkIf cfg.enable {
config = mkIf (eachSite != {}) {
warnings = mkIf (cfg.superUser == null) ["Not setting services.dokuwiki.superUser will impair your ability to administer DokuWiki"];
warnings = mapAttrsToList (hostName: cfg: mkIf (cfg.superUser == null) "Not setting services.dokuwiki.${hostName} superUser will impair your ability to administer DokuWiki") eachSite;
assertions = [
{
assertion = cfg.aclUse -> (cfg.acl != null || cfg.aclFile != null);
message = "Either services.dokuwiki.acl or services.dokuwiki.aclFile is mandatory when aclUse is true";
}
{
assertion = cfg.usersFile != null -> cfg.aclUse != false;
message = "services.dokuwiki.aclUse must be true when usersFile is not null";
}
];
assertions = flatten (mapAttrsToList (hostName: cfg:
[{
assertion = cfg.aclUse -> (cfg.acl != null || cfg.aclFile != null);
message = "Either services.dokuwiki.${hostName}.acl or services.dokuwiki.${hostName}.aclFile is mandatory if aclUse true";
}
{
assertion = cfg.usersFile != null -> cfg.aclUse != false;
message = "services.dokuwiki.${hostName}.aclUse must must be true if usersFile is not null";
}
]) eachSite);
services.phpfpm.pools.dokuwiki = {
inherit user;
inherit group;
phpEnv = {
DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig}";
DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig}";
} //optionalAttrs (cfg.usersFile != null) {
DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}";
} //optionalAttrs (cfg.aclUse) {
DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig}" else "${toString cfg.aclFile}";
};
settings = {
"listen.mode" = "0660";
"listen.owner" = user;
"listen.group" = group;
} // cfg.poolConfig;
};
services.phpfpm.pools = mapAttrs' (hostName: cfg: (
nameValuePair "dokuwiki-${hostName}" {
inherit user;
inherit group;
phpEnv = {
DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig cfg}";
DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig cfg}";
} // optionalAttrs (cfg.usersFile != null) {
DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}";
} //optionalAttrs (cfg.aclUse) {
DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig cfg}" else "${toString cfg.aclFile}";
};
settings = {
"listen.mode" = "0660";
"listen.owner" = user;
"listen.group" = group;
} // cfg.poolConfig;
})) eachSite;
services.nginx = {
enable = true;
virtualHosts = {
${cfg.hostName} = mkMerge [ cfg.nginx {
root = mkForce "${pkgs.dokuwiki}/share/dokuwiki/";
extraConfig = "fastcgi_param HTTPS on;";
virtualHosts = mapAttrs (hostName: cfg: mkMerge [ cfg.nginx {
root = mkForce "${pkg hostName cfg}/share/dokuwiki";
extraConfig = "fastcgi_param HTTPS on;";
locations."~ /(conf/|bin/|inc/|install.php)" = {
extraConfig = "deny all;";
};
locations."~ /(conf/|bin/|inc/|install.php)" = {
extraConfig = "deny all;";
};
locations."~ ^/data/" = {
root = "${cfg.stateDir}";
extraConfig = "internal;";
};
locations."~ ^/data/" = {
root = "${cfg.stateDir}";
extraConfig = "internal;";
};
locations."~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 365d;";
};
locations."~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 365d;";
};
locations."/" = {
priority = 1;
index = "doku.php";
extraConfig = ''try_files $uri $uri/ @dokuwiki;'';
};
locations."/" = {
priority = 1;
index = "doku.php";
extraConfig = ''try_files $uri $uri/ @dokuwiki;'';
};
locations."@dokuwiki" = {
extraConfig = ''
locations."@dokuwiki" = {
extraConfig = ''
# rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
'';
};
'';
};
locations."~ \.php$" = {
extraConfig = ''
locations."~ \.php$" = {
extraConfig = ''
try_files $uri $uri/ /doku.php;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_pass unix:${config.services.phpfpm.pools.dokuwiki.socket};
fastcgi_pass unix:${config.services.phpfpm.pools."dokuwiki-${hostName}".socket};
fastcgi_param HTTPS on;
'';
};
}];
};
'';
};
}]) eachSite;
};
systemd.tmpfiles.rules = [
systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [
"d ${cfg.stateDir}/attic 0750 ${user} ${group} - -"
"d ${cfg.stateDir}/cache 0750 ${user} ${group} - -"
"d ${cfg.stateDir}/index 0750 ${user} ${group} - -"
@ -266,7 +376,13 @@ in
"d ${cfg.stateDir}/meta 0750 ${user} ${group} - -"
"d ${cfg.stateDir}/pages 0750 ${user} ${group} - -"
"d ${cfg.stateDir}/tmp 0750 ${user} ${group} - -"
];
] ++ lib.optional (cfg.aclFile != null) "C ${cfg.aclFile} 0640 ${user} ${group} - ${pkg hostName cfg}/share/dokuwiki/conf/acl.auth.php.dist"
++ lib.optional (cfg.usersFile != null) "C ${cfg.usersFile} 0640 ${user} ${group} - ${pkg hostName cfg}/share/dokuwiki/conf/users.auth.php.dist"
) eachSite);
users.users.${user} = {
group = group;
isSystemUser = true;
};
};
}

4
nixos/modules/services/web-apps/wordpress.nix
View file

@ -105,7 +105,7 @@ let
name = "embed-pdf-viewer-plugin";
# Download the theme from the wordpress site
src = pkgs.fetchurl {
url = https://downloads.wordpress.org/plugin/embed-pdf-viewer.2.0.3.zip;
url = "https://downloads.wordpress.org/plugin/embed-pdf-viewer.2.0.3.zip";
sha256 = "1rhba5h5fjlhy8p05zf0p14c9iagfh96y91r36ni0rmk6y891lyd";
};
# We need unzip to build this package
@ -132,7 +132,7 @@ let
name = "responsive-theme";
# Download the theme from the wordpress site
src = pkgs.fetchurl {
url = https://downloads.wordpress.org/theme/responsive.3.14.zip;
url = "https://downloads.wordpress.org/theme/responsive.3.14.zip";
sha256 = "0rjwm811f4aa4q43r77zxlpklyb85q08f9c8ns2akcarrvj5ydx3";
};
# We need unzip to build this package

14
nixos/modules/system/boot/systemd.nix
View file

@ -894,6 +894,13 @@ in
"sysctl.d/50-coredump.conf".source = "${systemd}/example/sysctl.d/50-coredump.conf";
"sysctl.d/50-default.conf".source = "${systemd}/example/sysctl.d/50-default.conf";
"tmpfiles.d/00-nixos.conf".text = ''
# This file is created automatically and should not be modified.
# Please change the option systemd.tmpfiles.rules instead.
${concatStringsSep "\n" cfg.tmpfiles.rules}
'';
"tmpfiles.d/home.conf".source = "${systemd}/example/tmpfiles.d/home.conf";
"tmpfiles.d/journal-nocow.conf".source = "${systemd}/example/tmpfiles.d/journal-nocow.conf";
"tmpfiles.d/portables.conf".source = "${systemd}/example/tmpfiles.d/portables.conf";
@ -906,13 +913,6 @@ in
"tmpfiles.d/var.conf".source = "${systemd}/example/tmpfiles.d/var.conf";
"tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf";
"tmpfiles.d/nixos.conf".text = ''
# This file is created automatically and should not be modified.
# Please change the option systemd.tmpfiles.rules instead.
${concatStringsSep "\n" cfg.tmpfiles.rules}
'';
"systemd/system-generators" = { source = hooks "generators" cfg.generators; };
"systemd/system-shutdown" = { source = hooks "shutdown" cfg.shutdown; };
});

18
nixos/modules/virtualisation/containers.nix
View file

@ -463,10 +463,15 @@ in
A specification of the desired configuration of this
container, as a NixOS module.
'';
type = lib.mkOptionType {
type = let
confPkgs = if config.pkgs == null then pkgs else config.pkgs;
in lib.mkOptionType {
name = "Toplevel NixOS config";
merge = loc: defs: (import ../../lib/eval-config.nix {
merge = loc: defs: (import (confPkgs.path + "/nixos/lib/eval-config.nix") {
inherit system;
pkgs = confPkgs;
baseModules = import (confPkgs.path + "/nixos/modules/module-list.nix");
inherit (confPkgs) lib;
modules =
let
extraConfig = {
@ -515,6 +520,15 @@ in
'';
};
pkgs = mkOption {
type = types.nullOr types.attrs;
default = null;
example = literalExample "pkgs";
description = ''
Customise which nixpkgs to use for this container.
'';
};
ephemeral = mkOption {
type = types.bool;
default = false;

3
nixos/release-combined.nix
View file

@ -75,6 +75,7 @@ in rec {
(onFullSupported "nixos.tests.fontconfig-default-fonts")
(onFullSupported "nixos.tests.gnome3")
(onFullSupported "nixos.tests.gnome3-xorg")
(onFullSupported "nixos.tests.hardened")
(onSystems ["x86_64-linux"] "nixos.tests.hibernate")
(onFullSupported "nixos.tests.i3wm")
(onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSimple")
@ -96,6 +97,8 @@ in rec {
(onFullSupported "nixos.tests.keymap.dvp")
(onFullSupported "nixos.tests.keymap.neo")
(onFullSupported "nixos.tests.keymap.qwertz")
(onFullSupported "nixos.tests.latestKernel.hardened")
(onFullSupported "nixos.tests.latestKernel.login")
(onFullSupported "nixos.tests.lightdm")
(onFullSupported "nixos.tests.login")
(onFullSupported "nixos.tests.misc")

102
nixos/tests/acme.nix
View file

@ -1,5 +1,5 @@
let
commonConfig = ./common/letsencrypt/common.nix;
commonConfig = ./common/acme/client;
dnsScript = {writeScript, dnsAddress, bash, curl}: writeScript "dns-hook.sh" ''
#!${bash}/bin/bash
@ -16,8 +16,8 @@ in import ./make-test-python.nix {
name = "acme";
nodes = rec {
letsencrypt = { nodes, lib, ... }: {
imports = [ ./common/letsencrypt ];
acme = { nodes, lib, ... }: {
imports = [ ./common/acme/server ];
networking.nameservers = lib.mkForce [
nodes.dnsserver.config.networking.primaryIPAddress
];
@ -33,8 +33,7 @@ in import ./make-test-python.nix {
serviceConfig = {
ExecStart = "${pkgs.pebble}/bin/pebble-challtestsrv -dns01 ':53' -defaultIPv6 '' -defaultIPv4 '${nodes.webserver.config.networking.primaryIPAddress}'";
# Required to bind on privileged ports.
User = "root";
Group = "root";
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
};
};
};
@ -45,19 +44,16 @@ in import ./make-test-python.nix {
nodes.dnsserver.config.networking.primaryIPAddress
];
networking.firewall.allowedTCPPorts = [ 80 ];
security.acme = {
server = "https://acme-v02.api.letsencrypt.org/dir";
certs."standalone.com" = {
webroot = "/var/lib/acme/acme-challenges";
};
security.acme.certs."standalone.test" = {
webroot = "/var/lib/acme/acme-challenges";
};
systemd.targets."acme-finished-standalone.com" = {};
systemd.services."acme-standalone.com" = {
wants = [ "acme-finished-standalone.com.target" ];
before = [ "acme-finished-standalone.com.target" ];
systemd.targets."acme-finished-standalone.test" = {};
systemd.services."acme-standalone.test" = {
wants = [ "acme-finished-standalone.test.target" ];
before = [ "acme-finished-standalone.test.target" ];
};
services.nginx.enable = true;
services.nginx.virtualHosts."standalone.com" = {
services.nginx.virtualHosts."standalone.test" = {
locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenges";
};
};
@ -71,16 +67,16 @@ in import ./make-test-python.nix {
# A target remains active. Use this to probe the fact that
# a service fired eventhough it is not RemainAfterExit
systemd.targets."acme-finished-a.example.com" = {};
systemd.services."acme-a.example.com" = {
wants = [ "acme-finished-a.example.com.target" ];
before = [ "acme-finished-a.example.com.target" ];
systemd.targets."acme-finished-a.example.test" = {};
systemd.services."acme-a.example.test" = {
wants = [ "acme-finished-a.example.test.target" ];
before = [ "acme-finished-a.example.test.target" ];
after = [ "nginx.service" ];
};
services.nginx.enable = true;
services.nginx.virtualHosts."a.example.com" = {
services.nginx.virtualHosts."a.example.test" = {
enableACME = true;
forceSSL = true;
locations."/".root = pkgs.runCommand "docroot" {} ''
@ -89,16 +85,16 @@ in import ./make-test-python.nix {
'';
};
security.acme.server = "https://acme-v02.api.letsencrypt.org/dir";
security.acme.server = "https://acme.test/dir";
specialisation.second-cert.configuration = {pkgs, ...}: {
systemd.targets."acme-finished-b.example.com" = {};
systemd.services."acme-b.example.com" = {
wants = [ "acme-finished-b.example.com.target" ];
before = [ "acme-finished-b.example.com.target" ];
systemd.targets."acme-finished-b.example.test" = {};
systemd.services."acme-b.example.test" = {
wants = [ "acme-finished-b.example.test.target" ];
before = [ "acme-finished-b.example.test.target" ];
after = [ "nginx.service" ];
};
services.nginx.virtualHosts."b.example.com" = {
services.nginx.virtualHosts."b.example.test" = {
enableACME = true;
forceSSL = true;
locations."/".root = pkgs.runCommand "docroot" {} ''
@ -108,8 +104,8 @@ in import ./make-test-python.nix {
};
};
specialisation.dns-01.configuration = {pkgs, config, nodes, lib, ...}: {
security.acme.certs."example.com" = {
domain = "*.example.com";
security.acme.certs."example.test" = {
domain = "*.example.test";
dnsProvider = "exec";
dnsPropagationCheck = false;
credentialsFile = with pkgs; writeText "wildcard.env" ''
@ -118,17 +114,17 @@ in import ./make-test-python.nix {
user = config.services.nginx.user;
group = config.services.nginx.group;
};
systemd.targets."acme-finished-example.com" = {};
systemd.services."acme-example.com" = {
wants = [ "acme-finished-example.com.target" ];
before = [ "acme-finished-example.com.target" "nginx.service" ];
systemd.targets."acme-finished-example.test" = {};
systemd.services."acme-example.test" = {
wants = [ "acme-finished-example.test.target" ];
before = [ "acme-finished-example.test.target" "nginx.service" ];
wantedBy = [ "nginx.service" ];
};
services.nginx.virtualHosts."c.example.com" = {
services.nginx.virtualHosts."c.example.test" = {
forceSSL = true;
sslCertificate = config.security.acme.certs."example.com".directory + "/cert.pem";
sslTrustedCertificate = config.security.acme.certs."example.com".directory + "/full.pem";
sslCertificateKey = config.security.acme.certs."example.com".directory + "/key.pem";
sslCertificate = config.security.acme.certs."example.test".directory + "/cert.pem";
sslTrustedCertificate = config.security.acme.certs."example.test".directory + "/full.pem";
sslCertificateKey = config.security.acme.certs."example.test".directory + "/key.pem";
locations."/".root = pkgs.runCommand "docroot" {} ''
mkdir -p "$out"
echo hello world > "$out/index.html"
@ -159,46 +155,44 @@ in import ./make-test-python.nix {
client.start()
dnsserver.start()
letsencrypt.wait_for_unit("default.target")
acme.wait_for_unit("default.target")
dnsserver.wait_for_unit("pebble-challtestsrv.service")
client.succeed(
'curl --data \'{"host": "acme-v02.api.letsencrypt.org", "addresses": ["${nodes.letsencrypt.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'
'curl --data \'{"host": "acme.test", "addresses": ["${nodes.acme.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'
)
client.succeed(
'curl --data \'{"host": "standalone.com", "addresses": ["${nodes.acmeStandalone.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'
'curl --data \'{"host": "standalone.test", "addresses": ["${nodes.acmeStandalone.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'
)
letsencrypt.start()
acme.start()
acmeStandalone.start()
letsencrypt.wait_for_unit("default.target")
letsencrypt.wait_for_unit("pebble.service")
acme.wait_for_unit("default.target")
acme.wait_for_unit("pebble.service")
with subtest("can request certificate with HTTPS-01 challenge"):
acmeStandalone.wait_for_unit("default.target")
acmeStandalone.succeed("systemctl start acme-standalone.com.service")
acmeStandalone.wait_for_unit("acme-finished-standalone.com.target")
acmeStandalone.succeed("systemctl start acme-standalone.test.service")
acmeStandalone.wait_for_unit("acme-finished-standalone.test.target")
client.wait_for_unit("default.target")
client.succeed("curl https://acme-v02.api.letsencrypt.org:15000/roots/0 > /tmp/ca.crt")
client.succeed(
"curl https://acme-v02.api.letsencrypt.org:15000/intermediate-keys/0 >> /tmp/ca.crt"
)
client.succeed("curl https://acme.test:15000/roots/0 > /tmp/ca.crt")
client.succeed("curl https://acme.test:15000/intermediate-keys/0 >> /tmp/ca.crt")
with subtest("Can request certificate for nginx service"):
webserver.wait_for_unit("acme-finished-a.example.com.target")
webserver.wait_for_unit("acme-finished-a.example.test.target")
client.succeed(
"curl --cacert /tmp/ca.crt https://a.example.com/ | grep -qF 'hello world'"
"curl --cacert /tmp/ca.crt https://a.example.test/ | grep -qF 'hello world'"
)
with subtest("Can add another certificate for nginx service"):
webserver.succeed(
"/run/current-system/specialisation/second-cert/bin/switch-to-configuration test"
)
webserver.wait_for_unit("acme-finished-b.example.com.target")
webserver.wait_for_unit("acme-finished-b.example.test.target")
client.succeed(
"curl --cacert /tmp/ca.crt https://b.example.com/ | grep -qF 'hello world'"
"curl --cacert /tmp/ca.crt https://b.example.test/ | grep -qF 'hello world'"
)
with subtest("Can request wildcard certificates using DNS-01 challenge"):
@ -208,9 +202,9 @@ in import ./make-test-python.nix {
webserver.succeed(
"/run/current-system/specialisation/dns-01/bin/switch-to-configuration test"
)
webserver.wait_for_unit("acme-finished-example.com.target")
webserver.wait_for_unit("acme-finished-example.test.target")
client.succeed(
"curl --cacert /tmp/ca.crt https://c.example.com/ | grep -qF 'hello world'"
"curl --cacert /tmp/ca.crt https://c.example.test/ | grep -qF 'hello world'"
)
'';
}

6
nixos/tests/all-tests.nix
View file

@ -22,7 +22,7 @@ let
in
{
_3proxy = handleTest ./3proxy.nix {};
acme = handleTestOn ["x86_64-linux"] ./acme.nix {};
acme = handleTest ./acme.nix {};
atd = handleTest ./atd.nix {};
automysqlbackup = handleTest ./automysqlbackup.nix {};
avahi = handleTest ./avahi.nix {};
@ -51,7 +51,9 @@ in
cloud-init = handleTest ./cloud-init.nix {};
codimd = handleTest ./codimd.nix {};
consul = handleTest ./consul.nix {};
cockroachdb = handleTestOn ["x86_64-linux"] ./cockroachdb.nix {};
containers-bridge = handleTest ./containers-bridge.nix {};
containers-custom-pkgs.nix = handleTest ./containers-custom-pkgs.nix {};
containers-ephemeral = handleTest ./containers-ephemeral.nix {};
containers-extra_veth = handleTest ./containers-extra_veth.nix {};
containers-hosts = handleTest ./containers-hosts.nix {};
@ -160,6 +162,7 @@ in
# kubernetes.e2e should eventually replace kubernetes.rbac when it works
#kubernetes.e2e = handleTestOn ["x86_64-linux"] ./kubernetes/e2e.nix {};
kubernetes.rbac = handleTestOn ["x86_64-linux"] ./kubernetes/rbac.nix {};
latestKernel.hardened = handleTest ./hardened.nix { latestKernel = true; };
latestKernel.login = handleTest ./login.nix { latestKernel = true; };
ldap = handleTest ./ldap.nix {};
leaps = handleTest ./leaps.nix {};
@ -311,6 +314,7 @@ in
trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {};
trezord = handleTest ./trezord.nix {};
trickster = handleTest ./trickster.nix {};
tuptime = handleTest ./tuptime.nix {};
udisks2 = handleTest ./udisks2.nix {};
upnp = handleTest ./upnp.nix {};
uwsgi = handleTest ./uwsgi.nix {};

28
nixos/tests/cockroachdb.nix
View file

@ -1,7 +1,7 @@
# This performs a full 'end-to-end' test of a multi-node CockroachDB cluster
# using the built-in 'cockroach workload' command, to simulate a semi-realistic
# test load. It generally takes anywhere from 3-5 minutes to run and 1-2GB of
# RAM (though each of 3 workers gets 1GB allocated)
# RAM (though each of 3 workers gets 2GB allocated)
#
# CockroachDB requires synchronized system clocks within a small error window
# (~500ms by default) on each node in order to maintain a multi-node cluster.
@ -55,7 +55,7 @@ let
{
# Bank/TPC-C benchmarks take some memory to complete
virtualisation.memorySize = 1024;
virtualisation.memorySize = 2048;
# Install the KVM PTP "Virtualized Clock" driver. This allows a /dev/ptp0
# device to appear as a reference clock, synchronized to the host clock.
@ -88,6 +88,8 @@ let
services.cockroachdb.listen.address = myAddr;
services.cockroachdb.join = lib.mkIf (joinNode != null) joinNode;
systemd.services.chronyd.unitConfig.ConditionPathExists = "/dev/ptp0";
# Hold startup until Chrony has performed its first measurement (which
# will probably result in a full timeskip, thanks to makestep)
systemd.services.cockroachdb.preStart = ''
@ -95,7 +97,7 @@ let
'';
};
in import ./make-test.nix ({ pkgs, ...} : {
in import ./make-test-python.nix ({ pkgs, ...} : {
name = "cockroachdb";
meta.maintainers = with pkgs.stdenv.lib.maintainers;
[ thoughtpolice ];
@ -110,17 +112,13 @@ in import ./make-test.nix ({ pkgs, ...} : {
# there's otherwise no way to guarantee that node1 will start before the others try
# to join it.
testScript = ''
$node1->start;
$node1->waitForUnit("cockroachdb");
$node2->start;
$node2->waitForUnit("cockroachdb");
$node3->start;
$node3->waitForUnit("cockroachdb");
$node1->mustSucceed("cockroach sql --host=192.168.1.1 --insecure -e 'SHOW ALL CLUSTER SETTINGS' 2>&1");
$node1->mustSucceed("cockroach workload init bank 'postgresql://root\@192.168.1.1:26257?sslmode=disable'");
$node1->mustSucceed("cockroach workload run bank --duration=1m 'postgresql://root\@192.168.1.1:26257?sslmode=disable'");
for node in node1, node2, node3:
node.start()
node.wait_for_unit("cockroachdb")
node1.succeed(
"cockroach sql --host=192.168.1.1 --insecure -e 'SHOW ALL CLUSTER SETTINGS' 2>&1",
"cockroach workload init bank 'postgresql://root@192.168.1.1:26257?sslmode=disable'",
"cockroach workload run bank --duration=1m 'postgresql://root@192.168.1.1:26257?sslmode=disable'",
)
'';
})

15
nixos/tests/common/acme/client/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ lib, nodes, pkgs, ... }:
let
acme-ca = nodes.acme.config.test-support.acme.caCert;
in
{
security.acme = {
server = "https://acme.test/dir";
email = "hostmaster@example.test";
acceptTerms = true;
};
security.pki.certificateFiles = [ acme-ca ];
}

34
nixos/tests/common/letsencrypt/default.nix → nixos/tests/common/acme/server/default.nix
View file

@ -1,27 +1,27 @@
# The certificate for the ACME service is exported as:
#
# config.test-support.letsencrypt.caCert
# config.test-support.acme.caCert
#
# This value can be used inside the configuration of other test nodes to inject
# the snakeoil certificate into security.pki.certificateFiles or into package
# overlays.
#
# Another value that's needed if you don't use a custom resolver (see below for
# notes on that) is to add the letsencrypt node as a nameserver to every node
# notes on that) is to add the acme node as a nameserver to every node
# that needs to acquire certificates using ACME, because otherwise the API host
# for letsencrypt.org can't be resolved.
# for acme.test can't be resolved.
#
# A configuration example of a full node setup using this would be this:
#
# {
# letsencrypt = import ./common/letsencrypt;
# acme = import ./common/acme/server;
#
# example = { nodes, ... }: {
# networking.nameservers = [
# nodes.letsencrypt.config.networking.primaryIPAddress
# nodes.acme.config.networking.primaryIPAddress
# ];
# security.pki.certificateFiles = [
# nodes.letsencrypt.config.test-support.letsencrypt.caCert
# nodes.acme.config.test-support.acme.caCert
# ];
# };
# }
@ -33,9 +33,9 @@
# override networking.nameservers like this:
#
# {
# letsencrypt = { nodes, ... }: {
# imports = [ ./common/letsencrypt ];
# networking.nameservers = [
# acme = { nodes, lib, ... }: {
# imports = [ ./common/acme/server ];
# networking.nameservers = lib.mkForce [
# nodes.myresolver.config.networking.primaryIPAddress
# ];
# };
@ -55,16 +55,16 @@
let
snakeOilCerts = import ./snakeoil-certs.nix;
wfeDomain = "acme-v02.api.letsencrypt.org";
wfeDomain = "acme.test";
wfeCertFile = snakeOilCerts.${wfeDomain}.cert;
wfeKeyFile = snakeOilCerts.${wfeDomain}.key;
siteDomain = "letsencrypt.org";
siteDomain = "acme.test";
siteCertFile = snakeOilCerts.${siteDomain}.cert;
siteKeyFile = snakeOilCerts.${siteDomain}.key;
pebble = pkgs.pebble;
resolver = let
message = "You need to define a resolver for the letsencrypt test module.";
message = "You need to define a resolver for the acme test module.";
firstNS = lib.head config.networking.nameservers;
in if config.networking.nameservers == [] then throw message else firstNS;
@ -76,15 +76,16 @@ let
httpPort = 80;
tlsPort = 443;
ocspResponderURL = "http://0.0.0.0:4002";
strict = true;
};
pebbleConfFile = pkgs.writeText "pebble.conf" (builtins.toJSON pebbleConf);
pebbleDataDir = "/root/pebble";
in {
imports = [ ../resolver.nix ];
imports = [ ../../resolver.nix ];
options.test-support.letsencrypt.caCert = lib.mkOption {
options.test-support.acme.caCert = lib.mkOption {
type = lib.types.path;
description = ''
A certificate file to use with the <literal>nodes</literal> attribute to
@ -98,7 +99,7 @@ in {
resolver.enable = let
isLocalResolver = config.networking.nameservers == [ "127.0.0.1" ];
in lib.mkOverride 900 isLocalResolver;
letsencrypt.caCert = snakeOilCerts.ca.cert;
acme.caCert = snakeOilCerts.ca.cert;
};
# This has priority 140, because modules/testing/test-instrumentation.nix
@ -126,8 +127,7 @@ in {
'';
serviceConfig = {
# Required to bind on privileged ports.
User = "root";
Group = "root";
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
};
};
};

5
nixos/tests/common/letsencrypt/mkcerts.nix → nixos/tests/common/acme/server/mkcerts.nix
View file

@ -1,10 +1,9 @@
{ pkgs ? import <nixpkgs> {}
, lib ? pkgs.lib
, domains ? [ "acme-v02.api.letsencrypt.org" "letsencrypt.org" ]
, domains ? [ "acme.test" ]
}:
pkgs.runCommand "letsencrypt-snakeoil-ca" {
pkgs.runCommand "acme-snakeoil-ca" {
nativeBuildInputs = [ pkgs.openssl ];
} ''
addpem() {

0
nixos/tests/common/letsencrypt/mkcerts.sh → nixos/tests/common/acme/server/mkcerts.sh
View file

171
nixos/tests/common/acme/server/snakeoil-certs.nix Normal file
View file

@ -0,0 +1,171 @@
# Generated via mkcert.sh in the same directory.
{
ca.key = builtins.toFile "ca.key" ''
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDCnVZGEn68ezXl
DWE5gjsCPqutR4nxw/wvIbAxB2Vk2WeQ6HGvt2Jdrz5qer2IXd76YtpQeqd+ffet
aLtMeFTr+Xy9yqEpx2AfvmEEcLnuiWbsUGZzsHwW7/4kPgAFBy9TwJn/k892lR6u
QYa0QS39CX85kLMZ/LZXUyClIBa+IxT1OovmGqMOr4nGASRQP6d/nnyn41Knat/d
tpyaa5zgfYwA6YW6UxcywvBSpMOXM0/82BFZGyALt3nQ+ffmrtKcvMjsNLBFaslV
+zYO1PMbLbTCW8SmJTjhzuapXtBHruvoe24133XWlvcP1ylaTx0alwiQWJr1XEOU
WLEFTgOTeRyiVDxDunpz+7oGcwzcdOG8nCgd6w0aYaECz1zvS3FYTQz+MiqmEkx6
s4bj1U90I0kwUJbeWjjrGO7Y9Qq4i19GafDg7cAMn9eHCiNbNrPj6t/gfaVbCrbk
m3ZVjkvLTQ2mb2lv7+tVii45227iNPuNS6lx2FVlr/DXiRrOVfghPvoOxUfXzogJ
hZLV4Zki+ycbGQa5w8YMDYCv4c08dKA7AatVhNS60c1zgQNjuWF3BvocSySyGUon
VT6h1DYlJ9YAqgqNpedgNR9kpp034SMhB7dj9leB6LRMA+c1fG/T+1lDbkA+vope
pt4+30oDcCTYfEifl1HwqNw/bXDm1wIDAQABAoICABPbd/UYaAQVUk93yQbUKe81
s9CvbvzTMYUhm9e02Hyszitz/D2gqZHDksvMkFA8u8aylXIGwdZfRglUmV/ZG1kk
kLzQ0xbvN/ilNUL9uYsETBMqtPly9YZloHnUNa5NqF+UVGJGk7GWz5WaLANybx3V
fTzDbfLl3TkVy0vt9UQbUkUfXyzwZNjXwmgIr8rcY9vasP90a3eXqRX3Tw1Wk6A4
TzO8oB994O0WBO150Fc6Lhwvc72yzddENlLDXq8UAXtqq9mmGqJKnhZ+1mo3AkMw
q7P1JyCIxcAMm26GtRvLVljXV0x5640kxDrCin6jeeW/qWkJEW6dpmuZjR5scmLI
/9n8H+fGzdZH8bOPPotMy12doj3vJqvew3p0eIkmVctYMJKD0j/CWjvKJNE3Yx4O
Ls47X/dEypX6anR1HQUXcpd6JfRWdIJANo2Duaz+HYbyA88bHcJL9shFYcjLs3sX
R/TvnnKHvw/ud7XBgvLGwGAf/cDEuLI2tv+V7tkMGrMUv+gUJNZaJaCpdt+1iUwO
QFq8APyBNn6FFw54TwXWfSjfSNh3geIMLHuErYVu9MIXvB7Yhh+ZvLcfLbmckhAX
wb39RRHnCWvnw5Bm9hnsDhqfDsIoP+2wvUkViyHOmrKi8nSJhSk19C8AuQtSVcJg
5op+epEmjt70GHt52nuBAoIBAQD2a4Ftp4QxWE2d6oAFI6WPrX7nAwI5/ezCbO/h
yoYAn6ucTVnn5/5ITJ8V4WTWZ4lkoZP3YSJiCyBhs8fN63J+RaJ/bFRblHDns1HA
2nlMVdNLg6uOfjgUJ8Y6xVM0J2dcFtwIFyK5pfZ7loxMZfvuovg74vDOi2vnO3dO
16DP3zUx6B/yIt57CYn8NWTq+MO2bzKUnczUQRx0yEzPOfOmVbcqGP8f7WEdDWXm
7scjjN53OPyKzLOVEhOMsUhIMBMO25I9ZpcVkyj3/nj+fFLf/XjOTM00M/S/KnOj
RwaWffx6mSYS66qNc5JSsojhIiYyiGVEWIznBpNWDU35y/uXAoIBAQDKLj0dyig2
kj1r3HvdgK4sRULqBQFMqE9ylxDmpJxAj6/A8hJ0RCBR57vnIIZMzK4+6K0l3VBJ
ukzXJHJLPkZ0Uuo2zLuRLkyjBECH6KYznyTkUVRn50Oq6IoP6WTCfd3Eg+7AKYY1
VFo2iR8sxeSQQ+AylFy6QcQ1xPIW30Jj1/LFjrRdRggapPEekpJec0pEqhasT8rR
UFhRL2NdZnL5b7ZlsJc7gZKEJgNfxgzaCzloqLcjCgGpOhLKx0fFsNOqHcbIGMwG
6wQCOyNghQJ6AZtRD5TYCJow92FchWjoTIaMJ8RjMKQmxpiwM6wQG4J78Hd3mbhf
q0hiQhPHaNbBAoIBAFeIeMFq8BpXM7sUwcURlI4lIx8Mgo33FVM7PzsFpfQyw9MR
5w3p6vnjvd8X4aoHvVZxzw3hA0WwjiAmrKMJL/KK6d45rP2bDUBBAplvAgeLtTLt
4tMLIwCF4HSgA55TIPQlaqO1FDC+M4BTSiMZVxS970/WnZPBEuNgzFDFZ+pvb4X6
3t40ZLNwAAQHM4IEPAFiHqWMKGZ9eo5BWIeEHnjHmfjqSDYfLJAVYk1WJIcMUzom
lA76CBC8CxW/I94AtcRhWuFUv/Z5/+OYEYLUxtuqPm+J+JrCmf4OJmWppT1wI2+p
V00BSeRVWXTm1piieM8ahF5y1hp6y3uV3k0NmKECggEBAMC42Ms3s6NpPSE+99eJ
3P0YPJOkl7uByNGbTKH+kW89SDRsy8iGVCSe9892gm5cwU/4LWyljO3qp2qBNG2i
/DfP/bCk8bqPXsAZwoWK8DrO3bTCDepJWYhlx40pVkHLBwVXGdOVAXh+YswPY2cj
cB9QhDrSj52AKU9z36yLvtY7uBA3Wph6tCjpx2n0H4/m6AmR9LDmEpf5tWYV/OrA
SKKaqUw/y7kOZyKOtbKqr/98qYmpIYFF/ZVZZSZkVXcNeoZzgdOlR37ksVqLEsrj
nxu7wli/uItBj/FTLjyqcvjUUYDyO1KtwBuyPUPgzYhBIN2Rt9+K6WRQelwnToFL
30ECggEBALzozykZj2sr3z8tQQRZuXLGotUFGsQCB8ikeqoeB8FbNNkC+qgflQGv
zLRB2KWOvnboc94wVgBJH43xG0HBibZnBhUO8/HBI/WlmyEj9KQ/ZskUK4GVZkB6
r/81ASLwH+P/rqrLEjcp1SIPPevjzCWD9VYR5m/qPHLNxStwGSrPjtPzgaFxhq84
Jl+YVmNqVlrOKYYfIPh8exPLiTti3wfM61pVYFv56PI2gd5ysMWYnuN+vK0sbmZh
cIWwykcKlODIngI7IzYqt8NuIJI0jrYyHgtUw4jaJzdF4mEOplGONxdz15jAGHtg
JUsBXFNz132nP4iIr3UKrPedQZijSi4=
-----END PRIVATE KEY-----
'';
ca.cert = builtins.toFile "ca.cert" ''
-----BEGIN CERTIFICATE-----
MIIFDzCCAvegAwIBAgIUTRDYSWJvmlhwIR3pzVrIQfnboLEwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLU25ha2VvaWwgQ0EwIBcNMjAwMzIyMjI1NjE3WhgPMjEy
MDAyMjcyMjU2MTdaMBYxFDASBgNVBAMMC1NuYWtlb2lsIENBMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEAwp1WRhJ+vHs15Q1hOYI7Aj6rrUeJ8cP8LyGw
MQdlZNlnkOhxr7diXa8+anq9iF3e+mLaUHqnfn33rWi7THhU6/l8vcqhKcdgH75h
BHC57olm7FBmc7B8Fu/+JD4ABQcvU8CZ/5PPdpUerkGGtEEt/Ql/OZCzGfy2V1Mg
pSAWviMU9TqL5hqjDq+JxgEkUD+nf558p+NSp2rf3bacmmuc4H2MAOmFulMXMsLw
UqTDlzNP/NgRWRsgC7d50Pn35q7SnLzI7DSwRWrJVfs2DtTzGy20wlvEpiU44c7m
qV7QR67r6HtuNd911pb3D9cpWk8dGpcIkFia9VxDlFixBU4Dk3kcolQ8Q7p6c/u6
BnMM3HThvJwoHesNGmGhAs9c70txWE0M/jIqphJMerOG49VPdCNJMFCW3lo46xju
2PUKuItfRmnw4O3ADJ/XhwojWzaz4+rf4H2lWwq25Jt2VY5Ly00Npm9pb+/rVYou
Odtu4jT7jUupcdhVZa/w14kazlX4IT76DsVH186ICYWS1eGZIvsnGxkGucPGDA2A
r+HNPHSgOwGrVYTUutHNc4EDY7lhdwb6HEskshlKJ1U+odQ2JSfWAKoKjaXnYDUf
ZKadN+EjIQe3Y/ZXgei0TAPnNXxv0/tZQ25APr6KXqbePt9KA3Ak2HxIn5dR8Kjc
P21w5tcCAwEAAaNTMFEwHQYDVR0OBBYEFCIoeYSYjtMiPrmxfHmcrsZkyTpvMB8G
A1UdIwQYMBaAFCIoeYSYjtMiPrmxfHmcrsZkyTpvMA8GA1UdEwEB/wQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggIBAHPdwOgAxyhIhbqFObNftW8K3sptorB/Fj6jwYCm
mHleFueqQnjTHMWsflOjREvQp1M307FWooGj+KQkjwvAyDc/Hmy7WgJxBg9p3vc+
/Xf/e7ZfBl8rv7vH8VXW/BC1vVsILdFncrgTrP8/4psV50/cl1F4+nPBiekvvxwZ
k+R7SgeSvcWT7YlOG8tm1M3al4F4mWzSRkYjkrXmwRCKAiya9xcGSt0Bob+LoM/O
mpDGV/PMC1WAoDc1mMuXN2hSc0n68xMcuFs+dj/nQYn8uL5pzOxpX9560ynKyLDv
yOzQlM2VuZ7H2hSIeYOFgrtHJJwhDtzjmUNDQpQdp9Fx+LONQTS1VLCTXND2i/3F
10X6PkdnLEn09RiPt5qy20pQkICxoEydmlwpFs32musYfJPdBPkZqZWrwINBv2Wb
HfOmEB4xUvXufZ5Ju5icgggBkyNA3PCLo0GZFRrMtvA7i9IXOcXNR+njhKa9246V
QQfeWiz05RmIvgShJYVsnZWtael8ni366d+UXypBYncohimyNlAD1n+Bh3z0PvBB
+FK4JgOSeouM4SuBHdwmlZ/H0mvfUG81Y8Jbrw0yuRHtuCtX5HpN5GKpZPHDE7aQ
fEShVB/GElC3n3DvgK9OJBeVVhYQgUEfJi4rsSxt3cdEI0NrdckUoZbApWVJ3CBc
F8Y7
-----END CERTIFICATE-----
'';
"acme.test".key = builtins.toFile "acme.test.key" ''
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAlgQTZjKfs3aHw0J993k7jFAs+hVRPf//zHMAiUkPKUYPTSl1
TxS/bPbhWzSoom00j4SLhGGGhbd+lnvTg0uvKbxskgATfw5clbm1ZN+gx4DuxwjL
V3xIxpeSY+PKzs5z8w/k+AJh+zOPyXwH3ut3C+ogp1S/5IhmzV3a/yU/6k0zpGxj
N6ZPRTXFrz93I1pPeCkJz90l7tj+2uFc9xtM20NQX52f0Y2oShcG8fKdNZVzuHHk
ZXkrZIhou55/nRy2jKgFeD3GQQfa9rwPWrVybQ6tKMMkoazB/Unky9xcTI2LJarf
xgHDO9v9yFBvmR4UM8B3kM82NHoENtHaZ2mmiMGZzTEQlf8xwYyHFrqBFIVRWEUr
7rr/O5Qr9gIN0T4u367HCexVYAKzbO2P9h75czzjMMoGkbXze9SMQ/ikrxEmwAHg
r1Xxh6iQYmgPNk8AR3d9+o2I7WJZMUYZARLnuhVr9BNXv510iqZTqX8lcyL5fEj3
ST4Ab+H7rfevZt6NU26iJLBYAjrA2mSvH+wvkboxrgSS8xYPkOW8NLNEbbodzofI
pB+SaK53OIk0bj9c1YAgrSNER/TDTgDXrWUNrlfVZ/M7+AEdeU06wi7sVhVif6OB
D3OpgKSNjeE6TuJH80Pi5MWugSFBr792Xb6uhVoPiVOFN+qiGB6UkwBgSKkCAwEA
AQKCAgAmN7OZfZwh5DiCDhZ5TXFWNba/n16rJOTN+R5R20L5iNetGLrCAs8hu2N+
ENRFTPzu8x14BEB5IF4niDRCZq2hPFeMemh9HfOIUV9c63vSV459NkhXaVpA/axV
tlqchQwVCB+U70Z28JPZCLgYmnQhnOvktTqNxhIqj5aTGbJGxpQ5d0Nvkfbv8tsB
4nE/mGpWel39jqFzT+Tdbjx414Ok+GkpcsacZDJTbbpfOSfD1uc8PgepskzTt8y2
v5JTPFVlUAjUsSgouQ+XfCGNQlx8XBjRIaXbal+hX4niRald91FTr0yC7UAHp+vn
dFZ586fB526OfbuZctxP+vZhEhFSseQKxHQ0tB8me81xH44daVNr9PPUM69FDT3j
ygJaUJjNEG3vVzePCDzhmxTmz2/rAClp77WTWziBWDoA6YWDDzhgNPrXWzLIbZIx
ue9ZbGEOh/u5ZzrEXxKCz9FjDe9wQu3TeYUe0M+ejzwWgn7zdWDvjjmtLUUuun2Y
wW7WANpu32qvB/V+qssw4O63tbRiwneRCnb8AF2ixgyWr6xyZwch4kacv1KMiixf
gO/5GTj7ba5GcdGoktJb29cUEgz13yPd106RsHK4vcggFxfMbOVauNRIo6ddLwyS
8UMxLf2i2cToOLkHZrIb8FgimmzRoBd3yYzwVJBydiVcsrHQAQKCAQEAxlzFYCiQ
hjEtblGnrkOC7Hx6HvqMelViOkGN8Y9VczG4GhwntmSE2nbpaAKhFBGdLfuSI3tJ
Lf24f0IGgAhzPmpo2TjbxPO3YSKFTH71fznVBhtQ1iSxwZ1InXktnuhot6VSDx6A
sbHSy1hMFy3nj+Zj5+fQ89tclzBzG9bCShaauO39KrPMwKi6CYoYdGhXBC3+OpHY
zBNvmDTxG2kW8L42rlf14EH4pAlgKs4eeZbpcbZ6fXURP2hToHJ8swyKw/1p12WA
cc19BKFJXL8nNP4uCf/fI0mVYpytz5KwUzG+z+umDqk+RRCH4mNB28xvEEuEyp/e
/C5Is+WrlDAA6QKCAQEAwZsK4AJ/w4Xf4Q/SsnZJO9bfP1ejJjzKElt8rG28JXeb
+FjykZZ6vw2gt2Boest2n9N4fBwaRkaHVtVS4iAmaDXozTlcvCLs2rVjPSguuQtW
80CKg6+dux+6gFN8IGzDCiX3pWUnhhiXvCcRYEcvgpH6GA5vuCNrXrjH0JFC0kef
aaDMGMTbzhc2IIRztmWU4v8YJSSy5KOkIQLWO+7u9aGx9IqT5/z3gx3XrItyl0Bk
aQmZEh7JOSyhmGhhf5LdeTLu2YgRw3/tzS+lPMX3+UPw99k9MdTOFn2pww5AdRmg
aBIzV+/LBYG0pPRl0D8/6yzGVBPuUDQpmK9Z3gsxwQKCAQEAnNkMZN2Ocd1+6+V7
LmtJog9HTSmWXMEZG7FsOJ661Yxx44txx2IyPsCaDNlPXxwSaiKrSo0Yr1oZQd8G
XsTPw4HGiETSWijQTulJ99PH8SLck6iTwdBgEhV5LrN75FQnQVdizHu1DUzrvkiC
Wi29FWb6howiCEDjNNVln5SwKn83NpVQgyyK8ag4+oQMlDdQ3wgzJ0Ld53hS3Eq4
f5EYR6JQgIki7YGcxrB3L0GujTxMONMuhfdEfRvUTGFawwVe0FyYDW7AIrx2Z2vV
I5YuvVNjOhrt6OwtSD1VnnWCITaLh8LwmlUu3NOWbudHUzKSe5MLXGEPo95BNKad
hl5yyQKCAQBNo0gMJtRnawMpdLfwewDJL1SdSR6S0ePS0r8/Qk4l1D5GrByyB183
yFY/0zhyra7nTt1NH9PlhJj3WFqBdZURSzUNP0iR5YuH9R9Twg5ihEqdB6/EOSOO
i521okTvl83q/ui9ecAMxUXr3NrZ+hHyUWmyRe/FLub6uCzg1a+vNauWpzXRZPgk
QCijh5oDdd7r3JIpKvtWNs01s7aHmDxZYjtDrmK7sDTtboUzm0QbpWXevUuV+aSF
+gDfZlRa3WFVHfisYSWGeYG6O7YOlfDoE7fJHGOu3QC8Ai6Wmtt8Wgd6VHokdHO8
xJPVZnCBvyt5up3Zz5hMr25S3VazdVfBAoIBAHVteqTGqWpKFxekGwR0RqE30wmN
iIEwFhgOZ8sQ+6ViZJZUR4Nn2fchn2jVwF8V8J1GrJbTknqzAwdXtO3FbgfmmyF2
9VbS/GgomXhA9vJkM4KK3Iwo/y/nE9hRhtzuVE0QPudz2fyfaDgnWjcNM59064tH
88361LVJm3ixyWSBD41UZ7NgWWJX1y2f073vErsfcPpavF5lhn1oSkQnOlgMJsnl
24qeuzAgTWu/2rFpIA2EK30Bgvsl3pjJxHwyNDAgklV7C783LIoAHi7VO7tzZ6iF
dmD5XLfcUZc3eaB7XehNQKBXDGLJeI5AFmjsHka5GUoitkU2PFrg/3+nJmg=
-----END RSA PRIVATE KEY-----
'';
"acme.test".cert = builtins.toFile "acme.test.cert" ''
-----BEGIN CERTIFICATE-----
MIIEoTCCAokCAgKaMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC1NuYWtlb2ls
IENBMCAXDTIwMDMyMjIyNTYxOFoYDzIxMjAwMjI3MjI1NjE4WjAUMRIwEAYDVQQD
DAlhY21lLnRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCWBBNm
Mp+zdofDQn33eTuMUCz6FVE9///McwCJSQ8pRg9NKXVPFL9s9uFbNKiibTSPhIuE
YYaFt36We9ODS68pvGySABN/DlyVubVk36DHgO7HCMtXfEjGl5Jj48rOznPzD+T4
AmH7M4/JfAfe63cL6iCnVL/kiGbNXdr/JT/qTTOkbGM3pk9FNcWvP3cjWk94KQnP
3SXu2P7a4Vz3G0zbQ1BfnZ/RjahKFwbx8p01lXO4ceRleStkiGi7nn+dHLaMqAV4
PcZBB9r2vA9atXJtDq0owyShrMH9SeTL3FxMjYslqt/GAcM72/3IUG+ZHhQzwHeQ
zzY0egQ20dpnaaaIwZnNMRCV/zHBjIcWuoEUhVFYRSvuuv87lCv2Ag3RPi7frscJ
7FVgArNs7Y/2HvlzPOMwygaRtfN71IxD+KSvESbAAeCvVfGHqJBiaA82TwBHd336
jYjtYlkxRhkBEue6FWv0E1e/nXSKplOpfyVzIvl8SPdJPgBv4fut969m3o1TbqIk
sFgCOsDaZK8f7C+RujGuBJLzFg+Q5bw0s0Rtuh3Oh8ikH5Jornc4iTRuP1zVgCCt
I0RH9MNOANetZQ2uV9Vn8zv4AR15TTrCLuxWFWJ/o4EPc6mApI2N4TpO4kfzQ+Lk
xa6BIUGvv3Zdvq6FWg+JU4U36qIYHpSTAGBIqQIDAQABMA0GCSqGSIb3DQEBCwUA
A4ICAQBCDs0V4z00Ze6Ask3qDOLAPo4k85QCfItlRZmwl2XbPZq7kbe13MqF2wxx
yiLalm6veK+ehU9MYN104hJZnuce5iEcZurk+8A+Pwn1Ifz+oWKVbUtUP3uV8Sm3
chktJ2H1bebXtNJE5TwvdHiUkXU9ywQt2FkxiTSl6+eac7JKEQ8lVN/o6uYxF5ds
+oIZplb7bv2XxsRCzq55F2tJX7fIzqXrSa+lQTnfLGmDVMAQX4TRB/lx0Gqd1a9y
qGfFnZ7xVyW97f6PiL8MoxPfd2I2JzrzGyP/igNbFOW0ho1OwfxVmvZeS7fQSc5e
+qu+nwnFfl0S4cHRif3G3zmz8Ryx9LM5TYkH41qePIHxoEO2sV0DgWJvbSjysV2S
EU2a31dJ0aZ+z6YtZVpHlujKMVzxVTrqj74trS4LvU5h/9hv7e1gjYdox1TO0HMK
mtDfgBevB21Tvxpz67Ijf31HvfTmCerKJEOjGnbYmyYpMeMNSONRDcToWk8sUwvi
OWa5jlUFRAxgXNM09vCTPi9aRUhcFqACqfAd6I1NqGVlfplLWrc7SWaSa+PsLfBf
4EOZfk8iEKBVeYXNjg+CcD8j8yk/oEs816/jpihIk8haCDRWYWGKyyGnwn6OQb8d
MdRO2b7Oi/AAmEF3jMlICqv286GIYK5qTKk2/CKHlOLPnsWEuA==
-----END CERTIFICATE-----
'';
}

12
nixos/tests/common/letsencrypt/common.nix
View file

@ -1,12 +0,0 @@
{ lib, nodes, pkgs, ... }: let
letsencrypt-ca = nodes.letsencrypt.config.test-support.letsencrypt.caCert;
in {
networking.nameservers = [
nodes.letsencrypt.config.networking.primaryIPAddress
];
security.acme.acceptTerms = true;
security.acme.email = "webmaster@example.com";
security.pki.certificateFiles = [ letsencrypt-ca ];
}

254
nixos/tests/common/letsencrypt/snakeoil-certs.nix
View file

@ -1,254 +0,0 @@
# Generated via mkcert.sh in the same directory.
{
ca.key = builtins.toFile "ca.key" ''
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDQ0b23I1srJZwR
2MMdvSJK5pcwLfrXU+4gEZEnWNyT8yeVweya+8vmNNOlvK3zxf+ZiY/7aQ0RZJMO
h2+VdlgHmr2QKhQTf1HwfZA/06FolD3/DcS+DMJMSTVr179/XLndeVVZUqU7tjvB
AWKSIS8H2hSF1UOPi9gBDR8MwCP6Qgj8WYhbkt9q47/lO96qAmm6U1F+Q7RYM9ZQ
IWI81N0Ms5wJocg7n6S19iV66ePh7APapZFYup61gFGWfahmA217ELIZd56n8yjO
F0epb9sC0XpYCDRrYKBWLqPiv+6wvdZtZvALItyIv08ZwXlBkFg3LbAAhPnf0Vxz
pYysQmyyyzkgy252n+Sie0kx+B4qm6fOkpfgYlPSVTb2dXx/be/SE08u0a9FO0fZ
pkByWEZJUUwngsJgLUa7MorQf3avxozfC25XqvzbieZfSXlA7mOUclZbC/WUFpyj
MlyJU2eCQ8wSwsPXl91oxcYlOkuVLgd41gr9pGXQSuKIkrgbfkftjg2tDC+7g7O8
qrdF42FjbZjIx/74AasmsGh4GTQtiSkvEnTstioC6aCV44DlJWbBIMvkyawubjUl
Ppij0H66Y9Q4tEc/ktc7oGQfqqluyLb43TeobTPHALsNeAYb39rMtBo5DDCUc81s
fuDMhMr/oYXKrFstUsg5AY6mJaRG0QIDAQABAoICAF5ZVfmoPOoKzTB3GvmV2iez
dj4rmDmwT1gn98iqasdiRtFwVGJWQHNcDQDGdmY9YNZThD2Y4nGoWpVm9jC2zuFo
thusF3QTw8cARKvCCBzDVhumce1YwHVNYpi+W2TFValOyBRathN7rBXxdUMHQUOv
8jPh/uudyNP4xL2zFs5dBchW/7g4bT/TdYGyglGYU4L/YEPHfXWYvk1oOAW6O8Ig
aPElKt5drEMW2yplATSzua4RvtEzSMBDIRn43pxxEgdXrNC67nF9+ULc2+Efi/oD
Ad9CncSiXO9zlVK/W655p6e4qd6uOqyCm8/MTegkuub7eplRe8D3zGjoNN4kCQ4S
rckVvIDDb6vZk7PKx9F7GWIqaG/YvFFFKO1MrAZg7SguFA6PtGOYAFocT03P6KXT
l2SnZQWKyxUAlh4tOBGlRFgGCx/krRIKbgNYn/qk/ezcRl8c7GpOPh+b7Icoq7u3
l4tIVBBHqS8uGgtyi+YwuJeht2MV1aEcSkykKLh2ipp8tb6spORJUkhjawDjvxeQ
GztN30Xh2riTXYZ0HExVTtJa8jyvFyp/97ptPIJXaVt2A2KIS3sBFHKnpY+/OrQg
uUauYgi13WFHsKOxZL9GYGk7Ujd8bw4CEcJFxKY7bhpGVI6Du7NRkUDWN0+0yusI
2szCJ7+ZqJkrc1+GrI/RAoIBAQDseAEggOLYZkpU2Pht15ZbxjM9ayT2ANq1+RTu
LjJx4gv2/o/XJCfMZCL0b9TJqtYeH+N6G9oDRJ99VIhUPedhWSYdj9Qj+rPd++TS
bp+MoSjmfUfxLTDrmFHL7ppquAE65aDy3B5c+OCb0I4X6CILUf0LynBzgl4kdrzN
U6BG3Mt0RiGPojlPV82B9ZUF/09YAz7BIz9X3KMhze1Gps5OeGuUnc9O2IAJYkrj
ur9H2YlNS4w+IjRLAXSXUqC8bqPZp6WTo1G/rlyAkIRXCGN90uk5JQvXoj9immFO
WaylbdcNG3YcGutreYeZL/UIWF6zCdc6pYG0cCBJS6S/RN7FAoIBAQDiERrLuUbV
3fx/a8uMeZop6hXtQpF7jlFxqUmza7QSvBuwks4QVJF+qMSiSvKDkCKqZD4qVf4N
TMxEj5vNR0PbnmDshyKJNGVjEauKJSb65CFDUcL1eR/A/oJvxiIdN1Z4cPrpnRux
/zIfPuYfYHpdz52buxxmlD7bfwYmVKVpnzjB9z0I1CasZ5uqB0Z8H0OLyUu8S4ju
RfkKBDMgVl2q96i8ZvX4C1b7XuimIUqv4WHq5+ejcYirgrYtUbBIaDU3/LORcJdy
/K76L1/up70RTDUYYm/HKaRy+vMTpUsZJ7Qbh0hrvQkUvNQ1HXjprW2AePIYi33N
h3mb1ulqw4idAoIBAQCsn0YjVjNDShkFK4bfmLv4rw2Ezoyi0SjYIsb2wN6uaBfX
7SlQIuKywH8L9f9eYMoCH8FNyLs0G4paUbVb2fzpAc1jUzXINiHL8TCvtXXfkV5s
NBSqqRTHR+CegMZVFZJATpVZ9PptYHmHBY5VQW5o2SdizhudFxRmhg95zIx6boBP
l0q0sfYoR66MKpzpTeG8HFJZZ8O7/iNQcCXAp9B/VEUkrrdBlaaSMyD8cb1lVBZ5
SKdOTGXkQ2G7feQ86n/OSiYDSvxIc56vc9BIQKVwmuEKiFLGzXh8ILrcGXaBJVgS
B3QHPFeTk5o7Z9j2iJxJEuv9sginkhrfpsrTnhEJAoIBACkrUkTtjd/e2F/gIqaH
crLVZX7a06G7rktTuA9LuvR6e1Rxt8Mzk3eMhprDqVyaQCXlsYiGNoj3hm+p84az
xsDVG/OXPIveFeSv0ByNXYbtSr12w1lu4ICGGP0ACTBm5oFymc83hFarEdas3r2y
FTbGW36D2c04jCXvARCz85fDnlN8kgnskMpu5+NUBdsO2n83fmphGyPBbHQNhb4K
3G4JQhplab/tWL7YbufqQi67jdh4uS+Duo75c/HW4ZKeH6r9gzomVf5j0/3N6NuO
gpkG1tiE/LQ5ejBSUTgvrvh6yYsF3QN53pB/PuoZXu63Xay62ePsa1GlrVjbD5EY
4OUCggEAJFr7F7AQLMJTAxHFLCsZZ0ZZ+tXYclBC4eHPkZ6sD5jvL3KIpW3Q7jXk
oIoD/XEX4B+Qe5M3jQJ/Y5ZJETHcgfcHZbDpCKN2WHQgldQbAJiFd4GY1OegdVsr
7TC8jh3Q2eYjzL8u4z7LSNI6aQSv1eWE7S1Q5j/sX/YYDR4W3CBMeIUpqoDWpn87
czbIRyA/4L0Y/HLpg/ZCbvtJZbsQwYXhyqfbjlm4BRQ6JiC5uEBKvuDRUXToBJta
JU8XMm+Ae5Ogrw7P6hg68dWpagfjb7UZ7Zxv+VDsbrU6KsDcyGCAwrrRZou/6KUG
Eq4OVTSu/s8gmY94tgbjeOaLUPEPmg==
-----END PRIVATE KEY-----
'';
ca.cert = builtins.toFile "ca.cert" ''
-----BEGIN CERTIFICATE-----
MIIFDzCCAvegAwIBAgIUU9rbCLTuvaI6gjSsFsJJjfLWIX8wDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLU25ha2VvaWwgQ0EwIBcNMTkxMDE4MDc1NDEyWhgPMjEx
OTA5MjQwNzU0MTJaMBYxFDASBgNVBAMMC1NuYWtlb2lsIENBMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEA0NG9tyNbKyWcEdjDHb0iSuaXMC3611PuIBGR
J1jck/MnlcHsmvvL5jTTpbyt88X/mYmP+2kNEWSTDodvlXZYB5q9kCoUE39R8H2Q
P9OhaJQ9/w3EvgzCTEk1a9e/f1y53XlVWVKlO7Y7wQFikiEvB9oUhdVDj4vYAQ0f
DMAj+kII/FmIW5LfauO/5TveqgJpulNRfkO0WDPWUCFiPNTdDLOcCaHIO5+ktfYl
eunj4ewD2qWRWLqetYBRln2oZgNtexCyGXeep/MozhdHqW/bAtF6WAg0a2CgVi6j
4r/usL3WbWbwCyLciL9PGcF5QZBYNy2wAIT539Fcc6WMrEJssss5IMtudp/kontJ
MfgeKpunzpKX4GJT0lU29nV8f23v0hNPLtGvRTtH2aZAclhGSVFMJ4LCYC1GuzKK
0H92r8aM3wtuV6r824nmX0l5QO5jlHJWWwv1lBacozJciVNngkPMEsLD15fdaMXG
JTpLlS4HeNYK/aRl0EriiJK4G35H7Y4NrQwvu4OzvKq3ReNhY22YyMf++AGrJrBo
eBk0LYkpLxJ07LYqAumgleOA5SVmwSDL5MmsLm41JT6Yo9B+umPUOLRHP5LXO6Bk
H6qpbsi2+N03qG0zxwC7DXgGG9/azLQaOQwwlHPNbH7gzITK/6GFyqxbLVLIOQGO
piWkRtECAwEAAaNTMFEwHQYDVR0OBBYEFAZcEiVphGxBT4OWXbM6lKu96dvbMB8G
A1UdIwQYMBaAFAZcEiVphGxBT4OWXbM6lKu96dvbMA8GA1UdEwEB/wQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggIBAGJ5Jnxq1IQ++IRYxCE7r7BqzzF+HTx0EWKkSOmt
eSPqeOdhC26hJlclgGZXAF/Xosmn8vkSQMHhj/jr4HI0VF9IyvDUJm8AKsnOgu/7
DUey3lEUdOtJpTG9NyTOcrzxToMJ+hWlFLZKxx2dk4FLIvTLjmo1VHM97Bat7XYW
IrL9RRIZ25V+eCYtlR7XYjceGFQ0rCdp8SFIQwC6C/AH2tV3b1AJFsND9PcoLu7c
//fH+WUQCcD/N0grdC/QCX7AFWzd4rKQ8gjfND4TSYFTSDwW10Mud4kAVhY2P1sY
Y3ZpnxWrCHbIZMbszlbMyD+cjsCBnNvOtYGm7pDut/371rllVcB/uOWYWMCtKPoj
0elPrwNMrK+P+wceNBCRQO+9gwzB589F2morFTtsob/qtpAygW8Sfl8M+iLWXeYS
c3LBLnj0TpgXKRWg7wgIWKSZx9v6pgy70U0qvkjNS1XseUCPf7hfAbxT3xF+37Dw
zZRwF4WAWqdnJoOey21mgc+a2DQzqtykA6KfHgCqNFfDbQXPXvNy25DDThbk+paX
G2M2EWtr+Nv9s/zm7Xv/pOXlgMFavaj+ikqZ4wfJf6c/sMOdZJtMA4TsYtAJgbc8
ts+0eymTq4v5S8/fW51Lbjw6hc1Kcm8k7NbHSi9sEjBfxFLTZNQ5eb4NGr9Od3sU
kgwJ
-----END CERTIFICATE-----
'';
"acme-v02.api.letsencrypt.org".key = builtins.toFile "acme-v02.api.letsencrypt.org.key" ''
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEApny0WhfDwEXe6WDTCw8qBuMAPDr88pj6kbhQWfzAW2c0TggJ
Etjs9dktENeTpSl14nnLVMiSYIJPYY3KbOIFQH1qDaOuQ7NaOhj9CdMTm5r9bl+C
YAyqLIMQ9AAZDhUcQjOy3moiL7ClFHlkFYuEzZBO9DF7hJpfUFIs0Idg50mNoZh/
K/fb4P2skNjfCjjomTRUmZHxT6G00ImSTtSaYbN/WHut1xXwJvOoT1nlEA/PghKm
JJ9ZuRMSddUJmjL+sT09L8LVkK8CKeHi4r58DHM0D0u8owIFV9qsXd5UvZHaNgvQ
4OAWGukMX+TxRuqkUZkaj84vnNL+ttEMl4jedw0ImzNtCOYehDyTPRkfng5PLWMS
vWbwyP8jDd2578mSbx5BF7ypYX366+vknjIFyZ5WezcC1pscIHxLoEwuhuf+knN+
kFkLOHeYbqQrU6mxSnu9q0hnNvGUkTP0a/1aLOGRfQ5C/pxpE/Rebi8qfM/OJFd4
mSxGL93JUTXWAItiIeBnQpIne65/Ska9dWynOEfIb0okdet3kfmNHz3zc17dZ5g4
AdOSCgHAlQgFt/Qd8W6xXUe4C5Mfv2ctxRrfQhDwtB6rMByPwzImnciC2h3vCwD3
vS/vjUyWICyhZyi2LZDUQz+sCKBXCYYcYh8ThFO40j5x1OnYMq7XQvyl8QkCAwEA
AQKCAgBSAfdssWwRF9m3p6QNPIj9H3AMOxpB/azffqTFzsSJwYp4LWkayZPfffy+
4RGvN38D8e6ActP3ifjEGu3tOGBR5fUJhujeHEiDea+a2Ug9S9kuNwmnelWQ23bM
Wgf9cdSbn4+qEymHyEFolmsAWdsuzri1fHJVXR06GWBNz4GiLA8B3HY4GD1M1Gfe
aZVkGagpXyeVBdiR2xuP5VQWVI8/NQWzdiipW/sRlNABVkyI3uDeN4VzYLL3gTeE
p021kQz4DSxIjHZacHpmWwhBnIbKMy0fo7TlrqcnIWXqTwv63Q9Zs/RN8NOyqb0Y
t1NKFWafcwUsdOnrG9uv/cVwF1FNE8puydaOi8rL1zAeK89JH8NRQ02wohR9w8qy
b2tB6DyGMtuqBt8Il6GA16ZoEuaXeayvlsvDEmG1cS9ZwBvfgrVPAmlm2AYdIf5B
RHIJu4BJC6Nn2ehVLqxx1QDhog3SOnAsCmcfg5g/fCwxcVMLIhODFoiKYGeMitDG
Q4e5JKcOg+RR8PT/n4eY4rUDBGtsR+Nw8S2DWgXmSufyfDtKCjZB4IuLWPS29tNh
zF6iYfoiTWzrSs/yqPSKIFpv+PWZwkKSvjdxia6lSBYYEON4W2QICEtiEs+SvcG4
0eIqWM+rRmPnJyMfGqX6GCs3rHDQB2VNJPBCYPQalJ/KwZumAQKCAQEA0ezM6qPJ
1JM/fddgeQ50h0T9TRXVUTCISxXza+l4NuFt1NdqUOdHsGtbL1JR4GaQUG8qD1/P
R39YgnQEQimxpmYLCZkobkwPxTZm9oiMXpcJrlN4PB5evaWShRSv3mgigpt3Wzml
Td+2R9RoA/hvF/wEyIvaWznYOyugBC7GXs20dNnZDULhUapeQu7r6JvgmxBOby7S
0FbhGplBiSDETzZURqzH/GMJKaJtNgyyVf3Hbg4mZAQDWoBRr+8HxsNbDkxP6e91
QrPHy2VZFiaTmJfoxRhyMTn7/JZaLJaUHDOniOsdMj/V7vMCgpfBqh5vR8bKzuPy
ZINggpcFPp1IYQKCAQEAywc7AQoktMBCru/3vzBqUveXbR3RKzNyZCTH5CMm3UNH
zmblFgqF2nxzNil21GqAXzSwZk5FyHbkeD3yvEZm+bXzsZTDNokAwoiTgyrr2tf8
GLMlCHHl5euIh1xHuyg/oKajVGOoXUXK8piqiDpQKd3Zwc6u2oyQlh+gYTPKh+7i
ilipkYawoE6teb6JUGpvU+d27INgNhB2oDEXY3pG2PbV+wv229ykSZxh1sJUdDwT
a8eTg+3pCGXtOZiJoQTFwKUlD2WYTGqS4Gx6dIJco5k+ZikGNST1JGE64Jl4MZdI
rtyvpcYblh5Q14sJGvp4kWYS9tjEM8pA+4Z9th3JqQKCAQEAkidH0+UM1A9gmQCm
jiHeR39ky5Jz3f7oJT63J15479yrVxBTWNhtNQrJhXzOvGkr+JQsuF+ANMsYmFql
zFqy8KMC9D/JwmD6adeif+o5sHF/r/s1LsYGOAtao4TvnOzrefs7ciwERt+GTSQ4
9uq0jgJMYkPcVr9DKI8K7V6ThdW52dECKRVzQiRXVEp7vIsqKUuFECuNYrfaKWai
FhLWGkA9FKee5L0e1/naB1N3ph72Bk2btO6GVzAXr2HADEZe0umWiczJ2xLH+3go
Oh/JiufYi8ClYFh6dDVJutlrbOcZsV3gCegfzikqijmWABcIavSgpsJVNF2zh7gV
Uq62gQKCAQAdO2FHeQpn6/at8WceY/4rC/MFhvGC4tlpidIuCtGhsfo4wZ/iWImF
N73u4nF1jBAHpTJwyHxLrLKgjWrRqOFSutvniZ/BzmAJolh63kcvL0Hg3IpMePm8
7PivZJ3/WIAwxU1m7SJkq5PY8ho7mwnHvWWI/hU26l42/z68QBS9FawQd0uS5G2x
5yIbEU/8ABcfYYhB7XiA0EYEMo1HiWeB/ag5iTN13ILbBmUf4sL+KVgygH3A1RRk
XSiWzluij2lZn22ClgIjnoSfQ38uH0bvVzUgyG9YX4XcQxOTGwWvPjT82FGB8NAw
ARVqs14QQFfzt1qrp/I38rsAfBDFk+xhAoIBAQCEKNk/oJcy9t/jMIbLcn6z3aCc
Fn8GBPSXtFj0t6weN5lHof+cggw4owMFWQQyAXxo/K6NnKNydMPZ5qjtLsHNpbpQ
aT1Or0/1YR1bJ8Lo82B4QM++7F761GWQPvE/tyrfPkfkWl92ITIpmnlw4wycRlkq
9anI2fnj1nIZwixzE2peb6PcsZU2HOs9uZ5RRd9wia696I7IpNibs4O4J2WTm4va
+NeYif3V2g9qwgT0Va0c9/Jlg3b58R0vA8j/VCU5I0TyXpkB3Xapx+pvEdZ3viUL
mXZaVotmWjgBXGDtd2VQg2ZiAMXHn3RzXSgV4Z+A/XacRs75h9bNw0ZJYrz1
-----END RSA PRIVATE KEY-----
'';
"acme-v02.api.letsencrypt.org".cert = builtins.toFile "acme-v02.api.letsencrypt.org.cert" ''
-----BEGIN CERTIFICATE-----
MIIEtDCCApwCAgKaMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC1NuYWtlb2ls
IENBMCAXDTE5MTAxODA3NTQxM1oYDzIxMTkwOTI0MDc1NDEzWjAnMSUwIwYDVQQD
DBxhY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnMIICIjANBgkqhkiG9w0BAQEF
AAOCAg8AMIICCgKCAgEApny0WhfDwEXe6WDTCw8qBuMAPDr88pj6kbhQWfzAW2c0
TggJEtjs9dktENeTpSl14nnLVMiSYIJPYY3KbOIFQH1qDaOuQ7NaOhj9CdMTm5r9
bl+CYAyqLIMQ9AAZDhUcQjOy3moiL7ClFHlkFYuEzZBO9DF7hJpfUFIs0Idg50mN
oZh/K/fb4P2skNjfCjjomTRUmZHxT6G00ImSTtSaYbN/WHut1xXwJvOoT1nlEA/P
ghKmJJ9ZuRMSddUJmjL+sT09L8LVkK8CKeHi4r58DHM0D0u8owIFV9qsXd5UvZHa
NgvQ4OAWGukMX+TxRuqkUZkaj84vnNL+ttEMl4jedw0ImzNtCOYehDyTPRkfng5P
LWMSvWbwyP8jDd2578mSbx5BF7ypYX366+vknjIFyZ5WezcC1pscIHxLoEwuhuf+
knN+kFkLOHeYbqQrU6mxSnu9q0hnNvGUkTP0a/1aLOGRfQ5C/pxpE/Rebi8qfM/O
JFd4mSxGL93JUTXWAItiIeBnQpIne65/Ska9dWynOEfIb0okdet3kfmNHz3zc17d
Z5g4AdOSCgHAlQgFt/Qd8W6xXUe4C5Mfv2ctxRrfQhDwtB6rMByPwzImnciC2h3v
CwD3vS/vjUyWICyhZyi2LZDUQz+sCKBXCYYcYh8ThFO40j5x1OnYMq7XQvyl8QkC
AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAkx0GLPuCvKSLTHxVLh5tP4jxSGG/zN37
PeZLu3QJTdRdRc8bgeOGXAVEVFbqOLTNTsuY1mvpiv2V6wxR6nns+PIHeLY/UOdc
mOreKPtMU2dWPp3ybec2Jwii6PhAXZJ26AKintmug1psMw7662crR3SCnn85/CvW
192vhr5gM1PqLBIlbsX0tAqxAwBe1YkxBb9vCq8NVghJlKme49xnwGULMTGs15MW
hIPx6sW93zwrGiTsDImH49ILGF+NcX1AgAq90nG0j/l5zhDgXGJglX+K1xP99X1R
de3I4uoufPa5q+Pjmhy7muL+o4Qt0D0Vm86RqqjTkNPsr7gAJtt66A7TJrYiIoKn
GTIBsgM6egeFLLYQsT0ap/59HJismO2Pjx4Jk/jHOkC8TJsXQNRq1Km76VMBnuc0
2CMoD9pb38GjUUH94D4hJK4Ls/gJMF3ftKUyR8Sr/LjE6qU6Yj+ZpeEQP4kW9ANq
Lv9KSNDQQpRTL4LwGLTGomksLTQEekge7/q4J2TQRZNYJ/mxnrBKRcv9EAMgBMXq
Q+7GHtKDv9tJVlMfG/MRD3CMuuSRiT3OVbvMMkFzsPkqxYAP1CqE/JGvh67TzKI+
MUfXKehA6TKuxrTVqCtoFIfGaqA9IWyoRTtugYq/xssB9ESeEYGeaM1A9Yueqz+h
KkBZO00jHSE=
-----END CERTIFICATE-----
'';
"letsencrypt.org".key = builtins.toFile "letsencrypt.org.key" ''
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEA9dpdPEyzD3/BBds7tA/51s+WmLFyWuFrq4yMd2R+vi5gvK7n
lLNVKhYgiTmK2Um+UEpGucJqZHcTSZA1Bz4S/8ND/AI9I6EmwvBinY5/PubxEALk
9YiDA+IzH8ZGFM8wXg7fMbbJAsyv+SHAtr2jmCsggrpuD5fgzs2p+F2q0+oVoeFw
MAOUdAf2jNtNLEj2Q6MiR5Xq+wFOcRtXlNlXWIX3NrmubO/xOpDNpsyjyYC5Ld+W
06MS5bTHSdv56AkUg2PugMChj15TOddEJIK8zPXFTlMYye9SKwjhNUZovfe4xXCa
Tj2nmzrcuMKLz+S3sKQeTWjiRcY3w4zTlAbhtGXDjXjhMObrHoWM8e3cTL4NJMvt
tNStXficxbeTbIiYu+7dtF0q+iWaZqexc6PdAaIpFZ0XSw+i5iLdQZmBwzY7NLlH
pQupfh6ze0qDUVZAMDubo4JKUTBzH6QTuhHx+uUm7Lc8YdNArn7o/vMZDQym1Eia
xKxZuCGaqFvq8ZK4nBVsHfcXbhF/XD2HMid3t7ImbREVu9qnc+En+acU/SJaaL3r
jMW6HLVMr6+vQrCzYkvLzKYpoUm9D1Kcn6d8Ofxl2iCaY9CkMr5/6J1p1wcTdcN7
IVQ/DFBeTDauyWbyZkO/lPoZoakWyXOx9S9tgClzhFmNgRkZv9wN+QguNDcCAwEA
AQKCAgEA0ndlacGfaJ1NeN39dmBW2XZMzdrassJXkjx34528gsLhPaXdyobbWXQn
1lHUc7+VlNaBRXUR73+gm1FAlDqnuRxIjuy7ukyzCh8PzSG3/PlnVPWlXCzJPAHh
EkqCpD3agirpF34LBsKDwxsKB2bBLft9kWxX3DGA2olmAKDvJQs4CaUcjX4DEHHg
tyTmJAsyByUYq3/D8a1koZ9ukpadF8NXpxm+ILQoJqLf6vM1I8N2w7atP/BStSLV
mH0gq2tajEB4ZPCDXmC5jsKiKz9gsXWUu0CX8AdYqE6pvRnRgQ8Ytq1265QMb+8s
FV82oXqDZkyZRFuNmX3fLyDX39kkTcVS37S56Gzk4EzDWE/u2RXCAPeWla2zUFYI
hg8X4ZAwbZRODtK2cZTuCZEILM/iKmtSgHC+aQhp18EUAefa7WGrRD4AvbTxH4VF
ek60bwISBk5Mhf39MwqIiQxGOFmfLsQReZvzH4jI5zfDXf/0yZ/1SdGeu6+Walt0
V81Ua/DB6zshHpeSP74HMuJHZ4DOQfcV/ndyzvoP84pAjenSx6O034OwQTkpoMI/
f/2rK8kdzYSL4f//kFMuRLqmAwOmAFYB2oMo0/YaIoQ4vgTHDKTSxj5mbno56GdT
huMAVMKskaCSVbyMB/xyQG7senLItVv+HafVk6ChMUbkIjv9zgECggEBAP+ux1RG
cETGjK2U3CRoHGxR7FwaX6hkSokG+aFdVLer+WUrZmR8Ccvh2ALpm8K1G6TTk/5X
ZeVX4+1VFYDeTHMN8g20usS5mw3v2GF3fGxGLe4q56l4/4kKMZOrSBuWH4niiIKD
0QogdzWkpQJ93nMbZxZ5lk+lRZVf3qSm6nzyP468ndrfI57Ov5OUIWZ7KhTUH9IK
8/urUk+lEvyzQmNTlt5ZZXRz7cR01K8chx1zevVAyynzSuGjTysaBN7LTT0v3yVu
96yKNsxJvuIz2+4qSjhbnN4jH+feN0VsdF3+Qkru0lBmLVgJl4X67XFaAKMDU9yv
3alS53Pkol+Dy1cCggEBAPYodofHC1ydoOmCvUAq4oJNtyI4iIOY/ch3sxVhkNyi
KBscQqbay/DiXFiNl+NsemzB1PrHzvCaqKcBKw537XzeKqUgYuVLkFGubf9bDhXi
wSRcYbU/oNTgiTgXPW8wH60uIoLaiNi1/YjO2zh4GEY/kFqSuD54Y91iFmcC75bv
OjCNugnRdpRjOFhaeNx75tdverR37w3APVZuBSv3bJlMPCtaf+fEAKxJxeqCs3Oq
rtsw2TQ4TqfE8/w9qPCVv3bQbMbO48SwjxAz47qH2h3qGu3Ov8badeARe+Ou7nuI
U13gPuPOhPXIQP/MYOyamPJdFyng1b8vyNsfjOcWMiECggEAEkMgl6NkV3U7DRbp
1mvdQ9tiH33+wR9Qt5LY966b43aUHKbJ7Hlzla1u6V5YMsMO02oNUwhZDdWGQShn
ncnC+iDP3iy/flenfIpaETQgnfcxRqan31H2Joqk2eBNCTNi001r5K6XmrqQ6TL2
WkQ1RFF7vn42vz+VxcKQO4B0lTIUWhSczcpMWAZ6ZocZD6HScqRoFW+U16/39Bpd
TdFb944742vNNFEndXXGzy8hc3gRGz1ihX+MJKuuduyn1mX9AVbPAHR5mkhQ+6x0
xuFfXxaEMJxSiwdFOyGDHyFM+n2zrHh8ayOxL22X9gjjNspv6zTMo6GoGnUCdSOq
eVoHhwKCAQEAot5O3rOB/vuEljwcv7IgQJrvCsNg/8FgWR1p7kGpuXHJG3btWrz1
pyH+e9DjqGQD9KWjJ3LAp02NPUJ2nJIZHj9Y8/yjspb2nDTPLt+uSCjKJibBt0ys
O219HRGzYjfzHYCi8PVrCggQAk7rmUdMuF4iQutE4ICDgtz9eZbls3YBiFKdvxVK
Yg/sHflucmPAbtah13prPyvs6ZzN6zNANYXNYdn1OwHieBwvyWRFG8jY/MorTHPd
BwA3drPNbbGHBzQMZNZKub8gSVYr3SU52gUlYCclmIq+50xqLlF2FWIz1q8irVPd
gUnIR/eQQbxgaivRwbGze1ZAjUsozVVQQQKCAQEA9uAKU3O06bEUGj+L0G+7R7r/
bi2DNi2kLJ7jyq+n0OqcHEQ1zFK4LAPaXY0yMYXieUzhivMGLSNDiubGO2/KxkFF
REXUFgYWZYMwrKsUuscybB64cQDwzD0oXrhvEa2PHecdG6AZ63iLcHaaDzyCPID/
wtljekLO2jbJ5esXZd016lykFfUd/K4KP1DGyI2Dkq6q0gTc/Y36gDAcPhIWtzna
UujYCe3a8DWCElH4geKXaB5ABbV1eJ8Lch599lXJ9Hszem6QNosFsPaHDCcqLS9H
yy2WA6CY2LVU7kONN+O0kxs2fVbxIkI+d/LZyX/yIGlkXcAzL07llIlrTAYebQ==
-----END RSA PRIVATE KEY-----
'';
"letsencrypt.org".cert = builtins.toFile "letsencrypt.org.cert" ''
-----BEGIN CERTIFICATE-----
MIIEpzCCAo8CAgKaMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC1NuYWtlb2ls
IENBMCAXDTE5MTAxODA3NTQxNVoYDzIxMTkwOTI0MDc1NDE1WjAaMRgwFgYDVQQD
DA9sZXRzZW5jcnlwdC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQD12l08TLMPf8EF2zu0D/nWz5aYsXJa4WurjIx3ZH6+LmC8rueUs1UqFiCJOYrZ
Sb5QSka5wmpkdxNJkDUHPhL/w0P8Aj0joSbC8GKdjn8+5vEQAuT1iIMD4jMfxkYU
zzBeDt8xtskCzK/5IcC2vaOYKyCCum4Pl+DOzan4XarT6hWh4XAwA5R0B/aM200s
SPZDoyJHler7AU5xG1eU2VdYhfc2ua5s7/E6kM2mzKPJgLkt35bToxLltMdJ2/no
CRSDY+6AwKGPXlM510QkgrzM9cVOUxjJ71IrCOE1Rmi997jFcJpOPaebOty4wovP
5LewpB5NaOJFxjfDjNOUBuG0ZcONeOEw5usehYzx7dxMvg0ky+201K1d+JzFt5Ns
iJi77t20XSr6JZpmp7Fzo90BoikVnRdLD6LmIt1BmYHDNjs0uUelC6l+HrN7SoNR
VkAwO5ujgkpRMHMfpBO6EfH65Sbstzxh00Cufuj+8xkNDKbUSJrErFm4IZqoW+rx
kricFWwd9xduEX9cPYcyJ3e3siZtERW72qdz4Sf5pxT9IlpoveuMxboctUyvr69C
sLNiS8vMpimhSb0PUpyfp3w5/GXaIJpj0KQyvn/onWnXBxN1w3shVD8MUF5MNq7J
ZvJmQ7+U+hmhqRbJc7H1L22AKXOEWY2BGRm/3A35CC40NwIDAQABMA0GCSqGSIb3
DQEBCwUAA4ICAQBbJwE+qc0j6JGHWe0TGjv1viJU3WuyJkMRi+ejx0p/k7Ntp5An
2wLC7b/lVP/Nh+PKY/iXWn/BErv2MUo4POc1g8svgxsmMMh5KGGieIfGs7xT+JMH
dzZZM+pUpIB5fEO5JfjiOEOKDdAvRSs0mTAVYZEokGkXSNWyylvEaA16mHtMgPjo
Lm75d0O66RfJDdd/hTl8umGpF7kEGW1qYk2QmuPr7AqOa8na7olL5fMPh6Q7yRqx
GIS9JKQ0fWl8Ngk09WfwUN/kEMcp9Jl5iunNRkbpUJIM/lHFkSA7yOFFL+dVWzd4
2r+ddJXTFzW8Rwt65l8SV2MEhijEamKva3mqKLIRWxDsfFVT1T04LWFtnzMW4Z29
UHF9Pi7XSyKz0Y/Lz31mNTkjJYbOvbnwok8lc3wFWHc+lummZk8IkCq8xfqzwmwX
Ow6EV+Q6VaQpOHumQZ12pBBLtL8DyDhWaRUgVy2vYpwYsMYa5BFMcKCynjlSewo9
G2hNoW45cQZP1qHltRR9Xad7SaP7iTETDCiR7AWOqSpDipSh9eMfVW97ZbSfz+vl
xl8PZEZMTRIIRVXsPP+E8gtDUhUQp2+Vcz8r6q71qslXM09xl/501uaNjCc3hH2R
iw2N77Lho1F3FrBbHdML3RYHZI55eC9iQw6R4S+R4b+iWLJoHzHrW61itg==
-----END CERTIFICATE-----
'';
}

2
nixos/tests/common/resolver.nix
View file

@ -18,7 +18,7 @@
defining this option needs to be explicitly imported.
The reason this option exists is for the
<filename>nixos/tests/common/letsencrypt</filename> module, which
<filename>nixos/tests/common/acme/server</filename> module, which
needs that option to disable the resolver once the user has set its own
resolver.
'';

42
nixos/tests/containers-custom-pkgs.nix Normal file
View file

@ -0,0 +1,42 @@
# Test for NixOS' container support.
import ./make-test-python.nix ({ pkgs, lib, ...} : let
customPkgs = pkgs // {
hello = pkgs.hello.overrideAttrs(old: {
name = "custom-hello";
});
};
in {
name = "containers-hosts";
meta = with lib.maintainers; {
maintainers = [ adisbladis ];
};
machine =
{ ... }:
{
virtualisation.memorySize = 256;
virtualisation.vlans = [];
containers.simple = {
autoStart = true;
pkgs = customPkgs;
config = {pkgs, config, ... }: {
environment.systemPackages = [
pkgs.hello
];
};
};
};
testScript = ''
start_all()
machine.wait_for_unit("default.target")
machine.succeed(
"test $(nixos-container run simple -- readlink -f /run/current-system/sw/bin/hello) = ${customPkgs.hello}/bin/hello"
)
'';
})

87
nixos/tests/dokuwiki.nix
View file

@ -1,29 +1,74 @@
import ./make-test-python.nix ({ lib, ... }:
import ./make-test-python.nix ({ pkgs, ... }:
with lib;
{
name = "dokuwiki";
meta.maintainers = with maintainers; [ maintainers."1000101" ];
nodes.machine =
{ pkgs, ... }:
{ services.dokuwiki = {
enable = true;
acl = " ";
superUser = null;
nginx = {
forceSSL = false;
enableACME = false;
};
};
let
template-bootstrap3 = pkgs.stdenv.mkDerivation {
name = "bootstrap3";
# Download the theme from the dokuwiki site
src = pkgs.fetchurl {
url = https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip;
sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6";
};
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
# Let's package the icalevents plugin
plugin-icalevents = pkgs.stdenv.mkDerivation {
name = "icalevents";
# Download the plugin from the dokuwiki site
src = pkgs.fetchurl {
url = https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip;
sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8";
};
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
sourceRoot = ".";
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
in {
name = "dokuwiki";
meta.maintainers = with pkgs.lib.maintainers; [ "1000101" ];
machine = { ... }: {
services.dokuwiki."site1.local" = {
aclUse = false;
superUser = "admin";
nginx = {
forceSSL = false;
enableACME = false;
};
};
services.dokuwiki."site2.local" = {
aclUse = true;
superUser = "admin";
nginx = {
forceSSL = false;
enableACME = false;
};
templates = [ template-bootstrap3 ];
plugins = [ plugin-icalevents ];
};
networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ];
};
testScript = ''
machine.start()
machine.wait_for_unit("phpfpm-dokuwiki.service")
site_names = ["site1.local", "site2.local"]
start_all()
machine.wait_for_unit("phpfpm-dokuwiki-site1.local.service")
machine.wait_for_unit("phpfpm-dokuwiki-site2.local.service")
machine.wait_for_unit("nginx.service")
machine.wait_for_open_port(80)
machine.succeed("curl -sSfL http://localhost/ | grep 'DokuWiki'")
machine.succeed("curl -sSfL http://site1.local/ | grep 'DokuWiki'")
machine.succeed("curl -sSfL http://site2.local/ | grep 'DokuWiki'")
'';
})

11
nixos/tests/hardened.nix
View file

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test.nix ({ pkgs, latestKernel ? false, ... } : {
name = "hardened";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ joachifm ];
@ -10,6 +10,8 @@ import ./make-test.nix ({ pkgs, ...} : {
{ users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
users.users.sybil = { isNormalUser = true; group = "wheel"; };
imports = [ ../modules/profiles/hardened.nix ];
boot.kernelPackages =
lib.mkIf latestKernel pkgs.linuxPackages_latest_hardened;
environment.memoryAllocator.provider = "graphene-hardened";
nix.useSandbox = false;
virtualisation.emptyDiskImages = [ 4096 ];
@ -23,7 +25,9 @@ import ./make-test.nix ({ pkgs, ...} : {
options = [ "noauto" ];
};
};
boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
boot.extraModulePackages =
optional (versionOlder config.boot.kernelPackages.kernel.version "5.6")
config.boot.kernelPackages.wireguard;
boot.kernelModules = [ "wireguard" ];
};
@ -76,7 +80,8 @@ import ./make-test.nix ({ pkgs, ...} : {
# Test userns
subtest "userns", sub {
$machine->fail("unshare --user");
$machine->succeed("unshare --user true");
$machine->fail("su -l alice -c 'unshare --user true'");
};
# Test dmesg restriction

1
nixos/tests/installed-tests/default.nix
View file

@ -91,6 +91,7 @@ in
ibus = callInstalledTest ./ibus.nix {};
libgdata = callInstalledTest ./libgdata.nix {};
glib-testing = callInstalledTest ./glib-testing.nix {};
libjcat = callInstalledTest ./libjcat.nix {};
libxmlb = callInstalledTest ./libxmlb.nix {};
malcontent = callInstalledTest ./malcontent.nix {};
ostree = callInstalledTest ./ostree.nix {};

5
nixos/tests/installed-tests/libjcat.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, makeInstalledTest, ... }:
makeInstalledTest {
tested = pkgs.libjcat;
}

29
nixos/tests/tuptime.nix Normal file
View file

@ -0,0 +1,29 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "tuptime";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ evils ];
};
machine = { pkgs, ... }: {
imports = [ ../modules/profiles/minimal.nix ];
services.tuptime.enable = true;
};
testScript =
''
# see if it starts
start_all()
machine.wait_for_unit("multi-user.target")
machine.succeed("tuptime | grep 'System startups:[[:blank:]]*1'")
machine.succeed("tuptime | grep 'System uptime:[[:blank:]]*100.0%'")
machine.shutdown()
# restart machine and see if it correctly reports the reboot
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("tuptime | grep 'System startups:[[:blank:]]*2'")
machine.succeed("tuptime | grep 'System shutdowns:[[:blank:]]*1 ok'")
machine.shutdown()
'';
})

6
pkgs/applications/accessibility/contrast/default.nix
View file

@ -19,7 +19,7 @@
rustPlatform.buildRustPackage rec {
pname = "contrast";
version = "0.0.2";
version = "0.0.3";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
@ -27,10 +27,10 @@ rustPlatform.buildRustPackage rec {
owner = "design";
repo = "contrast";
rev = version;
sha256 = "0rm705zrk9rfv31pwbqxrswi5v6vhnghxa8dgxjmcrh00l8dm6j9";
sha256 = "0kk3mv7a6y258109xvgicmsi0lw0rcs00gfyivl5hdz7qh47iccy";
};
cargoSha256 = "0qj0vmxa1d6war1vb3zgkf1drvk7awm970fw6692hd9msa9c1kkf";
cargoSha256 = "0vi8nv4hkhsgqgz36xacwkk5cxirg6li44nbmk3x7vx7c64hzybq";
nativeBuildInputs = [
desktop-file-utils

6
pkgs/applications/audio/gbsplay/default.nix
View file

@ -11,13 +11,13 @@ stdenv.mkDerivation {
};
buildInputs = [ libpulseaudio ];
configureFlagsArray =
configureFlags =
[ "--without-test" "--without-contrib" "--disable-devdsp"
"--enable-pulse" "--disable-alsa" "--disable-midi"
"--disable-nas" "--disable-dsound" "--disable-i18n" ];
makeFlagsArray = [ "tests=" ];
makeFlags = [ "tests=" ];
meta = with stdenv.lib; {
description = "gameboy sound player";

34
pkgs/applications/audio/hydrogen/unstable.nix Normal file
View file

@ -0,0 +1,34 @@
{ stdenv, fetchFromGitHub, cmake, pkgconfig, wrapQtAppsHook
, alsaLib, ladspa-sdk, lash, libarchive, libjack2, liblo, libpulseaudio, libsndfile, lrdf
, qtbase, qttools, qtxmlpatterns
}:
stdenv.mkDerivation rec {
pname = "hydrogen";
version = "1.0.0-beta2";
src = fetchFromGitHub {
owner = "hydrogen-music";
repo = pname;
rev = version;
sha256 = "1s3jrdyjpm92flw9mkkxchnj0wz8nn1y1kifii8ws252iiqjya4a";
};
nativeBuildInputs = [ cmake pkgconfig wrapQtAppsHook ];
buildInputs = [
alsaLib ladspa-sdk lash libarchive libjack2 liblo libpulseaudio libsndfile lrdf
qtbase qttools qtxmlpatterns
];
cmakeFlags = [
"-DWANT_DEBUG=OFF"
];
meta = with stdenv.lib; {
description = "Advanced drum machine";
homepage = "http://www.hydrogen-music.org";
license = licenses.gpl2;
platforms = platforms.linux;
maintainers = with maintainers; [ goibhniu orivej ];
};
}

4
pkgs/applications/audio/lollypop/default.nix
View file

@ -23,7 +23,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "lollypop";
version = "1.2.32";
version = "1.2.35";
format = "other";
doCheck = false;
@ -32,7 +32,7 @@ python3.pkgs.buildPythonApplication rec {
url = "https://gitlab.gnome.org/World/lollypop";
rev = "refs/tags/${version}";
fetchSubmodules = true;
sha256 = "03x6qihd349pq5lmgahb77sys60g16v5v6qkdlzf8k88451k8p7n";
sha256 = "19nw9qh17yyi9ih1nwngbbwjx1vr26haqhmzsdqf0yjgsgf9vldx";
};
nativeBuildInputs = [

4
pkgs/applications/audio/lsp-plugins/default.nix
View file

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
pname = "lsp-plugins";
version = "1.1.15";
version = "1.1.19";
src = fetchFromGitHub {
owner = "sadko4u";
repo = pname;
rev = "${pname}-${version}";
sha256 = "0lynyjs5zp27gnzcv8a23pvb7c1ghzc2dspypca3ciq40bfpfzik";
sha256 = "1wiph3vxhydc6mr9hn2c6crd4cx592l2zv0wrzgmpnlm1lflzpbg";
};
nativeBuildInputs = [ pkgconfig php makeWrapper ];

2
pkgs/applications/audio/musescore/default.nix
View file

@ -33,7 +33,7 @@ mkDerivation rec {
description = "Music notation and composition software";
homepage = "https://musescore.org/";
license = licenses.gpl2;
maintainers = with maintainers; [ vandenoever ];
maintainers = with maintainers; [ vandenoever turion ];
platforms = platforms.linux;
repositories.git = "https://github.com/musescore/MuseScore";
};

2
pkgs/applications/audio/polyphone/default.nix
View file

@ -41,7 +41,7 @@ mkDerivation rec {
meta = with stdenv.lib; {
description = "A soundfont editor for creating musical instruments";
homepage = https://www.polyphone-soundfonts.com/;
homepage = "https://www.polyphone-soundfonts.com/";
license = licenses.gpl3;
maintainers = [ maintainers.maxdamantus ];
platforms = platforms.linux;

8
pkgs/applications/audio/spotifyd/default.nix
View file

@ -2,6 +2,9 @@
, withALSA ? true, alsaLib ? null
, withPulseAudio ? false, libpulseaudio ? null
, withPortAudio ? false, portaudio ? null
, withMpris ? false
, withKeyring ? false
, dbus ? null
}:
rustPlatform.buildRustPackage rec {
@ -20,7 +23,7 @@ rustPlatform.buildRustPackage rec {
cargoBuildFlags = [
"--no-default-features"
"--features"
"${stdenv.lib.optionalString withALSA "alsa_backend,"}${stdenv.lib.optionalString withPulseAudio "pulseaudio_backend,"}${stdenv.lib.optionalString withPortAudio "portaudio_backend,"}"
"${stdenv.lib.optionalString withALSA "alsa_backend,"}${stdenv.lib.optionalString withPulseAudio "pulseaudio_backend,"}${stdenv.lib.optionalString withPortAudio "portaudio_backend,"}${stdenv.lib.optionalString withMpris "dbus_mpris,"}${stdenv.lib.optionalString withKeyring "dbus_keyring,"}"
];
nativeBuildInputs = [ pkgconfig ];
@ -28,7 +31,8 @@ rustPlatform.buildRustPackage rec {
buildInputs = [ openssl ]
++ stdenv.lib.optional withALSA alsaLib
++ stdenv.lib.optional withPulseAudio libpulseaudio
++ stdenv.lib.optional withPortAudio portaudio;
++ stdenv.lib.optional withPortAudio portaudio
++ stdenv.lib.optional (withMpris || withKeyring) dbus;
doCheck = false;

7
pkgs/applications/blockchains/go-ethereum.nix
View file

@ -2,18 +2,19 @@
buildGoModule rec {
pname = "go-ethereum";
version = "1.9.12";
version = "1.9.13";
src = fetchFromGitHub {
owner = "ethereum";
repo = pname;
rev = "v${version}";
sha256 = "143imiphyzk3009cfnqj7q013pb1wva13zq63byfj3d204b58cg6";
sha256 = "1yqqflp73yvjy6bp05xd1nv5fc6p1nx7g4spbssxf3ws96pdh425";
};
modSha256 = "15a8if5gx361nrqgv201jy8saq1ir1g18rpqzdmavg4ic75si5x1";
modSha256 = "07xrw3fivfpbkg4mp8ghrj1bishfas82dbd780fymgs2h74iigf3";
subPackages = [
"cmd/abidump"
"cmd/abigen"
"cmd/bootnode"
"cmd/checkpoint-admin"

12
pkgs/applications/editors/android-studio/default.nix
View file

@ -8,9 +8,9 @@ let
inherit (gnome2) GConf gnome_vfs;
};
stableVersion = {
version = "3.6.2.0"; # "Android Studio 3.6.2"
build = "192.6308749";
sha256Hash = "04r4iwlmns1lf3wfd32cqmndbdz9rf7hfbi5r6qmvpi8j83fghvr";
version = "3.6.3.0"; # "Android Studio 3.6.3"
build = "192.6392135";
sha256Hash = "0apxmp341m7mbpm2df3qvsbaifwy6yqq746kbhbwlw8bn9hrzv1k";
};
betaVersion = {
version = "4.0.0.13"; # "Android Studio 4.0 Beta 4"
@ -18,9 +18,9 @@ let
sha256Hash = "0lchi3l50826n1af1z24yclpf27v2q5p1zjbvcmn37wz46d4s4g2";
};
latestVersion = { # canary & dev
version = "4.1.0.5"; # "Android Studio 4.1 Canary 5"
build = "193.6362631";
sha256Hash = "1q9wbqnwpq0mz8rz4c0v7mfaazymq6xv20dv4fll6p2q63qk71qp";
version = "4.1.0.6"; # "Android Studio 4.1 Canary 6"
build = "193.6381907";
sha256Hash = "0sa5plr96m90wv5hi9bqwa11j6k8k9wa0ji8qmlimdhnpyzhsdrx";
};
in {
# Attributes are named by their corresponding release channels

7
pkgs/applications/editors/emacs/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, lib, fetchurl, ncurses, xlibsWrapper, libXaw, libXpm
{ stdenv, lib, fetchurl, fetchpatch, ncurses, xlibsWrapper, libXaw, libXpm
, Xaw3d, libXcursor, pkgconfig, gettext, libXft, dbus, libpng, libjpeg, libungif
, libtiff, librsvg, gconf, libxml2, imagemagick, gnutls, libselinux
, alsaLib, cairo, acl, gpm, AppKit, GSS, ImageIO, m17n_lib, libotf
@ -44,6 +44,11 @@ stdenv.mkDerivation rec {
patches = [
./clean-env.patch
./tramp-detect-wrapped-gvfsd.patch
# unbreak macOS unexec
(fetchpatch {
url = https://github.com/emacs-mirror/emacs/commit/888ffd960c06d56a409a7ff15b1d930d25c56089.patch;
sha256 = "08q3ygdigqwky70r47rcgzlkc5jy82xiq8am5kwwy891wlpl7frw";
})
];
postPatch = lib.optionalString srcRepo ''

8
pkgs/applications/editors/micro/default.nix
View file

@ -2,7 +2,7 @@
buildGoPackage rec {
pname = "micro";
version = "1.4.1";
version = "2.0.3";
goPackagePath = "github.com/zyedidia/micro";
@ -10,13 +10,15 @@ buildGoPackage rec {
owner = "zyedidia";
repo = "micro";
rev = "v${version}";
sha256 = "0m9p6smb5grdazsgr3m1x4rry9ihhlgl9ildhvfp53czrifbx0m5";
sha256 = "017m9kb3gfrgzd06f1nma1i3m5rb0hzpgdikb86lsyv8ik18y12z";
fetchSubmodules = true;
};
subPackages = [ "cmd/micro" ];
buildFlagsArray = [ "-ldflags=" "-X main.Version=${version}" ];
buildFlagsArray = [ "-ldflags=" "-X ${goPackagePath}/internal/util.Version=${version}" ];
goDeps = ./deps.nix;
meta = with stdenv.lib; {
homepage = "https://micro-editor.github.io";

336
pkgs/applications/editors/micro/deps.nix generated Normal file
View file

@ -0,0 +1,336 @@
# file generated from go.mod using vgo2nix (https://github.com/adisbladis/vgo2nix)
[
{
goPackagePath = "github.com/blang/semver";
fetch = {
type = "git";
url = "https://github.com/blang/semver";
rev = "v3.5.1";
sha256 = "13ws259bwcibkclbr82ilhk6zadm63kxklxhk12wayklj8ghhsmy";
};
}
{
goPackagePath = "github.com/chzyer/logex";
fetch = {
type = "git";
url = "https://github.com/chzyer/logex";
rev = "v1.1.10";
sha256 = "08pbjj3wx9acavlwyr055isa8a5hnmllgdv5k6ra60l5y1brmlq4";
};
}
{
goPackagePath = "github.com/chzyer/readline";
fetch = {
type = "git";
url = "https://github.com/chzyer/readline";
rev = "2972be24d48e";
sha256 = "104q8dazj8yf6b089jjr82fy9h1g80zyyzvp3g8b44a7d8ngjj6r";
};
}
{
goPackagePath = "github.com/chzyer/test";
fetch = {
type = "git";
url = "https://github.com/chzyer/test";
rev = "a1ea475d72b1";
sha256 = "0rns2aqk22i9xsgyap0pq8wi4cfaxsri4d9q6xxhhyma8jjsnj2k";
};
}
{
goPackagePath = "github.com/davecgh/go-spew";
fetch = {
type = "git";
url = "https://github.com/davecgh/go-spew";
rev = "v1.1.1";
sha256 = "0hka6hmyvp701adzag2g26cxdj47g21x6jz4sc6jjz1mn59d474y";
};
}
{
goPackagePath = "github.com/dustin/go-humanize";
fetch = {
type = "git";
url = "https://github.com/dustin/go-humanize";
rev = "v1.0.0";
sha256 = "1kqf1kavdyvjk7f8kx62pnm7fbypn9z1vbf8v2qdh3y7z7a0cbl3";
};
}
{
goPackagePath = "github.com/gdamore/encoding";
fetch = {
type = "git";
url = "https://github.com/gdamore/encoding";
rev = "v1.0.0";
sha256 = "1vmm5zll92i2fm4ajqx0gyx0p9j36496x5nabi3y0x7h0inv0pk9";
};
}
{
goPackagePath = "github.com/go-errors/errors";
fetch = {
type = "git";
url = "https://github.com/go-errors/errors";
rev = "v1.0.1";
sha256 = "0rznpknk19rxkr7li6dqs52c26pjazp69lh493l4ny4sxn5922lp";
};
}
{
goPackagePath = "github.com/kballard/go-shellquote";
fetch = {
type = "git";
url = "https://github.com/kballard/go-shellquote";
rev = "95032a82bc51";
sha256 = "1rspvmnsikdq95jmx3dykxd4k1rmgl98ryjrysvl0cf18hl1vq80";
};
}
{
goPackagePath = "github.com/kr/pretty";
fetch = {
type = "git";
url = "https://github.com/kr/pretty";
rev = "v0.1.0";
sha256 = "18m4pwg2abd0j9cn5v3k2ksk9ig4vlwxmlw9rrglanziv9l967qp";
};
}
{
goPackagePath = "github.com/kr/pty";
fetch = {
type = "git";
url = "https://github.com/kr/pty";
rev = "v1.1.1";
sha256 = "0383f0mb9kqjvncqrfpidsf8y6ns5zlrc91c6a74xpyxjwvzl2y6";
};
}
{
goPackagePath = "github.com/kr/text";
fetch = {
type = "git";
url = "https://github.com/kr/text";
rev = "v0.1.0";
sha256 = "1gm5bsl01apvc84bw06hasawyqm4q84vx1pm32wr9jnd7a8vjgj1";
};
}
{
goPackagePath = "github.com/lucasb-eyer/go-colorful";
fetch = {
type = "git";
url = "https://github.com/lucasb-eyer/go-colorful";
rev = "v1.0.3";
sha256 = "12bgz6dxbb2ki1g3x7fg9ipsjgfkd58fp7cdpv63h4kvlj2n7j69";
};
}
{
goPackagePath = "github.com/mattn/go-isatty";
fetch = {
type = "git";
url = "https://github.com/mattn/go-isatty";
rev = "v0.0.11";
sha256 = "0h671sv7hfprja495kavazkalkx7xzaqksjh13brcnwq67ijrali";
};
}
{
goPackagePath = "github.com/mattn/go-runewidth";
fetch = {
type = "git";
url = "https://github.com/mattn/go-runewidth";
rev = "v0.0.7";
sha256 = "1snr8mk63vz2h44knq26dm81p83887v7kb09iywqmx0nqzngih66";
};
}
{
goPackagePath = "github.com/mitchellh/go-homedir";
fetch = {
type = "git";
url = "https://github.com/mitchellh/go-homedir";
rev = "v1.1.0";
sha256 = "0ydzkipf28hwj2bfxqmwlww47khyk6d152xax4bnyh60f4lq3nx1";
};
}
{
goPackagePath = "github.com/pmezard/go-difflib";
fetch = {
type = "git";
url = "https://github.com/pmezard/go-difflib";
rev = "v1.0.0";
sha256 = "0c1cn55m4rypmscgf0rrb88pn58j3ysvc2d0432dp3c6fqg6cnzw";
};
}
{
goPackagePath = "github.com/robertkrimen/otto";
fetch = {
type = "git";
url = "https://github.com/robertkrimen/otto";
rev = "c382bd3c16ff";
sha256 = "043y6l647snsz71mdy84s2d3kn22aj6rbqd6c1vd8absvamqhlxa";
};
}
{
goPackagePath = "github.com/sergi/go-diff";
fetch = {
type = "git";
url = "https://github.com/sergi/go-diff";
rev = "v1.1.0";
sha256 = "0ir8ali2vx0j7pipmlfd6k8c973akyy2nmbjrf008fm800zcp7z2";
};
}
{
goPackagePath = "github.com/stretchr/objx";
fetch = {
type = "git";
url = "https://github.com/stretchr/objx";
rev = "v0.1.0";
sha256 = "19ynspzjdynbi85xw06mh8ad5j0qa1vryvxjgvbnyrr8rbm4vd8w";
};
}
{
goPackagePath = "github.com/stretchr/testify";
fetch = {
type = "git";
url = "https://github.com/stretchr/testify";
rev = "v1.4.0";
sha256 = "187i5g88sxfy4vxpm7dw1gwv29pa2qaq475lxrdh5livh69wqfjb";
};
}
{
goPackagePath = "github.com/yuin/gopher-lua";
fetch = {
type = "git";
url = "https://github.com/yuin/gopher-lua";
rev = "ab39c6098bdb";
sha256 = "13b0rrpv3988qw8rq6z7npajn1my059ybhafi5mxff9jw09k9sja";
};
}
{
goPackagePath = "github.com/zyedidia/clipboard";
fetch = {
type = "git";
url = "https://github.com/zyedidia/clipboard";
rev = "241f98e9b197";
sha256 = "1glc8w30sijpbppcvaf3503rmx5nxqkcgw87dr2pr3q3vv1bg3zi";
};
}
{
goPackagePath = "github.com/zyedidia/glob";
fetch = {
type = "git";
url = "https://github.com/zyedidia/glob";
rev = "dd4023a66dc3";
sha256 = "1vqw4xbqq6j8p5m7mwxvb448w69vjvgzx0ndsfzdh2cxfirwp3y7";
};
}
{
goPackagePath = "github.com/zyedidia/highlight";
fetch = {
type = "git";
url = "https://github.com/zyedidia/highlight";
rev = "201131ce5cf5";
sha256 = "0blaynf32swmqddx2hcrifrfssj9c04kwnbdy42h3kzxihrwz4ps";
};
}
{
goPackagePath = "github.com/zyedidia/json5";
fetch = {
type = "git";
url = "https://github.com/zyedidia/json5";
rev = "2da050b1a98d";
sha256 = "1sgydazf3npr788b4w17ydmlh3fd1zmpriv9b69967ww90ckh2kz";
};
}
{
goPackagePath = "github.com/zyedidia/poller";
fetch = {
type = "git";
url = "https://github.com/zyedidia/poller";
rev = "v1.0.1";
sha256 = "10cjrqfk1j0l55bdbpm7kv4mqc665pngc8avai0p9chq03y2654g";
};
}
{
goPackagePath = "github.com/zyedidia/pty";
fetch = {
type = "git";
url = "https://github.com/zyedidia/pty";
rev = "v2.0.0";
sha256 = "1n946ld8y2v2wfbwsxv8rfaicxbw3w8pk11ryc8iybmw7hkmmf79";
};
}
{
goPackagePath = "github.com/zyedidia/tcell";
fetch = {
type = "git";
url = "https://github.com/zyedidia/tcell";
rev = "v1.4.4";
sha256 = "0d62a9csab15b64y09jcbvq71065wliw4bd5m7lfpl5k8rmrrdyi";
};
}
{
goPackagePath = "github.com/zyedidia/terminal";
fetch = {
type = "git";
url = "https://github.com/zyedidia/terminal";
rev = "533c623e2415";
sha256 = "16l628f3zgl5yp9z5zkfy2hyl2sckw4d6mg3iqv2jjvh4i8yhrsm";
};
}
{
goPackagePath = "golang.org/x/sys";
fetch = {
type = "git";
url = "https://go.googlesource.com/sys";
rev = "33540a1f6037";
sha256 = "0fjcv0vzvi6za0b4xmnk3932pr9f9gczzf03y0kgq3ry9rqg169y";
};
}
{
goPackagePath = "golang.org/x/text";
fetch = {
type = "git";
url = "https://go.googlesource.com/text";
rev = "v0.3.2";
sha256 = "0flv9idw0jm5nm8lx25xqanbkqgfiym6619w575p7nrdh0riqwqh";
};
}
{
goPackagePath = "golang.org/x/tools";
fetch = {
type = "git";
url = "https://go.googlesource.com/tools";
rev = "90fa682c2a6e";
sha256 = "03ic2xsy51jw9749wl7gszdbz99iijbd2bckgygl6cm9w5m364ak";
};
}
{
goPackagePath = "gopkg.in/check.v1";
fetch = {
type = "git";
url = "https://gopkg.in/check.v1";
rev = "41f04d3bba15";
sha256 = "0vfk9czmlxmp6wndq8k17rhnjxal764mxfhrccza7nwlia760pjy";
};
}
{
goPackagePath = "gopkg.in/sourcemap.v1";
fetch = {
type = "git";
url = "https://gopkg.in/sourcemap.v1";
rev = "v1.0.5";
sha256 = "08rf2dl13hbnm3fq2cm0nnsspy9fhf922ln23cz5463cv7h62as4";
};
}
{
goPackagePath = "gopkg.in/yaml.v2";
fetch = {
type = "git";
url = "https://gopkg.in/yaml.v2";
rev = "v2.2.7";
sha256 = "0k5xcwkd3wmcx54isk7ck9cwp8fapfhyqdz3f13kxp77cxqizazj";
};
}
{
goPackagePath = "layeh.com/gopher-luar";
fetch = {
type = "git";
url = "https://github.com/layeh/gopher-luar";
rev = "v1.0.7";
sha256 = "1rdbni3q7zajmiy62ccvbfgqjzppk5212wpwks2ba726hvyf85mj";
};
}
]

2
pkgs/applications/editors/vscode/vscodium.nix
View file

@ -54,7 +54,7 @@ in
homepage = "https://github.com/VSCodium/vscodium";
downloadPage = "https://github.com/VSCodium/vscodium/releases";
license = licenses.mit;
maintainers = with maintainers; [ synthetica ];
maintainers = with maintainers; [ synthetica turion ];
platforms = [ "x86_64-linux" "x86_64-darwin" ];
};
}

2
pkgs/applications/kde/konsole.nix
View file

@ -11,7 +11,7 @@ mkDerivation {
name = "konsole";
meta = {
license = with lib.licenses; [ gpl2 lgpl21 fdl12 ];
maintainers = [ lib.maintainers.ttuegel ];
maintainers = with lib.maintainers; [ ttuegel turion ];
};
nativeBuildInputs = [ extra-cmake-modules kdoctools ];
buildInputs = [

2
pkgs/applications/kde/okular.nix
View file

@ -21,7 +21,7 @@ mkDerivation {
meta = with lib; {
homepage = "http://www.kde.org";
license = with licenses; [ gpl2 lgpl21 fdl12 bsd3 ];
maintainers = with maintainers; [ ttuegel ];
maintainers = with maintainers; [ ttuegel turion ];
platforms = lib.platforms.linux;
};
}

6
pkgs/applications/misc/alacritty/default.nix
View file

@ -104,6 +104,12 @@ rustPlatform.buildRustPackage rec {
'' else ''
install -D extra/linux/Alacritty.desktop -t $out/share/applications/
install -D extra/logo/alacritty-term.svg $out/share/icons/hicolor/scalable/apps/Alacritty.svg
# patchelf generates an ELF that binutils' "strip" doesn't like:
# strip: not enough room for program headers, try linking with -N
# As a workaround, strip manually before running patchelf.
strip -S $out/bin/alacritty
patchelf --set-rpath "${lib.makeLibraryPath rpathLibs}" $out/bin/alacritty
''
) + ''

27
pkgs/applications/misc/ausweisapp2/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ stdenv, mkDerivation, fetchFromGitHub, cmake, pkgconfig, pcsclite, qtsvg, qttools, qtwebsockets
, qtquickcontrols2, qtgraphicaleffects }:
mkDerivation rec {
pname = "AusweisApp2";
version = "1.20.0";
src = fetchFromGitHub {
owner = "Governikus";
repo = "AusweisApp2";
rev = "${version}";
sha256 = "0qkwdaxhig4qjim7h20j6ln6w76ycppfc786nd8l69bd1qv46m40";
};
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = [ qtsvg qttools qtwebsockets qtquickcontrols2 qtgraphicaleffects pcsclite ];
meta = with stdenv.lib; {
description = "Authentication software for the German ID card";
downloadPage = "https://github.com/Governikus/AusweisApp2/releases";
homepage = "https://www.ausweisapp.bund.de/ausweisapp2/";
license = licenses.eupl12;
maintainers = with maintainers; [ b4dm4n ];
platforms = platforms.linux;
};
}

13
pkgs/applications/misc/birdtray/default.nix
View file

@ -7,29 +7,24 @@
, qtbase
, qttools
, qtx11extras
, sqlite
}:
mkDerivation rec {
pname = "birdtray";
version = "1.7.0";
version = "1.8.0";
src = fetchFromGitHub {
owner = "gyunaev";
repo = pname;
rev = "RELEASE_${version}";
sha256 = "0wj2lq5bz1p0cf6yj43v3ifxschcrh5amwx30wqw2m4bb8syzjw1";
rev = version;
sha256 = "15d0gz889vf9b2a046m93s5kdi6lw2sqjd5gaxgjkjrs20x5vr18";
};
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = [
qtbase qtx11extras sqlite
qtbase qttools qtx11extras
];
installPhase = ''
install -Dm755 birdtray $out/bin/birdtray
'';
meta = with lib; {
description = "Mail system tray notification icon for Thunderbird";
homepage = "https://github.com/gyunaev/birdtray";

8
pkgs/applications/misc/joplin-desktop/default.nix
View file

@ -2,7 +2,7 @@
let
pname = "joplin-desktop";
version = "1.0.179";
version = "1.0.200";
desktopItem = makeDesktopItem {
name = "Joplin";
exec = "joplin-desktop";
@ -13,7 +13,7 @@ in appimageTools.wrapType2 rec {
name = "${pname}-${version}";
src = fetchurl {
url = "https://github.com/laurent22/joplin/releases/download/v${version}/Joplin-${version}.AppImage";
sha256 = "0v7d5wzwiznl755pl6jfg33g6jxr1cbm9j13jpbmfi497hj8w82k";
sha256 = "14gwv8i6dprvl96mifadq0zj77a82rww8xd5bmzm8ql6sidi2216";
};
@ -40,9 +40,9 @@ in appimageTools.wrapType2 rec {
applications directly or from your own text editor. The notes are in
Markdown format.
'';
homepage = "https://joplin.cozic.net/";
homepage = "https://joplinapp.org";
license = licenses.mit;
maintainers = with maintainers; [ rafaelgg raquelgb ];
maintainers = with maintainers; [ hugoreeves rafaelgg raquelgb ];
platforms = [ "x86_64-linux" ];
};
}

22
pkgs/applications/misc/keepassx/community.nix
View file

@ -1,4 +1,10 @@
{ stdenv, fetchFromGitHub, cmake, makeWrapper, qttools, darwin
{ stdenv
, fetchFromGitHub
, fetchpatch
, cmake
, makeWrapper
, qttools
, darwin
, curl
, glibcLocales
@ -33,13 +39,13 @@ with stdenv.lib;
stdenv.mkDerivation rec {
pname = "keepassxc";
version = "2.5.2";
version = "2.5.4";
src = fetchFromGitHub {
owner = "keepassxreboot";
repo = "keepassxc";
rev = version;
sha256 = "0z5bd17qaq7zpv96gw6qwv6rb4xx7xjq86ss6wm5zskcrraf7r7n";
sha256 = "1xih9q1pxszalc0l29fmjxwn1vrrrrbnhc8gmi8brw5sclhbs6bh";
};
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.cc.isClang [
@ -57,6 +63,11 @@ stdenv.mkDerivation rec {
patches = [
./darwin.patch
# use wl-copy on Wayland - can be dropped with the next version update
(fetchpatch {
url = "https://github.com/keepassxreboot/keepassxc/commit/6128e5d58294f26411160f44da91087ebe7f4b07.patch";
sha256 = "16q0h7kijqjdbskmk4ar6p3g8vcxr0bq1zrlq2bk16pk10nv4bh1";
})
];
cmakeFlags = [
@ -79,7 +90,8 @@ stdenv.mkDerivation rec {
export LC_ALL="en_US.UTF-8"
export QT_QPA_PLATFORM=offscreen
export QT_PLUGIN_PATH="${qtbase.bin}/${qtbase.qtPluginPrefix}"
make test ARGS+="-E testgui --output-on-failure"
# testcli and testgui are flaky - skip them both
make test ARGS+="-E 'testcli|testgui' --output-on-failure"
'';
nativeBuildInputs = [ cmake wrapQtAppsHook qttools ];
@ -116,7 +128,7 @@ stdenv.mkDerivation rec {
longDescription = "A community fork of KeePassX, which is itself a port of KeePass Password Safe. The goal is to extend and improve KeePassX with new features and bugfixes to provide a feature-rich, fully cross-platform and modern open-source password manager. Accessible via native cross-platform GUI, CLI, and browser integration with the KeePassXC Browser Extension (https://github.com/keepassxreboot/keepassxc-browser).";
homepage = "https://keepassxc.org/";
license = licenses.gpl2;
maintainers = with maintainers; [ jonafato ];
maintainers = with maintainers; [ jonafato turion ];
platforms = platforms.linux ++ platforms.darwin;
};
}

4
pkgs/applications/misc/keepassx/darwin.patch
View file

@ -6,10 +6,10 @@ index 74b1a7ff..0a713a32 100644
set(PLUGIN_INSTALL_DIR ".")
set(DATA_INSTALL_DIR "share")
elseif(APPLE AND WITH_APP_BUNDLE)
+ set(CMAKE_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}/Applications")
+ set(CMAKE_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}/Applications")
set(BUNDLE_INSTALL_DIR "${PROGNAME}.app/Contents")
set(CMAKE_INSTALL_MANDIR "${PROGNAME}.app/Contents/Resources/man")
set(CLI_INSTALL_DIR "${PROGNAME}.app/Contents/MacOS")
set(PROXY_INSTALL_DIR "${PROGNAME}.app/Contents/MacOS")
@@ -369,12 +370,6 @@ set(CMAKE_AUTORCC ON)
if(APPLE)

2
pkgs/applications/misc/krusader/default.nix
View file

@ -20,7 +20,7 @@ in mkDerivation rec {
description = "Norton/Total Commander clone for KDE";
license = licenses.gpl2;
homepage = "http://www.krusader.org";
maintainers = with maintainers; [ sander ];
maintainers = with maintainers; [ sander turion ];
};
nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook ];

2
pkgs/applications/misc/lutris/chrootenv.nix
View file

@ -94,7 +94,7 @@ in buildFHSUserEnv {
libsndfile libtheora libogg libvorbis libopus libGLU libpcap libpulseaudio
libao libusb libevdev udev libgcrypt libxml2 libusb libpng libmpeg2 libv4l
libjpeg libxkbcommon libass libcdio libjack2 libsamplerate libzip libmad libaio
libcap libtiff libva libgphoto2 libxslt libtxc_dxtn libsndfile giflib zlib glib
libcap libtiff libva libgphoto2 libxslt libsndfile giflib zlib glib
alsaLib zziplib bash dbus keyutils zip cabextract freetype unzip coreutils
readline gcc SDL SDL2 curl graphite2 gtk2 gtk3 udev ncurses wayland libglvnd
vulkan-loader xdg_utils sqlite gnutls libbsd

2
pkgs/applications/misc/termpdf.py/default.nix
View file

@ -44,7 +44,7 @@ buildPythonApplication {
A graphical pdf (and epub, cbz, ...) reader that works
inside the kitty terminal.
'';
homepage = https://github.com/dsanson/termpdf.py;
homepage = "https://github.com/dsanson/termpdf.py";
maintainers = with maintainers; [ teto ];
license = licenses.mit;
};

4
pkgs/applications/networking/browsers/brave/default.nix
View file

@ -82,11 +82,11 @@ in
stdenv.mkDerivation rec {
pname = "brave";
version = "1.5.123";
version = "1.7.92";
src = fetchurl {
url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb";
sha256 = "1yv6hfjqzcd60b0bjpfbj8d4s2yf10swanxhbmnslcqp6ajb2nqr";
sha256 = "1f262xh88c83m6ixqxc69z8kvkl3qbjc6jnv2g8n0flw8s70hs7z";
};
dontConfigure = true;

17
pkgs/applications/networking/browsers/chromium/common.nix
View file

@ -24,8 +24,13 @@
, libdrm ? null, wayland ? null, mesa_drivers ? null, libxkbcommon ? null # useOzone
# package customization
, useVaapi ? false
, useOzone ? false
, useVaapi ? !(useOzone || stdenv.isAarch64) # Built if supported, but disabled in the wrapper
# VA-API TODOs:
# - Ozone: M81 fails to build due to "ozone_platform_gbm = false"
# - Possible solutions: Write a patch to fix the build (wrong gn dependencies)
# or build with minigbm
# - AArch64: Causes serious regressions (https://github.com/NixOS/nixpkgs/pull/85253#issuecomment-614405879)
, gnomeSupport ? false, gnome ? null
, gnomeKeyringSupport ? false, libgnome-keyring3 ? null
, proprietaryCodecs ? true
@ -127,10 +132,10 @@ let
libXScrnSaver libXcursor libXtst libGLU libGL
pciutils protobuf speechd libXdamage at-spi2-core
jre
] ++ optional gnomeKeyringSupport libgnome-keyring3
] ++ optional useVaapi libva
++ optional gnomeKeyringSupport libgnome-keyring3
++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
++ optionals cupsSupport [ libgcrypt cups ]
++ optional useVaapi libva
++ optional pulseSupport libpulseaudio
++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ];
@ -149,9 +154,9 @@ let
#
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
] ++ optionals (useVaapi) ([
# source: https://aur.archlinux.org/cgit/aur.git/tree/vaapi-fix.patch?h=chromium-vaapi
./patches/vaapi-fix.patch
] ++ optionals (useVaapi) ([ # Fixes for the VA-API build:
./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
] ++ optionals (versionRange "81" "82") [
(githubPatch "5b2ff215473e0526b5b24aeff4ad90d369b21c75" "0n00vh8wfpn2ay5fqsxcsx0zadnv7mihm72bcvnrfzh75nzbg902")
(githubPatch "98e343ab369e4262511b5fce547728e3e5eefba8" "00wwp653jk0k0yvix00vr7ymgck9dj7fxjwx4nc67ynn84dh6064")

19
pkgs/applications/networking/browsers/chromium/default.nix
View file

@ -6,13 +6,15 @@
, lib
# package customization
# Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper)
, channel ? "stable"
, gnomeSupport ? false, gnome ? null
, gnomeKeyringSupport ? false
, proprietaryCodecs ? true
, enablePepperFlash ? false
, enableWideVine ? false
, useVaapi ? false # test video on radeon, before enabling this
, useVaapi ? false # Deprecated, use enableVaapi instead!
, enableVaapi ? false # Disabled by default due to unofficial support and issues on radeon
, useOzone ? false
, cupsSupport ? true
, pulseSupport ? config.pulseaudio or stdenv.isLinux
@ -33,7 +35,7 @@ let
upstream-info = (callPackage ./update.nix {}).getChannel channel;
mkChromiumDerivation = callPackage ./common.nix ({
inherit gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs cupsSupport pulseSupport useVaapi useOzone;
inherit gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs cupsSupport pulseSupport useOzone;
gnChromium = gn;
} // lib.optionalAttrs (channel != "stable") {
# TODO: Remove after we can update gn for the stable channel (backward incompatible changes):
@ -127,6 +129,14 @@ let
cp -a ${widevineCdm}/WidevineCdm $out/libexec/chromium/
''
else browser;
optionalVaapiFlags = if useVaapi # TODO: Remove after 20.09:
then throw ''
Chromium's useVaapi was replaced by enableVaapi and you don't need to pass
"--ignore-gpu-blacklist" anymore (also no rebuilds are required anymore).
'' else lib.optionalString
(!enableVaapi)
"--add-flags --disable-accelerated-video-decode --add-flags --disable-accelerated-video-encode";
in stdenv.mkDerivation {
name = "chromium${suffix}-${version}";
inherit version;
@ -146,15 +156,14 @@ in stdenv.mkDerivation {
buildCommand = let
browserBinary = "${chromiumWV}/libexec/chromium/chromium";
getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")";
libPath = stdenv.lib.makeLibraryPath ([]
++ stdenv.lib.optional useVaapi libva
);
libPath = stdenv.lib.makeLibraryPath [ libva ];
in with stdenv.lib; ''
mkdir -p "$out/bin"
eval makeWrapper "${browserBinary}" "$out/bin/chromium" \
--add-flags ${escapeShellArg (escapeShellArg commandLineArgs)} \
${optionalVaapiFlags} \
${concatMapStringsSep " " getWrapperFlags chromium.plugins.enabled}
ed -v -s "$out/bin/chromium" << EOF

0
pkgs/applications/networking/browsers/chromium/patches/vaapi-fix.patch → pkgs/applications/networking/browsers/chromium/patches/enable-vdpau-support-for-nvidia.patch
View file

48
pkgs/applications/networking/browsers/chromium/patches/enable-video-acceleration-on-linux.patch Normal file
View file

@ -0,0 +1,48 @@
From b2144fd28e09cd52e7a88a62a9d9b54cf9922f9f Mon Sep 17 00:00:00 2001
From: Michael Weiss <dev.primeos@gmail.com>
Date: Tue, 14 Apr 2020 14:16:10 +0200
Subject: [PATCH] Enable accelerated video decode on Linux
This will enable accelerated video decode on Linux by default (i.e.
without "--ignore-gpu-blacklist"), but on NixOS we'll provide
"--disable-accelerated-video-decode" and
"--disable-accelerated-video-encode" by default to avoid regressions
(e.g. VA-API doesn't work properly for some radeon drivers).
Video acceleration can then be enabled via:
chromium.override { enableVaapi = true; }
without rebuilding Chromium.
---
gpu/config/software_rendering_list.json | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/gpu/config/software_rendering_list.json b/gpu/config/software_rendering_list.json
index 22712bdbf38f..a06dd19a50e4 100644
--- a/gpu/config/software_rendering_list.json
+++ b/gpu/config/software_rendering_list.json
@@ -336,22 +336,6 @@
]
},
{
- "id": 48,
- "description": "Accelerated video decode is unavailable on Linux",
- "cr_bugs": [137247, 1032907],
- "os": {
- "type": "linux"
- },
- "exceptions": [
- {
- "machine_model_name": ["Chromecast"]
- }
- ],
- "features": [
- "accelerated_video_decode"
- ]
- },
- {
"id": 50,
"description": "Disable VMware software renderer on older Mesa",
"cr_bugs": [145531, 332596, 571899, 629434],
--
2.11.0

4
pkgs/applications/networking/browsers/chromium/plugins.nix
View file

@ -45,11 +45,11 @@ let
flash = stdenv.mkDerivation rec {
pname = "flashplayer-ppapi";
version = "32.0.0.344";
version = "32.0.0.363";
src = fetchzip {
url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/${version}/flash_player_ppapi_linux.x86_64.tar.gz";
sha256 = "05ijlgsby9zxx0qs6f3vav1z0p6xr1cg6idl4akxvfmsl6hn6hkq";
sha256 = "0znk8an892mykgbz56hyv3gz65vc9mhb3vn96c6bsvicwl1fn460";
stripRoot = false;
};

1
pkgs/applications/networking/browsers/firefox/wrapper.nix
View file

@ -46,7 +46,6 @@ let
"icedtea"
"enableGoogleTalkPlugin"
"enableFriBIDPlugin"
"enableGnomeExtensions"
"enableBluejeans"
"enableAdobeReader"
];

10
pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/default.nix
View file

@ -74,7 +74,7 @@ let
in
stdenv.mkDerivation rec {
pname = "flashplayer";
version = "32.0.0.344";
version = "32.0.0.363";
src = fetchurl {
url =
@ -85,14 +85,14 @@ stdenv.mkDerivation rec {
sha256 =
if debug then
if arch == "x86_64" then
"1kkwijxlcs1rlqxr1vj51h95fwwrp5m0c9lngqpncgmmhh8v9dyr"
"06711k4vbn6mqfd8gvx2snsxyalhw15hn5b64sja8726z5rxvzy7"
else
"0r47s19fw7gsph73rd5jb2zfsjwz7mjawm6c49rir9rsa0zxrsks"
"0v584aqhy4xk08afi3ypkq4mqjq57y136z82i5ixyim88dqbaf4f"
else
if arch == "x86_64" then
"1ki3i7zw0q48xf01xjfm1mpizc5flk768p9hqxpg881r4h65dh6b"
"1g1ijxypm8a8mfc1x58gksmaakqpp7xmf277wiir8zqjn3vd6c64"
else
"1v527i60sljwyvv4l1kg9ml05skjgm3naynlswd35hsz258jnxl4";
"13nbxmqmbxqvdhdwdqimim2f9fz3y2vrsx6b3pck6352m4i4wzh8";
};
nativeBuildInputs = [ unzip ];

6
pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/standalone.nix
View file

@ -50,7 +50,7 @@
stdenv.mkDerivation {
pname = "flashplayer-standalone";
version = "32.0.0.344";
version = "32.0.0.363";
src = fetchurl {
url =
@ -60,9 +60,9 @@ stdenv.mkDerivation {
"https://fpdownload.macromedia.com/pub/flashplayer/updaters/32/flash_player_sa_linux.x86_64.tar.gz";
sha256 =
if debug then
"1ymsk07xmnanyv86r58ar1l4wgjarlq0fc111ajc76pp8dsxnfx8"
"03zhza8lvc1nvz3racwfsajfd6rnbw3g56dp5wvr1qmaps8xaaqg"
else
"0wiwpn4a0jxslw4ahalq74rksn82y0aqa3lrjr9qs7kdcak74vky";
"0bhp7jv2l2agfzr8m564k749a5g75dw1390phlwvf49n1h8ldap2";
};
nativeBuildInputs = [ unzip ];

9
pkgs/applications/networking/cluster/cni/default.nix
View file

@ -1,18 +1,19 @@
{ stdenv, fetchFromGitHub, buildGoPackage }:
{ lib, fetchFromGitHub, buildGoPackage }:
buildGoPackage rec {
pname = "cni";
version = "0.7.0";
version = "0.7.1";
src = fetchFromGitHub {
owner = "containernetworking";
repo = pname;
rev = "v${version}";
sha256 = "15ad323dw44k82bfx9r8w5q2kn7jix60p9v4ciyzx2p5pip36wp8";
sha256 = "02qn1br8164d99978acalisy1sx294g1axnii4yh1wji0fc735xz";
};
goPackagePath = "github.com/containernetworking/cni";
meta = with stdenv.lib; {
meta = with lib; {
description = "Container Network Interface - networking for Linux containers";
license = licenses.asl20;
homepage = "https://github.com/containernetworking/cni";

210
pkgs/applications/networking/cluster/cni/plugins-deps.nix
View file

@ -1,210 +0,0 @@
# file generated from go.mod using vgo2nix (https://github.com/adisbladis/vgo2nix)
[
{
goPackagePath = "github.com/Microsoft/go-winio";
fetch = {
type = "git";
url = "https://github.com/Microsoft/go-winio";
rev = "v0.4.11";
sha256 = "14y1gryr3pb3zy09v2g8dh89m363rfd9sch0wgbabh531hfx72vn";
};
}
{
goPackagePath = "github.com/Microsoft/hcsshim";
fetch = {
type = "git";
url = "https://github.com/Microsoft/hcsshim";
rev = "v0.7.4";
sha256 = "0hky9p6xvkkx2jfkd4fy2d6iaikvlzalyw67gypyqyxygf2hsshg";
};
}
{
goPackagePath = "github.com/alexflint/go-filemutex";
fetch = {
type = "git";
url = "https://github.com/alexflint/go-filemutex";
rev = "72bdc8eae2ae";
sha256 = "082y6y9zv40q3kaqvsv6fyaw2fc42j0sn9z0dl9rbiz4szixj3c4";
};
}
{
goPackagePath = "github.com/buger/jsonparser";
fetch = {
type = "git";
url = "https://github.com/buger/jsonparser";
rev = "f4dd9f5a6b44";
sha256 = "12qa2n33s7yz88ywpr3k9kg3b4gm6rqgnv28iyikyxw8h5jascz5";
};
}
{
goPackagePath = "github.com/containernetworking/cni";
fetch = {
type = "git";
url = "https://github.com/containernetworking/cni";
rev = "v0.7.0";
sha256 = "15ad323dw44k82bfx9r8w5q2kn7jix60p9v4ciyzx2p5pip36wp8";
};
}
{
goPackagePath = "github.com/coreos/go-iptables";
fetch = {
type = "git";
url = "https://github.com/coreos/go-iptables";
rev = "v0.4.1";
sha256 = "0id1npqw3rd5rrkslf6i9yy6lpmd7l5qcglln38g85ylq7inysyi";
};
}
{
goPackagePath = "github.com/coreos/go-systemd";
fetch = {
type = "git";
url = "https://github.com/coreos/go-systemd";
rev = "39ca1b05acc7";
sha256 = "1kzqrrzqspa5qm7kwslxl3m16lqzns23c24rv474ajzwmj3ixmx1";
};
}
{
goPackagePath = "github.com/d2g/dhcp4";
fetch = {
type = "git";
url = "https://github.com/d2g/dhcp4";
rev = "f0e4d29ff023";
sha256 = "07gn9bjvnlfz2jv9wdq3gxxxm9lpwgrwk8z65072jdrz9rs9izpr";
};
}
{
goPackagePath = "github.com/d2g/dhcp4client";
fetch = {
type = "git";
url = "https://github.com/d2g/dhcp4client";
rev = "bed07e1bc5b8";
sha256 = "0kyjalv1kah7sk3i96abg71cgy5s9kzpff2zc7mwj69vicbj7mi3";
};
}
{
goPackagePath = "github.com/d2g/dhcp4server";
fetch = {
type = "git";
url = "https://github.com/d2g/dhcp4server";
rev = "477b11cea4dc";
sha256 = "010dpw6cxrsm6dm49w1q6qpz5xz3lbi5viz6wywxk49fxvnzmx9l";
};
}
{
goPackagePath = "github.com/godbus/dbus";
fetch = {
type = "git";
url = "https://github.com/godbus/dbus";
rev = "885f9cc04c9c";
sha256 = "0wjpaj4vr5lvpnwc5faf3qizd7zd2v9yq0fm0558wap1hiyqb8x8";
};
}
{
goPackagePath = "github.com/j-keck/arping";
fetch = {
type = "git";
url = "https://github.com/j-keck/arping";
rev = "2cf9dc699c56";
sha256 = "1bid8mpx3j4546ni0a6q5xyz7hb854g95qnxqmg5jzs9vrcird3c";
};
}
{
goPackagePath = "github.com/juju/errors";
fetch = {
type = "git";
url = "https://github.com/juju/errors";
rev = "22422dad46e1";
sha256 = "1766ys24y9qgngaqbx0g84lmh54b3369v8hk5fa1k8si2d34fxas";
};
}
{
goPackagePath = "github.com/mattn/go-shellwords";
fetch = {
type = "git";
url = "https://github.com/mattn/go-shellwords";
rev = "v1.0.3";
sha256 = "1pg7pl25wvpl2dbpyrv9p1r7prnqimxlf6136vn0dfm54j2x4mnr";
};
}
{
goPackagePath = "github.com/onsi/ginkgo";
fetch = {
type = "git";
url = "https://github.com/onsi/ginkgo";
rev = "7f8ab55aaf3b";
sha256 = "0nas6wqdym4jx42kw9wj80b58r69k9qhnvglz009lj34g5gba7rw";
};
}
{
goPackagePath = "github.com/onsi/gomega";
fetch = {
type = "git";
url = "https://github.com/onsi/gomega";
rev = "2152b45fa28a";
sha256 = "0amjlkawp84mmdqjgdamf93p1546cla6h4wwrx7hf5r862r2qcw2";
};
}
{
goPackagePath = "github.com/safchain/ethtool";
fetch = {
type = "git";
url = "https://github.com/safchain/ethtool";
rev = "42ed695e3de8";
sha256 = "0n5hkrzc1bh46nidcssx4539kvcmgj501v3kzh2pljpg27509daj";
};
}
{
goPackagePath = "github.com/sirupsen/logrus";
fetch = {
type = "git";
url = "https://github.com/sirupsen/logrus";
rev = "v1.0.6";
sha256 = "029irw2lsbqi944gdrbkwdw0m2794sqni4g21gsnmz142hbzds8c";
};
}
{
goPackagePath = "github.com/vishvananda/netlink";
fetch = {
type = "git";
url = "https://github.com/vishvananda/netlink";
rev = "023a6dafdcdf";
sha256 = "1i5q8r8rg7lxzvq2vhbf25lrkzdlgficfv0bxg9rf7cgg6z819sn";
};
}
{
goPackagePath = "github.com/vishvananda/netns";
fetch = {
type = "git";
url = "https://github.com/vishvananda/netns";
rev = "13995c7128cc";
sha256 = "1zk6w8158qi4niva5rijchbv9ixgmijsgqshh54wdaav4xrhjshn";
};
}
{
goPackagePath = "golang.org/x/crypto";
fetch = {
type = "git";
url = "https://go.googlesource.com/crypto";
rev = "7c1a557ab941";
sha256 = "1f1q9mby8m7ws3gbj90v0prhnf4g2sgf74azmw31kzwd6azlar3m";
};
}
{
goPackagePath = "golang.org/x/net";
fetch = {
type = "git";
url = "https://go.googlesource.com/net";
rev = "49bb7cea24b1";
sha256 = "111q4qm3hcjvzvyv9y5rz8ydnyg48rckcygxqy6gv63q618wz6gn";
};
}
{
goPackagePath = "golang.org/x/sys";
fetch = {
type = "git";
url = "https://go.googlesource.com/sys";
rev = "66b7b1311ac8";
sha256 = "00ny4r2bbj6rz939iy9g699acqydq7rfi6r6awn25w9i2dld9m13";
};
}
]

28
pkgs/applications/networking/cluster/cni/plugins.nix
View file

@ -1,24 +1,22 @@
{ stdenv, lib, fetchFromGitHub, go, removeReferencesTo, buildGoPackage }:
{ lib, fetchFromGitHub, buildGoPackage }:
buildGoPackage rec {
pname = "cni-plugins";
version = "0.8.4";
version = "0.8.5";
src = fetchFromGitHub {
owner = "containernetworking";
repo = "plugins";
rev = "v${version}";
sha256 = "02kz6y3klhbriybsskn4hmldwli28cycnp2klsm2x0y9c73iczdp";
sha256 = "17c8pvpn0dpda6ah7irr9hhd8sk7mnm32zv72nc5pxg1xvfpaipi";
};
goDeps = ./plugins-deps.nix;
goPackagePath = "github.com/containernetworking/plugins";
subPackages = [
"plugins/meta/bandwidth"
"plugins/meta/firewall"
"plugins/meta/flannel"
"plugins/meta/portmap"
"plugins/meta/sbr"
"plugins/meta/tuning"
"plugins/ipam/dhcp"
"plugins/ipam/host-local"
"plugins/ipam/static"
"plugins/main/bridge"
"plugins/main/host-device"
"plugins/main/ipvlan"
@ -26,10 +24,14 @@ buildGoPackage rec {
"plugins/main/macvlan"
"plugins/main/ptp"
"plugins/main/vlan"
"plugins/ipam/dhcp"
"plugins/ipam/host-local"
"plugins/ipam/static"
"plugins/meta/bandwidth"
"plugins/meta/firewall"
"plugins/meta/flannel"
"plugins/meta/portmap"
"plugins/meta/sbr"
"plugins/meta/tuning"
];
meta = with lib; {
description = "Some standard networking plugins, maintained by the CNI team";
homepage = "https://github.com/containernetworking/plugins";

8
pkgs/applications/networking/cluster/terraform/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, lib, buildEnv, buildGoPackage, fetchFromGitHub, makeWrapper
{ stdenv, lib, buildEnv, buildGoPackage, fetchFromGitHub, makeWrapper, coreutils
, runCommand, writeText, terraform-providers }:
let
@ -18,6 +18,12 @@ let
inherit sha256;
};
postPatch = ''
# speakeasy hardcodes /bin/stty https://github.com/bgentry/speakeasy/issues/22
substituteInPlace vendor/github.com/bgentry/speakeasy/speakeasy_unix.go \
--replace "/bin/stty" "${coreutils}/bin/stty"
'';
postInstall = ''
# remove all plugins, they are part of the main binary now
for i in $bin/bin/*; do

6
pkgs/applications/networking/ids/zeek/default.nix
View file

@ -5,11 +5,11 @@ let
in
stdenv.mkDerivation rec {
pname = "zeek";
version = "3.1.1";
version = "3.1.2";
src = fetchurl {
url = "https://old.zeek.org/downloads/zeek-${version}.tar.gz";
sha256 = "0siybzdp8w62jqk5vdi5fxwvj6cn4r6c2d4z2axd4rj5vhv5zvx2";
url = "https://download.zeek.org/zeek-${version}.tar.gz";
sha256 = "18aa4pfwav8m6vq7cr4bhfg243da54ak933rqbriljnhsrgp4n0q";
};
nativeBuildInputs = [ cmake flex bison file ];

12
pkgs/applications/networking/gmailieer/default.nix → pkgs/applications/networking/lieer/default.nix
View file

@ -1,14 +1,14 @@
{ stdenv, fetchFromGitHub, python3Packages }:
python3Packages.buildPythonApplication rec {
name = "gmailieer-${version}";
version = "1.0";
pname = "lieer";
version = "1.1";
src = fetchFromGitHub {
owner = "gauteh";
repo = "gmailieer";
repo = "lieer";
rev = "v${version}";
sha256 = "1zzylv8xbcrh34bz0s29dawzcyx39lai8y8wk0bl4x75v1jfynvf";
sha256 = "19jx3sm925nrzl26km1bxbp6y5gk1mzwadd79vip2jl70b3xk9f8";
};
propagatedBuildInputs = with python3Packages; [
@ -27,8 +27,8 @@ python3Packages.buildPythonApplication rec {
tags in the notmuch database may be pushed back remotely to your
GMail account.
'';
homepage = "https://github.com/gauteh/gmailieer";
repositories.git = "https://github.com/gauteh/gmailieer.git";
homepage = "https://lieer.gaute.vetsj.com/";
repositories.git = "https://github.com/gauteh/lieer.git";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ kaiha ];
};

4
pkgs/applications/networking/msmtp/default.nix
View file

@ -9,11 +9,11 @@ let
in stdenv.mkDerivation rec {
pname = "msmtp";
version = "1.8.7";
version = "1.8.8";
src = fetchurl {
url = "https://marlam.de/${pname}/releases/${pname}-${version}.tar.xz";
sha256 = "1waiiksa57byb7gvx1zmh6srvl6r8rvwqklk0slb3iaf4kfbqlws";
sha256 = "1rarck61mz3mwg0l30vjj6j9fq6gc7gic0r1c1ppwpq2izj57jzc";
};
patches = [

84
pkgs/applications/office/elementary-planner/0001-Revert-Add-patch.patch Normal file
View file

@ -0,0 +1,84 @@
From a6d8bd67416c848f9bf52f4746bda34216ae9993 Mon Sep 17 00:00:00 2001
From: worldofpeace <worldofpeace@protonmail.ch>
Date: Sun, 19 Apr 2020 12:48:59 -0400
Subject: [PATCH] Revert "Add patch"
This reverts commit c44127936b785afda0e914da4c1dc1e66a0ac97b.
---
src/Application.vala | 49 --------------------------------------------
1 file changed, 49 deletions(-)
diff --git a/src/Application.vala b/src/Application.vala
index 43d52fbc..82a9ebe5 100644
--- a/src/Application.vala
+++ b/src/Application.vala
@@ -127,66 +127,17 @@ public class Planner : Gtk.Application {
utils.apply_theme_changed ();
- // Set Theme and Icon
Gtk.Settings.get_default ().set_property ("gtk-icon-theme-name", "elementary");
Gtk.Settings.get_default ().set_property ("gtk-theme-name", "elementary");
- // Path Theme
- var command = new Granite.Services.SimpleCommand (".", "echo $DESKTOP_SESSION");
- command.run ();
- command.output_changed.connect ((text) => {
- print ("DESKTOP_SESSION: %s\n".printf (text));
- });
-
- if (get_os_info ("PRETTY_NAME") == null || get_os_info ("PRETTY_NAME").index_of ("elementary") == -1) {
- string CSS = """
- window decoration {
- box-shadow: none;
- margin: 1px;
- }
- """;
-
- var _provider = new Gtk.CssProvider ();
- _provider.load_from_data (CSS, CSS.length);
-
- Gtk.StyleContext.add_provider_for_screen (
- Gdk.Screen.get_default (), _provider,
- Gtk.STYLE_PROVIDER_PRIORITY_APPLICATION
- );
- }
-
// Set shortcut
string quick_add_shortcut = settings.get_string ("quick-add-shortcut");
if (quick_add_shortcut == "") {
quick_add_shortcut = "<Primary>Tab";
settings.set_string ("quick-add-shortcut", quick_add_shortcut);
}
-
utils.set_quick_add_shortcut (quick_add_shortcut);
}
-
- public string get_os_info (string field) {
- string return_value = "";
- var file = File.new_for_path ("/etc/os-release");
- try {
- var osrel = new Gee.HashMap<string, string> ();
- var dis = new DataInputStream (file.read ());
- string line;
- // Read lines until end of file (null) is reached
- while ((line = dis.read_line (null)) != null) {
- var osrel_component = line.split ("=", 2);
- if (osrel_component.length == 2) {
- osrel[osrel_component[0]] = osrel_component[1].replace ("\"", "");
- }
- }
-
- return_value = osrel[field];
- } catch (Error e) {
- warning ("Couldn't read os-release file, assuming elementary OS");
- }
-
- return return_value;
- }
public override int command_line (ApplicationCommandLine command_line) {
bool silence_mode = false;
--
2.25.1

14
pkgs/applications/office/elementary-planner/default.nix
View file

@ -15,15 +15,25 @@
stdenv.mkDerivation rec {
pname = "elementary-planner";
version = "2.2.14";
version = "2.3.2";
src = fetchFromGitHub {
owner = "alainm23";
repo = "planner";
rev = version;
sha256 = "14k5kiknr0d3my17p4v20iiqzifpz3y80gdzj8vdxic8yk2yr1ap";
sha256 = "1kjk1zafx71zmax3whzpx6mzl037wlxri30bl2k9y9rg3fd09arr";
};
patches = [
# Revert a patch the works around some stylesheet issues:
# https://github.com/alainm23/planner/issues/268
# https://github.com/alainm23/planner/issues/303
# The don't seem to be a problem with Pantheon on NixOS
# and for some reason produce the opposite effect with
# pantheon's stylesheet.
./0001-Revert-Add-patch.patch
];
nativeBuildInputs = [
desktop-file-utils
meson

5
pkgs/applications/office/libreoffice/default.nix
View file

@ -62,6 +62,11 @@ in (stdenv.mkDerivation rec {
patches = [
./xdg-open-brief.patch
(fetchpatch {
url = "https://git.pld-linux.org/gitweb.cgi?p=packages/libreoffice.git;a=blob_plain;f=poppler-0.86.patch;h=76b8356d5f22ef537a83b0f9b0debab591f152fe;hb=a2737a61353e305a9ee69640fb20d4582c218008";
name = "poppler-0.86.patch";
sha256 = "0q6k4l8imgp8ailcv0qx5l83afyw44hah24fi7gjrm9xgv5sbb8j";
})
];
tarballPath = "external/tarballs";

8
pkgs/applications/office/libreoffice/src-fresh/download.nix
View file

@ -728,11 +728,11 @@
md5name = "a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126-postgresql-9.2.24.tar.bz2";
}
{
name = "Python-3.7.6.tar.xz";
url = "http://dev-www.libreoffice.org/src/Python-3.7.6.tar.xz";
sha256 = "55a2cce72049f0794e9a11a84862e9039af9183603b78bc60d89539f82cf533f";
name = "Python-3.7.7.tar.xz";
url = "http://dev-www.libreoffice.org/src/Python-3.7.7.tar.xz";
sha256 = "06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136";
md5 = "";
md5name = "55a2cce72049f0794e9a11a84862e9039af9183603b78bc60d89539f82cf533f-Python-3.7.6.tar.xz";
md5name = "06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136-Python-3.7.7.tar.xz";
}
{
name = "QR-Code-generator-1.4.0.tar.gz";

10
pkgs/applications/office/libreoffice/src-fresh/primary.nix
View file

@ -8,8 +8,8 @@ rec {
major = "6";
minor = "4";
patch = "1";
tweak = "1";
patch = "3";
tweak = "2";
subdir = "${major}.${minor}.${patch}";
@ -17,13 +17,13 @@ rec {
src = fetchurl {
url = "https://download.documentfoundation.org/libreoffice/src/${subdir}/libreoffice-${version}.tar.xz";
sha256 = "03fqpkilz4yi35l447hb9r8gjwj23l61bpdkwg21jm8blm8kkvyj";
sha256 = "1cmbrhha7mlflnlbpla8fix07cxcgkdb7krnrgs1bylf31y5855w";
};
# FIXME rename
translations = fetchSrc {
name = "translations";
sha256 = "0a7arjlxxy7hjm1brxwd124bf1gkbl92bgygi3sbbhbsv07pjdcr";
sha256 = "06z9hz4m3kdcljjc6y5s18001axjibj9xiyakdndkl9pmnnhn9h3";
};
# the "dictionaries" archive is not used for LO build because we already build hunspellDicts packages from
@ -31,6 +31,6 @@ rec {
help = fetchSrc {
name = "help";
sha256 = "1hfllrdyxrg5mgqry3dcrhjbdrd0d27k5mvv4sfj7nwjlmjh8rqq";
sha256 = "0mpgrwg8z1q38j03l6m1sdpcplyjd5nz1nqaa13vfkryj2lflw45";
};
}

4
pkgs/applications/science/electronics/verilator/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "verilator";
version = "4.030";
version = "4.032";
src = fetchurl {
url = "https://www.veripool.org/ftp/${pname}-${version}.tgz";
sha256 = "07ldkf7xkr31n1dmx82bmzam8bvc1vsp32k76vd7yzn7r853qyky";
sha256 = "1l3rhgw7pk59dz7dyhcl0iygn6c9rv9bv131rfzg66asxfwbfq1s";
};
enableParallelBuilding = true;

38
pkgs/applications/science/logic/beluga/default.nix
View file

@ -1,34 +1,40 @@
{ stdenv, fetchFromGitHub, ocamlPackages, omake }:
{ lib, fetchFromGitHub, ocamlPackages, rsync }:
stdenv.mkDerivation {
name = "beluga-20180403";
ocamlPackages.buildDunePackage {
pname = "beluga";
version = "unstable-2020-03-11";
src = fetchFromGitHub {
owner = "Beluga-lang";
repo = "Beluga";
rev = "046aa59f008be70a7c4700b723bed0214ea8b687";
sha256 = "0m68y0r0wdw3mg2jks68bihaww7sg305zdfnic1rkndq2cxv0mld";
rev = "6133b2f572219333f304bb4f77c177592324c55b";
sha256 = "0sy6mi50z3mvs5z7dx38piydapk89all81rh038x3559b5fsk68q";
};
nativeBuildInputs = with ocamlPackages; [ findlib ocamlbuild omake ];
buildInputs = with ocamlPackages; [ ocaml ulex ocaml_extlib ];
useDune2 = true;
installPhase = ''
mkdir -p $out
cp -r bin $out/
buildInputs = with ocamlPackages; [
gen sedlex_2 ocaml_extlib dune-build-info linenoise
];
mkdir -p $out/share/beluga
cp -r tools/ examples/ $out/share/beluga
postPatch = ''
patchShebangs ./TEST ./run_harpoon_test.sh
'';
checkPhase = "./TEST";
checkInputs = [ rsync ];
doCheck = true;
postInstall = ''
mkdir -p $out/share/emacs/site-lisp/beluga/
cp -r tools/beluga-mode.el $out/share/emacs/site-lisp/beluga
'';
meta = {
meta = with lib; {
description = "A functional language for reasoning about formal systems";
homepage = "http://complogic.cs.mcgill.ca/beluga/";
license = stdenv.lib.licenses.gpl3Plus;
maintainers = [ stdenv.lib.maintainers.bcdarwin ];
platforms = stdenv.lib.platforms.unix;
license = licenses.gpl3Plus;
maintainers = [ maintainers.bcdarwin ];
platforms = platforms.unix;
};
}

4
pkgs/applications/science/logic/lean/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "lean";
version = "3.8.0";
version = "3.9.0";
src = fetchFromGitHub {
owner = "leanprover-community";
repo = "lean";
rev = "v${version}";
sha256 = "0frs2vhxlzdliyydb462c1886dn585zd7yp7hdxzsri2v6gdh89g";
sha256 = "0sklw211cmqp4y0c6nycfavpdxdpfwhq9a4sbwdlqd5agyf85h1j";
};
nativeBuildInputs = [ cmake ];

11
pkgs/applications/version-management/git-and-tools/delta/default.nix
View file

@ -1,17 +1,20 @@
{ lib, fetchFromGitHub, rustPlatform }:
{ lib, fetchFromGitHub, rustPlatform, llvmPackages }:
rustPlatform.buildRustPackage rec {
pname = "delta";
version = "0.0.17";
version = "0.0.18";
src = fetchFromGitHub {
owner = "dandavison";
repo = pname;
rev = version;
sha256 = "1j01h60snciqp4psyxf67j3gbmi02c1baprsg9frzjacawbx8cz7";
sha256 = "0cpd60861k9nd2gbzyb2hg5npnkgvsnyrvv7mlm30vb1833gz94z";
};
cargoSha256 = "176bfd57gc9casvk0p10ilvzw3q3rkkv7qflja778vrwr9zrmkzq";
LLVM_CONFIG_PATH = "${llvmPackages.llvm}/bin/llvm-config";
LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib";
cargoSha256 = "12gl50q5hf6nq571fqxfv61z4mwfjyw4jb2yqyqbsinwj2frwaxn";
meta = with lib; {
homepage = "https://github.com/dandavison/delta";

4
pkgs/applications/version-management/redmine/Gemfile
View file

@ -1,8 +1,10 @@
source 'https://rubygems.org'
ruby '>= 2.3.0', '< 2.7.0' if Bundler::VERSION >= '1.12.0'
gem "bundler", ">= 1.5.0"
gem "rails", "5.2.4.1"
gem 'rails', '5.2.4.2'
gem 'sprockets', '~> 3.7.2' if RUBY_VERSION < '2.5'
gem "rouge", "~> 3.12.0"
gem "request_store", "~> 1.4.1"
gem "mini_mime", "~> 1.0.1"

121
pkgs/applications/version-management/redmine/Gemfile.lock
View file

@ -1,19 +1,19 @@
GEM
remote: https://rubygems.org/
specs:
actioncable (5.2.4.1)
actionpack (= 5.2.4.1)
actioncable (5.2.4.2)
actionpack (= 5.2.4.2)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailer (5.2.4.1)
actionpack (= 5.2.4.1)
actionview (= 5.2.4.1)
activejob (= 5.2.4.1)
actionmailer (5.2.4.2)
actionpack (= 5.2.4.2)
actionview (= 5.2.4.2)
activejob (= 5.2.4.2)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (5.2.4.1)
actionview (= 5.2.4.1)
activesupport (= 5.2.4.1)
actionpack (5.2.4.2)
actionview (= 5.2.4.2)
activesupport (= 5.2.4.2)
rack (~> 2.0, >= 2.0.8)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
@ -21,26 +21,26 @@ GEM
actionpack-xml_parser (2.0.1)
actionpack (>= 5.0)
railties (>= 5.0)
actionview (5.2.4.1)
activesupport (= 5.2.4.1)
actionview (5.2.4.2)
activesupport (= 5.2.4.2)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.2.4.1)
activesupport (= 5.2.4.1)
activejob (5.2.4.2)
activesupport (= 5.2.4.2)
globalid (>= 0.3.6)
activemodel (5.2.4.1)
activesupport (= 5.2.4.1)
activerecord (5.2.4.1)
activemodel (= 5.2.4.1)
activesupport (= 5.2.4.1)
activemodel (5.2.4.2)
activesupport (= 5.2.4.2)
activerecord (5.2.4.2)
activemodel (= 5.2.4.2)
activesupport (= 5.2.4.2)
arel (>= 9.0)
activestorage (5.2.4.1)
actionpack (= 5.2.4.1)
activerecord (= 5.2.4.1)
activestorage (5.2.4.2)
actionpack (= 5.2.4.2)
activerecord (= 5.2.4.2)
marcel (~> 0.3.1)
activesupport (5.2.4.1)
activesupport (5.2.4.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
@ -59,8 +59,8 @@ GEM
regexp_parser (~> 1.5)
xpath (~> 3.2)
childprocess (3.0.0)
concurrent-ruby (1.1.5)
crass (1.0.5)
concurrent-ruby (1.1.6)
crass (1.0.6)
css_parser (1.7.1)
addressable
csv (3.1.2)
@ -73,58 +73,58 @@ GEM
concurrent-ruby (~> 1.0)
jaro_winkler (1.5.4)
json (2.3.0)
loofah (2.4.0)
loofah (2.5.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
mini_mime (>= 0.1.1)
marcel (0.3.3)
mimemagic (~> 0.3.2)
method_source (0.9.2)
mimemagic (0.3.3)
method_source (1.0.0)
mimemagic (0.3.4)
mini_magick (4.9.5)
mini_mime (1.0.2)
mini_portile2 (2.4.0)
minitest (5.13.0)
mocha (1.11.1)
minitest (5.14.0)
mocha (1.11.2)
mysql2 (0.5.3)
net-ldap (0.16.2)
nio4r (2.5.2)
nokogiri (1.10.7)
nokogiri (1.10.9)
mini_portile2 (~> 2.4.0)
parallel (1.19.1)
parser (2.6.5.0)
parser (2.7.1.0)
ast (~> 2.4.0)
pg (1.1.4)
public_suffix (4.0.1)
puma (3.12.2)
rack (2.0.8)
public_suffix (4.0.4)
puma (3.12.4)
rack (2.2.2)
rack-openid (1.4.2)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails (5.2.4.1)
actioncable (= 5.2.4.1)
actionmailer (= 5.2.4.1)
actionpack (= 5.2.4.1)
actionview (= 5.2.4.1)
activejob (= 5.2.4.1)
activemodel (= 5.2.4.1)
activerecord (= 5.2.4.1)
activestorage (= 5.2.4.1)
activesupport (= 5.2.4.1)
rails (5.2.4.2)
actioncable (= 5.2.4.2)
actionmailer (= 5.2.4.2)
actionpack (= 5.2.4.2)
actionview (= 5.2.4.2)
activejob (= 5.2.4.2)
activemodel (= 5.2.4.2)
activerecord (= 5.2.4.2)
activestorage (= 5.2.4.2)
activesupport (= 5.2.4.2)
bundler (>= 1.3.0)
railties (= 5.2.4.1)
railties (= 5.2.4.2)
sprockets-rails (>= 2.0.0)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
railties (5.2.4.1)
actionpack (= 5.2.4.1)
activesupport (= 5.2.4.1)
railties (5.2.4.2)
actionpack (= 5.2.4.2)
activesupport (= 5.2.4.2)
method_source
rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0)
@ -135,15 +135,15 @@ GEM
rbpdf-font (~> 1.19.0)
rbpdf-font (1.19.1)
redcarpet (3.5.0)
regexp_parser (1.6.0)
regexp_parser (1.7.0)
request_store (1.4.1)
rack (>= 1.4)
roadie (3.5.1)
roadie (4.0.0)
css_parser (~> 1.4)
nokogiri (~> 1.8)
roadie-rails (2.1.0)
roadie-rails (2.1.1)
railties (>= 5.1, < 6.1)
roadie (~> 3.1)
roadie (>= 3.1, < 5.0)
rouge (3.12.0)
rubocop (0.76.0)
jaro_winkler (~> 1.5.1)
@ -152,15 +152,15 @@ GEM
rainbow (>= 2.2.2, < 4.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 1.7)
rubocop-performance (1.5.1)
rubocop-performance (1.5.2)
rubocop (>= 0.71.0)
rubocop-rails (2.3.2)
rack (>= 1.1)
rubocop (>= 0.72.0)
ruby-openid (2.9.2)
ruby-progressbar (1.10.1)
rubyzip (2.0.0)
selenium-webdriver (3.142.6)
rubyzip (2.3.0)
selenium-webdriver (3.142.7)
childprocess (>= 0.5, < 4.0)
rubyzip (>= 1.2.2)
simplecov (0.17.1)
@ -177,15 +177,15 @@ GEM
sprockets (>= 3.0.0)
thor (1.0.1)
thread_safe (0.3.6)
tzinfo (1.2.5)
tzinfo (1.2.7)
thread_safe (~> 0.1)
unicode-display_width (1.6.0)
unicode-display_width (1.6.1)
websocket-driver (0.7.1)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.4)
xpath (3.2.0)
nokogiri (~> 1.8)
yard (0.9.20)
yard (0.9.24)
PLATFORMS
ruby
@ -208,7 +208,7 @@ DEPENDENCIES
pg (~> 1.1.4)
puma (~> 3.7)
rack-openid
rails (= 5.2.4.1)
rails (= 5.2.4.2)
rails-dom-testing
rbpdf (~> 1.20.0)
redcarpet (~> 3.5.0)
@ -224,5 +224,8 @@ DEPENDENCIES
tzinfo-data
yard
RUBY VERSION
ruby 2.6.6p146
BUNDLED WITH
2.1.4

6
pkgs/applications/version-management/redmine/default.nix
View file

@ -1,13 +1,13 @@
{ stdenv, fetchurl, bundlerEnv, ruby }:
let
version = "4.1.0";
version = "4.1.1";
rubyEnv = bundlerEnv {
name = "redmine-env-${version}";
inherit ruby;
gemdir = ./.;
groups = [ "ldap" "openid" ];
groups = [ "development" "ldap" "markdown" "minimagick" "openid" "test" ];
};
in
stdenv.mkDerivation rec {
@ -16,7 +16,7 @@ in
src = fetchurl {
url = "https://www.redmine.org/releases/${pname}-${version}.tar.gz";
sha256 = "1fxc0xql54cfvj4g8v31vsv19jbij326qkgdz2h5xlp09r821wli";
sha256 = "1nndy5hz8zvfglxf1f3bsb1pkrfwinfxzkdan1vjs3rkckkszyh5";
};
buildInputs = [ rubyEnv rubyEnv.wrappedRuby rubyEnv.bundler ];

Some files were not shown because too many files have changed in this diff Show more