kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

Merge staging-next into staging

Browse Source
main
github-actions[bot] 2 years ago committed by GitHub
parent 936519402a 4859458fe3
commit 5fedd0596d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
68 changed files with 582 additions and 2247 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      maintainers/maintainer-list.nix
  2. 10
      nixos/modules/installer/tools/nix-fallback-paths.nix
  3. 4
      nixos/modules/programs/kdeconnect.nix
  4. 236
      nixos/modules/services/misc/sourcehut/builds.nix
  5. 79
      nixos/modules/services/misc/sourcehut/default.nix
  6. 127
      nixos/modules/services/misc/sourcehut/dispatch.nix
  7. 217
      nixos/modules/services/misc/sourcehut/git.nix
  8. 175
      nixos/modules/services/misc/sourcehut/hg.nix
  9. 120
      nixos/modules/services/misc/sourcehut/hub.nix
  10. 187
      nixos/modules/services/misc/sourcehut/lists.nix
  11. 124
      nixos/modules/services/misc/sourcehut/man.nix
  12. 213
      nixos/modules/services/misc/sourcehut/meta.nix
  13. 135
      nixos/modules/services/misc/sourcehut/paste.nix
  14. 2
      nixos/modules/services/misc/sourcehut/service.nix
  15. 163
      nixos/modules/services/misc/sourcehut/todo.nix
  16. 42
      nixos/tests/sourcehut.nix
  17. 12
      pkgs/applications/misc/feedbackd/default.nix
  18. 32
      pkgs/applications/misc/stw/default.nix
  19. 10
      pkgs/applications/networking/cluster/talosctl/default.nix
  20. 4
      pkgs/applications/networking/instant-messengers/discord/default.nix
  21. 6
      pkgs/applications/version-management/git-and-tools/gh/default.nix
  22. 29
      pkgs/applications/version-management/sourcehut/builds.nix
  23. 13
      pkgs/applications/version-management/sourcehut/core.nix
  24. 4
      pkgs/applications/version-management/sourcehut/default.nix
  25. 32
      pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix
  26. 58
      pkgs/applications/version-management/sourcehut/git.nix
  27. 38
      pkgs/applications/version-management/sourcehut/hg.nix
  28. 4
      pkgs/applications/version-management/sourcehut/hub.nix
  29. 25
      pkgs/applications/version-management/sourcehut/lists.nix
  30. 4
      pkgs/applications/version-management/sourcehut/man.nix
  31. 22
      pkgs/applications/version-management/sourcehut/meta.nix
  32. 18
      pkgs/applications/version-management/sourcehut/pages.nix
  33. 9
      pkgs/applications/version-management/sourcehut/paste.nix
  34. 69
      pkgs/applications/version-management/sourcehut/patches/redis-socket/build/0001-Revert-Add-build-submission-and-queue-monitoring.patch
  35. 42
      pkgs/applications/version-management/sourcehut/patches/redis-socket/core/0001-Fix-Unix-socket-support-in-RedisQueueCollector.patch
  36. 50
      pkgs/applications/version-management/sourcehut/patches/redis-socket/git/0001-Revert-Add-webhook-queue-monitoring.patch
  37. 48
      pkgs/applications/version-management/sourcehut/patches/redis-socket/lists/0001-Revert-Add-webhook-queue-monitoring.patch
  38. 48
      pkgs/applications/version-management/sourcehut/patches/redis-socket/meta/0001-Revert-Add-webhook-queue-monitoring.patch
  39. 50
      pkgs/applications/version-management/sourcehut/patches/redis-socket/todo/0001-Revert-Add-webhook-queue-monitoring.patch
  40. 4
      pkgs/applications/version-management/sourcehut/scm.nix
  41. 25
      pkgs/applications/version-management/sourcehut/todo.nix
  42. 2
      pkgs/applications/version-management/sourcehut/update.sh
  43. 4
      pkgs/development/libraries/libnftnl/default.nix
  44. 10
      pkgs/development/libraries/libqalculate/default.nix
  45. 4
      pkgs/development/libraries/libzim/default.nix
  46. 31
      pkgs/development/libraries/sptk/default.nix
  47. 7
      pkgs/development/ocaml-modules/wasm/default.nix
  48. 4
      pkgs/development/python-modules/canonicaljson/default.nix
  49. 4
      pkgs/development/python-modules/docopt-ng/default.nix
  50. 6
      pkgs/development/python-modules/fastapi-mail/default.nix
  51. 4
      pkgs/development/python-modules/fido2/default.nix
  52. 4
      pkgs/development/python-modules/google-cloud-appengine-logging/default.nix
  53. 6
      pkgs/development/python-modules/pre-commit-hooks/default.nix
  54. 6
      pkgs/development/python-modules/pyshark/default.nix
  55. 4
      pkgs/development/python-modules/staticjinja/default.nix
  56. 4
      pkgs/development/tools/analysis/checkov/default.nix
  57. 63
      pkgs/development/tools/misc/kibana/6.x.nix
  58. 35
      pkgs/development/tools/misc/pwninit/default.nix
  59. 14
      pkgs/development/web/nodejs/v10.nix
  60. 23
      pkgs/os-specific/linux/firejail/default.nix
  61. 22
      pkgs/os-specific/linux/nftables/default.nix
  62. 6
      pkgs/servers/dendrite/default.nix
  63. 4
      pkgs/tools/filesystems/xfsprogs/default.nix
  64. 12
      pkgs/tools/package-management/nix/default.nix
  65. 24
      pkgs/tools/package-management/nixpkgs-review/default.nix
  66. 6
      pkgs/tools/security/nuclei/default.nix
  67. 1
      pkgs/top-level/aliases.nix
  68. 23
      pkgs/top-level/all-packages.nix

6
maintainers/maintainer-list.nix
Unescape View File

@ -11483,6 +11483,12 @@
githubId = 59476;
name = "Peter Schuller";
};
scoder12 = {
name = "Spencer Pogorzelski";
email = "34356756+Scoder12@users.noreply.github.com";
github = "scoder12";
githubId = 34356756;
};
scolobb = {
email = "sivanov@colimite.fr";
github = "scolobb";

10
nixos/modules/installer/tools/nix-fallback-paths.nix
Unescape View File

@ -1,7 +1,7 @@
{
x86_64-linux = "/nix/store/6mjgljq8sm9bsz6k22as5ar3jw78644m-nix-2.8.1";
i686-linux = "/nix/store/c4yjv4l8wncdla6ycicvsjrdf40xjkpp-nix-2.8.1";
aarch64-linux = "/nix/store/qkgvks80mdibq7m86hqasgr5lpixbnmh-nix-2.8.1";
x86_64-darwin = "/nix/store/riz4mzb1xhp36088ffnp40lz52bpxz01-nix-2.8.1";
aarch64-darwin = "/nix/store/dirm8hsnmvvzjs21hrx8i84w8k453jzp-nix-2.8.1";
x86_64-linux = "/nix/store/6g4fla3vkcxihph282a0v3cd10709y7c-nix-2.9.1";
i686-linux = "/nix/store/j143221z44469zx21f5m9a47x7y1jpr5-nix-2.9.1";
aarch64-linux = "/nix/store/c4z3vy1sgm49la8bvmdrrpssgk4iw2nk-nix-2.9.1";
x86_64-darwin = "/nix/store/cqdwb7khf6zg94bz7lnvfjqx6z775qaw-nix-2.9.1";
aarch64-darwin = "/nix/store/1brkxcs287n1px2i4fq39l7h51hjv0f8-nix-2.9.1";
}

4
nixos/modules/programs/kdeconnect.nix
Unescape View File

@ -12,8 +12,8 @@ with lib;
implementation if you use Gnome.
'';
package = mkOption {
default = pkgs.kdeconnect;
defaultText = literalExpression "pkgs.kdeconnect";
default = pkgs.plasma5Packages.kdeconnect-kde;
defaultText = literalExpression "pkgs.plasma5Packages.kdeconnect-kde";
type = types.package;
example = literalExpression "pkgs.gnomeExtensions.gsconnect";
description = ''

236
nixos/modules/services/misc/sourcehut/builds.nix
Unescape View File

@ -1,236 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
scfg = cfg.builds;
rcfg = config.services.redis;
iniKey = "builds.sr.ht";
drv = pkgs.sourcehut.buildsrht;
in
{
options.services.sourcehut.builds = {
user = mkOption {
type = types.str;
default = "buildsrht";
description = ''
User for builds.sr.ht.
'';
};
port = mkOption {
type = types.port;
default = 5002;
description = ''
Port on which the "builds" module should listen.
'';
};
database = mkOption {
type = types.str;
default = "builds.sr.ht";
description = ''
PostgreSQL database name for builds.sr.ht.
'';
};
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/buildsrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/buildsrht"'';
description = ''
State path for builds.sr.ht.
'';
};
enableWorker = mkOption {
type = types.bool;
default = false;
description = ''
Run workers for builds.sr.ht.
'';
};
images = mkOption {
type = types.attrsOf (types.attrsOf (types.attrsOf types.package));
default = { };
example = lib.literalExpression ''(let
# Pinning unstable to allow usage with flakes and limit rebuilds.
pkgs_unstable = builtins.fetchGit {
url = "https://github.com/NixOS/nixpkgs";
rev = "ff96a0fa5635770390b184ae74debea75c3fd534";
ref = "nixos-unstable";
};
image_from_nixpkgs = pkgs_unstable: (import ("''${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") {
pkgs = (import pkgs_unstable {});
});
in
{
nixos.unstable.x86_64 = image_from_nixpkgs pkgs_unstable;
}
)'';
description = ''
Images for builds.sr.ht. Each package should be distro.release.arch and point to a /nix/store/package/root.img.qcow2.
'';
};
};
config = with scfg; let
image_dirs = lib.lists.flatten (
lib.attrsets.mapAttrsToList
(distro: revs:
lib.attrsets.mapAttrsToList
(rev: archs:
lib.attrsets.mapAttrsToList
(arch: image:
pkgs.runCommand "buildsrht-images" { } ''
mkdir -p $out/${distro}/${rev}/${arch}
ln -s ${image}/*.qcow2 $out/${distro}/${rev}/${arch}/root.img.qcow2
'')
archs)
revs)
scfg.images);
image_dir_pre = pkgs.symlinkJoin {
name = "builds.sr.ht-worker-images-pre";
paths = image_dirs ++ [
"${pkgs.sourcehut.buildsrht}/lib/images"
];
};
image_dir = pkgs.runCommand "builds.sr.ht-worker-images" { } ''
mkdir -p $out/images
cp -Lr ${image_dir_pre}/* $out/images
'';
in
lib.mkIf (cfg.enable && elem "builds" cfg.services) {
users = {
users = {
"${user}" = {
isSystemUser = true;
group = user;
extraGroups = lib.optionals cfg.builds.enableWorker [ "docker" ];
description = "builds.sr.ht user";
};
};
groups = {
"${user}" = { };
};
};
services.postgresql = {
authentication = ''
local ${database} ${user} trust
'';
ensureDatabases = [ database ];
ensureUsers = [
{
name = user;
ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
}
];
};
systemd = {
tmpfiles.rules = [
"d ${statePath} 0755 ${user} ${user} -"
] ++ (lib.optionals cfg.builds.enableWorker
[ "d ${statePath}/logs 0775 ${user} ${user} - -" ]
);
services = {
buildsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey
{
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "builds.sr.ht website service";
serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
# Hack to bypass this hack: https://git.sr.ht/~sircmpwn/core.sr.ht/tree/master/item/srht-update-profiles#L6
} // { preStart = " "; };
buildsrht-worker = {
enable = scfg.enableWorker;
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
partOf = [ "buildsrht.service" ];
description = "builds.sr.ht worker service";
path = [ pkgs.openssh pkgs.docker ];
preStart = let qemuPackage = pkgs.qemu_kvm;
in ''
if [[ "$(docker images -q qemu:latest 2> /dev/null)" == "" || "$(cat ${statePath}/docker-image-qemu 2> /dev/null || true)" != "${qemuPackage.version}" ]]; then
# Create and import qemu:latest image for docker
${
pkgs.dockerTools.streamLayeredImage {
name = "qemu";
tag = "latest";
contents = [ qemuPackage ];
}
} | docker load
# Mark down current package version
printf "%s" "${qemuPackage.version}" > ${statePath}/docker-image-qemu
fi
'';
serviceConfig = {
Type = "simple";
User = user;
Group = "nginx";
Restart = "always";
};
serviceConfig.ExecStart = "${pkgs.sourcehut.buildsrht}/bin/builds.sr.ht-worker";
};
};
};
services.sourcehut.settings = {
# URL builds.sr.ht is being served at (protocol://domain)
"builds.sr.ht".origin = mkDefault "http://builds.${cfg.originBase}";
# Address and port to bind the debug server to
"builds.sr.ht".debug-host = mkDefault "0.0.0.0";
"builds.sr.ht".debug-port = mkDefault port;
# Configures the SQLAlchemy connection string for the database.
"builds.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
# Set to "yes" to automatically run migrations on package upgrade.
"builds.sr.ht".migrate-on-upgrade = mkDefault "yes";
# builds.sr.ht's OAuth client ID and secret for meta.sr.ht
# Register your client at meta.example.org/oauth
"builds.sr.ht".oauth-client-id = mkDefault null;
"builds.sr.ht".oauth-client-secret = mkDefault null;
# The redis connection used for the celery worker
"builds.sr.ht".redis = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/3";
# The shell used for ssh
"builds.sr.ht".shell = mkDefault "runner-shell";
# Register the builds.sr.ht dispatcher
"git.sr.ht::dispatch".${builtins.unsafeDiscardStringContext "${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys"} = mkDefault "${user}:${user}";
# Location for build logs, images, and control command
} // lib.attrsets.optionalAttrs scfg.enableWorker {
# Default worker stores logs that are accessible via this address:port
"builds.sr.ht::worker".name = mkDefault "127.0.0.1:5020";
"builds.sr.ht::worker".buildlogs = mkDefault "${scfg.statePath}/logs";
"builds.sr.ht::worker".images = mkDefault "${image_dir}/images";
"builds.sr.ht::worker".controlcmd = mkDefault "${image_dir}/images/control";
"builds.sr.ht::worker".timeout = mkDefault "3m";
};
services.nginx.virtualHosts."logs.${cfg.originBase}" =
if scfg.enableWorker then {
listen = with builtins; let address = split ":" cfg.settings."builds.sr.ht::worker".name;
in [{ addr = elemAt address 0; port = lib.toInt (elemAt address 2); }];
locations."/logs".root = "${scfg.statePath}";
} else { };
services.nginx.virtualHosts."builds.${cfg.originBase}" = {
forceSSL = true;
locations."/".proxyPass = "http://${cfg.address}:${toString port}";
locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
locations."/static".root = "${pkgs.sourcehut.buildsrht}/${pkgs.sourcehut.python.sitePackages}/buildsrht";
};
};
}

79
nixos/modules/services/misc/sourcehut/default.nix
Unescape View File

@ -83,7 +83,7 @@ let
python = pkgs.sourcehut.python.withPackages (ps: with ps; [
gunicorn
eventlet
# For monitoring Celery: sudo -u listssrht celery --app listssrht.process -b redis+socket:///run/redis-sourcehut/redis.sock?virtual_host=5 flower
# For monitoring Celery: sudo -u listssrht celery --app listssrht.process -b redis+socket:///run/redis-sourcehut/redis.sock?virtual_host=1 flower
flower
# Sourcehut services
srht
@ -238,20 +238,32 @@ in
};
smtp-user = mkOptionNullOrStr "Outgoing SMTP user.";
smtp-password = mkOptionNullOrStr "Outgoing SMTP password.";
smtp-from = mkOptionNullOrStr "Outgoing SMTP FROM.";
smtp-from = mkOption {
type = types.str;
description = "Outgoing SMTP FROM.";
};
error-to = mkOptionNullOrStr "Address receiving application exceptions";
error-from = mkOptionNullOrStr "Address sending application exceptions";
pgp-privkey = mkOptionNullOrStr ''
An absolute file path (which should be outside the Nix-store)
to an OpenPGP private key.
pgp-privkey = mkOption {
type = types.str;
description = ''
An absolute file path (which should be outside the Nix-store)
to an OpenPGP private key.
Your PGP key information (DO NOT mix up pub and priv here)
You must remove the password from your secret key, if present.
You can do this with <code>gpg --edit-key [key-id]</code>,
then use the <code>passwd</code> command and do not enter a new password.
'';
pgp-pubkey = mkOptionNullOrStr "OpenPGP public key.";
pgp-key-id = mkOptionNullOrStr "OpenPGP key identifier.";
Your PGP key information (DO NOT mix up pub and priv here)
You must remove the password from your secret key, if present.
You can do this with <code>gpg --edit-key [key-id]</code>,
then use the <code>passwd</code> command and do not enter a new password.
'';
};
pgp-pubkey = mkOption {
type = with types; either path str;
description = "OpenPGP public key.";
};
pgp-key-id = mkOption {
type = types.str;
description = "OpenPGP key identifier.";
};
};
options.objects = {
s3-upstream = mkOption {
@ -905,6 +917,11 @@ in
inherit configIniOfService;
srvsrht = "buildsrht";
port = 5002;
extraServices.buildsrht-api = {
serviceConfig.Restart = "always";
serviceConfig.RestartSec = "5s";
serviceConfig.ExecStart = "${pkgs.sourcehut.buildsrht}/bin/buildsrht-api -b ${cfg.listenAddress}:${toString (cfg.builds.port + 100)}";
};
# TODO: a celery worker on the master and worker are apparently needed
extraServices.buildsrht-worker = let
qemuPackage = pkgs.qemu_kvm;
@ -928,13 +945,13 @@ in
fi
'';
serviceConfig = {
ExecStart = "${pkgs.sourcehut.buildsrht}/bin/builds.sr.ht-worker";
ExecStart = "${pkgs.sourcehut.buildsrht}/bin/buildsrht-worker";
BindPaths = [ cfg.settings."builds.sr.ht::worker".buildlogs ];
LogsDirectory = [ "sourcehut/${serviceName}" ];
RuntimeDirectory = [ "sourcehut/${serviceName}/subdir" ];
StateDirectory = [ "sourcehut/${serviceName}" ];
TimeoutStartSec = "1800s";
# builds.sr.ht-worker looks up ../config.ini
# buildsrht-worker looks up ../config.ini
WorkingDirectory = "-"+"/run/sourcehut/${serviceName}/subdir";
};
};
@ -952,12 +969,12 @@ in
) cfg.builds.images
);
image_dir_pre = pkgs.symlinkJoin {
name = "builds.sr.ht-worker-images-pre";
name = "buildsrht-worker-images-pre";
paths = image_dirs;
# FIXME: not working, apparently because ubuntu/latest is a broken link
# ++ [ "${pkgs.sourcehut.buildsrht}/lib/images" ];
};
image_dir = pkgs.runCommand "builds.sr.ht-worker-images" { } ''
image_dir = pkgs.runCommand "buildsrht-worker-images" { } ''
mkdir -p $out/images
cp -Lr ${image_dir_pre}/* $out/images
'';
@ -1081,6 +1098,11 @@ in
};
})
];
extraServices.gitsrht-api = {
serviceConfig.Restart = "always";
serviceConfig.RestartSec = "5s";
serviceConfig.ExecStart = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}";
};
extraServices.gitsrht-fcgiwrap = mkIf cfg.nginx.enable {
serviceConfig = {
# Socket is passed by gitsrht-fcgiwrap.socket
@ -1124,6 +1146,11 @@ in
timerConfig.OnCalendar = ["daily"];
timerConfig.AccuracySec = "1h";
};
extraServices.hgsrht-api = {
serviceConfig.Restart = "always";
serviceConfig.RestartSec = "5s";
serviceConfig.ExecStart = "${pkgs.sourcehut.hgsrht}/bin/hgsrht-api -b ${cfg.listenAddress}:${toString (cfg.hg.port + 100)}";
};
extraConfig = mkMerge [
{
users.users.${cfg.hg.user}.shell = pkgs.bash;
@ -1184,6 +1211,11 @@ in
inherit configIniOfService;
port = 5006;
webhooks = true;
extraServices.listssrht-api = {
serviceConfig.Restart = "always";
serviceConfig.RestartSec = "5s";
serviceConfig.ExecStart = "${pkgs.sourcehut.listssrht}/bin/listssrht-api -b ${cfg.listenAddress}:${toString (cfg.lists.port + 100)}";
};
# Receive the mail from Postfix and enqueue them into Redis and PostgreSQL
extraServices.listssrht-lmtp = {
wants = [ "postfix.service" ];
@ -1232,9 +1264,13 @@ in
inherit configIniOfService;
port = 5000;
webhooks = true;
extraTimers.metasrht-daily.timerConfig = {
OnCalendar = ["daily"];
AccuracySec = "1h";
};
extraServices.metasrht-api = {
serviceConfig.Restart = "always";
serviceConfig.RestartSec = "2s";
serviceConfig.RestartSec = "5s";
preStart = "set -x\n" + concatStringsSep "\n\n" (attrValues (mapAttrs (k: s:
let srvMatch = builtins.match "^([a-z]*)\\.sr\\.ht$" k;
srv = head srvMatch;
@ -1248,10 +1284,6 @@ in
) cfg.settings));
serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}";
};
extraTimers.metasrht-daily.timerConfig = {
OnCalendar = ["daily"];
AccuracySec = "1h";
};
extraConfig = mkMerge [
{
assertions = [
@ -1348,6 +1380,11 @@ in
inherit configIniOfService;
port = 5003;
webhooks = true;
extraServices.todosrht-api = {
serviceConfig.Restart = "always";
serviceConfig.RestartSec = "5s";
serviceConfig.ExecStart = "${pkgs.sourcehut.todosrht}/bin/todosrht-api -b ${cfg.listenAddress}:${toString (cfg.todo.port + 100)}";
};
extraServices.todosrht-lmtp = {
wants = [ "postfix.service" ];
unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service";

127
nixos/modules/services/misc/sourcehut/dispatch.nix
Unescape View File

@ -1,127 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.dispatch;
iniKey = "dispatch.sr.ht";
drv = pkgs.sourcehut.dispatchsrht;
in
{
options.services.sourcehut.dispatch = {
user = mkOption {
type = types.str;
default = "dispatchsrht";
description = ''
User for dispatch.sr.ht.
'';
};
port = mkOption {
type = types.port;
default = 5005;
description = ''
Port on which the "dispatch" module should listen.
'';
};
database = mkOption {
type = types.str;
default = "dispatch.sr.ht";
description = ''
PostgreSQL database name for dispatch.sr.ht.
'';
};
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/dispatchsrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/dispatchsrht"'';
description = ''
State path for dispatch.sr.ht.
'';
};
};
config = with scfg; lib.mkIf (cfg.enable && elem "dispatch" cfg.services) {
users = {
users = {
"${user}" = {
isSystemUser = true;
group = user;
description = "dispatch.sr.ht user";
};
};
groups = {
"${user}" = { };
};
};
services.postgresql = {
authentication = ''
local ${database} ${user} trust
'';
ensureDatabases = [ database ];
ensureUsers = [
{
name = user;
ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
}
];
};
systemd = {
tmpfiles.rules = [
"d ${statePath} 0750 ${user} ${user} -"
];
services.dispatchsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "dispatch.sr.ht website service";
serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
};
};
services.sourcehut.settings = {
# URL dispatch.sr.ht is being served at (protocol://domain)
"dispatch.sr.ht".origin = mkDefault "http://dispatch.${cfg.originBase}";
# Address and port to bind the debug server to
"dispatch.sr.ht".debug-host = mkDefault "0.0.0.0";
"dispatch.sr.ht".debug-port = mkDefault port;
# Configures the SQLAlchemy connection string for the database.
"dispatch.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
# Set to "yes" to automatically run migrations on package upgrade.
"dispatch.sr.ht".migrate-on-upgrade = mkDefault "yes";
# dispatch.sr.ht's OAuth client ID and secret for meta.sr.ht
# Register your client at meta.example.org/oauth
"dispatch.sr.ht".oauth-client-id = mkDefault null;
"dispatch.sr.ht".oauth-client-secret = mkDefault null;
# Github Integration
"dispatch.sr.ht::github".oauth-client-id = mkDefault null;
"dispatch.sr.ht::github".oauth-client-secret = mkDefault null;
# Gitlab Integration
"dispatch.sr.ht::gitlab".enabled = mkDefault null;
"dispatch.sr.ht::gitlab".canonical-upstream = mkDefault "gitlab.com";
"dispatch.sr.ht::gitlab".repo-cache = mkDefault "./repo-cache";
# "dispatch.sr.ht::gitlab"."gitlab.com" = mkDefault "GitLab:application id:secret";
};
services.nginx.virtualHosts."dispatch.${cfg.originBase}" = {
forceSSL = true;
locations."/".proxyPass = "http://${cfg.address}:${toString port}";
locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
locations."/static".root = "${pkgs.sourcehut.dispatchsrht}/${pkgs.sourcehut.python.sitePackages}/dispatchsrht";
};
};
}

217
nixos/modules/services/misc/sourcehut/git.nix
Unescape View File

@ -1,217 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
scfg = cfg.git;
iniKey = "git.sr.ht";
rcfg = config.services.redis;
drv = pkgs.sourcehut.gitsrht;
in
{
options.services.sourcehut.git = {
user = mkOption {
type = types.str;
visible = false;
internal = true;
readOnly = true;
default = "git";
description = ''
User for git.sr.ht.
'';
};
port = mkOption {
type = types.port;
default = 5001;
description = ''
Port on which the "git" module should listen.
'';
};
database = mkOption {
type = types.str;
default = "git.sr.ht";
description = ''
PostgreSQL database name for git.sr.ht.
'';
};
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/gitsrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/gitsrht"'';
description = ''
State path for git.sr.ht.
'';
};
package = mkOption {
type = types.package;
default = pkgs.git;
defaultText = literalExpression "pkgs.git";
example = literalExpression "pkgs.gitFull";
description = ''
Git package for git.sr.ht. This can help silence collisions.
'';
};
};
config = with scfg; lib.mkIf (cfg.enable && elem "git" cfg.services) {
# sshd refuses to run with `Unsafe AuthorizedKeysCommand ... bad ownership or modes for directory /nix/store`
environment.etc."ssh/gitsrht-dispatch" = {
mode = "0755";
text = ''
#! ${pkgs.stdenv.shell}
${cfg.python}/bin/gitsrht-dispatch "$@"
'';
};
# Needs this in the $PATH when sshing into the server
environment.systemPackages = [ cfg.git.package ];
users = {
users = {
"${user}" = {
isSystemUser = true;
group = user;
# https://stackoverflow.com/questions/22314298/git-push-results-in-fatal-protocol-error-bad-line-length-character-this
# Probably could use gitsrht-shell if output is restricted to just parameters...
shell = pkgs.bash;
description = "git.sr.ht user";
};
};
groups = {
"${user}" = { };
};
};
services = {
cron.systemCronJobs = [ "*/20 * * * * ${cfg.python}/bin/gitsrht-periodic" ];
fcgiwrap.enable = true;
openssh.authorizedKeysCommand = ''/etc/ssh/gitsrht-dispatch "%u" "%h" "%t" "%k"'';
openssh.authorizedKeysCommandUser = "root";
openssh.extraConfig = ''
PermitUserEnvironment SRHT_*
'';
postgresql = {
authentication = ''
local ${database} ${user} trust
'';
ensureDatabases = [ database ];
ensureUsers = [
{
name = user;
ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
}
];
};
};
systemd = {
tmpfiles.rules = [
# /var/log is owned by root
"f /var/log/git-srht-shell 0644 ${user} ${user} -"
"d ${statePath} 0750 ${user} ${user} -"
"d ${cfg.settings."${iniKey}".repos} 2755 ${user} ${user} -"
];
services = {
gitsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
after = [ "redis.service" "postgresql.service" "network.target" ];
requires = [ "redis.service" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
# Needs internally to create repos at the very least
path = [ pkgs.git ];
description = "git.sr.ht website service";
serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
};
gitsrht-webhooks = {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "git.sr.ht webhooks service";
serviceConfig = {
Type = "simple";
User = user;
Restart = "always";
};
serviceConfig.ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
};
};
};
services.sourcehut.settings = {
# URL git.sr.ht is being served at (protocol://domain)
"git.sr.ht".origin = mkDefault "http://git.${cfg.originBase}";
# Address and port to bind the debug server to
"git.sr.ht".debug-host = mkDefault "0.0.0.0";
"git.sr.ht".debug-port = mkDefault port;
# Configures the SQLAlchemy connection string for the database.
"git.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
# Set to "yes" to automatically run migrations on package upgrade.
"git.sr.ht".migrate-on-upgrade = mkDefault "yes";
# The redis connection used for the webhooks worker
"git.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1";
# A post-update script which is installed in every git repo.
"git.sr.ht".post-update-script = mkDefault "${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook";
# git.sr.ht's OAuth client ID and secret for meta.sr.ht
# Register your client at meta.example.org/oauth
"git.sr.ht".oauth-client-id = mkDefault null;
"git.sr.ht".oauth-client-secret = mkDefault null;
# Path to git repositories on disk
"git.sr.ht".repos = mkDefault "/var/lib/git";
"git.sr.ht".outgoing-domain = mkDefault "http://git.${cfg.originBase}";
# The authorized keys hook uses this to dispatch to various handlers
# The format is a program to exec into as the key, and the user to match as the
# value. When someone tries to log in as this user, this program is executed
# and is expected to omit an AuthorizedKeys file.
#
# Discard of the string context is in order to allow derivation-derived strings.
# This is safe if the relevant package is installed which will be the case if the setting is utilized.
"git.sr.ht::dispatch".${builtins.unsafeDiscardStringContext "${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys"} = mkDefault "${user}:${user}";
};
services.nginx.virtualHosts."git.${cfg.originBase}" = {
forceSSL = true;
locations."/".proxyPass = "http://${cfg.address}:${toString port}";
locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
locations."/static".root = "${pkgs.sourcehut.gitsrht}/${pkgs.sourcehut.python.sitePackages}/gitsrht";
extraConfig = ''
location = /authorize {
proxy_pass http://${cfg.address}:${toString port};
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location ~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$ {
auth_request /authorize;
root /var/lib/git;
fastcgi_pass unix:/run/fcgiwrap.sock;
fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend;
fastcgi_param PATH_INFO $uri;
fastcgi_param GIT_PROJECT_ROOT $document_root;
fastcgi_read_timeout 500s;
include ${config.services.nginx.package}/conf/fastcgi_params;
gzip off;
}
'';
};
};
}

175
nixos/modules/services/misc/sourcehut/hg.nix
Unescape View File

@ -1,175 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
scfg = cfg.hg;
iniKey = "hg.sr.ht";
rcfg = config.services.redis;
drv = pkgs.sourcehut.hgsrht;
in
{
options.services.sourcehut.hg = {
user = mkOption {
type = types.str;
internal = true;
readOnly = true;
default = "hg";
description = ''
User for hg.sr.ht.
'';
};
port = mkOption {
type = types.port;
default = 5010;
description = ''
Port on which the "hg" module should listen.
'';
};
database = mkOption {
type = types.str;
default = "hg.sr.ht";
description = ''
PostgreSQL database name for hg.sr.ht.
'';
};
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/hgsrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/hgsrht"'';
description = ''
State path for hg.sr.ht.
'';
};
cloneBundles = mkOption {
type = types.bool;
default = false;
description = ''
Generate clonebundles (which require more disk space but dramatically speed up cloning large repositories).
'';
};
};
config = with scfg; lib.mkIf (cfg.enable && elem "hg" cfg.services) {
# In case it ever comes into being
environment.etc."ssh/hgsrht-dispatch" = {
mode = "0755";
text = ''
#! ${pkgs.stdenv.shell}
${cfg.python}/bin/gitsrht-dispatch $@
'';
};
environment.systemPackages = [ pkgs.mercurial ];
users = {
users = {
"${user}" = {
isSystemUser = true;
group = user;
# Assuming hg.sr.ht needs this too
shell = pkgs.bash;
description = "hg.sr.ht user";
};
};
groups = {
"${user}" = { };
};
};
services = {
cron.systemCronJobs = [ "*/20 * * * * ${cfg.python}/bin/hgsrht-periodic" ]
++ optional cloneBundles "0 * * * * ${cfg.python}/bin/hgsrht-clonebundles";
openssh.authorizedKeysCommand = ''/etc/ssh/hgsrht-dispatch "%u" "%h" "%t" "%k"'';
openssh.authorizedKeysCommandUser = "root";
openssh.extraConfig = ''
PermitUserEnvironment SRHT_*
'';
postgresql = {
authentication = ''
local ${database} ${user} trust
'';
ensureDatabases = [ database ];
ensureUsers = [
{
name = user;
ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
}
];
};
};
systemd = {
tmpfiles.rules = [
# /var/log is owned by root
"f /var/log/hg-srht-shell 0644 ${user} ${user} -"
"d ${statePath} 0750 ${user} ${user} -"
"d ${cfg.settings."${iniKey}".repos} 2755 ${user} ${user} -"
];
services.hgsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
after = [ "redis.service" "postgresql.service" "network.target" ];
requires = [ "redis.service" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.mercurial ];
description = "hg.sr.ht website service";
serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
};
};
services.sourcehut.settings = {
# URL hg.sr.ht is being served at (protocol://domain)
"hg.sr.ht".origin = mkDefault "http://hg.${cfg.originBase}";
# Address and port to bind the debug server to
"hg.sr.ht".debug-host = mkDefault "0.0.0.0";
"hg.sr.ht".debug-port = mkDefault port;
# Configures the SQLAlchemy connection string for the database.
"hg.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
# The redis connection used for the webhooks worker
"hg.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1";
# A post-update script which is installed in every mercurial repo.
"hg.sr.ht".changegroup-script = mkDefault "${cfg.python}/bin/hgsrht-hook-changegroup";
# hg.sr.ht's OAuth client ID and secret for meta.sr.ht
# Register your client at meta.example.org/oauth
"hg.sr.ht".oauth-client-id = mkDefault null;
"hg.sr.ht".oauth-client-secret = mkDefault null;
# Path to mercurial repositories on disk
"hg.sr.ht".repos = mkDefault "/var/lib/hg";
# Path to the srht mercurial extension
# (defaults to where the hgsrht code is)
# "hg.sr.ht".srhtext = mkDefault null;
# .hg/store size (in MB) past which the nightly job generates clone bundles.
# "hg.sr.ht".clone_bundle_threshold = mkDefault 50;
# Path to hg-ssh (if not in $PATH)
# "hg.sr.ht".hg_ssh = mkDefault /path/to/hg-ssh;
# The authorized keys hook uses this to dispatch to various handlers
# The format is a program to exec into as the key, and the user to match as the
# value. When someone tries to log in as this user, this program is executed
# and is expected to omit an AuthorizedKeys file.
#
# Uncomment the relevant lines to enable the various sr.ht dispatchers.
"hg.sr.ht::dispatch"."/run/current-system/sw/bin/hgsrht-keys" = mkDefault "${user}:${user}";
};
# TODO: requires testing and addition of hg-specific requirements
services.nginx.virtualHosts."hg.${cfg.originBase}" = {
forceSSL = true;
locations."/".proxyPass = "http://${cfg.address}:${toString port}";
locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
locations."/static".root = "${pkgs.sourcehut.hgsrht}/${pkgs.sourcehut.python.sitePackages}/hgsrht";
};
};
}

120
nixos/modules/services/misc/sourcehut/hub.nix
Unescape View File

@ -1,120 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.hub;
iniKey = "hub.sr.ht";
drv = pkgs.sourcehut.hubsrht;
in
{
options.services.sourcehut.hub = {
user = mkOption {
type = types.str;
default = "hubsrht";
description = ''
User for hub.sr.ht.
'';
};
port = mkOption {
type = types.port;
default = 5014;
description = ''
Port on which the "hub" module should listen.
'';
};
database = mkOption {
type = types.str;
default = "hub.sr.ht";
description = ''
PostgreSQL database name for hub.sr.ht.
'';
};
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/hubsrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/hubsrht"'';
description = ''
State path for hub.sr.ht.
'';
};
};
config = with scfg; lib.mkIf (cfg.enable && elem "hub" cfg.services) {
users = {
users = {
"${user}" = {
isSystemUser = true;
group = user;
description = "hub.sr.ht user";
};
};
groups = {
"${user}" = { };
};
};
services.postgresql = {
authentication = ''
local ${database} ${user} trust
'';
ensureDatabases = [ database ];
ensureUsers = [
{
name = user;
ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
}
];
};
systemd = {
tmpfiles.rules = [
"d ${statePath} 0750 ${user} ${user} -"
];
services.hubsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "hub.sr.ht website service";
serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
};
};
services.sourcehut.settings = {
# URL hub.sr.ht is being served at (protocol://domain)
"hub.sr.ht".origin = mkDefault "http://hub.${cfg.originBase}";
# Address and port to bind the debug server to
"hub.sr.ht".debug-host = mkDefault "0.0.0.0";
"hub.sr.ht".debug-port = mkDefault port;
# Configures the SQLAlchemy connection string for the database.
"hub.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
# Set to "yes" to automatically run migrations on package upgrade.
"hub.sr.ht".migrate-on-upgrade = mkDefault "yes";
# hub.sr.ht's OAuth client ID and secret for meta.sr.ht
# Register your client at meta.example.org/oauth
"hub.sr.ht".oauth-client-id = mkDefault null;
"hub.sr.ht".oauth-client-secret = mkDefault null;
};
services.nginx.virtualHosts."${cfg.originBase}" = {
forceSSL = true;
locations."/".proxyPass = "http://${cfg.address}:${toString port}";
locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
locations."/static".root = "${pkgs.sourcehut.hubsrht}/${pkgs.sourcehut.python.sitePackages}/hubsrht";
};
services.nginx.virtualHosts."hub.${cfg.originBase}" = {
globalRedirect = "${cfg.originBase}";
forceSSL = true;
};
};
}

187
nixos/modules/services/misc/sourcehut/lists.nix
Unescape View File

@ -1,187 +0,0 @@
# Email setup is fairly involved, useful references:
# https://drewdevault.com/2018/08/05/Local-mail-server.html
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.lists;
iniKey = "lists.sr.ht";
rcfg = config.services.redis;
drv = pkgs.sourcehut.listssrht;
in
{
options.services.sourcehut.lists = {
user = mkOption {
type = types.str;
default = "listssrht";
description = ''
User for lists.sr.ht.
'';
};
port = mkOption {
type = types.port;
default = 5006;
description = ''
Port on which the "lists" module should listen.
'';
};
database = mkOption {
type = types.str;
default = "lists.sr.ht";
description = ''
PostgreSQL database name for lists.sr.ht.
'';
};
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/listssrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/listssrht"'';
description = ''
State path for lists.sr.ht.
'';
};
};
config = with scfg; lib.mkIf (cfg.enable && elem "lists" cfg.services) {
users = {
users = {
"${user}" = {
isSystemUser = true;
group = user;
extraGroups = [ "postfix" ];
description = "lists.sr.ht user";
};
};
groups = {
"${user}" = { };
};
};
services.postgresql = {
authentication = ''
local ${database} ${user} trust
'';
ensureDatabases = [ database ];
ensureUsers = [
{
name = user;
ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
}
];
};
systemd = {
tmpfiles.rules = [
"d ${statePath} 0750 ${user} ${user} -"
];
services = {
listssrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "lists.sr.ht website service";
serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
};
listssrht-process = {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "lists.sr.ht process service";
serviceConfig = {
Type = "simple";
User = user;
Restart = "always";
ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.process worker --loglevel=info";
};
};
listssrht-lmtp = {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "lists.sr.ht process service";
serviceConfig = {
Type = "simple";
User = user;
Restart = "always";
ExecStart = "${cfg.python}/bin/listssrht-lmtp";
};
};
listssrht-webhooks = {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "lists.sr.ht webhooks service";
serviceConfig = {
Type = "simple";
User = user;
Restart = "always";
ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
};
};
};
};
services.sourcehut.settings = {
# URL lists.sr.ht is being served at (protocol://domain)
"lists.sr.ht".origin = mkDefault "http://lists.${cfg.originBase}";
# Address and port to bind the debug server to
"lists.sr.ht".debug-host = mkDefault "0.0.0.0";
"lists.sr.ht".debug-port = mkDefault port;
# Configures the SQLAlchemy connection string for the database.
"lists.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
# Set to "yes" to automatically run migrations on package upgrade.
"lists.sr.ht".migrate-on-upgrade = mkDefault "yes";
# lists.sr.ht's OAuth client ID and secret for meta.sr.ht
# Register your client at meta.example.org/oauth
"lists.sr.ht".oauth-client-id = mkDefault null;
"lists.sr.ht".oauth-client-secret = mkDefault null;
# Outgoing email for notifications generated by users
"lists.sr.ht".notify-from = mkDefault "CHANGEME@example.org";
# The redis connection used for the webhooks worker
"lists.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/2";
# The redis connection used for the celery worker
"lists.sr.ht".redis = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/4";
# Network-key
"lists.sr.ht".network-key = mkDefault null;
# Allow creation
"lists.sr.ht".allow-new-lists = mkDefault "no";
# Posting Domain
"lists.sr.ht".posting-domain = mkDefault "lists.${cfg.originBase}";
# Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
# Alternatively, specify IP:PORT and an SMTP server will be run instead.
"lists.sr.ht::worker".sock = mkDefault "/tmp/lists.sr.ht-lmtp.sock";
# The lmtp daemon will make the unix socket group-read/write for users in this
# group.
"lists.sr.ht::worker".sock-group = mkDefault "postfix";
"lists.sr.ht::worker".reject-url = mkDefault "https://man.sr.ht/lists.sr.ht/etiquette.md";
"lists.sr.ht::worker".reject-mimetypes = mkDefault "text/html";
};
services.nginx.virtualHosts."lists.${cfg.originBase}" = {
forceSSL = true;
locations."/".proxyPass = "http://${cfg.address}:${toString port}";
locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
locations."/static".root = "${pkgs.sourcehut.listssrht}/${pkgs.sourcehut.python.sitePackages}/listssrht";
};
};
}

124
nixos/modules/services/misc/sourcehut/man.nix
Unescape View File

@ -1,124 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.man;
iniKey = "man.sr.ht";
drv = pkgs.sourcehut.mansrht;
in
{
options.services.sourcehut.man = {
user = mkOption {
type = types.str;
default = "mansrht";
description = ''
User for man.sr.ht.
'';
};
port = mkOption {
type = types.port;
default = 5004;
description = ''
Port on which the "man" module should listen.
'';
};
database = mkOption {
type = types.str;
default = "man.sr.ht";
description = ''
PostgreSQL database name for man.sr.ht.
'';
};
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/mansrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/mansrht"'';
description = ''
State path for man.sr.ht.
'';
};
};
config = with scfg; lib.mkIf (cfg.enable && elem "man" cfg.services) {
assertions =
[
{
assertion = hasAttrByPath [ "git.sr.ht" "oauth-client-id" ] cfgIni;
message = "man.sr.ht needs access to git.sr.ht.";
}
];
users = {
users = {
"${user}" = {
isSystemUser = true;
group = user;
description = "man.sr.ht user";
};
};
groups = {
"${user}" = { };
};
};
services.postgresql = {
authentication = ''
local ${database} ${user} trust
'';
ensureDatabases = [ database ];
ensureUsers = [
{
name = user;
ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
}
];
};
systemd = {
tmpfiles.rules = [
"d ${statePath} 0750 ${user} ${user} -"
];
services.mansrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "man.sr.ht website service";
serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
};
};
services.sourcehut.settings = {
# URL man.sr.ht is being served at (protocol://domain)
"man.sr.ht".origin = mkDefault "http://man.${cfg.originBase}";
# Address and port to bind the debug server to
"man.sr.ht".debug-host = mkDefault "0.0.0.0";
"man.sr.ht".debug-port = mkDefault port;
# Configures the SQLAlchemy connection string for the database.
"man.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
# Set to "yes" to automatically run migrations on package upgrade.
"man.sr.ht".migrate-on-upgrade = mkDefault "yes";
# man.sr.ht's OAuth client ID and secret for meta.sr.ht
# Register your client at meta.example.org/oauth
"man.sr.ht".oauth-client-id = mkDefault null;
"man.sr.ht".oauth-client-secret = mkDefault null;
};
services.nginx.virtualHosts."man.${cfg.originBase}" = {
forceSSL = true;
locations."/".proxyPass = "http://${cfg.address}:${toString port}";
locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
locations."/static".root = "${pkgs.sourcehut.mansrht}/${pkgs.sourcehut.python.sitePackages}/mansrht";
};
};
}

213
nixos/modules/services/misc/sourcehut/meta.nix
Unescape View File

@ -1,213 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.meta;
iniKey = "meta.sr.ht";
rcfg = config.services.redis;
drv = pkgs.sourcehut.metasrht;
in
{
options.services.sourcehut.meta = {
user = mkOption {
type = types.str;
default = "metasrht";
description = ''
User for meta.sr.ht.
'';
};
port = mkOption {
type = types.port;
default = 5000;
description = ''
Port on which the "meta" module should listen.
'';
};
database = mkOption {
type = types.str;
default = "meta.sr.ht";
description = ''
PostgreSQL database name for meta.sr.ht.
'';
};
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/metasrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/metasrht"'';
description = ''
State path for meta.sr.ht.
'';
};
};
config = with scfg; lib.mkIf (cfg.enable && elem "meta" cfg.services) {
assertions =
[
{
assertion = with cfgIni."meta.sr.ht::billing"; enabled == "yes" -> (stripe-public-key != null && stripe-secret-key != null);
message = "If meta.sr.ht::billing is enabled, the keys should be defined.";
}
];
users = {
users = {
${user} = {
isSystemUser = true;
group = user;
description = "meta.sr.ht user";
};
};
groups = {
"${user}" = { };
};
};
services.cron.systemCronJobs = [ "0 0 * * * ${cfg.python}/bin/metasrht-daily" ];
services.postgresql = {
authentication = ''
local ${database} ${user} trust
'';
ensureDatabases = [ database ];
ensureUsers = [
{
name = user;
ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
}
];
};
systemd = {
tmpfiles.rules = [
"d ${statePath} 0750 ${user} ${user} -"
];
services = {
metasrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "meta.sr.ht website service";
preStart = ''
# Configure client(s) as "preauthorized"
${concatMapStringsSep "\n\n"
(attr: ''
if ! test -e "${statePath}/${attr}.oauth" || [ "$(cat ${statePath}/${attr}.oauth)" != "${cfgIni."${attr}".oauth-client-id}" ]; then
# Configure ${attr}'s OAuth client as "preauthorized"
psql ${database} \
-c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${cfgIni."${attr}".oauth-client-id}'"
printf "%s" "${cfgIni."${attr}".oauth-client-id}" > "${statePath}/${attr}.oauth"
fi
'')
(builtins.attrNames (filterAttrs
(k: v: !(hasInfix "::" k) && builtins.hasAttr "oauth-client-id" v && v.oauth-client-id != null)
cfg.settings))}
'';
serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
};
metasrht-api = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "meta.sr.ht api service";
preStart = ''
# Configure client(s) as "preauthorized"
${concatMapStringsSep "\n\n"
(attr: ''
if ! test -e "${statePath}/${attr}.oauth" || [ "$(cat ${statePath}/${attr}.oauth)" != "${cfgIni."${attr}".oauth-client-id}" ]; then
# Configure ${attr}'s OAuth client as "preauthorized"
psql ${database} \
-c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${cfgIni."${attr}".oauth-client-id}'"
printf "%s" "${cfgIni."${attr}".oauth-client-id}" > "${statePath}/${attr}.oauth"
fi
'')
(builtins.attrNames (filterAttrs
(k: v: !(hasInfix "::" k) && builtins.hasAttr "oauth-client-id" v && v.oauth-client-id != null)
cfg.settings))}
'';
serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b :${toString (port + 100)}";
};
metasrht-webhooks = {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "meta.sr.ht webhooks service";
serviceConfig = {
Type = "simple";
User = user;
Restart = "always";
ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
};
};
};
};
services.sourcehut.settings = {
# URL meta.sr.ht is being served at (protocol://domain)
"meta.sr.ht".origin = mkDefault "https://meta.${cfg.originBase}";
# Address and port to bind the debug server to
"meta.sr.ht".debug-host = mkDefault "0.0.0.0";
"meta.sr.ht".debug-port = mkDefault port;
# Configures the SQLAlchemy connection string for the database.
"meta.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
# Set to "yes" to automatically run migrations on package upgrade.
"meta.sr.ht".migrate-on-upgrade = mkDefault "yes";
# If "yes", the user will be sent the stock sourcehut welcome emails after
# signup (requires cron to be configured properly). These are specific to the
# sr.ht instance so you probably want to patch these before enabling this.
"meta.sr.ht".welcome-emails = mkDefault "no";
# The redis connection used for the webhooks worker
"meta.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/6";
# If "no", public registration will not be permitted.
"meta.sr.ht::settings".registration = mkDefault "no";
# Where to redirect new users upon registration
"meta.sr.ht::settings".onboarding-redirect = mkDefault "https://meta.${cfg.originBase}";
# How many invites each user is issued upon registration (only applicable if
# open registration is disabled)
"meta.sr.ht::settings".user-invites = mkDefault 5;
# Origin URL for API, 100 more than web
"meta.sr.ht".api-origin = mkDefault "http://localhost:5100";
# You can add aliases for the client IDs of commonly used OAuth clients here.
#
# Example:
"meta.sr.ht::aliases" = mkDefault { };
# "meta.sr.ht::aliases"."git.sr.ht" = 12345;
# "yes" to enable the billing system
"meta.sr.ht::billing".enabled = mkDefault "no";
# Get your keys at https://dashboard.stripe.com/account/apikeys
"meta.sr.ht::billing".stripe-public-key = mkDefault null;
"meta.sr.ht::billing".stripe-secret-key = mkDefault null;
};
services.nginx.virtualHosts."meta.${cfg.originBase}" = {
forceSSL = true;
locations."/".proxyPass = "http://${cfg.address}:${toString port}";
locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
locations."/static".root = "${pkgs.sourcehut.metasrht}/${pkgs.sourcehut.python.sitePackages}/metasrht";
};
};
}

135
nixos/modules/services/misc/sourcehut/paste.nix
Unescape View File

@ -1,135 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.paste;
iniKey = "paste.sr.ht";
rcfg = config.services.redis;
drv = pkgs.sourcehut.pastesrht;
in
{
options.services.sourcehut.paste = {
user = mkOption {
type = types.str;
default = "pastesrht";
description = ''
User for paste.sr.ht.
'';
};
port = mkOption {
type = types.port;
default = 5011;
description = ''
Port on which the "paste" module should listen.
'';
};
database = mkOption {
type = types.str;
default = "paste.sr.ht";
description = ''
PostgreSQL database name for paste.sr.ht.
'';
};
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/pastesrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/pastesrht"'';
description = ''
State path for pastesrht.sr.ht.
'';
};
};
config = with scfg; lib.mkIf (cfg.enable && elem "paste" cfg.services) {
users = {
users = {
"${user}" = {
isSystemUser = true;
group = user;
description = "paste.sr.ht user";
};
};
groups = {
"${user}" = { };
};
};
services.postgresql = {
authentication = ''
local ${database} ${user} trust
'';
ensureDatabases = [ database ];
ensureUsers = [
{
name = user;
ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
}
];
};
systemd = {
tmpfiles.rules = [
"d ${statePath} 0750 ${user} ${user} -"
];
services = {
pastesrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "paste.sr.ht website service";
serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
};
pastesrht-webhooks = {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "paste.sr.ht webhooks service";
serviceConfig = {
Type = "simple";
User = user;
Restart = "always";
ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
};
};
};
};
services.sourcehut.settings = {
# URL paste.sr.ht is being served at (protocol://domain)
"paste.sr.ht".origin = mkDefault "http://paste.${cfg.originBase}";
# Address and port to bind the debug server to
"paste.sr.ht".debug-host = mkDefault "0.0.0.0";
"paste.sr.ht".debug-port = mkDefault port;
# Configures the SQLAlchemy connection string for the database.
"paste.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
# Set to "yes" to automatically run migrations on package upgrade.
"paste.sr.ht".migrate-on-upgrade = mkDefault "yes";
# paste.sr.ht's OAuth client ID and secret for meta.sr.ht
# Register your client at meta.example.org/oauth
"paste.sr.ht".oauth-client-id = mkDefault null;
"paste.sr.ht".oauth-client-secret = mkDefault null;
"paste.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/5";
};
services.nginx.virtualHosts."paste.${cfg.originBase}" = {
forceSSL = true;
locations."/".proxyPass = "http://${cfg.address}:${toString port}";
locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
locations."/static".root = "${pkgs.sourcehut.pastesrht}/${pkgs.sourcehut.python.sitePackages}/pastesrht";
};
};
}

2
nixos/modules/services/misc/sourcehut/service.nix
Unescape View File

@ -148,7 +148,7 @@ in
redis = {
host = mkOption {
type = types.str;
default = "unix:/run/redis-sourcehut-${srvsrht}/redis.sock?db=0";
default = "unix:///run/redis-sourcehut-${srvsrht}/redis.sock?db=0";
example = "redis://shared.wireguard:6379/0";
description = ''
The redis host URL. This is used for caching and temporary storage, and must

163
nixos/modules/services/misc/sourcehut/todo.nix
Unescape View File

@ -1,163 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.todo;
iniKey = "todo.sr.ht";
rcfg = config.services.redis;
drv = pkgs.sourcehut.todosrht;
in
{
options.services.sourcehut.todo = {
user = mkOption {
type = types.str;
default = "todosrht";
description = ''
User for todo.sr.ht.
'';
};
port = mkOption {
type = types.port;
default = 5003;
description = ''
Port on which the "todo" module should listen.
'';
};
database = mkOption {
type = types.str;
default = "todo.sr.ht";
description = ''
PostgreSQL database name for todo.sr.ht.
'';
};
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/todosrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/todosrht"'';
description = ''
State path for todo.sr.ht.
'';
};
};
config = with scfg; lib.mkIf (cfg.enable && elem "todo" cfg.services) {
users = {
users = {
"${user}" = {
isSystemUser = true;
group = user;
extraGroups = [ "postfix" ];
description = "todo.sr.ht user";
};
};
groups = {
"${user}" = { };
};
};
services.postgresql = {
authentication = ''
local ${database} ${user} trust
'';
ensureDatabases = [ database ];
ensureUsers = [
{
name = user;
ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
}
];
};
systemd = {
tmpfiles.rules = [
"d ${statePath} 0750 ${user} ${user} -"
];
services = {
todosrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "todo.sr.ht website service";
serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
};
todosrht-lmtp = {
after = [ "postgresql.service" "network.target" ];
bindsTo = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "todo.sr.ht process service";
serviceConfig = {
Type = "simple";
User = user;
Restart = "always";
ExecStart = "${cfg.python}/bin/todosrht-lmtp";
};
};
todosrht-webhooks = {
after = [ "postgresql.service" "network.target" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
description = "todo.sr.ht webhooks service";
serviceConfig = {
Type = "simple";
User = user;
Restart = "always";
ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
};
};
};
};
services.sourcehut.settings = {
# URL todo.sr.ht is being served at (protocol://domain)
"todo.sr.ht".origin = mkDefault "http://todo.${cfg.originBase}";
# Address and port to bind the debug server to
"todo.sr.ht".debug-host = mkDefault "0.0.0.0";
"todo.sr.ht".debug-port = mkDefault port;
# Configures the SQLAlchemy connection string for the database.
"todo.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
# Set to "yes" to automatically run migrations on package upgrade.
"todo.sr.ht".migrate-on-upgrade = mkDefault "yes";
# todo.sr.ht's OAuth client ID and secret for meta.sr.ht
# Register your client at meta.example.org/oauth
"todo.sr.ht".oauth-client-id = mkDefault null;
"todo.sr.ht".oauth-client-secret = mkDefault null;
# Outgoing email for notifications generated by users
"todo.sr.ht".notify-from = mkDefault "CHANGEME@example.org";
# The redis connection used for the webhooks worker
"todo.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1";
# Network-key
"todo.sr.ht".network-key = mkDefault null;
# Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
# Alternatively, specify IP:PORT and an SMTP server will be run instead.
"todo.sr.ht::mail".sock = mkDefault "/tmp/todo.sr.ht-lmtp.sock";
# The lmtp daemon will make the unix socket group-read/write for users in this
# group.
"todo.sr.ht::mail".sock-group = mkDefault "postfix";
"todo.sr.ht::mail".posting-domain = mkDefault "todo.${cfg.originBase}";
};
services.nginx.virtualHosts."todo.${cfg.originBase}" = {
forceSSL = true;
locations."/".proxyPass = "http://${cfg.address}:${toString port}";
locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
locations."/static".root = "${pkgs.sourcehut.todosrht}/${pkgs.sourcehut.python.sitePackages}/todosrht";
};
};
}

42
nixos/tests/sourcehut.nix
Unescape View File

@ -169,6 +169,45 @@ in
oauth-client-id = "d07cb713d920702e";
};
settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA=";
settings.mail = {
smtp-from = "root+hut@${domain}";
# WARNING: take care to keep pgp-privkey outside the Nix store in production,
# or use LoadCredentialEncrypted=
pgp-privkey = toString (pkgs.writeText "sourcehut.pgp-privkey" ''
-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd
Gk7hYQoAAP9X4oPmxxrHN8LewBpWITdBomNqlHoiP7mI0nz/BOPJHxEktDZuaXhv
cy90ZXN0cy9zb3VyY2VodXQgPHJvb3QraHV0QHNvdXJjZWh1dC5sb2NhbGRvbWFp
bj6IlwQTFgoAPxYhBPqjgjnL8RHN4JnADNicgXaYm0jJBQJioNE5AhsDBQkDwmcA
BgsJCAcDCgUVCgkICwUWAwIBAAIeBQIXgAAKCRDYnIF2mJtIySVCAP9e2nHsVHSi
2B1YGZpVG7Xf36vxljmMkbroQy+0gBPwRwEAq+jaiQqlbGhQ7R/HMFcAxBIVsq8h
Aw1rngsUd0o3dAicXQRioNE5EgorBgEEAZdVAQUBAQdAXZV2Sd5ZNBVTBbTGavMv
D6ORrUh8z7TI/3CsxCE7+yADAQgHAAD/c1RU9xH+V/uI1fE7HIn/zL0LUPpsuce2
cH++g4u3kBgTOYh+BBgWCgAmFiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg0TkC
GwwFCQPCZwAACgkQ2JyBdpibSMlKagD/cTre6p1m8QuJ7kwmCFRSz5tBzIuYMMgN
xtT7dmS91csA/35fWsOykSiFRojQ7ccCSUTHL7ApF2EbL968tP/D2hIG
=Hjoc
-----END PGP PRIVATE KEY BLOCK-----
'');
pgp-pubkey = pkgs.writeText "sourcehut.pgp-pubkey" ''
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd
Gk7hYQq0Nm5peG9zL3Rlc3RzL3NvdXJjZWh1dCA8cm9vdCtodXRAc291cmNlaHV0
LmxvY2FsZG9tYWluPoiXBBMWCgA/FiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg
0TkCGwMFCQPCZwAGCwkIBwMKBRUKCQgLBRYDAgEAAh4FAheAAAoJENicgXaYm0jJ
JUIA/17acexUdKLYHVgZmlUbtd/fq/GWOYyRuuhDL7SAE/BHAQCr6NqJCqVsaFDt
H8cwVwDEEhWyryEDDWueCxR3Sjd0CLg4BGKg0TkSCisGAQQBl1UBBQEBB0BdlXZJ
3lk0FVMFtMZq8y8Po5GtSHzPtMj/cKzEITv7IAMBCAeIfgQYFgoAJhYhBPqjgjnL
8RHN4JnADNicgXaYm0jJBQJioNE5AhsMBQkDwmcAAAoJENicgXaYm0jJSmoA/3E6
3uqdZvELie5MJghUUs+bQcyLmDDIDcbU+3ZkvdXLAP9+X1rDspEohUaI0O3HAklE
xy+wKRdhGy/evLT/w9oSBg==
=pJD7
-----END PGP PUBLIC KEY BLOCK-----
'';
pgp-key-id = "0xFAA38239CBF111CDE099C00CD89C8176989B48C9";
};
};
networking.firewall.allowedTCPPorts = [ 443 ];
@ -195,6 +234,7 @@ in
# Testing metasrht
machine.wait_for_unit("metasrht-api.service")
machine.wait_for_unit("metasrht.service")
machine.wait_for_unit("metasrht-webhooks.service")
machine.wait_for_open_port(5000)
machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}")
machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}")
@ -206,7 +246,9 @@ in
#machine.wait_for_unit("buildsrht-worker.service")
# Testing gitsrht
machine.wait_for_unit("gitsrht-api.service")
machine.wait_for_unit("gitsrht.service")
machine.wait_for_unit("gitsrht-webhooks.service")
machine.succeed("curl -sL http://git.${domain} | grep git.${domain}")
'';
})

12
pkgs/applications/misc/feedbackd/default.nix
Unescape View File

@ -32,7 +32,9 @@ stdenv.mkDerivation rec {
# only a Debian package release that is tagged in the upstream repo
version = "0.0.0+git20220520";
outputs = [ "out" "dev" "devdoc" ];
outputs = [ "out" "dev" ]
# remove if cross-compiling gobject-introspection works
++ lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [ "devdoc" ];
src = fetchFromGitLab {
domain = "source.puri.sm";
@ -61,7 +63,13 @@ stdenv.mkDerivation rec {
libgudev
];
mesonFlags = [ "-Dgtk_doc=true" "-Dman=true" ];
mesonFlags = [
"-Dgtk_doc=${lib.boolToString (stdenv.buildPlatform == stdenv.hostPlatform)}"
"-Dman=true"
# TODO(mindavi): introspection broken due to https://github.com/NixOS/nixpkgs/issues/72868
# can be removed if cross-compiling gobject-introspection works.
"-Dintrospection=${if (stdenv.buildPlatform == stdenv.hostPlatform) then "enabled" else "disabled"}"
];
checkInputs = [
dbus

32
pkgs/applications/misc/stw/default.nix
Unescape View File

@ -0,0 +1,32 @@
{ lib
, stdenv
, fetchFromGitHub
, libX11
, fontconfig
, libXft
, libXrender
}:
stdenv.mkDerivation rec {
pname = "stw";
version = "unstable-2022-02-04";
src = fetchFromGitHub {
owner = "sineemore";
repo = pname;
rev = "c034e04ac912c157f9faa35cb769ba93d92486a0";
sha256 = "sha256-YohHF1O0lm6QWJv/wkS4RVJvWaOjcYSZNls6tt4hbqo==";
};
buildInputs = [ libX11 fontconfig libXft libXrender ];
makeFlags = [ "CC:=$(CC)" "PREFIX=$(out)" ];
meta = with lib; {
description = "A simple text widget for X resembling the watch(1) command";
license = licenses.mit;
maintainers = with maintainers; [ somasis ];
platforms = platforms.unix;
broken = stdenv.isDarwin;
};
}

10
pkgs/applications/networking/cluster/talosctl/default.nix
Unescape View File

@ -1,11 +1,11 @@
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
let
# look for GO_LDFLAGS getting set in the Makefile
version = "1.0.5";
sha256 = "sha256-xgzIbhgV1AAUa0tooYtzUMqK4Co3PvWQ0YbZuf0JgFE=";
vendorSha256 = "sha256-Gp30qCGV+EaJ1lvfleZHRWVL6rdSj0mvpumWsqr9IT0=";
pkgsVersion = "v1.0.0-17-g7567bf4";
extrasVersion = "v1.0.0-3-g6327c36";
version = "1.0.6";
sha256 = "sha256-4cUaQWqVndp06eFgqInOMMGITbTdZO5BOqXW2XEpuWU=";
vendorSha256 = "sha256-7q35d+jbIDe7fAy6nL5FWdSovBb/f64HYLHGL+zE6bI=";
pkgsVersion = "v1.0.0-25-gcf9709e";
extrasVersion = "v1.0.0-4-g05b0920";
in
buildGoModule rec {
pname = "talosctl";

4
pkgs/applications/networking/instant-messengers/discord/default.nix
Unescape View File

@ -2,7 +2,7 @@
let
inherit (pkgs) callPackage fetchurl;
versions = if stdenv.isLinux then {
stable = "0.0.17";
stable = "0.0.18";
ptb = "0.0.29";
canary = "0.0.135";
} else {
@ -21,7 +21,7 @@ let
stable = fetchurl {
url =
"https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz";
sha256 = "058k0cmbm4y572jqw83bayb2zzl2fw2aaz0zj1gvg6sxblp76qil";
sha256 = "1hl01rf3l6kblx5v7rwnwms30iz8zw6dwlkjsx2f1iipljgkh5q4";
};
ptb = fetchurl {
url =

6
pkgs/applications/version-management/git-and-tools/gh/default.nix
Unescape View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "gh";
version = "2.11.3";
version = "2.12.0";
src = fetchFromGitHub {
owner = "cli";
repo = "cli";
rev = "v${version}";
sha256 = "sha256-b00bP0usTpYr5EShyckmZ+a1Mw48payU/KllSck47fI=";
sha256 = "sha256-gJwSnaOJc7W5zA/7D8tmXi3g+or5cNIlJ2J6gS51D6I=";
};
vendorSha256 = "sha256-soNQXtpQ217scP606UA05+r9WIrUAMOCDBsfLKrVD+Q=";
vendorSha256 = "sha256-du4IQNQPwM245yr0dSe1C7TU6gaFgvZhxaXi3xsKuWY=";
nativeBuildInputs = [ installShellFiles ];

29
pkgs/applications/version-management/sourcehut/builds.nix
Unescape View File

@ -1,7 +1,7 @@
{ lib
, fetchFromSourcehut
, buildPythonPackage
, buildGoModule
, buildPythonPackage
, srht
, redis
, celery
@ -9,21 +9,29 @@
, markdown
, ansi2html
, python
, unzip
}:
let
version = "0.75.2";
version = "0.81.0";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "builds.sr.ht";
rev = version;
sha256 = "sha256-SwyxMzmp9baRQ0vceuEn/OpfIv7z7jwq/l67hdOHXjM=";
sha256 = "sha256-oUSzanRFZ2dQTgm/VuNhqUaUAPq7ffxR7OtBKtE61DE=";
};
buildWorker = src: buildGoModule {
buildsrht-api = buildGoModule ({
inherit src version;
pname = "builds-sr-ht-worker";
pname = "buildsrht-api";
modRoot = "api";
vendorSha256 = "sha256-roTwqtg4Y846PNtLdRN/LV3Jd0LVElqjFy3DJcrwoaI=";
} // import ./fix-gqlgen-trimpath.nix { inherit unzip; });
buildsrht-worker = buildGoModule {
inherit src version;
sourceRoot = "source/worker";
pname = "buildsrht-worker";
vendorSha256 = "sha256-Pf1M9a43eK4jr6QMi6kRHA8DodXQU0pqq9ua5VC3ER0=";
};
in
@ -31,10 +39,10 @@ buildPythonPackage rec {
inherit src version;
pname = "buildsrht";
patches = [
# Revert change breaking Unix socket support for Redis
patches/redis-socket/build/0001-Revert-Add-build-submission-and-queue-monitoring.patch
];
postPatch = ''
substituteInPlace Makefile \
--replace "all: api worker" ""
'';
nativeBuildInputs = srht.nativeBuildInputs;
@ -58,7 +66,8 @@ buildPythonPackage rec {
cp -r images $out/lib
cp contrib/submit_image_build $out/bin/builds.sr.ht
cp ${buildWorker "${src}/worker"}/bin/worker $out/bin/builds.sr.ht-worker
ln -s ${buildsrht-api}/bin/api $out/bin/buildsrht-api
ln -s ${buildsrht-worker}/bin/worker $out/bin/buildsrht-worker
'';
pythonImportsCheck = [ "buildsrht" ];

13
pkgs/applications/version-management/sourcehut/core.nix
Unescape View File

@ -1,5 +1,5 @@
{ lib
, fetchgit
, fetchFromSourcehut
, fetchNodeModules
, buildPythonPackage
, pgpy
@ -29,12 +29,13 @@
buildPythonPackage rec {
pname = "srht";
version = "0.68.14";
version = "0.69.0";
src = fetchgit {
url = "https://git.sr.ht/~sircmpwn/core.sr.ht";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "core.sr.ht";
rev = version;
sha256 = "sha256-BY3W2rwrg0mhH3CltgUqg6Xv8Ve5VZNY/lI1cfbAjYM=";
sha256 = "sha256-s/I0wxtPggjTkkTZnhm77PxdQjiT0Vq2MIk7JMvdupc=";
fetchSubmodules = true;
};
@ -47,6 +48,8 @@ buildPythonPackage rec {
patches = [
# Disable check for npm
./disable-npm-install.patch
# Fix Unix socket support in RedisQueueCollector
patches/redis-socket/core/0001-Fix-Unix-socket-support-in-RedisQueueCollector.patch
];
nativeBuildInputs = [

4
pkgs/applications/version-management/sourcehut/default.nix
Unescape View File

@ -2,6 +2,7 @@
, openssl
, callPackage
, recurseIntoAttrs
, nixosTests
}:
# To expose the *srht modules, they have to be a python module so we use `buildPythonModule`
@ -44,4 +45,7 @@ with python.pkgs; recurseIntoAttrs {
pagessrht = pagessrht;
pastesrht = toPythonApplication pastesrht;
todosrht = toPythonApplication todosrht;
passthru.tests = {
nixos-sourcehut = nixosTests.sourcehut;
};
}

32
pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix
Unescape View File

@ -0,0 +1,32 @@
{ unzip
, gqlgenVersion ? "0.17.2"
}:
{
overrideModAttrs = (_: {
# No need to workaround -trimpath: it's not used in go-modules,
# but do download `go generate`'s dependencies nonetheless.
preBuild = ''
go generate ./loaders
go generate ./graph
'';
});
# Workaround this error:
# go: git.sr.ht/~emersion/go-emailthreads@v0.0.0-20220412093310-4fd792e343ba: module lookup disabled by GOPROXY=off
# tidy failed: go mod tidy failed: exit status 1
# graph/generate.go:10: running "go": exit status 1
proxyVendor = true;
nativeBuildInputs = [ unzip ];
# Workaround -trimpath in the package derivation:
# https://github.com/99designs/gqlgen/issues/1537
# This is to give `go generate ./graph` access to gqlgen's *.gotpl files
# If it fails, the gqlgenVersion may have to be updated.
preBuild = ''
unzip ''${GOPROXY#"file://"}/github.com/99designs/gqlgen/@v/v${gqlgenVersion}.zip
go generate ./loaders
go generate ./graph
rm -rf github.com
'';
}

58
pkgs/applications/version-management/sourcehut/git.nix
Unescape View File

@ -1,57 +1,67 @@
{ lib
, fetchFromSourcehut
, buildPythonPackage
, buildGoModule
, buildPythonPackage
, python
, srht
, pygit2
, scmsrht
, unzip
}:
let
version = "0.77.3";
version = "0.78.20";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "git.sr.ht";
rev = version;
sha256 = "sha256-eJvXCcmdiUzTK0EqNJkLEZsAfr6toD/378HObnMbOWM=";
sha256 = "sha256-rZsTtHobsgRVmMOjPa1fiKrPsNyFu/gOsmO0cTl5MqQ=";
};
buildShell = src: buildGoModule {
gitApi = buildGoModule ({
inherit src version;
pname = "gitsrht-shell";
vendorSha256 = "sha256-aqUFICp0C2reqb2p6JCPAUIRsxzSv0t9BHoNWrTYfqk=";
};
pname = "gitsrht-api";
modRoot = "api";
vendorSha256 = "sha256-cCs9FUBusaAou9w4TDOg8GKxhRcsPbSNcQpxvFH/+so=";
} // import ./fix-gqlgen-trimpath.nix { inherit unzip; });
buildDispatcher = src: buildGoModule {
gitDispatch = buildGoModule {
inherit src version;
pname = "gitsrht-dispatcher";
pname = "gitsrht-dispatch";
modRoot = "gitsrht-dispatch";
vendorSha256 = "sha256-qWXPHo86s6iuRBhRMtmD5jxnAWKdrWHtA/iSUkdw89M=";
};
buildKeys = src: buildGoModule {
gitKeys = buildGoModule {
inherit src version;
pname = "gitsrht-keys";
modRoot = "gitsrht-keys";
vendorSha256 = "sha256-9pojS69HCKVHUceyOpGtv9ewcxFD4WsOVsEzkmWJkF4=";
};
buildUpdateHook = src: buildGoModule {
gitShell = buildGoModule {
inherit src version;
pname = "gitsrht-update-hook";
vendorSha256 = "sha256-sBlG7EFqdDm7CkAHVX50Mf4N3sl1rPNmWExG/bfbfGA=";
pname = "gitsrht-shell";
modRoot = "gitsrht-shell";
vendorSha256 = "sha256-WqfvSPuVsOHA//86u33atMfeA11+DJhjLmWy8Ivq0NI=";
};
updateHook = buildUpdateHook "${src}/gitsrht-update-hook";
gitUpdateHook = buildGoModule {
inherit src version;
pname = "gitsrht-update-hook";
modRoot = "gitsrht-update-hook";
vendorSha256 = "sha256-Bc3yPabS2S+qiroHFKrtkII/CfzBDYQ6xWxKHAME+Tc=";
};
in
buildPythonPackage rec {
inherit src version;
pname = "gitsrht";
patches = [
# Revert change breaking Unix socket support for Redis
patches/redis-socket/git/0001-Revert-Add-webhook-queue-monitoring.patch
];
postPatch = ''
substituteInPlace Makefile \
--replace "all: api gitsrht-dispatch gitsrht-keys gitsrht-shell gitsrht-update-hook" ""
'';
nativeBuildInputs = srht.nativeBuildInputs;
@ -68,14 +78,12 @@ buildPythonPackage rec {
postInstall = ''
mkdir -p $out/bin
cp ${buildShell "${src}/gitsrht-shell"}/bin/gitsrht-shell $out/bin/gitsrht-shell
cp ${buildDispatcher "${src}/gitsrht-dispatch"}/bin/gitsrht-dispatch $out/bin/gitsrht-dispatch
cp ${buildKeys "${src}/gitsrht-keys"}/bin/gitsrht-keys $out/bin/gitsrht-keys
cp ${updateHook}/bin/gitsrht-update-hook $out/bin/gitsrht-update-hook
ln -s ${gitApi}/bin/api $out/bin/gitsrht-api
ln -s ${gitDispatch}/bin/gitsrht-dispatch $out/bin/gitsrht-dispatch
ln -s ${gitKeys}/bin/gitsrht-keys $out/bin/gitsrht-keys
ln -s ${gitShell}/bin/gitsrht-shell $out/bin/gitsrht-shell
ln -s ${gitUpdateHook}/bin/gitsrht-update-hook $out/bin/gitsrht-update-hook
'';
passthru = {
inherit updateHook;
};
pythonImportsCheck = [ "gitsrht" ];

38
pkgs/applications/version-management/sourcehut/hg.nix
Unescape View File

@ -1,21 +1,44 @@
{ lib
, fetchhg
, fetchFromSourcehut
, buildGoModule
, buildPythonPackage
, srht
, hglib
, scmsrht
, unidiff
, python
, unzip
}:
buildPythonPackage rec {
pname = "hgsrht";
version = "0.29.4";
version = "0.31.3";
src = fetchhg {
url = "https://hg.sr.ht/~sircmpwn/hg.sr.ht";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "hg.sr.ht";
rev = version;
sha256 = "Jn9M/R5tJK/GeJDWGo3LWCK2nwsfI9zh+/yo2M+X6Sk=";
sha256 = "4Qe08gqsSTMQVQBchFPEUXuxM8ZAAQGJT1EOcDjkZa0=";
vc = "hg";
};
postPatch = ''
substituteInPlace Makefile \
--replace "all: api hgsrht-keys" ""
'';
hgsrht-api = buildGoModule ({
inherit src version;
pname = "hgsrht-api";
modRoot = "api";
vendorSha256 = "sha256-uIP3W7UJkP68HJUF33kz5xfg/KBiaSwMozFYmQJQkys=";
} // import ./fix-gqlgen-trimpath.nix { inherit unzip; });
hgsrht-keys = buildGoModule {
inherit src version;
pname = "hgsrht-keys";
modRoot = "hgsrht-keys";
vendorSha256 = "sha256-7ti8xCjSrxsslF7/1X/GY4FDl+69hPL4UwCDfjxmJLU=";
};
nativeBuildInputs = srht.nativeBuildInputs;
@ -32,6 +55,11 @@ buildPythonPackage rec {
export SRHT_PATH=${srht}/${python.sitePackages}/srht
'';
postInstall = ''
ln -s ${hgsrht-api}/bin/api $out/bin/hgsrht-api
ln -s ${hgsrht-keys}/bin/hgsrht-keys $out/bin/hgsrht-keys
'';
pythonImportsCheck = [ "hgsrht" ];
meta = with lib; {

4
pkgs/applications/version-management/sourcehut/hub.nix
Unescape View File

@ -6,13 +6,13 @@
buildPythonPackage rec {
pname = "hubsrht";
version = "0.14.4";
version = "0.14.14";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "hub.sr.ht";
rev = version;
sha256 = "sha256-7HF+jykWGqzPWA0YtJZQZU7pnID1yexcqLkEf2HpnSs=";
sha256 = "sha256-4n6oQ+AAvdJY/5KflxAp62chjyrlSUkmt319DKZk33w=";
};
nativeBuildInputs = srht.nativeBuildInputs;

25
pkgs/applications/version-management/sourcehut/lists.nix
Unescape View File

@ -1,5 +1,6 @@
{ lib
, fetchFromSourcehut
, buildGoModule
, buildPythonPackage
, srht
, asyncpg
@ -8,23 +9,31 @@
, emailthreads
, redis
, python
, unzip
}:
buildPythonPackage rec {
pname = "listssrht";
version = "0.51.7";
version = "0.51.11";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "lists.sr.ht";
rev = version;
sha256 = "sha256-oNY5A98oVoL2JKO0fU/8YVl8u7ywmHb/RHD8A6z9yIM=";
sha256 = "sha256-Qb70oOazZfmHpC5r0oMYCFdvfAeKbq3mQA8+M56YYnY=";
};
patches = [
# Revert change breaking Unix socket support for Redis
patches/redis-socket/lists/0001-Revert-Add-webhook-queue-monitoring.patch
];
listssrht-api = buildGoModule ({
inherit src version;
pname = "listssrht-api";
modRoot = "api";
vendorSha256 = "sha256-xnmMkRSokbhWD+kz0XQ9AinYdm6/50FRBISURPvlzD0=";
} // import ./fix-gqlgen-trimpath.nix { inherit unzip;});
postPatch = ''
substituteInPlace Makefile \
--replace "all: api" ""
'';
nativeBuildInputs = srht.nativeBuildInputs;
@ -42,6 +51,10 @@ buildPythonPackage rec {
export SRHT_PATH=${srht}/${python.sitePackages}/srht
'';
postInstall = ''
ln -s ${listssrht-api}/bin/api $out/bin/listssrht-api
'';
pythonImportsCheck = [ "listssrht" ];
meta = with lib; {

4
pkgs/applications/version-management/sourcehut/man.nix
Unescape View File

@ -8,13 +8,13 @@
buildPythonPackage rec {
pname = "mansrht";
version = "0.15.23";
version = "0.15.26";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "man.sr.ht";
rev = version;
sha256 = "sha256-xrBptXdwMee+YkPup/BYL/iXBhCzSUQ5htSHIw/1Ncc=";
sha256 = "sha256-5xZH6DrTXMdWd26OGICp7lZ/QDjACIa7zNUJHB7jzGo=";
};
nativeBuildInputs = srht.nativeBuildInputs;

22
pkgs/applications/version-management/sourcehut/meta.nix
Unescape View File

@ -16,32 +16,34 @@
, weasyprint
, prometheus-client
, python
, unzip
}:
let
version = "0.57.5";
version = "0.58.18";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "meta.sr.ht";
rev = version;
sha256 = "sha256-qsCwZaCiqvY445U053OCWD98jlIUi9NB2jWVP2oW3Vk=";
sha256 = "sha256-OjbQHAzG2nZwpJUIvhKaCJWZbhZDC2R6C+SkbKUpk8o=";
};
buildApi = src: buildGoModule {
metasrht-api = buildGoModule ({
inherit src version;
pname = "metasrht-api";
vendorSha256 = "sha256-8Ubrr9qRlgW2wsLHrPHwulSWLz+gp4VPcTvOZpg8TYM=";
};
modRoot = "api";
vendorSha256 = "sha256-kiEuEYZFbwJ6SbKFtxH4SiRaZmqYriRHPoHdTX28+d0=";
} // import ./fix-gqlgen-trimpath.nix { inherit unzip; });
in
buildPythonPackage rec {
pname = "metasrht";
inherit version src;
patches = [
# Revert change breaking Unix socket support for Redis
patches/redis-socket/meta/0001-Revert-Add-webhook-queue-monitoring.patch
];
postPatch = ''
substituteInPlace Makefile \
--replace "all: api" ""
'';
nativeBuildInputs = srht.nativeBuildInputs;
@ -68,7 +70,7 @@ buildPythonPackage rec {
postInstall = ''
mkdir -p $out/bin
cp ${buildApi "${src}/api/"}/bin/api $out/bin/metasrht-api
ln -s ${metasrht-api}/bin/api $out/bin/metasrht-api
'';
pythonImportsCheck = [ "metasrht" ];

18
pkgs/applications/version-management/sourcehut/pages.nix
Unescape View File

@ -1,20 +1,26 @@
{ lib
, fetchFromSourcehut
, buildGoModule
, unzip
}:
buildGoModule rec {
buildGoModule (rec {
pname = "pagessrht";
version = "0.6.2";
version = "0.7.4";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "pages.sr.ht";
rev = version;
sha256 = "sha256-ob0+t9V2o8lhVC6fXbi1rNm0Mnbs+GoyAmhBqVZ13PA=";
sha256 = "sha256-WM9T2LS8yIqaR0PQQRgMk/tiMYcw8DZVPMqMWkj/5RY=";
};
vendorSha256 = "sha256-b0sHSH0jkKoIVq045N96wszuLJDegkkj0v50nuDFleU=";
postPatch = ''
substituteInPlace Makefile \
--replace "all: server" ""
'';
vendorSha256 = "sha256-VOqY/nStqGyfWOXnJSZX8UYyp2kzcibQM2NRNysHYEc=";
postInstall = ''
mkdir -p $out/share/sql/
@ -27,4 +33,6 @@ buildGoModule rec {
license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
# There is no ./loaders but this does not cause troubles
# to go generate
} // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion= "0.17.9"; })

9
pkgs/applications/version-management/sourcehut/paste.nix
Unescape View File

@ -8,15 +8,20 @@
buildPythonPackage rec {
pname = "pastesrht";
version = "0.13.6";
version = "0.13.8";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "paste.sr.ht";
rev = version;
sha256 = "sha256-Khcqk86iD9nxiKXN3+8mSLNoDau2qXNFOrLdkVu+rH8=";
sha256 = "sha256-Zji9FyYUtsklYz4qyLbtduusteC7WujLCMmvZKcqYis=";
};
postPatch = ''
substituteInPlace Makefile \
--replace "all: api" ""
'';
nativeBuildInputs = srht.nativeBuildInputs;
propagatedBuildInputs = [

69
pkgs/applications/version-management/sourcehut/patches/redis-socket/build/0001-Revert-Add-build-submission-and-queue-monitoring.patch
Unescape View File

@ -1,69 +0,0 @@
From 069b03f85847ed4a9223183b62ee53f420838911 Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+srht@sourcephile.fr>
Date: Thu, 16 Dec 2021 04:54:24 +0100
Subject: [PATCH builds.sr.ht] Revert "Add build submission and queue
monitoring"
This reverts commit 690f1aa16c77e418dc40109cd5e8fdf4a7ed947a.
This has broken Unix socket support for Redis
See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E
---
buildsrht/app.py | 3 ---
buildsrht/runner.py | 9 +--------
2 files changed, 1 insertion(+), 11 deletions(-)
diff --git a/buildsrht/app.py b/buildsrht/app.py
index e5321a2..7c9977c 100644
--- a/buildsrht/app.py
+++ b/buildsrht/app.py
@@ -36,9 +36,6 @@ class BuildApp(SrhtFlask):
self.register_blueprint(secrets)
self.register_blueprint(gql_blueprint)
- from buildsrht.runner import builds_queue_metrics_collector
- self.metrics_registry.register(builds_queue_metrics_collector)
-
@self.context_processor
def inject():
return {
diff --git a/buildsrht/runner.py b/buildsrht/runner.py
index 7773452..0389c8e 100644
--- a/buildsrht/runner.py
+++ b/buildsrht/runner.py
@@ -5,13 +5,10 @@ from srht.config import cfg
from srht.database import db
from srht.email import send_email
from srht.oauth import UserType
-from srht.metrics import RedisQueueCollector
-from prometheus_client import Counter
allow_free = cfg("builds.sr.ht", "allow-free", default="no") == "yes"
-builds_broker = cfg("builds.sr.ht", "redis")
-runner = Celery('builds', broker=builds_broker, config_source={
+runner = Celery('builds', broker=cfg("builds.sr.ht", "redis"), config_source={
"CELERY_TASK_SERIALIZER": "json",
"CELERY_ACCEPT_CONTENT": ["json"],
"CELERY_RESULT_SERIALIZER": "json",
@@ -19,9 +16,6 @@ runner = Celery('builds', broker=builds_broker, config_source={
"CELERY_TASK_PROTOCOL": 1
})
-builds_queue_metrics_collector = RedisQueueCollector(builds_broker, "buildsrht_builds", "Number of builds currently in queue")
-builds_submitted = Counter("buildsrht_builds_submited", "Number of builds submitted")
-
def queue_build(job, manifest):
from buildsrht.types import JobStatus
job.status = JobStatus.queued
@@ -34,7 +28,6 @@ def queue_build(job, manifest):
cfg("sr.ht", "owner-email"),
"Cryptocurrency mining attempt on builds.sr.ht")
else:
- builds_submitted.inc()
run_build.delay(job.id, manifest.to_dict())
def requires_payment(user):
--
2.34.0

42
pkgs/applications/version-management/sourcehut/patches/redis-socket/core/0001-Fix-Unix-socket-support-in-RedisQueueCollector.patch
Unescape View File

@ -0,0 +1,42 @@
From 76dd636151735671be74ba9d55f773e190e22827 Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+srht@sourcephile.fr>
Date: Fri, 13 May 2022 22:40:46 +0200
Subject: [PATCH core.sr.ht] Fix Unix socket support in RedisQueueCollector
The broker URL is not necessarily in the format expected by Redis.from_url
Especially, Redis.from_url supports this format for Unix sockets:
unix:///run/redis-sourcehut-metasrht/redis.sock?db=0
See https://redis-py.readthedocs.io/en/stable/#redis.ConnectionPool.from_url
Whereas Celery+Kombu support Redis but also other transports
and thus expect another scheme:
redis+socket:///run/redis-sourcehut-metasrht/redis.sock?virtual_host=1
See https://docs.celeryproject.org/en/stable/userguide/configuration.html#redis-backend-settings
and https://github.com/celery/celery/blob/e5d99801e4b56a02af4a2e183879c767228d2817/celery/backends/redis.py#L299-L352
and https://github.com/celery/kombu/blob/master/kombu/utils/url.py
---
srht/metrics.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/srht/metrics.py b/srht/metrics.py
index 68caf8e..2df5777 100644
--- a/srht/metrics.py
+++ b/srht/metrics.py
@@ -1,11 +1,12 @@
import time
+from celery import Celery
from prometheus_client.metrics_core import GaugeMetricFamily
from redis import Redis, ResponseError
class RedisQueueCollector:
def __init__(self, broker, name, documentation, queue_name="celery"):
- self.redis = Redis.from_url(broker)
+ self.redis = Celery("collector", broker=broker).connection_for_read().channel().client
self.queue_name = queue_name
self.name = name
self.documentation = documentation
--
2.35.1

50
pkgs/applications/version-management/sourcehut/patches/redis-socket/git/0001-Revert-Add-webhook-queue-monitoring.patch
Unescape View File

@ -1,50 +0,0 @@
From 5ccb5386304c26f25b0a9eb10ce9edb6da32f91a Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+srht@sourcephile.fr>
Date: Sat, 12 Feb 2022 00:11:59 +0100
Subject: [PATCH git.sr.ht] Revert "Add webhook queue monitoring"
This reverts commit 7ea630b776947ab82438d0ffa263b0f9d33ebff3.
Which has broken Unix socket support for Redis.
See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E
---
gitsrht/app.py | 3 ---
gitsrht/webhooks.py | 5 +----
2 files changed, 1 insertion(+), 7 deletions(-)
diff --git a/gitsrht/app.py b/gitsrht/app.py
index e9ccb56..4928851 100644
--- a/gitsrht/app.py
+++ b/gitsrht/app.py
@@ -48,9 +48,6 @@ class GitApp(ScmSrhtFlask):
self.add_template_filter(url_quote)
self.add_template_filter(commit_links)
- from gitsrht.webhooks import webhook_metrics_collector
- self.metrics_registry.register(webhook_metrics_collector)
-
@self.context_processor
def inject():
notice = session.get("notice")
diff --git a/gitsrht/webhooks.py b/gitsrht/webhooks.py
index 8a203fe..6240d50 100644
--- a/gitsrht/webhooks.py
+++ b/gitsrht/webhooks.py
@@ -7,13 +7,10 @@ if not hasattr(db, "session"):
db.init()
from srht.webhook import Event
from srht.webhook.celery import CeleryWebhook, make_worker
-from srht.metrics import RedisQueueCollector
from scmsrht.webhooks import UserWebhook
import sqlalchemy as sa
-webhook_broker = cfg("git.sr.ht", "webhooks")
-worker = make_worker(broker=webhook_broker)
-webhook_metrics_collector = RedisQueueCollector(webhook_broker, "srht_webhooks", "Webhook queue length")
+worker = make_worker(broker=cfg("git.sr.ht", "webhooks"))
class RepoWebhook(CeleryWebhook):
events = [
--
2.34.1

48
pkgs/applications/version-management/sourcehut/patches/redis-socket/lists/0001-Revert-Add-webhook-queue-monitoring.patch
Unescape View File

@ -1,48 +0,0 @@
From 730e090f31b150d42be4b4722751f8e4610835b0 Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+srht@sourcephile.fr>
Date: Sat, 12 Feb 2022 00:38:12 +0100
Subject: [PATCH lists.sr.ht] Revert "Add webhook queue monitoring"
This reverts commit e74e344808e8d523a9786cefcbf64c9a247d7a0e.
Which has broken Unix socket support for Redis.
See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E
---
listssrht/app.py | 3 ---
listssrht/webhooks.py | 5 +----
2 files changed, 1 insertion(+), 7 deletions(-)
diff --git a/listssrht/app.py b/listssrht/app.py
index aec59f3..83a355d 100644
--- a/listssrht/app.py
+++ b/listssrht/app.py
@@ -29,9 +29,6 @@ class ListsApp(SrhtFlask):
self.register_blueprint(user)
self.register_blueprint(gql_blueprint)
- from listssrht.webhooks import webhook_metrics_collector
- self.metrics_registry.register(webhook_metrics_collector)
-
@self.context_processor
def inject():
from listssrht.types import ListAccess
diff --git a/listssrht/webhooks.py b/listssrht/webhooks.py
index ae5b1cb..86421ba 100644
--- a/listssrht/webhooks.py
+++ b/listssrht/webhooks.py
@@ -8,11 +8,8 @@ if not hasattr(db, "session"):
db.init()
from srht.webhook import Event
from srht.webhook.celery import CeleryWebhook, make_worker
-from srht.metrics import RedisQueueCollector
-webhook_broker = cfg("lists.sr.ht", "webhooks")
-worker = make_worker(broker=webhook_broker)
-webhook_metrics_collector = RedisQueueCollector(webhook_broker, "srht_webhooks", "Webhook queue length")
+worker = make_worker(broker=cfg("lists.sr.ht", "webhooks"))
class ListWebhook(CeleryWebhook):
events = [
--
2.34.1

48
pkgs/applications/version-management/sourcehut/patches/redis-socket/meta/0001-Revert-Add-webhook-queue-monitoring.patch
Unescape View File

@ -1,48 +0,0 @@
From d88bee195797c6c294320617ff14798da94cd0f3 Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+srht@sourcephile.fr>
Date: Thu, 16 Dec 2021 04:52:08 +0100
Subject: [PATCH meta.sr.ht] Revert "Add webhook queue monitoring"
This reverts commit 9931df3c23094af5179df9ef019ca732b8125dac.
This has broken Unix socket support for Redis.
See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E
---
metasrht/app.py | 3 ---
metasrht/webhooks.py | 5 +----
2 files changed, 1 insertion(+), 7 deletions(-)
diff --git a/metasrht/app.py b/metasrht/app.py
index b190875..89c59bc 100644
--- a/metasrht/app.py
+++ b/metasrht/app.py
@@ -49,9 +49,6 @@ class MetaApp(SrhtFlask):
from metasrht.blueprints.billing import billing
self.register_blueprint(billing)
- from metasrht.webhooks import webhook_metrics_collector
- self.metrics_registry.register(webhook_metrics_collector)
-
@self.context_processor
def inject():
return {
diff --git a/metasrht/webhooks.py b/metasrht/webhooks.py
index 3e1149e..3f0ba01 100644
--- a/metasrht/webhooks.py
+++ b/metasrht/webhooks.py
@@ -7,11 +7,8 @@ if not hasattr(db, "session"):
db.init()
from srht.webhook import Event
from srht.webhook.celery import CeleryWebhook, make_worker
-from srht.metrics import RedisQueueCollector
-webhook_broker = cfg("meta.sr.ht", "webhooks", "redis://")
-worker = make_worker(broker=webhook_broker)
-webhook_metrics_collector = RedisQueueCollector(webhook_broker, "srht_webhooks", "Webhook queue length")
+worker = make_worker(broker=cfg("meta.sr.ht", "webhooks", "redis://"))
class UserWebhook(CeleryWebhook):
events = [
--
2.34.0

50
pkgs/applications/version-management/sourcehut/patches/redis-socket/todo/0001-Revert-Add-webhook-queue-monitoring.patch
Unescape View File

@ -1,50 +0,0 @@
From 42a27ea60d8454552d54e1f51f1b976d1067fc32 Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+srht@sourcephile.fr>
Date: Sat, 12 Feb 2022 00:30:29 +0100
Subject: [PATCH todo.sr.ht] Revert "Add webhook queue monitoring"
This reverts commit 320a5e8f7cd16ca43928c36f0320593f84d986fa.
Which has broken Unix socket support for Redis.
See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E
---
todosrht/flask.py | 3 ---
todosrht/webhooks.py | 6 +-----
2 files changed, 1 insertion(+), 8 deletions(-)
diff --git a/todosrht/flask.py b/todosrht/flask.py
index 5e8ac66..9d0fd27 100644
--- a/todosrht/flask.py
+++ b/todosrht/flask.py
@@ -43,9 +43,6 @@ class TodoApp(SrhtFlask):
self.add_template_filter(urls.tracker_url)
self.add_template_filter(urls.user_url)
- from todosrht.webhooks import webhook_metrics_collector
- self.metrics_registry.register(webhook_metrics_collector)
-
@self.context_processor
def inject():
return {
diff --git a/todosrht/webhooks.py b/todosrht/webhooks.py
index eb8e08a..950047f 100644
--- a/todosrht/webhooks.py
+++ b/todosrht/webhooks.py
@@ -7,13 +7,9 @@ if not hasattr(db, "session"):
db.init()
from srht.webhook import Event
from srht.webhook.celery import CeleryWebhook, make_worker
-from srht.metrics import RedisQueueCollector
import sqlalchemy as sa
-
-webhooks_broker = cfg("todo.sr.ht", "webhooks")
-worker = make_worker(broker=webhooks_broker)
-webhook_metrics_collector = RedisQueueCollector(webhooks_broker, "srht_webhooks", "Webhook queue length")
+worker = make_worker(broker=cfg("todo.sr.ht", "webhooks"))
import todosrht.tracker_import
--
2.34.1

4
pkgs/applications/version-management/sourcehut/scm.nix
Unescape View File

@ -9,13 +9,13 @@
buildPythonPackage rec {
pname = "scmsrht";
version = "0.22.19"; # Untagged version
version = "0.22.22";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "scm.sr.ht";
rev = version;
sha256 = "sha256-/QryPjWJ2S0Ov9DTdrwbM81HYucHiYcLh0oKacflywI=";
sha256 = "sha256-iSzzyI8HZOpOb4dyt520MV/wds14fNag2+UOF09KS7w=";
};
nativeBuildInputs = srht.nativeBuildInputs;

25
pkgs/applications/version-management/sourcehut/todo.nix
Unescape View File

@ -1,5 +1,6 @@
{ lib
, fetchFromSourcehut
, buildGoModule
, buildPythonPackage
, srht
, redis
@ -8,23 +9,31 @@
, pytest
, factory_boy
, python
, unzip
}:
buildPythonPackage rec {
pname = "todosrht";
version = "0.67.2";
version = "0.72.2";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "todo.sr.ht";
rev = version;
sha256 = "sha256-/QHsMlhzyah85ubZyx8j4GDUoITuWcLDJKosbZGeOZU=";
sha256 = "sha256-FLjVO8Y/9s2gFfMXwcY7Rj3WNzPEBYs1AEjiVZFWsT8=";
};
patches = [
# Revert change breaking Unix socket support for Redis
patches/redis-socket/todo/0001-Revert-Add-webhook-queue-monitoring.patch
];
postPatch = ''
substituteInPlace Makefile \
--replace "all: api" ""
'';
todosrht-api = buildGoModule ({
inherit src version;
pname = "todosrht-api";
modRoot = "api";
vendorSha256 = "sha256-LB1H4jwnvoEyaaYJ09NI/M6IkgZwRet/fkso6b9EPV0=";
} // import ./fix-gqlgen-trimpath.nix {inherit unzip;});
nativeBuildInputs = srht.nativeBuildInputs;
@ -40,6 +49,10 @@ buildPythonPackage rec {
export SRHT_PATH=${srht}/${python.sitePackages}/srht
'';
postInstall = ''
ln -s ${todosrht-api}/bin/api $out/bin/todosrht-api
'';
# pytest tests fail
checkInputs = [
pytest

2
pkgs/applications/version-management/sourcehut/update.sh
Unescape View File

@ -16,7 +16,7 @@ version() {
}
src_url() {
nix-instantiate --eval --strict --expr " with import $root {}; let src = sourcehut.python.pkgs.$1.drvAttrs.src; in src.url or src.meta.homepage" | tr -d '"'
nix-instantiate --eval --strict --expr " with import $root {}; let src = sourcehut.python.pkgs.$1.drvAttrs.src; in src.meta.homepage" | tr -d '"'
}
get_latest_version() {

4
pkgs/development/libraries/libnftnl/default.nix
Unescape View File

@ -1,12 +1,12 @@
{ lib, stdenv, fetchurl, pkg-config, libmnl }:
stdenv.mkDerivation rec {
version = "1.2.1";
version = "1.2.2";
pname = "libnftnl";
src = fetchurl {
url = "https://netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2";
sha256 = "0z4khm2mnys9mcl8ckwf19cw20jgrv8650nfncy3xcgs2k2aa23m";
hash = "sha256-nvwAT50VkY1o+emOGU1V4DAWjzO7Z8PnpUW3QMntbQo=";
};
nativeBuildInputs = [ pkg-config ];

10
pkgs/development/libraries/libqalculate/default.nix
Unescape View File

@ -1,5 +1,10 @@
{ lib, stdenv, fetchFromGitHub, mpfr, libxml2, intltool, pkg-config, doxygen,
autoreconfHook, readline, libiconv, icu, curl, gnuplot, gettext }:
{ lib, stdenv, fetchFromGitHub
, mpfr, gnuplot
, readline
, libxml2, curl
, intltool, libiconv, icu, gettext
, pkg-config, doxygen, autoreconfHook, buildPackages
}:
stdenv.mkDerivation rec {
pname = "libqalculate";
@ -16,6 +21,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ intltool pkg-config autoreconfHook doxygen ];
buildInputs = [ curl gettext libiconv readline ];
depsBuildBuild = [ buildPackages.stdenv.cc ];
propagatedBuildInputs = [ libxml2 mpfr icu ];
enableParallelBuilding = true;

4
pkgs/development/libraries/libzim/default.nix
Unescape View File

@ -11,13 +11,13 @@
stdenv.mkDerivation rec {
pname = "libzim";
version = "7.2.0";
version = "7.2.2";
src = fetchFromGitHub {
owner = "openzim";
repo = pname;
rev = version;
sha256 = "sha256-H4YUAbH4X6oJIZyhI23LemngtOtKNrHHl3KSU1ilAmo=";
sha256 = "sha256-AEhhjinnnMA4NbYL7NVHYeRZX/zfNiidbY/VeFjZuQs=";
};
nativeBuildInputs = [

31
pkgs/development/libraries/sptk/default.nix
Unescape View File

@ -0,0 +1,31 @@
{ lib
, stdenv
, cmake
, fetchFromGitHub
}:
stdenv.mkDerivation rec {
pname = "sptk";
version = "4.0";
src = fetchFromGitHub {
owner = "sp-nitech";
repo = "SPTK";
rev = "v${version}";
hash = "sha256-Be3Pbg+vt/P3FplZN7yBL+HVq/BmzaBcwKOBsbH7r9g=";
};
nativeBuildInputs = [
cmake
];
doCheck = true;
meta = with lib; {
changelog = "https://github.com/sp-nitech/SPTK/releases/tag/v${version}";
description = "Suite of speech signal processing tools";
homepage = "https://github.com/sp-nitech/SPTK";
license = licenses.asl20;
maintainers = with maintainers; [ fab ];
};
}

7
pkgs/development/ocaml-modules/wasm/default.nix
Unescape View File

@ -1,19 +1,18 @@
{ stdenv, lib, fetchFromGitHub, ocaml, findlib, ocamlbuild }:
if lib.versionOlder ocaml.version "4.03"
|| lib.versionOlder "4.13" ocaml.version
if lib.versionOlder ocaml.version "4.08"
then throw "wasm is not available for OCaml ${ocaml.version}"
else
stdenv.mkDerivation rec {
pname = "ocaml${ocaml.version}-wasm";
version = "1.1.1";
version = "2.0.0";
src = fetchFromGitHub {
owner = "WebAssembly";
repo = "spec";
rev = "opam-${version}";
sha256 = "1kp72yv4k176i94np0m09g10cviqp2pnpm7jmiq6ik7fmmbknk7c";
sha256 = "sha256:09s0v79x0ymzcp2114zkm3phxavdfnkkq67qz1ndnknbkziwqf3v";
};
nativeBuildInputs = [ ocaml findlib ocamlbuild ];

4
pkgs/development/python-modules/canonicaljson/default.nix
Unescape View File

@ -9,14 +9,14 @@
buildPythonPackage rec {
pname = "canonicaljson";
version = "1.6.1";
version = "1.6.2";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-qTZk9phVbb1Lq5w/xPs1g0zyU12h6gC2t3WNj+K7uCQ=";
hash = "sha256-rwC+jOnFiYV98Xa7lFlPDUOw4CfwJ6jXz4l4/bgZAko=";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/docopt-ng/default.nix
Unescape View File

@ -5,11 +5,11 @@
buildPythonPackage rec {
pname = "docopt-ng";
version = "0.7.2";
version = "0.8.1";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-hs7qAy8M+lnmB3brDPOKxzZTWBAihyMg9H3IdGeNckQ=";
sha256 = "sha256-6mphooj8hk7uayLW/iiqIC1Z/Ib60F8W/145zE6n9uM=";
};
pythonImportsCheck = [ "docopt" ];

6
pkgs/development/python-modules/fastapi-mail/default.nix
Unescape View File

@ -19,7 +19,7 @@
buildPythonPackage rec {
pname = "fastapi-mail";
version = "1.0.8";
version = "1.0.9";
format = "pyproject";
disabled = pythonOlder "3.7";
@ -27,8 +27,8 @@ buildPythonPackage rec {
src = fetchFromGitHub {
owner = "sabuhish";
repo = pname;
rev = version;
hash = "sha256-PkA7qkdDUd7mrtvb6IbCzFRq6X0M3iKY+FKuNConJ5A=";
rev = "refs/tags/${version}";
hash = "sha256-2Nb+FzmhsKvauT/yOCLHCEld8r+6niu9kV6EmjhC6S0=";
};
postPatch = ''

4
pkgs/development/python-modules/fido2/default.nix
Unescape View File

@ -9,11 +9,11 @@
buildPythonPackage rec {
pname = "fido2";
version = "0.9.3";
version = "1.0.0";
src = fetchPypi {
inherit pname version;
sha256 = "b45e89a6109cfcb7f1bb513776aa2d6408e95c4822f83a253918b944083466ec";
sha256 = "sha256-JQmklYtmbXR/1XVN+pNX2i2BtS7cDs/3W2jOqTkVTAI=";
};
propagatedBuildInputs = [ six cryptography ];

4
pkgs/development/python-modules/google-cloud-appengine-logging/default.nix
Unescape View File

@ -12,14 +12,14 @@
buildPythonPackage rec {
pname = "google-cloud-appengine-logging";
version = "1.1.1";
version = "1.1.2";
format = "setuptools";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
hash = "sha256-NhRQ7X17/Y79DvJT4haArrb23zzwV+XoJT9YUfjLvKc=";
hash = "sha256-undhXBAPB+3akWVu3ht0ZZBwErhmOq18TnXvloeZQjc=";
};
propagatedBuildInputs = [

6
pkgs/development/python-modules/pre-commit-hooks/default.nix
Unescape View File

@ -11,16 +11,16 @@
buildPythonPackage rec {
pname = "pre-commit-hooks";
version = "4.2.0";
version = "4.3.0";
format = "setuptools";
disabled = pythonOlder "3.6";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "pre-commit";
repo = pname;
rev = "refs/tags/v${version}";
sha256 = "sha256-jSu4LutEgpeAbCgSHgk6VXQKLZo00T3TrQVZxsNU1co=";
sha256 = "sha256-qdsSM+7ScSfxhmLAqwi1iraGHrhb5NBee/j+TKr2WUA=";
};
propagatedBuildInputs = [

6
pkgs/development/python-modules/pyshark/default.nix
Unescape View File

@ -11,7 +11,7 @@
buildPythonPackage rec {
pname = "pyshark";
version = "0.4.5";
version = "0.4.6";
format = "setuptools";
disabled = pythonOlder "3.7";
@ -21,8 +21,8 @@ buildPythonPackage rec {
repo = pname;
# 0.4.5 was the last release which was tagged
# https://github.com/KimiNewt/pyshark/issues/541
rev = "8f8f13aba6ae716aa0a48175255063fe542fdc3b";
hash = "sha256-v9CC9hgTABAiJ0qiFZ/9/zMmHzJXKq3neGtTq/ucnT4=";
rev = "refs/tags/v${version}";
hash = "sha256-yEpUFihETKta3+Xb8eSyTZ1uSi7ao4OqWzsCgDLLhe8=";
};
sourceRoot = "${src.name}/src";

4
pkgs/development/python-modules/staticjinja/default.nix
Unescape View File

@ -17,7 +17,7 @@
buildPythonPackage rec {
pname = "staticjinja";
version = "4.1.2";
version = "4.1.3";
format = "pyproject";
disabled = pythonOlder "3.6";
@ -27,7 +27,7 @@ buildPythonPackage rec {
owner = "staticjinja";
repo = pname;
rev = version;
sha256 = "0qqyadhqsn66b7qrpfj08qc899pjwfa2byqqzh73xq1n22i4cy30";
sha256 = "sha256-w6ge5MQXNRHCM43jKnagTlbquJJys7mprgBOS2uuwHQ=";
};
nativeBuildInputs = [

4
pkgs/development/tools/analysis/checkov/default.nix
Unescape View File

@ -32,14 +32,14 @@ with py.pkgs;
buildPythonApplication rec {
pname = "checkov";
version = "2.0.1201";
version = "2.0.1204";
format = "setuptools";
src = fetchFromGitHub {
owner = "bridgecrewio";
repo = pname;
rev = version;
hash = "sha256-ZQCUYnoCaVZkXr5rZ/vkEOlADMQmj6OfZ12KBerXdmQ=";
hash = "sha256-qqTqEn11DM1W48ZYoiCacsSCA4xPLxPil43xiByEy5g=";
};
nativeBuildInputs = with py.pkgs; [

63
pkgs/development/tools/misc/kibana/6.x.nix
Unescape View File

@ -1,63 +0,0 @@
{ elk6Version
, enableUnfree ? true
, lib, stdenv
, makeWrapper
, fetchurl
, nodejs-10_x
, coreutils
, which
}:
with lib;
let
nodejs = nodejs-10_x;
inherit (builtins) elemAt;
info = splitString "-" stdenv.hostPlatform.system;
arch = elemAt info 0;
plat = elemAt info 1;
shas =
if enableUnfree
then {
x86_64-linux = "1a501lavxhckb3l93sbrbqyshicwkk6p89frry4x8p037xcfpy0x";
x86_64-darwin = "0zm45af30shhcg3mdhcma6rms1hyrx62rm5jzwnz9kxv4d30skbw";
}
else {
x86_64-linux = "0wfdipf21apyily7mvlqgyc7m5jpr96zgrryzwa854z3xb2vw8zg";
x86_64-darwin = "1nklfx4yz6hsxlljvnvwjy7pncv9mzngl84710xad5jlyras3sdj";
};
in stdenv.mkDerivation rec {
pname = "kibana${optionalString (!enableUnfree) "-oss"}";
version = elk6Version;
src = fetchurl {
url = "https://artifacts.elastic.co/downloads/kibana/${pname}-${version}-${plat}-${arch}.tar.gz";
sha256 = shas.${stdenv.hostPlatform.system} or (throw "Unknown architecture");
};
patches = [
# Kibana specifies it specifically needs nodejs 10.15.2 but nodejs in nixpkgs is at 10.15.3.
# The <nixpkgs/nixos/tests/elk.nix> test succeeds with this newer version so lets just
# disable the version check.
./disable-nodejs-version-check.patch
];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/libexec/kibana $out/bin
mv * $out/libexec/kibana/
rm -r $out/libexec/kibana/node
makeWrapper $out/libexec/kibana/bin/kibana $out/bin/kibana \
--prefix PATH : "${lib.makeBinPath [ nodejs coreutils which ]}"
sed -i 's@NODE=.*@NODE=${nodejs}/bin/node@' $out/libexec/kibana/bin/kibana
'';
meta = {
description = "Visualize logs and time-stamped data";
homepage = "http://www.elasticsearch.org/overview/kibana";
license = if enableUnfree then licenses.elastic else licenses.asl20;
maintainers = with maintainers; [ offline basvandijk ];
platforms = with platforms; unix;
};
}

35
pkgs/development/tools/misc/pwninit/default.nix
Unescape View File

@ -0,0 +1,35 @@
{ lib
, stdenv
, fetchFromGitHub
, rustPlatform
, openssl
, pkg-config
, xz
, Security
}:
rustPlatform.buildRustPackage rec {
pname = "pwninit";
version = "3.2.0";
src = fetchFromGitHub {
owner = "io12";
repo = "pwninit";
rev = version;
sha256 = "sha256-XKDYJH2SG3TkwL+FN6rXDap8la07icR0GPFiYcnOHeI=";
};
buildInputs = [ openssl xz ] ++ lib.optionals stdenv.isDarwin [ Security ];
nativeBuildInputs = [ pkg-config ];
doCheck = false; # there are no tests to run
cargoSha256 = "sha256-2HCHiU309hbdwohUKVT3TEfGvOfxQWtEGj7FIS8OS7s=";
meta = {
description = "Automate starting binary exploit challenges";
homepage = "https://github.com/io12/pwninit";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.scoder12 ];
platforms = lib.platforms.all;
};
}

14
pkgs/development/web/nodejs/v10.nix
Unescape View File

@ -1,14 +0,0 @@
{ callPackage, openssl, icu, python2, lib, stdenv, enableNpm ? true }:
let
buildNodejs = callPackage ./nodejs.nix {
inherit openssl icu;
python = python2;
};
in
buildNodejs {
inherit enableNpm;
version = "10.24.1";
sha256 = "032801kg24j04xmf09m0vxzlcz86sv21s24lv9l4cfv08k1c4byp";
patches = lib.optional stdenv.isDarwin ./bypass-xcodebuild.diff;
}

23
pkgs/os-specific/linux/firejail/default.nix
Unescape View File

@ -53,6 +53,29 @@ stdenv.mkDerivation rec {
# Upstream fix: https://github.com/netblue30/firejail/pull/5132
# Hopefully fixed upstream in version > 0.9.68
./fix-opengl-support.patch
# Fix CVE-2022-31214 by patching in 4 commits from upstream
# https://seclists.org/oss-sec/2022/q2/188
(fetchpatch {
name = "CVE-2022-31214-patch1"; # "fixing CVE-2022-31214"
url = "https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50.patch";
sha256 = "sha256-XXmnYCn4TPUvU43HifZDk4tEZQvOho9/7ehU6889nN4=";
})
(fetchpatch {
name = "CVE-2022-31214-patch2"; # "shutdown testing"
url = "https://github.com/netblue30/firejail/commit/04ff0edf74395ddcbbcec955279c74ed9a6c0f86.patch";
sha256 = "sha256-PV73hRlvYEQihuljSCQMNO34KJ0hDVFexhirpHcTK1I=";
})
(fetchpatch {
name = "CVE-2022-31214-patch3"; # "CVE-2022-31214: fixing the fix"
url = "https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7.patch";
sha256 = "sha256-6plBIliW/nLKR7TdGeB88eQ65JHEasnaRsP3HPXAFyA=";
})
(fetchpatch {
name = "CVE-2022-31214-patch4"; # "CVE-2022-31214: fixing the fix, one more time "
url = "https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54.patch";
sha256 = "sha256-inkpcdC5rl5w+CTAwwQVBOELlHTXb8UGlpU+8kMY95s=";
})
];
prePatch = ''

22
pkgs/os-specific/linux/nftables/default.nix
Unescape View File

@ -1,25 +1,25 @@
{ lib, stdenv, fetchurl, pkg-config, bison, file, flex
{ lib, stdenv, fetchurl, pkg-config, bison, flex
, asciidoc, libxslt, findXMLCatalogs, docbook_xml_dtd_45, docbook_xsl
, libmnl, libnftnl, libpcap
, gmp, jansson, libedit
, autoreconfHook, fetchpatch
, autoreconfHook
, withDebugSymbols ? false
, withPython ? false , python3
, withXtables ? true , iptables
}:
stdenv.mkDerivation rec {
version = "1.0.2";
version = "1.0.4";
pname = "nftables";
src = fetchurl {
url = "https://netfilter.org/projects/nftables/files/${pname}-${version}.tar.bz2";
sha256 = "00jcjn1pl7qyqpg8pd4yhlkys7wbj4vkzgg73n27nmplzips6a0b";
hash = "sha256-kn+x/qH2haMowQz3ketlXX4e1J0xDupcsxAd/Y1sujU=";
};
nativeBuildInputs = [
autoreconfHook
pkg-config bison file flex
pkg-config bison flex
asciidoc docbook_xml_dtd_45 docbook_xsl findXMLCatalogs libxslt
];
@ -29,18 +29,6 @@ stdenv.mkDerivation rec {
] ++ lib.optional withXtables iptables
++ lib.optional withPython python3;
preConfigure = ''
substituteInPlace ./configure --replace /usr/bin/file ${file}/bin/file
'';
patches = [
# fix build after 1.0.2 release, drop when updating to a newer release
(fetchpatch {
url = "https://git.netfilter.org/nftables/patch/?id=18a08fb7f0443f8bde83393bd6f69e23a04246b3";
sha256 = "03dzhd7fhg0d20ly4rffk4ra7wlxp731892dhp8zw67jwhys9ywz";
})
];
configureFlags = [
"--with-json"
"--with-cli=editline"

6
pkgs/servers/dendrite/default.nix
Unescape View File

@ -3,16 +3,16 @@
buildGoModule rec {
pname = "matrix-dendrite";
version = "0.8.5";
version = "0.8.7";
src = fetchFromGitHub {
owner = "matrix-org";
repo = "dendrite";
rev = "v${version}";
sha256 = "sha256-MPWvBUI6Mqt3f5UY6lpTBwPpihW+QSNq1M3FnIff+mM=";
sha256 = "sha256-grMMD85hiJ6Ka8KU0fIAcpflFyZrPEZSZxFsGls5NEI=";
};
vendorSha256 = "sha256-OXy2xuwTLPNvBnVB6wj/YRW/XMiekjTubRRPVX9bxdQ=";
vendorSha256 = "sha256-yTlg1K0Pf1AmF227ca73gLDx12ea5yMamnOUksKGN4U=";
checkInputs = [
postgresqlTestHook

4
pkgs/tools/filesystems/xfsprogs/default.nix
Unescape View File

@ -4,11 +4,11 @@
stdenv.mkDerivation rec {
pname = "xfsprogs";
version = "5.16.0";
version = "5.18.0";
src = fetchurl {
url = "mirror://kernel/linux/utils/fs/xfs/xfsprogs/${pname}-${version}.tar.xz";
hash = "sha256-eLjImZmb1pBEHLU9fAKrZxKUlAMZxpT/fILiPo5Gu58=";
hash = "sha256-Ho2IAb3sjNTK02DOO70Sw1qX8ryPfIyVgNGQOw6Mw1s=";
};
outputs = [ "bin" "dev" "out" "doc" ];

12
pkgs/tools/package-management/nix/default.nix
Unescape View File

@ -86,16 +86,8 @@ in lib.makeExtensible (self: {
};
nix_2_9 = common {
version = "2.9.0";
sha256 = "sha256-W6aTsTpCTb+vXQEXDjnKqetOuJmEfSuK2CXvAMqwo74=";
patches = [
# can be removed when updated to 2.9.1
(fetchpatch {
name = "fix-segfault-in-git-fetcher";
url = "https://github.com/NixOS/nix/commit/bc4759345538c89e1f045aaabcc0cafe4ecca12a.patch";
sha256 = "sha256-UrfH4M7a02yfE9X3tA1Pwhw4RacBW+rShYkl7ybG64I=";
})
];
version = "2.9.1";
sha256 = "sha256-qNL3lQPBsnStkru3j1ajN/H+knXI+X3dku8/dBfSw3g=";
};
stable = self.nix_2_9;

24
pkgs/tools/package-management/nixpkgs-review/default.nix
Unescape View File

@ -1,24 +1,36 @@
{ lib
, python3
, fetchFromGitHub
, nix
, bubblewrap
, cacert
, git
, nix
, withSandboxSupport ? false
}:
python3.pkgs.buildPythonApplication rec {
pname = "nixpkgs-review";
version = "2.6.4";
version = "2.7.0";
src = fetchFromGitHub {
owner = "Mic92";
repo = "nixpkgs-review";
rev = version;
sha256 = "sha256-6vKMaCTilPXd8K3AuLqtYInVyyFhdun0o9cX1WRMmWo=";
sha256 = "sha256-hGOcLrVPb+bSNA72ZfKE9Mjm2dr/qnuaCkjveHXPcws=";
};
makeWrapperArgs = [
"--prefix" "PATH" ":" "${lib.makeBinPath [ nix git ]}"
];
makeWrapperArgs =
let
binPath = [ nix git ] ++ lib.optional withSandboxSupport bubblewrap;
in
[
"--prefix PATH : ${lib.makeBinPath binPath}"
"--set NIX_SSL_CERT_FILE ${cacert}/etc/ssl/certs/ca-bundle.crt"
# we don't have any runtime deps but nix-review shells might inject unwanted dependencies
"--unset PYTHONPATH"
];
doCheck = false;

6
pkgs/tools/security/nuclei/default.nix
Unescape View File

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "nuclei";
version = "2.7.1";
version = "2.7.2";
src = fetchFromGitHub {
owner = "projectdiscovery";
repo = pname;
rev = "v${version}";
sha256 = "sha256-ra8BxM+zpe5UKlJ28wc8yE5ta4ro4o2OHfmu9fBqFTA=";
sha256 = "sha256-knpsoDVDGxG85YiD7pc+XDV7BgCSpNRFRuN+qM3Gv/U=";
};
vendorSha256 = "sha256-4E9nHBaojkOwnSPxRn2JGFcQTF4WowTOtzE5zRjkqhk=";
vendorSha256 = "sha256-e17QpSXttso1crvBj0vrfuJliIDcXoXJzWt87ulSZXQ=";
modRoot = "./v2";
subPackages = [

1
pkgs/top-level/aliases.nix
Unescape View File

@ -936,6 +936,7 @@ mapAliases ({
nmap-unfree = nmap; # Added 2021-04-06
nmap-graphical = throw "nmap graphical support has been removed due to its python2 dependency"; # Added 2022-04-26
nmap_graphical = throw "nmap graphical support has been removed due to its python2 dependency"; # Modified 2022-04-26
nodejs-10_x = throw "nodejs-10_X has been removed. Use a newer version instead."; # Added 2022-05-31
nologin = throw "'nologin' has been renamed to/replaced by 'shadow'"; # Converted to throw 2022-02-22
nomad_1_1 = throw "nomad_1_1 has been removed because it's outdated. Use a a newer version instead"; # Added 2022-05-22
nordic-polar = throw "nordic-polar was removed on 2021-05-27, now integrated in nordic"; # Added 2021-05-27

23
pkgs/top-level/all-packages.nix
Unescape View File

@ -7472,13 +7472,8 @@ with pkgs;
kfctl = callPackage ../applications/networking/cluster/kfctl { };
kibana6 = callPackage ../development/tools/misc/kibana/6.x.nix { };
kibana6-oss = callPackage ../development/tools/misc/kibana/6.x.nix {
enableUnfree = false;
};
kibana7 = callPackage ../development/tools/misc/kibana/7.x.nix { };
kibana = kibana6;
kibana-oss = kibana6-oss;
kibana = kibana7;
kibi = callPackage ../applications/editors/kibi { };
@ -7858,14 +7853,6 @@ with pkgs;
nodejs-slim = nodejs-slim-16_x;
nodejs-10_x = callPackage ../development/web/nodejs/v10.nix {
icu = icu67;
};
nodejs-slim-10_x = callPackage ../development/web/nodejs/v10.nix {
enableNpm = false;
icu = icu67;
};
nodejs-12_x = callPackage ../development/web/nodejs/v12.nix { };
nodejs-slim-12_x = callPackage ../development/web/nodejs/v12.nix {
enableNpm = false;
@ -9615,6 +9602,10 @@ with pkgs;
pwndbg = callPackage ../development/tools/misc/pwndbg { };
pwninit = callPackage ../development/tools/misc/pwninit {
inherit (darwin.apple_sdk.frameworks) Security;
};
pycflow2dot = with python3.pkgs; toPythonApplication pycflow2dot;
pydf = callPackage ../applications/misc/pydf { };
@ -29582,10 +29573,14 @@ with pkgs;
sptlrx = callPackage ../applications/audio/sptlrx { };
sptk = callPackage ../development/libraries/sptk { };
squishyball = callPackage ../applications/audio/squishyball {
ncurses = ncurses5;
};
stw = callPackage ../applications/misc/stw { };
styx = callPackage ../applications/misc/styx { };
sway-launcher-desktop = callPackage ../applications/misc/sway-launcher-desktop { };

Write Preview
Loading…
Cancel
Save