commit
37e3234f74
@ -0,0 +1,345 @@ |
|||||||
|
{ config, lib, options, pkgs, ... }: |
||||||
|
let |
||||||
|
cfg = config.services.kanidm; |
||||||
|
settingsFormat = pkgs.formats.toml { }; |
||||||
|
# Remove null values, so we can document optional values that don't end up in the generated TOML file. |
||||||
|
filterConfig = lib.converge (lib.filterAttrsRecursive (_: v: v != null)); |
||||||
|
serverConfigFile = settingsFormat.generate "server.toml" (filterConfig cfg.serverSettings); |
||||||
|
clientConfigFile = settingsFormat.generate "kanidm-config.toml" (filterConfig cfg.clientSettings); |
||||||
|
unixConfigFile = settingsFormat.generate "kanidm-unixd.toml" (filterConfig cfg.unixSettings); |
||||||
|
|
||||||
|
defaultServiceConfig = { |
||||||
|
BindReadOnlyPaths = [ |
||||||
|
"/nix/store" |
||||||
|
"-/etc/resolv.conf" |
||||||
|
"-/etc/nsswitch.conf" |
||||||
|
"-/etc/hosts" |
||||||
|
"-/etc/localtime" |
||||||
|
]; |
||||||
|
CapabilityBoundingSet = ""; |
||||||
|
# ProtectClock= adds DeviceAllow=char-rtc r |
||||||
|
DeviceAllow = ""; |
||||||
|
# Implies ProtectSystem=strict, which re-mounts all paths |
||||||
|
# DynamicUser = true; |
||||||
|
LockPersonality = true; |
||||||
|
MemoryDenyWriteExecute = true; |
||||||
|
NoNewPrivileges = true; |
||||||
|
PrivateDevices = true; |
||||||
|
PrivateMounts = true; |
||||||
|
PrivateNetwork = true; |
||||||
|
PrivateTmp = true; |
||||||
|
PrivateUsers = true; |
||||||
|
ProcSubset = "pid"; |
||||||
|
ProtectClock = true; |
||||||
|
ProtectHome = true; |
||||||
|
ProtectHostname = true; |
||||||
|
# Would re-mount paths ignored by temporary root |
||||||
|
#ProtectSystem = "strict"; |
||||||
|
ProtectControlGroups = true; |
||||||
|
ProtectKernelLogs = true; |
||||||
|
ProtectKernelModules = true; |
||||||
|
ProtectKernelTunables = true; |
||||||
|
ProtectProc = "invisible"; |
||||||
|
RestrictAddressFamilies = [ ]; |
||||||
|
RestrictNamespaces = true; |
||||||
|
RestrictRealtime = true; |
||||||
|
RestrictSUIDSGID = true; |
||||||
|
SystemCallArchitectures = "native"; |
||||||
|
SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ]; |
||||||
|
# Does not work well with the temporary root |
||||||
|
#UMask = "0066"; |
||||||
|
}; |
||||||
|
|
||||||
|
in |
||||||
|
{ |
||||||
|
options.services.kanidm = { |
||||||
|
enableClient = lib.mkEnableOption "the Kanidm client"; |
||||||
|
enableServer = lib.mkEnableOption "the Kanidm server"; |
||||||
|
enablePam = lib.mkEnableOption "the Kanidm PAM and NSS integration."; |
||||||
|
|
||||||
|
serverSettings = lib.mkOption { |
||||||
|
type = lib.types.submodule { |
||||||
|
freeformType = settingsFormat.type; |
||||||
|
|
||||||
|
options = { |
||||||
|
bindaddress = lib.mkOption { |
||||||
|
description = "Address/port combination the webserver binds to."; |
||||||
|
example = "[::1]:8443"; |
||||||
|
type = lib.types.str; |
||||||
|
}; |
||||||
|
# Should be optional but toml does not accept null |
||||||
|
ldapbindaddress = lib.mkOption { |
||||||
|
description = '' |
||||||
|
Address and port the LDAP server is bound to. Setting this to <literal>null</literal> disables the LDAP interface. |
||||||
|
''; |
||||||
|
example = "[::1]:636"; |
||||||
|
default = null; |
||||||
|
type = lib.types.nullOr lib.types.str; |
||||||
|
}; |
||||||
|
origin = lib.mkOption { |
||||||
|
description = "The origin of your Kanidm instance. Must have https as protocol."; |
||||||
|
example = "https://idm.example.org"; |
||||||
|
type = lib.types.strMatching "^https://.*"; |
||||||
|
}; |
||||||
|
domain = lib.mkOption { |
||||||
|
description = '' |
||||||
|
The <literal>domain</literal> that Kanidm manages. Must be below or equal to the domain |
||||||
|
specified in <literal>serverSettings.origin</literal>. |
||||||
|
This can be left at <literal>null</literal>, only if your instance has the role <literal>ReadOnlyReplica</literal>. |
||||||
|
While it is possible to change the domain later on, it requires extra steps! |
||||||
|
Please consider the warnings and execute the steps described |
||||||
|
<link xlink:href="https://kanidm.github.io/kanidm/stable/administrivia.html#rename-the-domain">in the documentation</link>. |
||||||
|
''; |
||||||
|
example = "example.org"; |
||||||
|
default = null; |
||||||
|
type = lib.types.nullOr lib.types.str; |
||||||
|
}; |
||||||
|
db_path = lib.mkOption { |
||||||
|
description = "Path to Kanidm database."; |
||||||
|
default = "/var/lib/kanidm/kanidm.db"; |
||||||
|
readOnly = true; |
||||||
|
type = lib.types.path; |
||||||
|
}; |
||||||
|
log_level = lib.mkOption { |
||||||
|
description = "Log level of the server."; |
||||||
|
default = "default"; |
||||||
|
type = lib.types.enum [ "default" "verbose" "perfbasic" "perffull" ]; |
||||||
|
}; |
||||||
|
role = lib.mkOption { |
||||||
|
description = "The role of this server. This affects the replication relationship and thereby available features."; |
||||||
|
default = "WriteReplica"; |
||||||
|
type = lib.types.enum [ "WriteReplica" "WriteReplicaNoUI" "ReadOnlyReplica" ]; |
||||||
|
}; |
||||||
|
}; |
||||||
|
}; |
||||||
|
default = { }; |
||||||
|
description = '' |
||||||
|
Settings for Kanidm, see |
||||||
|
<link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/server_configuration.md">the documentation</link> |
||||||
|
and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/server.toml">example configuration</link> |
||||||
|
for possible values. |
||||||
|
''; |
||||||
|
}; |
||||||
|
|
||||||
|
clientSettings = lib.mkOption { |
||||||
|
type = lib.types.submodule { |
||||||
|
freeformType = settingsFormat.type; |
||||||
|
|
||||||
|
options.uri = lib.mkOption { |
||||||
|
description = "Address of the Kanidm server."; |
||||||
|
example = "http://127.0.0.1:8080"; |
||||||
|
type = lib.types.str; |
||||||
|
}; |
||||||
|
}; |
||||||
|
description = '' |
||||||
|
Configure Kanidm clients, needed for the PAM daemon. See |
||||||
|
<link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/client_tools.md#kanidm-configuration">the documentation</link> |
||||||
|
and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/config">example configuration</link> |
||||||
|
for possible values. |
||||||
|
''; |
||||||
|
}; |
||||||
|
|
||||||
|
unixSettings = lib.mkOption { |
||||||
|
type = lib.types.submodule { |
||||||
|
freeformType = settingsFormat.type; |
||||||
|
|
||||||
|
options.pam_allowed_login_groups = lib.mkOption { |
||||||
|
description = "Kanidm groups that are allowed to login using PAM."; |
||||||
|
example = "my_pam_group"; |
||||||
|
type = lib.types.listOf lib.types.str; |
||||||
|
}; |
||||||
|
}; |
||||||
|
description = '' |
||||||
|
Configure Kanidm unix daemon. |
||||||
|
See <link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/pam_and_nsswitch.md#the-unix-daemon">the documentation</link> |
||||||
|
and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/unixd">example configuration</link> |
||||||
|
for possible values. |
||||||
|
''; |
||||||
|
}; |
||||||
|
}; |
||||||
|
|
||||||
|
config = lib.mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) { |
||||||
|
assertions = |
||||||
|
[ |
||||||
|
{ |
||||||
|
assertion = !cfg.enableServer || ((cfg.serverSettings.tls_chain or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_chain); |
||||||
|
message = '' |
||||||
|
<option>services.kanidm.serverSettings.tls_chain</option> points to |
||||||
|
a file in the Nix store. You should use a quoted absolute path to |
||||||
|
prevent this. |
||||||
|
''; |
||||||
|
} |
||||||
|
{ |
||||||
|
assertion = !cfg.enableServer || ((cfg.serverSettings.tls_key or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_key); |
||||||
|
message = '' |
||||||
|
<option>services.kanidm.serverSettings.tls_key</option> points to |
||||||
|
a file in the Nix store. You should use a quoted absolute path to |
||||||
|
prevent this. |
||||||
|
''; |
||||||
|
} |
||||||
|
{ |
||||||
|
assertion = !cfg.enableClient || options.services.kanidm.clientSettings.isDefined; |
||||||
|
message = '' |
||||||
|
<option>services.kanidm.clientSettings</option> needs to be configured |
||||||
|
if the client is enabled. |
||||||
|
''; |
||||||
|
} |
||||||
|
{ |
||||||
|
assertion = !cfg.enablePam || options.services.kanidm.clientSettings.isDefined; |
||||||
|
message = '' |
||||||
|
<option>services.kanidm.clientSettings</option> needs to be configured |
||||||
|
for the PAM daemon to connect to the Kanidm server. |
||||||
|
''; |
||||||
|
} |
||||||
|
{ |
||||||
|
assertion = !cfg.enableServer || (cfg.serverSettings.domain == null |
||||||
|
-> cfg.serverSettings.role == "WriteReplica" || cfg.serverSettings.role == "WriteReplicaNoUI"); |
||||||
|
message = '' |
||||||
|
<option>services.kanidm.serverSettings.domain</option> can only be set if this instance |
||||||
|
is not a ReadOnlyReplica. Otherwise the db would inherit it from |
||||||
|
the instance it follows. |
||||||
|
''; |
||||||
|
} |
||||||
|
]; |
||||||
|
|
||||||
|
environment.systemPackages = lib.mkIf cfg.enableClient [ pkgs.kanidm ]; |
||||||
|
|
||||||
|
systemd.services.kanidm = lib.mkIf cfg.enableServer { |
||||||
|
description = "kanidm identity management daemon"; |
||||||
|
wantedBy = [ "multi-user.target" ]; |
||||||
|
after = [ "network.target" ]; |
||||||
|
serviceConfig = defaultServiceConfig // { |
||||||
|
StateDirectory = "kanidm"; |
||||||
|
StateDirectoryMode = "0700"; |
||||||
|
ExecStart = "${pkgs.kanidm}/bin/kanidmd server -c ${serverConfigFile}"; |
||||||
|
User = "kanidm"; |
||||||
|
Group = "kanidm"; |
||||||
|
|
||||||
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; |
||||||
|
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; |
||||||
|
# This would otherwise override the CAP_NET_BIND_SERVICE capability. |
||||||
|
PrivateUsers = false; |
||||||
|
# Port needs to be exposed to the host network |
||||||
|
PrivateNetwork = false; |
||||||
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; |
||||||
|
TemporaryFileSystem = "/:ro"; |
||||||
|
}; |
||||||
|
environment.RUST_LOG = "info"; |
||||||
|
}; |
||||||
|
|
||||||
|
systemd.services.kanidm-unixd = lib.mkIf cfg.enablePam { |
||||||
|
description = "Kanidm PAM daemon"; |
||||||
|
wantedBy = [ "multi-user.target" ]; |
||||||
|
after = [ "network.target" ]; |
||||||
|
restartTriggers = [ unixConfigFile clientConfigFile ]; |
||||||
|
serviceConfig = defaultServiceConfig // { |
||||||
|
CacheDirectory = "kanidm-unixd"; |
||||||
|
CacheDirectoryMode = "0700"; |
||||||
|
RuntimeDirectory = "kanidm-unixd"; |
||||||
|
ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd"; |
||||||
|
User = "kanidm-unixd"; |
||||||
|
Group = "kanidm-unixd"; |
||||||
|
|
||||||
|
BindReadOnlyPaths = [ |
||||||
|
"/nix/store" |
||||||
|
"-/etc/resolv.conf" |
||||||
|
"-/etc/nsswitch.conf" |
||||||
|
"-/etc/hosts" |
||||||
|
"-/etc/localtime" |
||||||
|
"-/etc/kanidm" |
||||||
|
"-/etc/static/kanidm" |
||||||
|
]; |
||||||
|
BindPaths = [ |
||||||
|
# To create the socket |
||||||
|
"/run/kanidm-unixd:/var/run/kanidm-unixd" |
||||||
|
]; |
||||||
|
# Needs to connect to kanidmd |
||||||
|
PrivateNetwork = false; |
||||||
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; |
||||||
|
TemporaryFileSystem = "/:ro"; |
||||||
|
}; |
||||||
|
environment.RUST_LOG = "info"; |
||||||
|
}; |
||||||
|
|
||||||
|
systemd.services.kanidm-unixd-tasks = lib.mkIf cfg.enablePam { |
||||||
|
description = "Kanidm PAM home management daemon"; |
||||||
|
wantedBy = [ "multi-user.target" ]; |
||||||
|
after = [ "network.target" "kanidm-unixd.service" ]; |
||||||
|
partOf = [ "kanidm-unixd.service" ]; |
||||||
|
restartTriggers = [ unixConfigFile clientConfigFile ]; |
||||||
|
serviceConfig = { |
||||||
|
ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd_tasks"; |
||||||
|
|
||||||
|
BindReadOnlyPaths = [ |
||||||
|
"/nix/store" |
||||||
|
"-/etc/resolv.conf" |
||||||
|
"-/etc/nsswitch.conf" |
||||||
|
"-/etc/hosts" |
||||||
|
"-/etc/localtime" |
||||||
|
"-/etc/kanidm" |
||||||
|
"-/etc/static/kanidm" |
||||||
|
]; |
||||||
|
BindPaths = [ |
||||||
|
# To manage home directories |
||||||
|
"/home" |
||||||
|
# To connect to kanidm-unixd |
||||||
|
"/run/kanidm-unixd:/var/run/kanidm-unixd" |
||||||
|
]; |
||||||
|
# CAP_DAC_OVERRIDE is needed to ignore ownership of unixd socket |
||||||
|
CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH" ]; |
||||||
|
IPAddressDeny = "any"; |
||||||
|
# Need access to users |
||||||
|
PrivateUsers = false; |
||||||
|
# Need access to home directories |
||||||
|
ProtectHome = false; |
||||||
|
RestrictAddressFamilies = [ "AF_UNIX" ]; |
||||||
|
TemporaryFileSystem = "/:ro"; |
||||||
|
}; |
||||||
|
environment.RUST_LOG = "info"; |
||||||
|
}; |
||||||
|
|
||||||
|
# These paths are hardcoded |
||||||
|
environment.etc = lib.mkMerge [ |
||||||
|
(lib.mkIf options.services.kanidm.clientSettings.isDefined { |
||||||
|
"kanidm/config".source = clientConfigFile; |
||||||
|
}) |
||||||
|
(lib.mkIf cfg.enablePam { |
||||||
|
"kanidm/unixd".source = unixConfigFile; |
||||||
|
}) |
||||||
|
]; |
||||||
|
|
||||||
|
system.nssModules = lib.mkIf cfg.enablePam [ pkgs.kanidm ]; |
||||||
|
|
||||||
|
system.nssDatabases.group = lib.optional cfg.enablePam "kanidm"; |
||||||
|
system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm"; |
||||||
|
|
||||||
|
users.groups = lib.mkMerge [ |
||||||
|
(lib.mkIf cfg.enableServer { |
||||||
|
kanidm = { }; |
||||||
|
}) |
||||||
|
(lib.mkIf cfg.enablePam { |
||||||
|
kanidm-unixd = { }; |
||||||
|
}) |
||||||
|
]; |
||||||
|
users.users = lib.mkMerge [ |
||||||
|
(lib.mkIf cfg.enableServer { |
||||||
|
kanidm = { |
||||||
|
description = "Kanidm server"; |
||||||
|
isSystemUser = true; |
||||||
|
group = "kanidm"; |
||||||
|
packages = with pkgs; [ kanidm ]; |
||||||
|
}; |
||||||
|
}) |
||||||
|
(lib.mkIf cfg.enablePam { |
||||||
|
kanidm-unixd = { |
||||||
|
description = "Kanidm PAM daemon"; |
||||||
|
isSystemUser = true; |
||||||
|
group = "kanidm-unixd"; |
||||||
|
}; |
||||||
|
}) |
||||||
|
]; |
||||||
|
}; |
||||||
|
|
||||||
|
meta.maintainers = with lib.maintainers; [ erictapen Flakebi ]; |
||||||
|
meta.buildDocsInSandbox = false; |
||||||
|
} |
@ -0,0 +1,24 @@ |
|||||||
|
storage_pools: |
||||||
|
- name: default |
||||||
|
driver: dir |
||||||
|
config: |
||||||
|
source: /var/lxd-pool |
||||||
|
|
||||||
|
networks: |
||||||
|
- name: lxdbr0 |
||||||
|
type: bridge |
||||||
|
config: |
||||||
|
ipv4.address: auto |
||||||
|
ipv6.address: none |
||||||
|
|
||||||
|
profiles: |
||||||
|
- name: default |
||||||
|
devices: |
||||||
|
eth0: |
||||||
|
name: eth0 |
||||||
|
network: lxdbr0 |
||||||
|
type: nic |
||||||
|
root: |
||||||
|
path: / |
||||||
|
pool: default |
||||||
|
type: disk |
@ -1,9 +0,0 @@ |
|||||||
{ pkgs, lib, makeInstalledTest, ... }: |
|
||||||
|
|
||||||
makeInstalledTest { |
|
||||||
tested = pkgs.power-profiles-daemon; |
|
||||||
|
|
||||||
testConfig = { |
|
||||||
services.power-profiles-daemon.enable = true; |
|
||||||
}; |
|
||||||
} |
|
@ -0,0 +1,75 @@ |
|||||||
|
import ./make-test-python.nix ({ pkgs, ... }: |
||||||
|
let |
||||||
|
certs = import ./common/acme/server/snakeoil-certs.nix; |
||||||
|
serverDomain = certs.domain; |
||||||
|
in |
||||||
|
{ |
||||||
|
name = "kanidm"; |
||||||
|
meta.maintainers = with pkgs.lib.maintainers; [ erictapen Flakebi ]; |
||||||
|
|
||||||
|
nodes.server = { config, pkgs, lib, ... }: { |
||||||
|
services.kanidm = { |
||||||
|
enableServer = true; |
||||||
|
serverSettings = { |
||||||
|
origin = "https://${serverDomain}"; |
||||||
|
domain = serverDomain; |
||||||
|
bindaddress = "[::1]:8443"; |
||||||
|
ldapbindaddress = "[::1]:636"; |
||||||
|
}; |
||||||
|
}; |
||||||
|
|
||||||
|
services.nginx = { |
||||||
|
enable = true; |
||||||
|
recommendedProxySettings = true; |
||||||
|
virtualHosts."${serverDomain}" = { |
||||||
|
forceSSL = true; |
||||||
|
sslCertificate = certs."${serverDomain}".cert; |
||||||
|
sslCertificateKey = certs."${serverDomain}".key; |
||||||
|
locations."/".proxyPass = "http://[::1]:8443"; |
||||||
|
}; |
||||||
|
}; |
||||||
|
|
||||||
|
security.pki.certificateFiles = [ certs.ca.cert ]; |
||||||
|
|
||||||
|
networking.hosts."::1" = [ serverDomain ]; |
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ]; |
||||||
|
|
||||||
|
users.users.kanidm.shell = pkgs.bashInteractive; |
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [ kanidm openldap ripgrep ]; |
||||||
|
}; |
||||||
|
|
||||||
|
nodes.client = { pkgs, nodes, ... }: { |
||||||
|
services.kanidm = { |
||||||
|
enableClient = true; |
||||||
|
clientSettings = { |
||||||
|
uri = "https://${serverDomain}"; |
||||||
|
}; |
||||||
|
}; |
||||||
|
|
||||||
|
networking.hosts."${nodes.server.config.networking.primaryIPAddress}" = [ serverDomain ]; |
||||||
|
|
||||||
|
security.pki.certificateFiles = [ certs.ca.cert ]; |
||||||
|
}; |
||||||
|
|
||||||
|
testScript = { nodes, ... }: |
||||||
|
let |
||||||
|
ldapBaseDN = builtins.concatStringsSep "," (map (s: "dc=" + s) (pkgs.lib.splitString "." serverDomain)); |
||||||
|
|
||||||
|
# We need access to the config file in the test script. |
||||||
|
filteredConfig = pkgs.lib.converge |
||||||
|
(pkgs.lib.filterAttrsRecursive (_: v: v != null)) |
||||||
|
nodes.server.config.services.kanidm.serverSettings; |
||||||
|
serverConfigFile = (pkgs.formats.toml { }).generate "server.toml" filteredConfig; |
||||||
|
|
||||||
|
in |
||||||
|
'' |
||||||
|
start_all() |
||||||
|
server.wait_for_unit("kanidm.service") |
||||||
|
server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm") |
||||||
|
server.wait_until_succeeds("ldapsearch -H ldap://[::1]:636 -b '${ldapBaseDN}' -x '(name=test)'") |
||||||
|
client.wait_until_succeeds("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}") |
||||||
|
(rv, result) = server.execute("kanidmd recover_account -d quiet -c ${serverConfigFile} -n admin 2>&1 | rg -o '[A-Za-z0-9]{48}'") |
||||||
|
assert rv == 0 |
||||||
|
''; |
||||||
|
}) |
@ -1,89 +0,0 @@ |
|||||||
# This test ensures that the nixOS lxd images builds and functions properly |
|
||||||
# It has been extracted from `lxd.nix` to seperate failures of just the image and the lxd software |
|
||||||
|
|
||||||
import ./make-test-python.nix ({ pkgs, ...} : let |
|
||||||
release = import ../release.nix { |
|
||||||
/* configuration = { |
|
||||||
environment.systemPackages = with pkgs; [ stdenv ]; # inject stdenv so rebuild test works |
|
||||||
}; */ |
|
||||||
}; |
|
||||||
|
|
||||||
metadata = release.lxdMeta.${pkgs.system}; |
|
||||||
image = release.lxdImage.${pkgs.system}; |
|
||||||
|
|
||||||
lxd-config = pkgs.writeText "config.yaml" '' |
|
||||||
storage_pools: |
|
||||||
- name: default |
|
||||||
driver: dir |
|
||||||
config: |
|
||||||
source: /var/lxd-pool |
|
||||||
|
|
||||||
networks: |
|
||||||
- name: lxdbr0 |
|
||||||
type: bridge |
|
||||||
config: |
|
||||||
ipv4.address: auto |
|
||||||
ipv6.address: none |
|
||||||
|
|
||||||
profiles: |
|
||||||
- name: default |
|
||||||
devices: |
|
||||||
eth0: |
|
||||||
name: eth0 |
|
||||||
network: lxdbr0 |
|
||||||
type: nic |
|
||||||
root: |
|
||||||
path: / |
|
||||||
pool: default |
|
||||||
type: disk |
|
||||||
''; |
|
||||||
in { |
|
||||||
name = "lxd-image"; |
|
||||||
|
|
||||||
meta = with pkgs.lib.maintainers; { |
|
||||||
maintainers = [ mkg20001 ]; |
|
||||||
}; |
|
||||||
|
|
||||||
nodes.machine = { lib, ... }: { |
|
||||||
virtualisation = { |
|
||||||
# disk full otherwise |
|
||||||
diskSize = 2048; |
|
||||||
|
|
||||||
lxc.lxcfs.enable = true; |
|
||||||
lxd.enable = true; |
|
||||||
}; |
|
||||||
}; |
|
||||||
|
|
||||||
testScript = '' |
|
||||||
machine.wait_for_unit("sockets.target") |
|
||||||
machine.wait_for_unit("lxd.service") |
|
||||||
machine.wait_for_file("/var/lib/lxd/unix.socket") |
|
||||||
|
|
||||||
# It takes additional second for lxd to settle |
|
||||||
machine.sleep(1) |
|
||||||
|
|
||||||
# lxd expects the pool's directory to already exist |
|
||||||
machine.succeed("mkdir /var/lxd-pool") |
|
||||||
|
|
||||||
machine.succeed( |
|
||||||
"cat ${lxd-config} | lxd init --preseed" |
|
||||||
) |
|
||||||
|
|
||||||
# TODO: test custom built container aswell |
|
||||||
|
|
||||||
with subtest("importing container works"): |
|
||||||
machine.succeed("lxc image import ${metadata}/*/*.tar.xz ${image}/*/*.tar.xz --alias nixos") |
|
||||||
|
|
||||||
with subtest("launching container works"): |
|
||||||
machine.succeed("lxc launch nixos machine -c security.nesting=true") |
|
||||||
# make sure machine boots up properly |
|
||||||
machine.sleep(5) |
|
||||||
|
|
||||||
with subtest("container shell works"): |
|
||||||
machine.succeed("echo true | lxc exec machine /run/current-system/sw/bin/bash -") |
|
||||||
machine.succeed("lxc exec machine /run/current-system/sw/bin/true") |
|
||||||
|
|
||||||
# with subtest("rebuilding works"): |
|
||||||
# machine.succeed("lxc exec machine /run/current-system/sw/bin/nixos-rebuild switch") |
|
||||||
''; |
|
||||||
}) |
|
@ -1,20 +1,20 @@ |
|||||||
{ |
{ |
||||||
beta = import ./browser.nix { |
beta = import ./browser.nix { |
||||||
channel = "beta"; |
channel = "beta"; |
||||||
version = "99.0.1150.16"; |
version = "101.0.1210.19"; |
||||||
revision = "1"; |
revision = "1"; |
||||||
sha256 = "sha256:0qsgs889d6qwxz9qf42psmjqfhmrqgp07srq5r38npl5pncr137h"; |
sha256 = "sha256:1kgc19ryw69xiqppz90d6sa45g99hzkh7x5yk9d3xlh1gc1xn54p"; |
||||||
}; |
}; |
||||||
dev = import ./browser.nix { |
dev = import ./browser.nix { |
||||||
channel = "dev"; |
channel = "dev"; |
||||||
version = "100.0.1163.1"; |
version = "102.0.1227.0"; |
||||||
revision = "1"; |
revision = "1"; |
||||||
sha256 = "sha256:153faqxyw5f5b6cqnvd71dl7941znkzci8dwbcgaxway0b6882jq"; |
sha256 = "sha256:0dnyandri7yg7c9812pnsxqszxyqcssxf87yskjg2vw95hawf11x"; |
||||||
}; |
}; |
||||||
stable = import ./browser.nix { |
stable = import ./browser.nix { |
||||||
channel = "stable"; |
channel = "stable"; |
||||||
version = "98.0.1108.56"; |
version = "100.0.1185.44"; |
||||||
revision = "1"; |
revision = "1"; |
||||||
sha256 = "sha256:03jbj2s2fs60fzfgsmyb284q7nckji87qgb86mvl5g0hbl19aza7"; |
sha256 = "sha256:0zv1zyijh620xz36a6nmhv7rbv4ln5f245hyh0w1sngynsl1rz89"; |
||||||
}; |
}; |
||||||
} |
} |
||||||
|
@ -0,0 +1,100 @@ |
|||||||
|
Patch from OpenSUSE
|
||||||
|
https://build.opensuse.org/package/view_file/LibreOffice:Factory/libreoffice/poppler-22-04-0.patch?expand=1&rev=45e176f964509ebe3560d0dbf1ec8be9
|
||||||
|
Index: libreoffice-7.3.3.1/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
|
||||||
|
===================================================================
|
||||||
|
--- libreoffice-7.3.3.1.orig/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
|
||||||
|
+++ libreoffice-7.3.3.1/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
|
||||||
|
@@ -474,12 +474,21 @@ int PDFOutDev::parseFont( long long nNew
|
||||||
|
{
|
||||||
|
// TODO(P3): Unfortunately, need to read stream twice, since
|
||||||
|
// we must write byte count to stdout before
|
||||||
|
+#if POPPLER_CHECK_VERSION(22, 04, 0) // readEmbFontFile signature changed
|
||||||
|
+ auto pBuf = gfxFont->readEmbFontFile( m_pDoc->getXRef());
|
||||||
|
+ if ( pBuf )
|
||||||
|
+ {
|
||||||
|
+ aNewFont.isEmbedded = true;
|
||||||
|
+ nSize = pBuf->size();
|
||||||
|
+ }
|
||||||
|
+#else
|
||||||
|
char* pBuf = gfxFont->readEmbFontFile( m_pDoc->getXRef(), &nSize );
|
||||||
|
if( pBuf )
|
||||||
|
{
|
||||||
|
aNewFont.isEmbedded = true;
|
||||||
|
gfree(pBuf);
|
||||||
|
}
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
m_aFontMap[ nNewId ] = aNewFont;
|
||||||
|
@@ -492,21 +501,35 @@ void PDFOutDev::writeFontFile( GfxFont*
|
||||||
|
return;
|
||||||
|
|
||||||
|
int nSize = 0;
|
||||||
|
+#if POPPLER_CHECK_VERSION(22, 04, 0) // readEmbFontFile signature changed
|
||||||
|
+ auto pBuf = gfxFont->readEmbFontFile( m_pDoc->getXRef());
|
||||||
|
+ if ( !pBuf )
|
||||||
|
+ return;
|
||||||
|
+ nSize = pBuf->size();
|
||||||
|
+#else
|
||||||
|
char* pBuf = gfxFont->readEmbFontFile( m_pDoc->getXRef(), &nSize );
|
||||||
|
if( !pBuf )
|
||||||
|
return;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
// ---sync point--- see SYNC STREAMS above
|
||||||
|
fflush(stdout);
|
||||||
|
|
||||||
|
+#if POPPLER_CHECK_VERSION(22, 04, 0) // readEmbFontFile signature changed
|
||||||
|
+ if( fwrite(pBuf->data(), sizeof(unsigned char), nSize, g_binary_out) != static_cast<size_t>(nSize) )
|
||||||
|
+ {
|
||||||
|
+#else
|
||||||
|
if( fwrite(pBuf, sizeof(char), nSize, g_binary_out) != static_cast<size_t>(nSize) )
|
||||||
|
{
|
||||||
|
gfree(pBuf);
|
||||||
|
+#endif
|
||||||
|
exit(1); // error
|
||||||
|
}
|
||||||
|
// ---sync point--- see SYNC STREAMS above
|
||||||
|
fflush(g_binary_out);
|
||||||
|
+#if !POPPLER_CHECK_VERSION(22, 04, 0) // readEmbFontFile signature changed
|
||||||
|
gfree(pBuf);
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
#if POPPLER_CHECK_VERSION(0, 83, 0)
|
||||||
|
@@ -759,7 +782,11 @@ void PDFOutDev::updateFont(GfxState *sta
|
||||||
|
{
|
||||||
|
assert(state);
|
||||||
|
|
||||||
|
+#if POPPLER_CHECK_VERSION(22, 04, 0)
|
||||||
|
+ std::shared_ptr<GfxFont> gfxFont = state->getFont();
|
||||||
|
+#else
|
||||||
|
GfxFont *gfxFont = state->getFont();
|
||||||
|
+#endif
|
||||||
|
if( !gfxFont )
|
||||||
|
return;
|
||||||
|
|
||||||
|
@@ -776,7 +803,11 @@ void PDFOutDev::updateFont(GfxState *sta
|
||||||
|
m_aFontMap.find( fontID );
|
||||||
|
if( it == m_aFontMap.end() )
|
||||||
|
{
|
||||||
|
+#if POPPLER_CHECK_VERSION(22, 04, 0)
|
||||||
|
+ nEmbedSize = parseFont( fontID, gfxFont.get(), state );
|
||||||
|
+#else
|
||||||
|
nEmbedSize = parseFont( fontID, gfxFont, state );
|
||||||
|
+#endif
|
||||||
|
it = m_aFontMap.find( fontID );
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -806,7 +837,11 @@ void PDFOutDev::updateFont(GfxState *sta
|
||||||
|
|
||||||
|
if (nEmbedSize)
|
||||||
|
{
|
||||||
|
+#if POPPLER_CHECK_VERSION(22, 04, 0)
|
||||||
|
+ writeFontFile(gfxFont.get());
|
||||||
|
+#else
|
||||||
|
writeFontFile(gfxFont);
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -1 +1 @@ |
|||||||
WGET_ARGS=( https://download.kde.org/stable/plasma/5.24.4/ -A '*.tar.xz' ) |
WGET_ARGS=( https://download.kde.org/stable/plasma/5.24.5/ -A '*.tar.xz' ) |
||||||
|
@ -0,0 +1,64 @@ |
|||||||
|
{ lib, stdenv, fetchurl, fetchpatch |
||||||
|
, autoreconfHook |
||||||
|
|
||||||
|
, doCheck ? true # test suite depends on dejagnu which cannot be used during bootstrapping |
||||||
|
, dejagnu |
||||||
|
}: |
||||||
|
|
||||||
|
stdenv.mkDerivation rec { |
||||||
|
pname = "libffi"; |
||||||
|
version = "3.3"; |
||||||
|
|
||||||
|
src = fetchurl { |
||||||
|
url = "https://github.com/libffi/libffi/releases/download/v${version}/${pname}-${version}.tar.gz"; |
||||||
|
hash = "sha256-cvunkicD3fp6Ao1ROsFahcjVTI1n9V+lpIAohdxlIFY="; |
||||||
|
}; |
||||||
|
|
||||||
|
patches = []; |
||||||
|
|
||||||
|
outputs = [ "out" "dev" "man" "info" ]; |
||||||
|
|
||||||
|
configureFlags = [ |
||||||
|
"--with-gcc-arch=generic" # no detection of -march= or -mtune= |
||||||
|
"--enable-pax_emutramp" |
||||||
|
|
||||||
|
# Causes issues in downstream packages which misuse ffi_closure_alloc |
||||||
|
# Reenable once these issues are fixed and merged: |
||||||
|
# https://gitlab.haskell.org/ghc/ghc/-/merge_requests/6155 |
||||||
|
# https://gitlab.gnome.org/GNOME/gobject-introspection/-/merge_requests/283 |
||||||
|
"--disable-exec-static-tramp" |
||||||
|
]; |
||||||
|
|
||||||
|
preCheck = '' |
||||||
|
# The tests use -O0 which is not compatible with -D_FORTIFY_SOURCE. |
||||||
|
NIX_HARDENING_ENABLE=''${NIX_HARDENING_ENABLE/fortify/} |
||||||
|
''; |
||||||
|
|
||||||
|
dontStrip = stdenv.hostPlatform != stdenv.buildPlatform; # Don't run the native `strip' when cross-compiling. |
||||||
|
|
||||||
|
inherit doCheck; |
||||||
|
|
||||||
|
checkInputs = [ dejagnu ]; |
||||||
|
|
||||||
|
meta = with lib; { |
||||||
|
description = "A foreign function call interface library"; |
||||||
|
longDescription = '' |
||||||
|
The libffi library provides a portable, high level programming |
||||||
|
interface to various calling conventions. This allows a |
||||||
|
programmer to call any function specified by a call interface |
||||||
|
description at run-time. |
||||||
|
|
||||||
|
FFI stands for Foreign Function Interface. A foreign function |
||||||
|
interface is the popular name for the interface that allows code |
||||||
|
written in one language to call code written in another |
||||||
|
language. The libffi library really only provides the lowest, |
||||||
|
machine dependent layer of a fully featured foreign function |
||||||
|
interface. A layer must exist above libffi that handles type |
||||||
|
conversions for values passed between the two languages. |
||||||
|
''; |
||||||
|
homepage = "http://sourceware.org/libffi/"; |
||||||
|
license = licenses.mit; |
||||||
|
maintainers = with maintainers; [ armeenm ]; |
||||||
|
platforms = platforms.all; |
||||||
|
}; |
||||||
|
} |
@ -0,0 +1,21 @@ |
|||||||
|
diff --git a/libraries/liblmdb/Makefile b/libraries/liblmdb/Makefile
|
||||||
|
index 612484e..2e6b562 100644
|
||||||
|
--- a/libraries/liblmdb/Makefile
|
||||||
|
+++ b/libraries/liblmdb/Makefile
|
||||||
|
@@ -27,6 +27,7 @@ CFLAGS = $(THREADS) $(OPT) $(W) $(XCFLAGS)
|
||||||
|
LDLIBS =
|
||||||
|
SOLIBS =
|
||||||
|
SOEXT = .so
|
||||||
|
+BINEXT =
|
||||||
|
prefix = /usr/local
|
||||||
|
exec_prefix = $(prefix)
|
||||||
|
bindir = $(exec_prefix)/bin
|
||||||
|
@@ -49,7 +50,7 @@ install: $(ILIBS) $(IPROGS) $(IHDRS)
|
||||||
|
mkdir -p $(DESTDIR)$(libdir)
|
||||||
|
mkdir -p $(DESTDIR)$(includedir)
|
||||||
|
mkdir -p $(DESTDIR)$(mandir)/man1
|
||||||
|
- for f in $(IPROGS); do cp $$f $(DESTDIR)$(bindir); done
|
||||||
|
+ for f in $(IPROGS); do cp $$f$(BINEXT) $(DESTDIR)$(bindir); done
|
||||||
|
for f in $(ILIBS); do cp $$f $(DESTDIR)$(libdir); done
|
||||||
|
for f in $(IHDRS); do cp $$f $(DESTDIR)$(includedir); done
|
||||||
|
for f in $(IDOCS); do cp $$f $(DESTDIR)$(mandir)/man1; done
|
@ -0,0 +1,69 @@ |
|||||||
|
diff --git a/meson.build b/meson.build
|
||||||
|
index 2ed9027..1f6bbf2 100644
|
||||||
|
--- a/meson.build
|
||||||
|
+++ b/meson.build
|
||||||
|
@@ -38,6 +38,7 @@ g_ir_compiler = find_program('g-ir-compiler', required: false)
|
||||||
|
|
||||||
|
conf.set('PACKAGE_NAME', meson.project_name())
|
||||||
|
conf.set_quoted('VERSION', meson.project_version())
|
||||||
|
+conf.set_quoted('LIBDIR', get_option('prefix') / get_option('libdir'))
|
||||||
|
|
||||||
|
# glibc versions somewhere between 2.28 and 2.34
|
||||||
|
if cc.has_function('__fxstatat', prefix: '#include <sys/stat.h>')
|
||||||
|
@@ -148,7 +149,7 @@ hacked_gir = custom_target('UMockdev-1.0 hacked gir',
|
||||||
|
|
||||||
|
if g_ir_compiler.found()
|
||||||
|
umockdev_typelib = custom_target('UMockdev-1.0 typelib',
|
||||||
|
- command: [g_ir_compiler, '--output', '@OUTPUT@', '-l', 'libumockdev.so.0', '@INPUT@'],
|
||||||
|
+ command: [g_ir_compiler, '--output', '@OUTPUT@', '-l', get_option('prefix') / get_option('libdir') / 'libumockdev.so.0', '@INPUT@'],
|
||||||
|
input: hacked_gir,
|
||||||
|
output: 'UMockdev-1.0.typelib',
|
||||||
|
install: true,
|
||||||
|
diff --git a/src/config.vapi b/src/config.vapi
|
||||||
|
index 5269dd0..a2ec46d 100644
|
||||||
|
--- a/src/config.vapi
|
||||||
|
+++ b/src/config.vapi
|
||||||
|
@@ -2,5 +2,6 @@
|
||||||
|
namespace Config {
|
||||||
|
public const string PACKAGE_NAME;
|
||||||
|
public const string VERSION;
|
||||||
|
+ public const string LIBDIR;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/umockdev-record.vala b/src/umockdev-record.vala
|
||||||
|
index 8434d32..68c7f8e 100644
|
||||||
|
--- a/src/umockdev-record.vala
|
||||||
|
+++ b/src/umockdev-record.vala
|
||||||
|
@@ -435,7 +435,7 @@ main (string[] args)
|
||||||
|
preload = "";
|
||||||
|
else
|
||||||
|
preload = preload + ":";
|
||||||
|
- Environment.set_variable("LD_PRELOAD", preload + "libumockdev-preload.so.0", true);
|
||||||
|
+ Environment.set_variable("LD_PRELOAD", preload + Config.LIBDIR + "/libumockdev-preload.so.0", true);
|
||||||
|
|
||||||
|
try {
|
||||||
|
root_dir = DirUtils.make_tmp("umockdev.XXXXXX");
|
||||||
|
diff --git a/src/umockdev-run.vala b/src/umockdev-run.vala
|
||||||
|
index 9a1ba10..6df2522 100644
|
||||||
|
--- a/src/umockdev-run.vala
|
||||||
|
+++ b/src/umockdev-run.vala
|
||||||
|
@@ -95,7 +95,7 @@ main (string[] args)
|
||||||
|
preload = "";
|
||||||
|
else
|
||||||
|
preload = preload + ":";
|
||||||
|
- Environment.set_variable ("LD_PRELOAD", preload + "libumockdev-preload.so.0", true);
|
||||||
|
+ Environment.set_variable ("LD_PRELOAD", preload + Config.LIBDIR + "/libumockdev-preload.so.0", true);
|
||||||
|
|
||||||
|
var testbed = new UMockdev.Testbed ();
|
||||||
|
|
||||||
|
diff --git a/src/umockdev-wrapper b/src/umockdev-wrapper
|
||||||
|
index 6ce4dcd..706c49a 100755
|
||||||
|
--- a/src/umockdev-wrapper
|
||||||
|
+++ b/src/umockdev-wrapper
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# Wrapper program to preload the libumockdev library, so that test programs can
|
||||||
|
# set $UMOCKDEV_DIR for redirecting sysfs and other queries to a test bed.
|
||||||
|
-exec env LD_PRELOAD=libumockdev-preload.so.0:$LD_PRELOAD "$@"
|
||||||
|
+exec env LD_PRELOAD=@LIBDIR@/libumockdev-preload.so.0:$LD_PRELOAD "$@"
|
||||||
|
|
@ -0,0 +1,65 @@ |
|||||||
|
{ lib |
||||||
|
, buildPythonPackage |
||||||
|
, fetchFromGitHub |
||||||
|
, fetchpatch |
||||||
|
, poetry-core |
||||||
|
, importlib-metadata |
||||||
|
, pytest-asyncio |
||||||
|
, pytestCheckHook |
||||||
|
, pythonOlder |
||||||
|
, toml |
||||||
|
}: |
||||||
|
|
||||||
|
buildPythonPackage rec { |
||||||
|
pname = "aiolimiter"; |
||||||
|
version = "1.0.0"; |
||||||
|
format = "pyproject"; |
||||||
|
|
||||||
|
disabled = pythonOlder "3.7"; |
||||||
|
|
||||||
|
src = fetchFromGitHub { |
||||||
|
owner = "mjpieters"; |
||||||
|
repo = pname; |
||||||
|
rev = "v${version}"; |
||||||
|
sha256 = "sha256-4wByVZoOLhrXFx9oK19GBmRcjGoJolQ3Gwx9vQV/n8s="; |
||||||
|
}; |
||||||
|
|
||||||
|
nativeBuildInputs = [ |
||||||
|
poetry-core |
||||||
|
]; |
||||||
|
|
||||||
|
propagatedBuildInputs = lib.optionals (pythonOlder "3.8") [ |
||||||
|
importlib-metadata |
||||||
|
]; |
||||||
|
|
||||||
|
checkInputs = [ |
||||||
|
pytest-asyncio |
||||||
|
pytestCheckHook |
||||||
|
toml |
||||||
|
]; |
||||||
|
|
||||||
|
patches = [ |
||||||
|
# Switch to poetry-core, https://github.com/mjpieters/aiolimiter/pull/77 |
||||||
|
(fetchpatch { |
||||||
|
name = "switch-to-peotry-core.patch"; |
||||||
|
url = "https://github.com/mjpieters/aiolimiter/commit/84a85eff42621b0daff8fcf6bb485db313faae0b.patch"; |
||||||
|
sha256 = "sha256-xUfJwLvMF2Xt/V1bKBFn/fjn1uyw7bGNo9RpWxtyr50="; |
||||||
|
}) |
||||||
|
]; |
||||||
|
|
||||||
|
postPatch = '' |
||||||
|
substituteInPlace tox.ini \ |
||||||
|
--replace " --cov=aiolimiter --cov-config=tox.ini --cov-report term-missing" "" |
||||||
|
''; |
||||||
|
|
||||||
|
pythonImportsCheck = [ |
||||||
|
"aiolimiter" |
||||||
|
]; |
||||||
|
|
||||||
|
meta = with lib; { |
||||||
|
description = "Implementation of a rate limiter for asyncio"; |
||||||
|
homepage = "https://github.com/mjpieters/aiolimiter"; |
||||||
|
license = with licenses; [ mit ]; |
||||||
|
maintainers = with maintainers; [ fab ]; |
||||||
|
}; |
||||||
|
} |
@ -0,0 +1,46 @@ |
|||||||
|
{ lib |
||||||
|
, buildPythonPackage |
||||||
|
, pythonOlder |
||||||
|
, fetchFromGitHub |
||||||
|
, aiohttp |
||||||
|
, pydantic |
||||||
|
, freezegun |
||||||
|
, pytest-aiohttp |
||||||
|
, pytest-asyncio |
||||||
|
, pytestCheckHook |
||||||
|
}: |
||||||
|
|
||||||
|
buildPythonPackage rec { |
||||||
|
pname = "gcal-sync"; |
||||||
|
version = "0.7.1"; |
||||||
|
|
||||||
|
disabled = pythonOlder "3.9"; |
||||||
|
|
||||||
|
src = fetchFromGitHub { |
||||||
|
owner = "allenporter"; |
||||||
|
repo = "gcal_sync"; |
||||||
|
rev = version; |
||||||
|
hash = "sha256-NOB74P+5i63FEeHJsPXRdRgY6iyIUEn7BogbVKm8P5M="; |
||||||
|
}; |
||||||
|
|
||||||
|
propagatedBuildInputs = [ |
||||||
|
aiohttp |
||||||
|
pydantic |
||||||
|
]; |
||||||
|
|
||||||
|
checkInputs = [ |
||||||
|
freezegun |
||||||
|
pytest-aiohttp |
||||||
|
pytest-asyncio |
||||||
|
pytestCheckHook |
||||||
|
]; |
||||||
|
|
||||||
|
pythonImportsCheck = [ "gcal_sync" ]; |
||||||
|
|
||||||
|
meta = { |
||||||
|
description = "Python library for syncing Google Calendar to local storage"; |
||||||
|
homepage = "https://github.com/allenporter/gcal_sync"; |
||||||
|
license = lib.licenses.asl20; |
||||||
|
maintainers = with lib.maintainers; [ dotlambda ]; |
||||||
|
}; |
||||||
|
} |
@ -0,0 +1,26 @@ |
|||||||
|
{ lib |
||||||
|
, buildPythonPackage |
||||||
|
, fetchPypi |
||||||
|
}: |
||||||
|
|
||||||
|
buildPythonPackage rec { |
||||||
|
pname = "insteon-frontend-home-assistant"; |
||||||
|
version = "0.1.0"; |
||||||
|
|
||||||
|
src = fetchPypi { |
||||||
|
inherit pname version; |
||||||
|
sha256 = "70ee413cae8717416f5add1be7647158d8ff4303942dafccac0792ef44336cdf"; |
||||||
|
}; |
||||||
|
|
||||||
|
# upstream has no tests |
||||||
|
doCheck = false; |
||||||
|
|
||||||
|
pythonImportsCheck = [ "insteon_frontend" ]; |
||||||
|
|
||||||
|
meta = { |
||||||
|
description = "The Insteon frontend for Home Assistant"; |
||||||
|
homepage = "https://github.com/teharris1/insteon-panel"; |
||||||
|
license = lib.licenses.mit; |
||||||
|
maintainers = with lib.maintainers; [ dotlambda ]; |
||||||
|
}; |
||||||
|
} |
@ -0,0 +1,37 @@ |
|||||||
|
{ lib |
||||||
|
, aiohttp |
||||||
|
, buildPythonPackage |
||||||
|
, fetchPypi |
||||||
|
, pythonOlder |
||||||
|
}: |
||||||
|
|
||||||
|
buildPythonPackage rec { |
||||||
|
pname = "meater-python"; |
||||||
|
version = "0.0.8"; |
||||||
|
format = "setuptools"; |
||||||
|
|
||||||
|
disabled = pythonOlder "3.7"; |
||||||
|
|
||||||
|
src = fetchPypi { |
||||||
|
inherit pname version; |
||||||
|
hash = "sha256-86XJmKOc2MCyU9v0UAZsPCUL/kAXywOlQOIHaykNF1o="; |
||||||
|
}; |
||||||
|
|
||||||
|
propagatedBuildInputs = [ |
||||||
|
aiohttp |
||||||
|
]; |
||||||
|
|
||||||
|
# Module has no tests |
||||||
|
doCheck = false; |
||||||
|
|
||||||
|
pythonImportsCheck = [ |
||||||
|
"meater" |
||||||
|
]; |
||||||
|
|
||||||
|
meta = with lib; { |
||||||
|
description = "Library for the Apption Labs Meater cooking probe"; |
||||||
|
homepage = "https://github.com/Sotolotl/meater-python"; |
||||||
|
license = licenses.asl20; |
||||||
|
maintainers = with maintainers; [ fab ]; |
||||||
|
}; |
||||||
|
} |
@ -0,0 +1,34 @@ |
|||||||
|
{ lib |
||||||
|
, buildPythonPackage |
||||||
|
, fetchPypi |
||||||
|
, requests |
||||||
|
}: |
||||||
|
|
||||||
|
buildPythonPackage rec { |
||||||
|
pname = "notify-events"; |
||||||
|
version = "1.1.3"; |
||||||
|
|
||||||
|
format = "setuptools"; |
||||||
|
|
||||||
|
src = fetchPypi { |
||||||
|
pname = "notify_events"; |
||||||
|
inherit version; |
||||||
|
sha256 = "e63ba935c3300ff7f48cba115f7cb4474906e83c2e9b60b95a0881eb949701e7"; |
||||||
|
}; |
||||||
|
|
||||||
|
propagatedBuildInputs = [ |
||||||
|
requests |
||||||
|
]; |
||||||
|
|
||||||
|
# upstream has no tests |
||||||
|
doCheck = false; |
||||||
|
|
||||||
|
pythonImportsCheck = [ "notify_events" ]; |
||||||
|
|
||||||
|
meta = { |
||||||
|
description = "Python client for Notify.Events"; |
||||||
|
homepage = "https://github.com/notify-events/python"; |
||||||
|
license = lib.licenses.mit; |
||||||
|
maintainers = with lib.maintainers; [ dotlambda ]; |
||||||
|
}; |
||||||
|
} |
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue