Browse Source

Merge staging-next into staging

nsd-state-dir
github-actions[bot] 1 year ago
committed by GitHub
parent
commit
78ae7ac75e
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 4
      .github/workflows/merge-staging.yml
  2. 23
      lib/systems/parse.nix
  3. 16
      nixos/doc/manual/release-notes/rl-2105.xml
  4. 8
      nixos/modules/installer/tools/nix-fallback-paths.nix
  5. 1
      nixos/modules/services/monitoring/prometheus/exporters.nix
  6. 38
      nixos/modules/services/monitoring/prometheus/exporters/kea.nix
  7. 196
      nixos/modules/services/networking/radicale.nix
  8. 16
      nixos/modules/services/web-servers/apache-httpd/default.nix
  9. 1
      nixos/tests/all-tests.nix
  10. 99
      nixos/tests/dendrite.nix
  11. 51
      nixos/tests/prometheus-exporters.nix
  12. 209
      nixos/tests/radicale.nix
  13. 14
      nixos/tests/sway.nix
  14. 4
      pkgs/applications/audio/strawberry/default.nix
  15. 45
      pkgs/applications/editors/emacs-modes/elpa-generated.nix
  16. 12
      pkgs/applications/editors/emacs-modes/org-generated.nix
  17. 2111
      pkgs/applications/editors/emacs-modes/recipes-archive-melpa.json
  18. 2
      pkgs/applications/editors/emacs-modes/sunrise-commander/default.nix
  19. 10
      pkgs/applications/editors/vscode/vscode.nix
  20. 5
      pkgs/applications/graphics/ImageMagick/6.x.nix
  21. 4
      pkgs/applications/networking/browsers/brave/default.nix
  22. 4
      pkgs/applications/networking/cluster/kubernetes/default.nix
  23. 6
      pkgs/applications/networking/dnscontrol/default.nix
  24. 3
      pkgs/applications/networking/p2p/transmission/default.nix
  25. 8
      pkgs/applications/science/biology/cd-hit/default.nix
  26. 4
      pkgs/applications/video/kodi-packages/inputstream-ffmpegdirect/default.nix
  27. 4
      pkgs/applications/video/kodi-packages/pvr-iptvsimple/default.nix
  28. 8
      pkgs/applications/video/kodi/unwrapped.nix
  29. 4
      pkgs/data/themes/amber/default.nix
  30. 1
      pkgs/development/compilers/copper/default.nix
  31. 30
      pkgs/development/compilers/zig/default.nix
  32. 4
      pkgs/development/interpreters/erlang/R23.nix
  33. 48
      pkgs/development/interpreters/lua-5/5.4.darwin.patch
  34. 6
      pkgs/development/interpreters/lua-5/default.nix
  35. 3
      pkgs/development/interpreters/lua-5/interpreter.nix
  36. 4
      pkgs/development/libraries/libxc/default.nix
  37. 39
      pkgs/development/libraries/taglib/default.nix
  38. 4
      pkgs/development/python-modules/adafruit-platformdetect/default.nix
  39. 14
      pkgs/development/python-modules/ansible-lint/default.nix
  40. 2
      pkgs/development/python-modules/ansible/collections.nix
  41. 18
      pkgs/development/python-modules/gpapi/default.nix
  42. 64
      pkgs/development/python-modules/pycurl/default.nix
  43. 4
      pkgs/development/python-modules/pydicom/default.nix
  44. 16
      pkgs/development/python-modules/pyfuse3/default.nix
  45. 51
      pkgs/development/python-modules/pytaglib/default.nix
  46. 13
      pkgs/development/python-modules/rfc3339-validator/default.nix
  47. 2
      pkgs/development/python-modules/telfhash/default.nix
  48. 30
      pkgs/development/python-modules/telfhash/telfhash-new-tlsh-hash.patch
  49. 5
      pkgs/development/tools/ecpdap/default.nix
  50. 31
      pkgs/development/tools/misc/jiq/default.nix
  51. 2
      pkgs/development/tools/pypi2nix/default.nix
  52. 6
      pkgs/development/tools/rust/cargo-msrv/default.nix
  53. 8
      pkgs/development/web/postman/default.nix
  54. 4
      pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix
  55. 4
      pkgs/misc/vscode-extensions/python/default.nix
  56. 4
      pkgs/os-specific/linux/ell/default.nix
  57. 3
      pkgs/os-specific/linux/iputils/default.nix
  58. 6
      pkgs/os-specific/linux/iwd/default.nix
  59. 4
      pkgs/servers/computing/slurm/default.nix
  60. 6
      pkgs/servers/dendrite/default.nix
  61. 8
      pkgs/servers/irc/inspircd/default.nix
  62. 33
      pkgs/servers/monitoring/prometheus/kea-exporter.nix
  63. 4
      pkgs/servers/web-apps/wallabag/default.nix
  64. 8
      pkgs/servers/xmpp/prosody/default.nix
  65. 6
      pkgs/shells/oil/default.nix
  66. 6
      pkgs/tools/admin/clair/default.nix
  67. 4
      pkgs/tools/audio/volctl/default.nix
  68. 4
      pkgs/tools/graphics/dmtx-utils/default.nix
  69. 4
      pkgs/tools/misc/code-minimap/default.nix
  70. 4
      pkgs/tools/misc/jdupes/default.nix
  71. 8
      pkgs/tools/misc/lorri/default.nix
  72. 4
      pkgs/tools/misc/nix-direnv/default.nix
  73. 34
      pkgs/tools/networking/calendar-cli/default.nix
  74. 4
      pkgs/tools/networking/chrony/default.nix
  75. 9
      pkgs/tools/networking/findomain/default.nix
  76. 3
      pkgs/tools/networking/inetutils/default.nix
  77. 4
      pkgs/tools/networking/ofono/default.nix
  78. 11
      pkgs/tools/package-management/nix/default.nix
  79. 2
      pkgs/tools/security/metasploit/Gemfile
  80. 16
      pkgs/tools/security/metasploit/Gemfile.lock
  81. 4
      pkgs/tools/security/metasploit/default.nix
  82. 32
      pkgs/tools/security/metasploit/gemset.nix
  83. 20
      pkgs/tools/typesetting/tex/auctex/default.nix
  84. 18
      pkgs/top-level/all-packages.nix

4
.github/workflows/merge-staging.yml

@ -14,6 +14,7 @@ jobs:
- uses: actions/checkout@v2
- name: Merge master into staging-next
id: staging_next
uses: devmasx/merge-branch@v1.3.1
with:
type: now
@ -22,6 +23,7 @@ jobs:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Merge staging-next into staging
id: staging
uses: devmasx/merge-branch@v1.3.1
with:
type: now
@ -35,5 +37,5 @@ jobs:
with:
issue-number: 105153
body: |
An automatic merge [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}).
An automatic merge${{ (steps.staging_next.outcome == 'failure' && ' from master to staging-next') || ((steps.staging.outcome == 'failure' && ' from staging-next to staging') || '') }} [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}).

23
lib/systems/parse.nix

@ -121,15 +121,20 @@ rec {
js = { bits = 32; significantByte = littleEndian; family = "js"; };
};
# Determine where two CPUs are compatible with each other. That is,
# can we run code built for system b on system a? For that to
# happen, then the set of all possible possible programs that system
# b accepts must be a subset of the set of all programs that system
# a accepts. This compatibility relation forms a category where each
# CPU is an object and each arrow from a to b represents
# compatibility. CPUs with multiple modes of Endianness are
# isomorphic while all CPUs are endomorphic because any program
# built for a CPU can run on that CPU.
# Determine when two CPUs are compatible with each other. That is,
# can code built for system B run on system A? For that to happen,
# the programs that system B accepts must be a subset of the
# programs that system A accepts.
#
# We have the following properties of the compatibility relation,
# which must be preserved when adding compatibility information for
# additional CPUs.
# - (reflexivity)
# Every CPU is compatible with itself.
# - (transitivity)
# If A is compatible with B and B is compatible with C then A is compatible with C.
# - (compatible under multiple endianness)
# CPUs with multiple modes of endianness are pairwise compatible.
isCompatible = a: b: with cpuTypes; lib.any lib.id [
# x86
(b == i386 && isCompatible a i486)

16
nixos/doc/manual/release-notes/rl-2105.xml

@ -78,7 +78,7 @@
</listitem>
<listitem>
<para>
<link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.0 "Matrix". See
<link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See
the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for
further details.
</para>
@ -738,6 +738,20 @@ environment.systemPackages = [
The <package>yadm</package> dotfile manager has been updated from 2.x to 3.x, which has new (XDG) default locations for some data/state files. Most yadm commands will fail and print a legacy path warning (which describes how to upgrade/migrate your repository). If you have scripts, daemons, scheduled jobs, shell profiles, etc. that invoke yadm, expect them to fail or misbehave until you perform this migration and prepare accordingly.
</para>
</listitem>
<listitem>
<para>
Instead of determining <option>services.radicale.package</option>
automatically based on <option>system.stateVersion</option>, the latest
version is always used because old versions are not officially supported.
</para>
<para>
Furthermore, Radicale's systemd unit was hardened which might break some
deployments. In particular, a non-default
<literal>filesystem_folder</literal> has to be added to
<option>systemd.services.radicale.serviceConfig.ReadWritePaths</option> if
the deprecated <option>services.radicale.config</option> is used.
</para>
</listitem>
</itemizedlist>
</section>

8
nixos/modules/installer/tools/nix-fallback-paths.nix

@ -1,6 +1,6 @@
{
x86_64-linux = "/nix/store/iwfs2bfcy7lqwhri94p2i6jc87ih55zk-nix-2.3.10";
i686-linux = "/nix/store/a3ccfvy9i5n418d5v0bir330kbcz3vj8-nix-2.3.10";
aarch64-linux = "/nix/store/bh5g6cv7bv35iz853d3xv2sphn51ybmb-nix-2.3.10";
x86_64-darwin = "/nix/store/8c98r6zlwn2d40qm7jnnrr2rdlqviszr-nix-2.3.10";
x86_64-linux = "/nix/store/d1ppfhjhdwcsb4npfzyifv5z8i00fzsk-nix-2.3.11";
i686-linux = "/nix/store/c6ikndcrzwpfn2sb5b9xb1f17p9b8iga-nix-2.3.11";
aarch64-linux = "/nix/store/fb0lfrn0m8s197d264jzd64vhz9c8zbx-nix-2.3.11";
x86_64-darwin = "/nix/store/qvb86ffv08q3r66qbd6nqifz425lyyhf-nix-2.3.11";
}

1
nixos/modules/services/monitoring/prometheus/exporters.nix

@ -34,6 +34,7 @@ let
"fritzbox"
"json"
"jitsi"
"kea"
"keylight"
"knot"
"lnd"

38
nixos/modules/services/monitoring/prometheus/exporters/kea.nix

@ -0,0 +1,38 @@
{ config
, lib
, pkgs
, options
}:
with lib;
let
cfg = config.services.prometheus.exporters.kea;
in {
port = 9547;
extraOpts = {
controlSocketPaths = mkOption {
type = types.listOf types.str;
example = literalExample ''
[
"/run/kea/kea-dhcp4.socket"
"/run/kea/kea-dhcp6.socket"
]
'';
description = ''
Paths to kea control sockets
'';
};
};
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-kea-exporter}/bin/kea-exporter \
--address ${cfg.listenAddress} \
--port ${toString cfg.port} \
${concatStringsSep " \\n" cfg.controlSocketPaths}
'';
SupplementaryGroups = [ "kea" ];
};
};
}

196
nixos/modules/services/networking/radicale.nix

@ -3,56 +3,103 @@
with lib;
let
cfg = config.services.radicale;
confFile = pkgs.writeText "radicale.conf" cfg.config;
defaultPackage = if versionAtLeast config.system.stateVersion "20.09" then {
pkg = pkgs.radicale3;
text = "pkgs.radicale3";
} else if versionAtLeast config.system.stateVersion "17.09" then {
pkg = pkgs.radicale2;
text = "pkgs.radicale2";
} else {
pkg = pkgs.radicale1;
text = "pkgs.radicale1";
format = pkgs.formats.ini {
listToValue = concatMapStringsSep ", " (generators.mkValueStringDefault { });
};
in
{
pkg = if isNull cfg.package then
pkgs.radicale
else
cfg.package;
confFile = if cfg.settings == { } then
pkgs.writeText "radicale.conf" cfg.config
else
format.generate "radicale.conf" cfg.settings;
rightsFile = format.generate "radicale.rights" cfg.rights;
options = {
services.radicale.enable = mkOption {
type = types.bool;
default = false;
bindLocalhost = cfg.settings != { } && !hasAttrByPath [ "server" "hosts" ] cfg.settings;
in {
options.services.radicale = {
enable = mkEnableOption "Radicale CalDAV and CardDAV server";
package = mkOption {
description = "Radicale package to use.";
# Default cannot be pkgs.radicale because non-null values suppress
# warnings about incompatible configuration and storage formats.
type = with types; nullOr package // { inherit (package) description; };
default = null;
defaultText = "pkgs.radicale";
};
config = mkOption {
type = types.str;
default = "";
description = ''
Enable Radicale CalDAV and CardDAV server.
Radicale configuration, this will set the service
configuration file.
This option is mutually exclusive with <option>settings</option>.
This option is deprecated. Use <option>settings</option> instead.
'';
};
services.radicale.package = mkOption {
type = types.package;
default = defaultPackage.pkg;
defaultText = defaultPackage.text;
settings = mkOption {
type = format.type;
default = { };
description = ''
Radicale package to use. This defaults to version 1.x if
<literal>system.stateVersion &lt; 17.09</literal>, version 2.x if
<literal>17.09 system.stateVersion &lt; 20.09</literal>, and
version 3.x otherwise.
Configuration for Radicale. See
<link xlink:href="https://radicale.org/3.0.html#documentation/configuration" />.
This option is mutually exclusive with <option>config</option>.
'';
example = literalExample ''
server = {
hosts = [ "0.0.0.0:5232" "[::]:5232" ];
};
auth = {
type = "htpasswd";
htpasswd_filename = "/etc/radicale/users";
htpasswd_encryption = "bcrypt";
};
storage = {
filesystem_folder = "/var/lib/radicale/collections";
};
'';
};
services.radicale.config = mkOption {
type = types.str;
default = "";
rights = mkOption {
type = format.type;
description = ''
Radicale configuration, this will set the service
configuration file.
Configuration for Radicale's rights file. See
<link xlink:href="https://radicale.org/3.0.html#documentation/authentication-and-rights" />.
This option only works in conjunction with <option>settings</option>.
Setting this will also set <option>settings.rights.type</option> and
<option>settings.rights.file</option> to approriate values.
'';
default = { };
example = literalExample ''
root = {
user = ".+";
collection = "";
permissions = "R";
};
principal = {
user = ".+";
collection = "{user}";
permissions = "RW";
};
calendars = {
user = ".+";
collection = "{user}/[^/]+";
permissions = "rw";
};
'';
};
services.radicale.extraArgs = mkOption {
extraArgs = mkOption {
type = types.listOf types.str;
default = [];
description = "Extra arguments passed to the Radicale daemon.";
@ -60,33 +107,94 @@ in
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
assertions = [
{
assertion = cfg.settings == { } || cfg.config == "";
message = ''
The options services.radicale.config and services.radicale.settings
are mutually exclusive.
'';
}
];
users.users.radicale =
{ uid = config.ids.uids.radicale;
description = "radicale user";
home = "/var/lib/radicale";
createHome = true;
};
warnings = optional (isNull cfg.package && versionOlder config.system.stateVersion "17.09") ''
The configuration and storage formats of your existing Radicale
installation might be incompatible with the newest version.
For upgrade instructions see
https://radicale.org/2.1.html#documentation/migration-from-1xx-to-2xx.
Set services.radicale.package to suppress this warning.
'' ++ optional (isNull cfg.package && versionOlder config.system.stateVersion "20.09") ''
The configuration format of your existing Radicale installation might be
incompatible with the newest version. For upgrade instructions see
https://github.com/Kozea/Radicale/blob/3.0.6/NEWS.md#upgrade-checklist.
Set services.radicale.package to suppress this warning.
'' ++ optional (cfg.config != "") ''
The option services.radicale.config is deprecated.
Use services.radicale.settings instead.
'';
services.radicale.settings.rights = mkIf (cfg.rights != { }) {
type = "from_file";
file = toString rightsFile;
};
environment.systemPackages = [ pkg ];
users.users.radicale.uid = config.ids.uids.radicale;
users.groups.radicale =
{ gid = config.ids.gids.radicale; };
users.groups.radicale.gid = config.ids.gids.radicale;
systemd.services.radicale = {
description = "A Simple Calendar and Contact Server";
after = [ "network.target" ];
requires = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = concatStringsSep " " ([
"${cfg.package}/bin/radicale" "-C" confFile
"${pkg}/bin/radicale" "-C" confFile
] ++ (
map escapeShellArg cfg.extraArgs
));
User = "radicale";
Group = "radicale";
StateDirectory = "radicale/collections";
StateDirectoryMode = "0750";
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "/dev/stdin" ];
DevicePolicy = "strict";
IPAddressAllow = mkIf bindLocalhost "localhost";
IPAddressDeny = mkIf bindLocalhost "any";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ReadWritePaths = lib.optional
(hasAttrByPath [ "storage" "filesystem_folder" ] cfg.settings)
cfg.settings.storage.filesystem_folder;
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
UMask = "0027";
};
};
};
meta.maintainers = with lib.maintainers; [ aneeshusa infinisil ];
meta.maintainers = with lib.maintainers; [ aneeshusa infinisil dotlambda ];
}

16
nixos/modules/services/web-servers/apache-httpd/default.nix

@ -15,11 +15,9 @@ let
apachectl = pkgs.runCommand "apachectl" { meta.priority = -1; } ''
mkdir -p $out/bin
cp ${pkg}/bin/apachectl $out/bin/apachectl
sed -i $out/bin/apachectl -e 's|$HTTPD -t|$HTTPD -t -f ${httpdConf}|'
sed -i $out/bin/apachectl -e 's|$HTTPD -t|$HTTPD -t -f /etc/httpd/httpd.conf|'
'';
httpdConf = cfg.configFile;
php = cfg.phpPackage.override { apacheHttpd = pkg; };
phpModuleName = let
@ -682,6 +680,8 @@ in
}) (filter (hostOpts: hostOpts.useACMEHost == null) acmeEnabledVhosts);
in listToAttrs acmePairs;
# httpd requires a stable path to the configuration file for reloads
environment.etc."httpd/httpd.conf".source = cfg.configFile;
environment.systemPackages = [
apachectl
pkg
@ -753,6 +753,7 @@ in
wants = concatLists (map (certName: [ "acme-finished-${certName}.target" ]) dependentCertNames);
after = [ "network.target" ] ++ map (certName: "acme-selfsigned-${certName}.service") dependentCertNames;
before = map (certName: "acme-${certName}.service") dependentCertNames;
restartTriggers = [ cfg.configFile ];
path = [ pkg pkgs.coreutils pkgs.gnugrep ];
@ -771,9 +772,9 @@ in
'';
serviceConfig = {
ExecStart = "@${pkg}/bin/httpd httpd -f ${httpdConf}";
ExecStop = "${pkg}/bin/httpd -f ${httpdConf} -k graceful-stop";
ExecReload = "${pkg}/bin/httpd -f ${httpdConf} -k graceful";
ExecStart = "@${pkg}/bin/httpd httpd -f /etc/httpd/httpd.conf";
ExecStop = "${pkg}/bin/httpd -f /etc/httpd/httpd.conf -k graceful-stop";
ExecReload = "${pkg}/bin/httpd -f /etc/httpd/httpd.conf -k graceful";
User = cfg.user;
Group = cfg.group;
Type = "forking";
@ -800,6 +801,7 @@ in
# certs are updated _after_ config has been reloaded.
before = sslTargets;
after = sslServices;
restartTriggers = [ cfg.configFile ];
# Block reloading if not all certs exist yet.
# Happens when config changes add new vhosts/certs.
unitConfig.ConditionPathExists = map (certName: certs.${certName}.directory + "/fullchain.pem") dependentCertNames;
@ -807,7 +809,7 @@ in
Type = "oneshot";
TimeoutSec = 60;
ExecCondition = "/run/current-system/systemd/bin/systemctl -q is-active httpd.service";
ExecStartPre = "${pkg}/bin/httpd -f ${httpdConf} -t";
ExecStartPre = "${pkg}/bin/httpd -f /etc/httpd/httpd.conf -t";
ExecStart = "/run/current-system/systemd/bin/systemctl reload httpd.service";
};
};

1
nixos/tests/all-tests.nix

@ -91,6 +91,7 @@ in
custom-ca = handleTest ./custom-ca.nix {};
croc = handleTest ./croc.nix {};
deluge = handleTest ./deluge.nix {};
dendrite = handleTest ./dendrite.nix {};
dhparams = handleTest ./dhparams.nix {};
discourse = handleTest ./discourse.nix {};
dnscrypt-proxy2 = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy2.nix {};

99
nixos/tests/dendrite.nix

@ -0,0 +1,99 @@
import ./make-test-python.nix (
{ pkgs, ... }:
let
homeserverUrl = "http://homeserver:8008";
private_key = pkgs.runCommand "matrix_key.pem" {
buildInputs = [ pkgs.dendrite ];
} "generate-keys --private-key $out";
in
{
name = "dendrite";
meta = with pkgs.lib; {
maintainers = teams.matrix.members;
};
nodes = {
homeserver = { pkgs, ... }: {
services.dendrite = {
enable = true;
settings = {
global.server_name = "test-dendrite-server.com";
global.private_key = private_key;
client_api.registration_disabled = false;
};
};
networking.firewall.allowedTCPPorts = [ 8008 ];
};
client = { pkgs, ... }: {
environment.systemPackages = [
(
pkgs.writers.writePython3Bin "do_test"
{ libraries = [ pkgs.python3Packages.matrix-nio ]; } ''
import asyncio
from nio import AsyncClient
async def main() -> None:
# Connect to dendrite
client = AsyncClient("http://homeserver:8008", "alice")
# Register as user alice
response = await client.register("alice", "my-secret-password")
# Log in as user alice
response = await client.login("my-secret-password")
# Create a new room
response = await client.room_create(federate=False)
room_id = response.room_id
# Join the room
response = await client.join(room_id)
# Send a message to the room
response = await client.room_send(
room_id=room_id,
message_type="m.room.message",
content={
"msgtype": "m.text",
"body": "Hello world!"
}
)
# Sync responses
response = await client.sync(timeout=30000)
# Check the message was received by dendrite
last_message = response.rooms.join[room_id].timeline.events[-1].body
assert last_message == "Hello world!"
# Leave the room
response = await client.room_leave(room_id)
# Close the client
await client.close()
asyncio.get_event_loop().run_until_complete(main())
''
)
];
};
};
testScript = ''
start_all()
with subtest("start the homeserver"):
homeserver.wait_for_unit("dendrite.service")
homeserver.wait_for_open_port(8008)
with subtest("ensure messages can be exchanged"):
client.succeed("do_test")
'';
}
)

51
nixos/tests/prometheus-exporters.nix

@ -326,6 +326,57 @@ let
'';
};
kea = {
exporterConfig = {
enable = true;
controlSocketPaths = [
"/run/kea/kea-dhcp6.sock"
];
};
metricProvider = {
users.users.kea = {
isSystemUser = true;
};
users.groups.kea = {};
systemd.services.prometheus-kea-exporter.after = [ "kea-dhcp6.service" ];
systemd.services.kea-dhcp6 = let
configFile = pkgs.writeText "kea-dhcp6.conf" (builtins.toJSON {
Dhcp6 = {
"control-socket" = {
"socket-type" = "unix";
"socket-name" = "/run/kea/kea-dhcp6.sock";
};
};
});
in
{
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = false;
User = "kea";
Group = "kea";
ExecStart = "${pkgs.kea}/bin/kea-dhcp6 -c ${configFile}";
StateDirectory = "kea";
RuntimeDirectory = "kea";
UMask = "0007";
};
};
};
exporterTest = ''
wait_for_unit("kea-dhcp6.service")
wait_for_file("/run/kea/kea-dhcp6.sock")
wait_for_unit("prometheus-kea-exporter.service")
wait_for_open_port(9547)
succeed(
"curl --fail localhost:9547/metrics | grep 'packets_received_total'"
)
'';
};
knot = {
exporterConfig = {
enable = true;

209
nixos/tests/radicale.nix

@ -1,140 +1,95 @@
import ./make-test-python.nix ({ lib, pkgs, ... }:
let
user = "someuser";
password = "some_password";
port = builtins.toString 5232;
port = "5232";
filesystem_folder = "/data/radicale";
cli = "${pkgs.calendar-cli}/bin/calendar-cli --caldav-user ${user} --caldav-pass ${password}";
in {
name = "radicale3";
meta.maintainers = with lib.maintainers; [ dotlambda ];
common = { pkgs, ... }: {
machine = { pkgs, ... }: {
services.radicale = {
enable = true;
config = ''
[auth]
type = htpasswd
htpasswd_filename = /etc/radicale/htpasswd
htpasswd_encryption = bcrypt
[storage]
filesystem_folder = /tmp/collections
'';
settings = {
auth = {
type = "htpasswd";
htpasswd_filename = "/etc/radicale/users";
htpasswd_encryption = "bcrypt";
};
storage = {
inherit filesystem_folder;
hook = "git add -A && (git diff --cached --quiet || git commit -m 'Changes by '%(user)s)";
};
logging.level = "info";
};
rights = {
principal = {
user = ".+";
collection = "{user}";
permissions = "RW";
};
calendars = {
user = ".+";
collection = "{user}/[^/]+";
permissions = "rw";
};
};
};
systemd.services.radicale.path = [ pkgs.git ];
environment.systemPackages = [ pkgs.git ];
systemd.tmpfiles.rules = [ "d ${filesystem_folder} 0750 radicale radicale -" ];
# WARNING: DON'T DO THIS IN PRODUCTION!
# This puts unhashed secrets directly into the Nix store for ease of testing.
environment.etc."radicale/htpasswd".source = pkgs.runCommand "htpasswd" {} ''
environment.etc."radicale/users".source = pkgs.runCommand "htpasswd" {} ''
${pkgs.apacheHttpd}/bin/htpasswd -bcB "$out" ${user} ${password}
'';
};
in
import ./make-test-python.nix ({ lib, ... }@args: {
name = "radicale";
meta.maintainers = with lib.maintainers; [ aneeshusa infinisil ];
nodes = rec {
radicale = radicale1; # Make the test script read more nicely
radicale1 = lib.recursiveUpdate (common args) {
nixpkgs.overlays = [
(self: super: {
radicale1 = super.radicale1.overrideAttrs (oldAttrs: {
propagatedBuildInputs = with self.pythonPackages;
(oldAttrs.propagatedBuildInputs or []) ++ [ passlib ];
});
})
];
system.stateVersion = "17.03";
};
radicale1_export = lib.recursiveUpdate radicale1 {
services.radicale.extraArgs = [
"--export-storage" "/tmp/collections-new"
];
system.stateVersion = "17.03";
};
radicale2_verify = lib.recursiveUpdate radicale2 {
services.radicale.extraArgs = [ "--debug" "--verify-storage" ];
system.stateVersion = "17.09";
};
radicale2 = lib.recursiveUpdate (common args) {
system.stateVersion = "17.09";
};
radicale3 = lib.recursiveUpdate (common args) {
system.stateVersion = "20.09";
};
};
# This tests whether the web interface is accessible to an authenticated user
testScript = { nodes }: let
switchToConfig = nodeName: let
newSystem = nodes.${nodeName}.config.system.build.toplevel;
in "${newSystem}/bin/switch-to-configuration test";
in ''
with subtest("Check Radicale 1 functionality"):
radicale.succeed(
"${switchToConfig "radicale1"} >&2"
)
radicale.wait_for_unit("radicale.service")
radicale.wait_for_open_port(${port})
radicale.succeed(
"curl --fail http://${user}:${password}@localhost:${port}/someuser/calendar.ics/"
)
with subtest("Export data in Radicale 2 format"):
radicale.succeed("systemctl stop radicale")
radicale.succeed("ls -al /tmp/collections")
radicale.fail("ls -al /tmp/collections-new")
with subtest("Radicale exits immediately after exporting storage"):
radicale.succeed(
"${switchToConfig "radicale1_export"} >&2"
)
radicale.wait_until_fails("systemctl status radicale")
radicale.succeed("ls -al /tmp/collections")
radicale.succeed("ls -al /tmp/collections-new")
with subtest("Verify data in Radicale 2 format"):
radicale.succeed("rm -r /tmp/collections/${user}")
radicale.succeed("mv /tmp/collections-new/collection-root /tmp/collections")
radicale.succeed(
"${switchToConfig "radicale2_verify"} >&2"
)
radicale.wait_until_fails("systemctl status radicale")
(retcode, logs) = radicale.execute("journalctl -u radicale -n 10")
assert (
retcode == 0 and "Verifying storage" in logs
), "Radicale 2 didn't verify storage"
assert (
"failed" not in logs and "exception" not in logs
), "storage verification failed"
with subtest("Check Radicale 2 functionality"):
radicale.succeed(
"${switchToConfig "radicale2"} >&2"
)
radicale.wait_for_unit("radicale.service")
radicale.wait_for_open_port(${port})
(retcode, output) = radicale.execute(
"curl --fail http://${user}:${password}@localhost:${port}/someuser/calendar.ics/"
)
assert (
retcode == 0 and "VCALENDAR" in output
), "Could not read calendar from Radicale 2"
radicale.succeed("curl --fail http://${user}:${password}@localhost:${port}/.web/")
with subtest("Check Radicale 3 functionality"):
radicale.succeed(
"${switchToConfig "radicale3"} >&2"
)
radicale.wait_for_unit("radicale.service")
radicale.wait_for_open_port(${port})
(retcode, output) = radicale.execute(
"curl --fail http://${user}:${password}@localhost:${port}/someuser/calendar.ics/"
)
assert (
retcode == 0 and "VCALENDAR" in output
), "Could not read calendar from Radicale 3"
radicale.succeed("curl --fail http://${user}:${password}@localhost:${port}/.web/")
'';
testScript = ''
machine.wait_for_unit("radicale.service")
machine.wait_for_open_port(${port})
machine.succeed("sudo -u radicale git -C ${filesystem_folder} init")
machine.succeed(
"sudo -u radicale git -C ${filesystem_folder} config --local user.email radicale@example.com"
)
machine.succeed(
"sudo -u radicale git -C ${filesystem_folder} config --local user.name radicale"
)
with subtest("Test calendar and event creation"):
machine.succeed(
"${cli} --caldav-url http://localhost:${port}/${user} calendar create cal"
)
machine.succeed("test -d ${filesystem_folder}/collection-root/${user}/cal")
machine.succeed('test -z "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')
machine.succeed(
"${cli} --caldav-url http://localhost:${port}/${user}/cal calendar add 2021-04-23 testevent"
)
machine.succeed('test -n "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')
(status, stdout) = machine.execute(
"sudo -u radicale git -C ${filesystem_folder} log --format=oneline | wc -l"
)
assert status == 0, "git log failed"
assert stdout == "3\n", "there should be exactly 3 commits"
with subtest("Test rights file"):
machine.fail(
"${cli} --caldav-url http://localhost:${port}/${user} calendar create sub/cal"
)
machine.fail(
"${cli} --caldav-url http://localhost:${port}/otheruser calendar create cal"
)
with subtest("Test web interface"):
machine.succeed("curl --fail http://${user}:${password}@localhost:${port}/.web/")
with subtest("Test security"):
output = machine.succeed("systemd-analyze security radicale.service")
machine.log(output)
assert output[-9:-1] == "SAFE :-}"
'';
})

14
nixos/tests/sway.nix

@ -38,6 +38,9 @@ import ./make-test-python.nix ({ pkgs, lib, ...} :
programs.sway.enable = true;
# To test pinentry via gpg-agent:
programs.gnupg.agent.enable = true;
virtualisation.memorySize = 1024;
# Need to switch to a different VGA card / GPU driver than the default one (std) so that Sway can launch:
virtualisation.qemu.options = [ "-vga virtio" ];
@ -80,6 +83,17 @@ import ./make-test-python.nix ({ pkgs, lib, ...} :
machine.send_key("alt-shift-q")
machine.wait_until_fails("pgrep alacritty")
# Test gpg-agent starting pinentry-gnome3 via D-Bus (tests if
# $WAYLAND_DISPLAY is correctly imported into the D-Bus user env):
machine.succeed(
"su - alice -c 'swaymsg -- exec gpg --no-tty --yes --quick-generate-key test'"
)
machine.wait_until_succeeds("pgrep --exact gpg")
machine.wait_for_text("Passphrase")
machine.screenshot("gpg_pinentry")
machine.send_key("alt-shift-q")
machine.wait_until_fails("pgrep --exact gpg")
# Test swaynag:
machine.send_key("alt-shift-e")
machine.wait_for_text("You pressed the exit shortcut.")

4
pkgs/applications/audio/strawberry/default.nix

@ -82,10 +82,6 @@ mkDerivation rec {
util-linux
];
cmakeFlags = [
"-DUSE_SYSTEM_TAGLIB=ON"
];
postInstall = ''
qtWrapperArgs+=(--prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0")
'';

45
pkgs/applications/editors/emacs-modes/elpa-generated.nix

@ -655,10 +655,10 @@
elpaBuild {
pname = "corfu";
ename = "corfu";
version = "0.4";
version = "0.6";
src = fetchurl {
url = "https://elpa.gnu.org/packages/corfu-0.4.tar";
sha256 = "0yaspx58w02n3liqy5i4lm6lk5f1fm6v5lfrzp7xaqnngq1f4gbj";
url = "https://elpa.gnu.org/packages/corfu-0.6.tar";
sha256 = "0zl769l3mmy4b0pj70dwjllq0224r2w4l45xvaqbj75qfqclj6cj";
};
packageRequires = [ emacs ];
meta = {
@ -1045,10 +1045,10 @@
elpaBuild {
pname = "eev";
ename = "eev";
version = "20210102";
version = "20210512";
src = fetchurl {
url = "https://elpa.gnu.org/packages/eev-20210102.tar";
sha256 = "14vpgcncmzzbv8v78v221hdhigvk00vqiizwd8dy0b7hqz6gl0rq";
url = "https://elpa.gnu.org/packages/eev-20210512.tar";
sha256 = "0dj49lpqv5vsx02h8mla8cmv5cr5f2qbz74f9dn8q4adpzxsajin";
};
packageRequires = [ emacs ];
meta = {
@ -1148,10 +1148,10 @@
elpaBuild {
pname = "elisp-benchmarks";
ename = "elisp-benchmarks";
version = "1.11";
version = "1.12";
src = fetchurl {
url = "https://elpa.gnu.org/packages/elisp-benchmarks-1.11.tar";
sha256 = "0s1mpapvcivy25zbhw6ghpg0ym23vb4dsrz876rl4z2rfyckxral";
url = "https://elpa.gnu.org/packages/elisp-benchmarks-1.12.tar";
sha256 = "0jzpzif4vrjg5hl0hxg4aqvi6nv56cxa1w0amnkgcz4hsscxkvwm";
};
packageRequires = [];
meta = {
@ -1159,16 +1159,21 @@
license = lib.licenses.free;
};
}) {};
emms = callPackage ({ cl-lib ? null, elpaBuild, fetchurl, lib, seq }:
emms = callPackage ({ cl-lib ? null
, elpaBuild
, fetchurl
, lib
, nadvice
, seq }:
elpaBuild {
pname = "emms";
ename = "emms";
version = "7.1";
version = "7.2";
src = fetchurl {
url = "https://elpa.gnu.org/packages/emms-7.1.tar";
sha256 = "1dng8dy0w0wsdvvnjnrllwv5a8wq3kj20jik994b7prdx5dn6y52";
url = "https://elpa.gnu.org/packages/emms-7.2.tar";
sha256 = "11vqqh9rnzibsfw7wx62rgzl8i8ldpf0hv1sj43nhl5c6dlc8d5z";
};
packageRequires = [ cl-lib seq ];
packageRequires = [ cl-lib nadvice seq ];
meta = {
homepage = "https://elpa.gnu.org/packages/emms.html";
license = lib.licenses.free;
@ -2824,10 +2829,10 @@
elpaBuild {
pname = "pyim";
ename = "pyim";
version = "3.7.1";
version = "3.7.5";
src = fetchurl {
url = "https://elpa.gnu.org/packages/pyim-3.7.1.tar";
sha256 = "0k73f1qdl51qshnvycjassdh70id5gp5qi5wz7k4zyl8pbampiyd";
url = "https://elpa.gnu.org/packages/pyim-3.7.5.tar";
sha256 = "09f34wgzckbxgr5xvaqrj0wdcmnfsb31a6m460f5g0acys20ams5";
};
packageRequires = [ async emacs xr ];
meta = {
@ -3950,10 +3955,10 @@
elpaBuild {
pname = "vertico";
ename = "vertico";
version = "0.6";
version = "0.8";
src = fetchurl {
url = "https://elpa.gnu.org/packages/vertico-0.6.tar";
sha256 = "19f6ffljraikz83nc2y9q83zjc4cfyzn9rnwm18lwh6sjsydz6kk";
url = "https://elpa.gnu.org/packages/vertico-0.8.tar";
sha256 = "1cdq49csd57vqhrs1nbif79yw4s8c0p2i2ww5n5znzj7rnxwpva4";
};
packageRequires = [ emacs ];
meta = {

12
pkgs/applications/editors/emacs-modes/org-generated.nix

@ -4,10 +4,10 @@
elpaBuild {
pname = "org";
ename = "org";
version = "20210503";
version = "20210510";
src = fetchurl {
url = "https://orgmode.org/elpa/org-20210503.tar";
sha256 = "0j9p834c67qzxbxz8s1n8l5blylrpb3jh9wywphlb6jgbgl0mw09";
url = "https://orgmode.org/elpa/org-20210510.tar";
sha256 = "015c68pk52vksar7kpyb0nkcyjihlczmpq4h5vdv8xayas2qlzc7";
};
packageRequires = [];
meta = {
@ -19,10 +19,10 @@
elpaBuild {
pname = "org-plus-contrib";
ename = "org-plus-contrib";
version = "20210503";
version = "20210510";
src = fetchurl {
url = "https://orgmode.org/elpa/org-plus-contrib-20210503.tar";
sha256 = "0k0wmnx2g919h3s9ynv1cvdlyxvydglslamlwph4xng4kzcr5lrk";
url = "https://orgmode.org/elpa/org-plus-contrib-20210510.tar";
sha256 = "0pdwjnpcsk75jv4qs8n4xia6vspwn6dndbdx9z7kq5vqz7w4ykmw";
};
packageRequires = [];
meta = {

2111
pkgs/applications/editors/emacs-modes/recipes-archive-melpa.json
File diff suppressed because it is too large
View File

2
pkgs/applications/editors/emacs-modes/sunrise-commander/default.nix

@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
homepage = "https://github.com/sunrise-commander/sunrise-commander/";
description = "Two-pane file manager for Emacs based on Dired and inspired by MC";
description = "Orthodox (two-pane) file manager for Emacs";
license = licenses.gpl3Plus;
maintainers = [ maintainers.AndersonTorres ];
platforms = platforms.all;

10
pkgs/applications/editors/vscode/vscode.nix

@ -13,10 +13,10 @@ let
archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "0l4lx5h2daw9c5vl4kz6sq2i58b45xy4948x4q0wnwbqdqlqc9s4";
x86_64-darwin = "0qqgs7vns52bz9xkys822sjjkvyq4l20iipz6sx5kinxg6h04jyy";
aarch64-linux = "1gnh5kk4r0kfik9yfvvcbavhws4n8kn89kyl2qzpa2ryy52kk81j";
armv7l-linux = "0zz5fn9nxq58i3svhgc25s6fdz7i3rxc0naflyx1jzmpzipp4v6n";
x86_64-linux = "08qrag9nzmngzzvs2cgbmc4zzxlb9kwn183v8caj6dvcrjvfqgbv";
x86_64-darwin = "0rlyr08lla3xadlh373xqcks8a9akk3x2cmakgn17q2b16988fmq";
aarch64-linux = "1m277940xsasqac4i88s05xrqsab99jhl3ka0zzfbixrgr2dj8q1";
armv7l-linux = "1qm4cggjj50vdnrx848x810gz3ahh0hndra22lsvcjdbsw8g35rk";
}.${system};
in
callPackage ./generic.nix rec {
@ -25,7 +25,7 @@ in
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
version = "1.56.1";
version = "1.56.2";
pname = "vscode";
executableName = "code" + lib.optionalString isInsiders "-insiders";

5
pkgs/applications/graphics/ImageMagick/6.x.nix

@ -1,7 +1,7 @@
{ lib, stdenv, fetchFromGitHub, pkg-config, libtool
, bzip2, zlib, libX11, libXext, libXt, fontconfig, freetype, ghostscript, libjpeg, djvulibre
, lcms2, openexr, libpng, librsvg, libtiff, libxml2, openjpeg, libwebp, fftw, libheif, libde265
, ApplicationServices
, ApplicationServices, Foundation
}:
let
@ -50,7 +50,8 @@ stdenv.mkDerivation rec {
]
++ lib.optionals (!stdenv.hostPlatform.isMinGW)
[ openexr librsvg openjpeg ]
++ lib.optional stdenv.isDarwin ApplicationServices;
++ lib.optionals stdenv.isDarwin
[ ApplicationServices Foundation ];
propagatedBuildInputs =
[ bzip2 freetype libjpeg lcms2 fftw ]

4
pkgs/applications/networking/browsers/brave/default.nix

@ -90,11 +90,11 @@ in
stdenv.mkDerivation rec {
pname = "brave";
version = "1.24.82";
version = "1.24.85";
src = fetchurl {
url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb";
sha256 = "iWUJ5yLWWQvg510Atf+Pd9ya/1NnMNW2Sp/RVFn4PCc=";
sha256 = "jE9INGYz78Vyvps4ESimtH1rL4GdboAUtMx1p31XQGk=";
};
dontConfigure = true;

4
pkgs/applications/networking/cluster/kubernetes/default.nix

@ -20,13 +20,13 @@
stdenv.mkDerivation rec {
pname = "kubernetes";
version = "1.21.0";
version = "1.21.1";
src = fetchFromGitHub {
owner = "kubernetes";
repo = "kubernetes";
rev = "v${version}";
sha256 = "sha256-5IUcKVbHxL5qb7M087sZSsd50t5zSaeWATnyLHkVsRU=";
sha256 = "sha256-gJjCw28SqU49kIiRH+MZgeYN4VBgKVEaRPr5A/2c5Pc=";
};
nativeBuildInputs = [ removeReferencesTo makeWrapper which go rsync installShellFiles ];

6
pkgs/applications/networking/dnscontrol/default.nix

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "dnscontrol";