Merge remote-tracking branch 'origin/master' into staging-next

Conflicts:
 pkgs/development/tools/kubie/default.nix
This commit is contained in:
Jonathan Ringer 2021-05-21 10:39:34 -07:00
commit 5cd5b9b97f
No known key found for this signature in database
GPG Key ID: 5C841D3CFDFEC4E0
31 changed files with 1960 additions and 1695 deletions

View File

@ -299,9 +299,8 @@ in
# Ensure essential files exist.
if [[ ! -f ${cfg.dataDir}/configs/znc.conf ]]; then
echo "No znc.conf file found in ${cfg.dataDir}. Creating one now."
cp --no-clobber ${cfg.configFile} ${cfg.dataDir}/configs/znc.conf
cp --no-preserve=ownership --no-clobber ${cfg.configFile} ${cfg.dataDir}/configs/znc.conf
chmod u+rw ${cfg.dataDir}/configs/znc.conf
chown ${cfg.user} ${cfg.dataDir}/configs/znc.conf
fi
if [[ ! -f ${cfg.dataDir}/znc.pem ]]; then

View File

@ -54,6 +54,7 @@ in
frontendUrl = lib.mkOption {
type = lib.types.str;
apply = x: if lib.hasSuffix "/" x then x else x + "/";
example = "keycloak.example.com/auth";
description = ''
The public URL used as base for all frontend requests. Should
@ -84,20 +85,34 @@ in
'';
};
certificatePrivateKeyBundle = lib.mkOption {
sslCertificate = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
example = "/run/keys/ssl_cert";
description = ''
The path to a PEM formatted bundle of the private key and
certificate to use for TLS connections.
The path to a PEM formatted certificate to use for TLS/SSL
connections.
This should be a string, not a Nix path, since Nix paths are
copied into the world-readable Nix store.
'';
};
databaseType = lib.mkOption {
sslCertificateKey = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
example = "/run/keys/ssl_key";
description = ''
The path to a PEM formatted private key to use for TLS/SSL
connections.
This should be a string, not a Nix path, since Nix paths are
copied into the world-readable Nix store.
'';
};
database = {
type = lib.mkOption {
type = lib.types.enum [ "mysql" "postgresql" ];
default = "postgresql";
example = "mysql";
@ -106,7 +121,7 @@ in
'';
};
databaseHost = lib.mkOption {
host = lib.mkOption {
type = lib.types.str;
default = "localhost";
description = ''
@ -114,7 +129,7 @@ in
'';
};
databasePort =
port =
let
dbPorts = {
postgresql = 5432;
@ -123,22 +138,22 @@ in
in
lib.mkOption {
type = lib.types.port;
default = dbPorts.${cfg.databaseType};
default = dbPorts.${cfg.database.type};
description = ''
Port of the database to connect to.
'';
};
databaseUseSSL = lib.mkOption {
useSSL = lib.mkOption {
type = lib.types.bool;
default = cfg.databaseHost != "localhost";
default = cfg.database.host != "localhost";
description = ''
Whether the database connection should be secured by SSL /
TLS.
'';
};
databaseCaCert = lib.mkOption {
caCert = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
@ -153,18 +168,18 @@ in
'';
};
databaseCreateLocally = lib.mkOption {
createLocally = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Whether a database should be automatically created on the
local host. Set this to false if you plan on provisioning a
local database yourself. This has no effect if
services.keycloak.databaseHost is customized.
services.keycloak.database.host is customized.
'';
};
databaseUsername = lib.mkOption {
username = lib.mkOption {
type = lib.types.str;
default = "keycloak";
description = ''
@ -173,14 +188,14 @@ in
automatically provisioned.
To use this with a local database, set <xref
linkend="opt-services.keycloak.databaseCreateLocally" /> to
linkend="opt-services.keycloak.database.createLocally" /> to
<literal>false</literal> and create the database and user
manually. The database should be called
<literal>keycloak</literal>.
'';
};
databasePasswordFile = lib.mkOption {
passwordFile = lib.mkOption {
type = lib.types.path;
example = "/run/keys/db_password";
description = ''
@ -190,6 +205,7 @@ in
copied into the world-readable Nix store.
'';
};
};
package = lib.mkOption {
type = lib.types.package;
@ -261,12 +277,12 @@ in
config =
let
# We only want to create a database if we're actually going to connect to it.
databaseActuallyCreateLocally = cfg.databaseCreateLocally && cfg.databaseHost == "localhost";
createLocalPostgreSQL = databaseActuallyCreateLocally && cfg.databaseType == "postgresql";
createLocalMySQL = databaseActuallyCreateLocally && cfg.databaseType == "mysql";
databaseActuallyCreateLocally = cfg.database.createLocally && cfg.database.host == "localhost";
createLocalPostgreSQL = databaseActuallyCreateLocally && cfg.database.type == "postgresql";
createLocalMySQL = databaseActuallyCreateLocally && cfg.database.type == "mysql";
mySqlCaKeystore = pkgs.runCommandNoCC "mysql-ca-keystore" {} ''
${pkgs.jre}/bin/keytool -importcert -trustcacerts -alias MySQLCACert -file ${cfg.databaseCaCert} -keystore $out -storepass notsosecretpassword -noprompt
${pkgs.jre}/bin/keytool -importcert -trustcacerts -alias MySQLCACert -file ${cfg.database.caCert} -keystore $out -storepass notsosecretpassword -noprompt
'';
keycloakConfig' = builtins.foldl' lib.recursiveUpdate {
@ -282,11 +298,11 @@ in
};
"subsystem=datasources"."data-source=KeycloakDS" = {
max-pool-size = "20";
user-name = if databaseActuallyCreateLocally then "keycloak" else cfg.databaseUsername;
user-name = if databaseActuallyCreateLocally then "keycloak" else cfg.database.username;
password = "@db-password@";
};
} [
(lib.optionalAttrs (cfg.databaseType == "postgresql") {
(lib.optionalAttrs (cfg.database.type == "postgresql") {
"subsystem=datasources" = {
"jdbc-driver=postgresql" = {
driver-module-name = "org.postgresql";
@ -294,16 +310,16 @@ in
driver-xa-datasource-class-name = "org.postgresql.xa.PGXADataSource";
};
"data-source=KeycloakDS" = {
connection-url = "jdbc:postgresql://${cfg.databaseHost}:${builtins.toString cfg.databasePort}/keycloak";
connection-url = "jdbc:postgresql://${cfg.database.host}:${builtins.toString cfg.database.port}/keycloak";
driver-name = "postgresql";
"connection-properties=ssl".value = lib.boolToString cfg.databaseUseSSL;
} // (lib.optionalAttrs (cfg.databaseCaCert != null) {
"connection-properties=sslrootcert".value = cfg.databaseCaCert;
"connection-properties=ssl".value = lib.boolToString cfg.database.useSSL;
} // (lib.optionalAttrs (cfg.database.caCert != null) {
"connection-properties=sslrootcert".value = cfg.database.caCert;
"connection-properties=sslmode".value = "verify-ca";
});
};
})
(lib.optionalAttrs (cfg.databaseType == "mysql") {
(lib.optionalAttrs (cfg.database.type == "mysql") {
"subsystem=datasources" = {
"jdbc-driver=mysql" = {
driver-module-name = "com.mysql";
@ -311,22 +327,22 @@ in
driver-class-name = "com.mysql.jdbc.Driver";
};
"data-source=KeycloakDS" = {
connection-url = "jdbc:mysql://${cfg.databaseHost}:${builtins.toString cfg.databasePort}/keycloak";
connection-url = "jdbc:mysql://${cfg.database.host}:${builtins.toString cfg.database.port}/keycloak";
driver-name = "mysql";
"connection-properties=useSSL".value = lib.boolToString cfg.databaseUseSSL;
"connection-properties=requireSSL".value = lib.boolToString cfg.databaseUseSSL;
"connection-properties=verifyServerCertificate".value = lib.boolToString cfg.databaseUseSSL;
"connection-properties=useSSL".value = lib.boolToString cfg.database.useSSL;
"connection-properties=requireSSL".value = lib.boolToString cfg.database.useSSL;
"connection-properties=verifyServerCertificate".value = lib.boolToString cfg.database.useSSL;
"connection-properties=characterEncoding".value = "UTF-8";
valid-connection-checker-class-name = "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker";
validate-on-match = true;
exception-sorter-class-name = "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter";
} // (lib.optionalAttrs (cfg.databaseCaCert != null) {
} // (lib.optionalAttrs (cfg.database.caCert != null) {
"connection-properties=trustCertificateKeyStoreUrl".value = "file:${mySqlCaKeystore}";
"connection-properties=trustCertificateKeyStorePassword".value = "notsosecretpassword";
});
};
})
(lib.optionalAttrs (cfg.certificatePrivateKeyBundle != null) {
(lib.optionalAttrs (cfg.sslCertificate != null && cfg.sslCertificateKey != null) {
"socket-binding-group=standard-sockets"."socket-binding=https".port = cfg.httpsPort;
"core-service=management"."security-realm=UndertowRealm"."server-identity=ssl" = {
keystore-path = "/run/keycloak/ssl/certificate_private_key_bundle.p12";
@ -537,7 +553,9 @@ in
jbossCliScript = pkgs.writeText "jboss-cli-script" (mkJbossScript keycloakConfig');
keycloakConfig = pkgs.runCommandNoCC "keycloak-config" {} ''
keycloakConfig = pkgs.runCommandNoCC "keycloak-config" {
nativeBuildInputs = [ cfg.package ];
} ''
export JBOSS_BASE_DIR="$(pwd -P)";
export JBOSS_MODULEPATH="${cfg.package}/modules";
export JBOSS_LOG_DIR="$JBOSS_BASE_DIR/log";
@ -547,11 +565,11 @@ in
mkdir -p {deployments,ssl}
"${cfg.package}/bin/standalone.sh"&
standalone.sh&
attempt=1
max_attempts=30
while ! ${cfg.package}/bin/jboss-cli.sh --connect ':read-attribute(name=server-state)'; do
while ! jboss-cli.sh --connect ':read-attribute(name=server-state)'; do
if [[ "$attempt" == "$max_attempts" ]]; then
echo "ERROR: Could not connect to Keycloak after $attempt attempts! Failing.." >&2
exit 1
@ -561,7 +579,7 @@ in
(( attempt++ ))
done
${cfg.package}/bin/jboss-cli.sh --connect --file=${jbossCliScript} --echo-command
jboss-cli.sh --connect --file=${jbossCliScript} --echo-command
cp configuration/standalone.xml $out
'';
@ -570,8 +588,8 @@ in
assertions = [
{
assertion = (cfg.databaseUseSSL && cfg.databaseType == "postgresql") -> (cfg.databaseCaCert != null);
message = "A CA certificate must be specified (in 'services.keycloak.databaseCaCert') when PostgreSQL is used with SSL";
assertion = (cfg.database.useSSL && cfg.database.type == "postgresql") -> (cfg.database.caCert != null);
message = "A CA certificate must be specified (in 'services.keycloak.database.caCert') when PostgreSQL is used with SSL";
}
];
@ -581,6 +599,7 @@ in
after = [ "postgresql.service" ];
before = [ "keycloak.service" ];
bindsTo = [ "postgresql.service" ];
path = [ config.services.postgresql.package ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
@ -588,13 +607,15 @@ in
Group = "postgres";
};
script = ''
set -eu
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
PSQL=${config.services.postgresql.package}/bin/psql
create_role="$(mktemp)"
trap 'rm -f "$create_role"' ERR EXIT
db_password="$(<'${cfg.databasePasswordFile}')"
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || $PSQL -tAc "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB"
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"'
echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$(<'${cfg.database.passwordFile}')' CREATEDB" > "$create_role"
psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || psql -tA --file="$create_role"
psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || psql -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"'
'';
};
@ -602,6 +623,7 @@ in
after = [ "mysql.service" ];
before = [ "keycloak.service" ];
bindsTo = [ "mysql.service" ];
path = [ config.services.mysql.package ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
@ -609,13 +631,14 @@ in
Group = config.services.mysql.group;
};
script = ''
set -eu
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
db_password="$(<'${cfg.databasePasswordFile}')"
db_password="$(<'${cfg.database.passwordFile}')"
( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
echo "CREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';"
) | ${config.services.mysql.package}/bin/mysql -N
) | mysql -N
'';
};
@ -634,6 +657,8 @@ in
bindsTo = databaseServices;
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
cfg.package
openssl
replace-secret
];
environment = {
@ -644,14 +669,21 @@ in
serviceConfig = {
ExecStartPre = let
startPreFullPrivileges = ''
set -eu
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
install -T -m 0400 -o keycloak -g keycloak '${cfg.databasePasswordFile}' /run/keycloak/secrets/db_password
'' + lib.optionalString (cfg.certificatePrivateKeyBundle != null) ''
install -T -m 0400 -o keycloak -g keycloak '${cfg.certificatePrivateKeyBundle}' /run/keycloak/secrets/ssl_cert_pk_bundle
umask u=rwx,g=,o=
install -T -m 0400 -o keycloak -g keycloak '${cfg.database.passwordFile}' /run/keycloak/secrets/db_password
'' + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificate}' /run/keycloak/secrets/ssl_cert
install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificateKey}' /run/keycloak/secrets/ssl_key
'';
startPre = ''
set -eu
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
umask u=rwx,g=,o=
install -m 0600 ${cfg.package}/standalone/configuration/*.properties /run/keycloak/configuration
install -T -m 0600 ${keycloakConfig} /run/keycloak/configuration/standalone.xml
@ -659,11 +691,14 @@ in
replace-secret '@db-password@' '/run/keycloak/secrets/db_password' /run/keycloak/configuration/standalone.xml
export JAVA_OPTS=-Djboss.server.config.user.dir=/run/keycloak/configuration
${cfg.package}/bin/add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}'
'' + lib.optionalString (cfg.certificatePrivateKeyBundle != null) ''
add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}'
'' + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
pushd /run/keycloak/ssl/
cat /run/keycloak/secrets/ssl_cert_pk_bundle <(echo) /etc/ssl/certs/ca-certificates.crt > allcerts.pem
${pkgs.openssl}/bin/openssl pkcs12 -export -in /run/keycloak/secrets/ssl_cert_pk_bundle -chain \
cat /run/keycloak/secrets/ssl_cert <(echo) \
/run/keycloak/secrets/ssl_key <(echo) \
/etc/ssl/certs/ca-certificates.crt \
> allcerts.pem
openssl pkcs12 -export -in /run/keycloak/secrets/ssl_cert -inkey /run/keycloak/secrets/ssl_key -chain \
-name "${cfg.frontendUrl}" -out certificate_private_key_bundle.p12 \
-CAfile allcerts.pem -passout pass:notsosecretpassword
popd
@ -697,4 +732,5 @@ in
};
meta.doc = ./keycloak.xml;
meta.maintainers = [ lib.maintainers.talyz ];
}

View File

@ -41,31 +41,31 @@
<productname>PostgreSQL</productname> or
<productname>MySQL</productname>. Which one is used can be
configured in <xref
linkend="opt-services.keycloak.databaseType" />. The selected
linkend="opt-services.keycloak.database.type" />. The selected
database will automatically be enabled and a database and role
created unless <xref
linkend="opt-services.keycloak.databaseHost" /> is changed from
linkend="opt-services.keycloak.database.host" /> is changed from
its default of <literal>localhost</literal> or <xref
linkend="opt-services.keycloak.databaseCreateLocally" /> is set
linkend="opt-services.keycloak.database.createLocally" /> is set
to <literal>false</literal>.
</para>
<para>
External database access can also be configured by setting
<xref linkend="opt-services.keycloak.databaseHost" />, <xref
linkend="opt-services.keycloak.databaseUsername" />, <xref
linkend="opt-services.keycloak.databaseUseSSL" /> and <xref
linkend="opt-services.keycloak.databaseCaCert" /> as
<xref linkend="opt-services.keycloak.database.host" />, <xref
linkend="opt-services.keycloak.database.username" />, <xref
linkend="opt-services.keycloak.database.useSSL" /> and <xref
linkend="opt-services.keycloak.database.caCert" /> as
appropriate. Note that you need to manually create a database
called <literal>keycloak</literal> and allow the configured
database user full access to it.
</para>
<para>
<xref linkend="opt-services.keycloak.databasePasswordFile" />
<xref linkend="opt-services.keycloak.database.passwordFile" />
must be set to the path to a file containing the password used
to log in to the database. If <xref linkend="opt-services.keycloak.databaseHost" />
and <xref linkend="opt-services.keycloak.databaseCreateLocally" />
to log in to the database. If <xref linkend="opt-services.keycloak.database.host" />
and <xref linkend="opt-services.keycloak.database.createLocally" />
are kept at their defaults, the database role
<literal>keycloak</literal> with that password is provisioned
on the local database instance.
@ -115,17 +115,17 @@
</para>
<para>
For HTTPS support, a TLS certificate and private key is
required. They should be <link
HTTPS support requires a TLS/SSL certificate and a private key,
both <link
xlink:href="https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail">PEM
formatted</link> and concatenated into a single file. The path
to this file should be configured in
<xref linkend="opt-services.keycloak.certificatePrivateKeyBundle" />.
formatted</link>. Their paths should be set through <xref
linkend="opt-services.keycloak.sslCertificate" /> and <xref
linkend="opt-services.keycloak.sslCertificateKey" />.
</para>
<warning>
<para>
The path should be provided as a string, not a Nix path,
The paths should be provided as a strings, not a Nix paths,
since Nix paths are copied into the world readable Nix store.
</para>
</warning>
@ -195,8 +195,9 @@ services.keycloak = {
<link linkend="opt-services.keycloak.initialAdminPassword">initialAdminPassword</link> = "e6Wcm0RrtegMEHl"; # change on first login
<link linkend="opt-services.keycloak.frontendUrl">frontendUrl</link> = "https://keycloak.example.com/auth";
<link linkend="opt-services.keycloak.forceBackendUrlToFrontendUrl">forceBackendUrlToFrontendUrl</link> = true;
<link linkend="opt-services.keycloak.certificatePrivateKeyBundle">certificatePrivateKeyBundle</link> = "/run/keys/ssl_cert";
<link linkend="opt-services.keycloak.databasePasswordFile">databasePasswordFile</link> = "/run/keys/db_password";
<link linkend="opt-services.keycloak.sslCertificate">sslCertificate</link> = "/run/keys/ssl_cert";
<link linkend="opt-services.keycloak.sslCertificateKey">sslCertificateKey</link> = "/run/keys/ssl_key";
<link linkend="opt-services.keycloak.database.passwordFile">database.passwordFile</link> = "/run/keys/db_password";
};
</programlisting>
</para>

View File

@ -448,10 +448,10 @@ in {
join pg_namespace s on s.oid = c.relnamespace \
where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \
and s.nspname not like 'pg_temp%';" | sed -n 3p` -eq 0 ]; then
SAFETY_ASSURED=1 rake db:schema:load
rake db:seed
SAFETY_ASSURED=1 rails db:schema:load
rails db:seed
else
rake db:migrate
rails db:migrate
fi
'';
path = [ cfg.package pkgs.postgresql ];

View File

@ -3,7 +3,8 @@
# client using their Keycloak login.
let
frontendUrl = "http://keycloak/auth";
certs = import ./common/acme/server/snakeoil-certs.nix;
frontendUrl = "https://${certs.domain}/auth";
initialAdminPassword = "h4IhoJFnt2iQIR9";
keycloakTest = import ./make-test-python.nix (
@ -17,12 +18,27 @@ let
nodes = {
keycloak = { ... }: {
virtualisation.memorySize = 1024;
security.pki.certificateFiles = [
certs.ca.cert
];
networking.extraHosts = ''
127.0.0.1 ${certs.domain}
'';
services.keycloak = {
enable = true;
inherit frontendUrl databaseType initialAdminPassword;
databaseUsername = "bogus";
databasePasswordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH";
inherit frontendUrl initialAdminPassword;
sslCertificate = certs.${certs.domain}.cert;
sslCertificateKey = certs.${certs.domain}.key;
database = {
type = databaseType;
username = "bogus";
passwordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH";
};
};
environment.systemPackages = with pkgs; [
xmlstarlet
libtidy

View File

@ -1,8 +1,49 @@
{ lib, mkDerivation, fetchFromGitHub, fetchpatch, boost, cmake, chromaprint, gettext, gst_all_1, liblastfm
, qtbase, qtx11extras, qttools
, taglib, fftw, glew, qjson, sqlite, libgpod, libplist, usbmuxd, libmtp
, libpulseaudio, gvfs, libcdio, libechonest, libspotify, pcre, projectm, protobuf
, qca2, pkg-config, sparsehash, config, makeWrapper, gst_plugins }:
{ lib
, mkDerivation
, fetchFromGitHub
, fetchpatch
, boost
, cmake
, chromaprint
, gettext
, gst_all_1
, liblastfm
, qtbase
, qtx11extras
, qttools
, taglib
, fftw
, glew
, qjson
, sqlite
, libgpod
, libplist
, usbmuxd
, libmtp
, libpulseaudio
, gvfs
, libcdio
, libechonest
, libspotify
, pcre
, projectm
, protobuf
, qca2
, pkg-config
, sparsehash
, config
, makeWrapper
, gst_plugins
, util-linux
, libunwind
, libselinux
, elfutils
, libsepol
, orc
, alsaLib
}:
let
withIpod = config.clementine.ipod or false;
@ -22,9 +63,26 @@ let
patches = [
./clementine-spotify-blob.patch
(fetchpatch {
# "short-term" fix for execution on wayland (1.4.0rc1-131-g2179027a6)
# for https://github.com/clementine-player/Clementine/issues/6587
url = "https://github.com/clementine-player/Clementine/commit/2179027a6d97530c857e43be873baacd696ff332.patch";
sha256 = "0344bfcyvjim5ph8w4km6zkg96rj5g9ybp9x14qgyw2gkdksimn6";
})
];
nativeBuildInputs = [ cmake pkg-config makeWrapper ];
nativeBuildInputs = [
cmake
pkg-config
makeWrapper
util-linux
libunwind
libselinux
elfutils
libsepol
orc
];
buildInputs = [
boost
@ -48,6 +106,8 @@ let
qttools
sqlite
taglib
alsaLib
]
++ lib.optionals (withIpod) [ libgpod libplist usbmuxd ]
++ lib.optionals (withMTP) [ libmtp ]
@ -132,4 +192,5 @@ let
};
};
in free
in
free

View File

@ -19,20 +19,20 @@
stdenv.mkDerivation rec {
pname = "pika-backup";
version = "0.3.0";
version = "0.3.1";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "World";
repo = "pika-backup";
rev = "v${version}";
sha256 = "sha256-k9kl6cSohWx+MB/9jyVcTgpv02gsVwAk5KDSNqQrmzI=";
sha256 = "0cr3axfp15nzwmsqyz6j781qhr2gsn9p69m0jfzy89pl83d6vcz0";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
sha256 = "0r6nbffik5j82bi82cmc00b17xv9m7xn3w3sarzwfxz0h43lal8a";
sha256 = "1z0cbrkhxyzwf7vjjsvdppb7zhflpkw4m5cy90a2315nbll3hpbp";
};
patches = [

View File

@ -6,6 +6,6 @@
callPackage ./generic.nix {
inherit buildGoPackage nvidia_x11 nvidiaGpuSupport;
version = "1.0.5";
sha256 = "06l56fi4fhplvl8v0i88q18yh1hwwd12fngnrflb91janbyk6p4l";
version = "1.0.6";
sha256 = "1nzaw4014bndxv042dkxdj492b21r5v5f06vav2kr1azk4m9sf07";
}

View File

@ -0,0 +1,11 @@
{ callPackage
, buildGoPackage
, nvidia_x11
, nvidiaGpuSupport
}:
callPackage ./generic.nix {
inherit buildGoPackage nvidia_x11 nvidiaGpuSupport;
version = "1.1.0";
sha256 = "0sz6blyxyxi5iq170s9v4nndb1hpz603z5ps2cxkdkaafal39767";
}

View File

@ -20,13 +20,13 @@
mkDerivation rec {
pname = "nextcloud-client";
version = "3.2.0";
version = "3.2.1";
src = fetchFromGitHub {
owner = "nextcloud";
repo = "desktop";
rev = "v${version}";
sha256 = "1nklsa2lx9ayjp8rk1mycjysqqmnq47djig0wygzna5mycl3ji06";
sha256 = "sha256-I31w79GDZxSGlT6YPKSpq0aiyGnJiJBVdTyWI+DUoz4=";
};
patches = [

View File

@ -19,11 +19,11 @@
buildPythonPackage rec {
pname = "internetarchive";
version = "2.0.2";
version = "2.0.3";
src = fetchPypi {
inherit pname version;
sha256 = "515e6646a2b917c15f2241670d21f14a014b9c67dc509aef4d4aca5a59cdda65";
sha256 = "2ce0ab89fea37e5b2311bc7d163955e84f73f6beeac3942e17e9d51ad7cc9ffa";
};
propagatedBuildInputs = [

View File

@ -1,16 +1,16 @@
{ lib, buildGoPackage, fetchFromGitLab, fetchurl }:
let
version = "13.11.0";
version = "13.12.0";
# Gitlab runner embeds some docker images these are prebuilt for arm and x86_64
docker_x86_64 = fetchurl {
url = "https://gitlab-runner-downloads.s3.amazonaws.com/v${version}/helper-images/prebuilt-x86_64.tar.xz";
sha256 = "1vmj7vxz1a4js9kqz7mm6xgnkmb37c1jbx2lwsq2qkrybkxfcw8k";
sha256 = "0m0r295520jy45wn8jw3jzhiixl4c6yrfx7gvgbd4c1v4y8ivrci";
};
docker_arm = fetchurl {
url = "https://gitlab-runner-downloads.s3.amazonaws.com/v${version}/helper-images/prebuilt-arm.tar.xz";
sha256 = "1c1pywz7ylaysplvq1m15v7rf1sgdkh9scbqklzcm55fjk128lif";
sha256 = "0syfggplp19bbmhhpyc17h0f1dii9hc6n04q483l0xdk7sv39fwx";
};
in
buildGoPackage rec {
@ -30,7 +30,7 @@ buildGoPackage rec {
owner = "gitlab-org";
repo = "gitlab-runner";
rev = "v${version}";
sha256 = "07jqsxac50xwmhlv0nbnn098290nkpsmrxw872yh67n1s9gqfd27";
sha256 = "0jh5ghjyzr7srl3xjsklv9yskq8k88kmylpiigjir0mkbn43fgzq";
};
patches = [ ./fix-shell-path.patch ];

View File

@ -4,16 +4,16 @@ with lib;
buildGoModule rec {
pname = "kind";
version = "0.10.0";
version = "0.11.0";
src = fetchFromGitHub {
rev = "v${version}";
owner = "kubernetes-sigs";
repo = "kind";
sha256 = "1pp2x4bfqsd15siahyv9xkdyswsipmp9n86iwavrd0xhliqxlsa7";
sha256 = "020s1fr92lv9yiy5kbnrfb8n0lpslriwyh5z31aym3x44qpc6jaj";
};
vendorSha256 = "0c0j4s8kfzk2b3hy0d2g5bp1zr60l6vnwnpynsg6ksv8spwnpl5m";
vendorSha256 = "08cjvhk587f3aar4drn0hq9q1zlsnl4p7by4j38jzb4r8ix5s98y";
doCheck = false;

View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "kubie";
version = "0.13.4";
version = "0.14.1";
src = fetchFromGitHub {
rev = "v${version}";
owner = "sbstp";
repo = "kubie";
sha256 = "sha256-ZD63Xtnw7qzTrzFxzzZ37N177/PnRaMEzBbhz7h/zCY=";
sha256 = "0mhm2j3i2ql7dz5vx0mwab8h8zr05ar5lfzdacgnrc293g1c01aq";
};
cargoSha256 = "sha256-WSjIN7YVX61V5nEei2iZfasIcBLjXxlZP6ZUj9nDnpo=";
cargoSha256 = "1rfqk7dmcz5zfq9fm9kvxf5718m0v0yfjm5a8718d40zzzvam7sy";
nativeBuildInputs = [ installShellFiles ];

View File

@ -1,4 +1,4 @@
{ fetchFromGitHub, nixStable, callPackage, nixFlakes, nixosTests }:
{ fetchFromGitHub, nixStable, callPackage, nixUnstable, nixosTests }:
{
hydra-unstable = callPackage ./common.nix {
@ -9,7 +9,7 @@
rev = "886e6f85e45a1f757e9b77d2a9e4539fbde29468";
sha256 = "t7Qb57Xjc0Ou+VDGC1N5u9AmeODW6MVOwKSrYRJq5f0=";
};
nix = nixFlakes;
nix = nixUnstable;
tests = {
basic = nixosTests.hydra.hydra-unstable;

View File

@ -1,5 +1,5 @@
{ lib, stdenv, nodejs-slim, mkYarnPackage, fetchFromGitHub, bundlerEnv
, yarn, callPackage, imagemagick, ffmpeg, file, ruby_2_7, writeShellScript
, yarn, callPackage, imagemagick, ffmpeg, file, ruby_3_0, writeShellScript
# Allow building a fork or custom version of Mastodon:
, pname ? "mastodon"
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
mastodon-gems = bundlerEnv {
name = "${pname}-gems-${version}";
inherit version;
ruby = ruby_2_7;
ruby = ruby_3_0;
gemdir = src;
gemset = dependenciesDir + "/gemset.nix";
# This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem

File diff suppressed because it is too large Load Diff

View File

@ -1,9 +1,9 @@
{
"version": "3.3.0",
"version": "3.4.0",
"name": "@tootsuite/mastodon",
"license": "AGPL-3.0-or-later",
"engines": {
"node": ">=10.13"
"node": ">=12"
},
"scripts": {
"postversion": "git push --tags",
@ -23,7 +23,7 @@
},
"browserslist": [
"last 2 versions",
"IE >= 11",
"not IE 11",
"iOS >= 9",
"not dead"
],
@ -60,37 +60,35 @@
},
"private": true,
"dependencies": {
"@babel/core": "^7.12.7",
"@babel/plugin-proposal-class-properties": "^7.8.3",
"@babel/plugin-proposal-decorators": "^7.12.1",
"@babel/plugin-transform-react-inline-elements": "^7.12.1",
"@babel/plugin-transform-runtime": "^7.12.1",
"@babel/preset-env": "^7.12.7",
"@babel/preset-react": "^7.12.7",
"@babel/runtime": "^7.12.5",
"@clusterws/cws": "^3.0.0",
"@babel/core": "^7.14.0",
"@babel/plugin-proposal-decorators": "^7.13.15",
"@babel/plugin-transform-react-inline-elements": "^7.12.13",
"@babel/plugin-transform-runtime": "^7.13.15",
"@babel/preset-env": "^7.14.1",
"@babel/preset-react": "^7.13.13",
"@babel/runtime": "^7.14.0",
"@gamestdio/websocket": "^0.3.2",
"@github/webauthn-json": "^0.5.7",
"@rails/ujs": "^6.0.3",
"array-includes": "^3.1.1",
"@rails/ujs": "^6.1.3",
"array-includes": "^3.1.3",
"arrow-key-navigation": "^1.2.0",
"autoprefixer": "^9.8.6",
"axios": "^0.21.0",
"babel-loader": "^8.2.1",
"axios": "^0.21.1",
"babel-loader": "^8.2.2",
"babel-plugin-lodash": "^3.3.4",
"babel-plugin-preval": "^5.0.0",
"babel-plugin-react-intl": "^6.2.0",
"babel-plugin-transform-react-remove-prop-types": "^0.4.24",
"babel-runtime": "^6.26.0",
"blurhash": "^1.1.3",
"classnames": "^2.2.5",
"color-blend": "^3.0.0",
"classnames": "^2.3.1",
"color-blend": "^3.0.1",
"compression-webpack-plugin": "^6.1.1",
"cross-env": "^7.0.2",
"css-loader": "^5.0.1",
"cssnano": "^4.1.10",
"detect-passive-events": "^2.0.1",
"dotenv": "^8.2.0",
"cross-env": "^7.0.3",
"css-loader": "^5.2.4",
"cssnano": "^4.1.11",
"detect-passive-events": "^2.0.3",
"dotenv": "^9.0.1",
"emoji-mart": "Gargron/emoji-mart#build",
"es6-symbol": "^3.1.3",
"escape-html": "^1.0.3",
@ -98,29 +96,29 @@
"express": "^4.17.1",
"file-loader": "^6.2.0",
"font-awesome": "^4.7.0",
"glob": "^7.1.6",
"glob": "^7.1.7",
"history": "^4.10.1",
"http-link-header": "^1.0.3",
"immutable": "^3.8.2",
"imports-loader": "^1.2.0",
"intersection-observer": "^0.11.0",
"intersection-observer": "^0.12.0",
"intl": "^1.2.5",
"intl-messageformat": "^2.2.0",
"intl-relativeformat": "^6.4.3",
"is-nan": "^1.3.0",
"js-yaml": "^3.13.1",
"lodash": "^4.17.19",
"is-nan": "^1.3.2",
"js-yaml": "^4.1.0",
"lodash": "^4.17.21",
"mark-loader": "^0.1.6",
"marky": "^1.2.1",
"mini-css-extract-plugin": "^1.3.1",
"marky": "^1.2.2",
"mini-css-extract-plugin": "^1.6.0",
"mkdirp": "^1.0.4",
"npmlog": "^4.1.2",
"object-assign": "^4.1.1",
"object-fit-images": "^3.2.3",
"object.values": "^1.1.1",
"object.values": "^1.1.3",
"offline-plugin": "^5.0.7",
"path-complete-extname": "^1.0.0",
"pg": "^6.4.0",
"pg": "^8.5.0",
"postcss-loader": "^3.0.0",
"postcss-object-fit-images": "^1.1.2",
"promise.prototype.finally": "^3.1.2",
@ -135,18 +133,18 @@
"react-masonry-infinite": "^1.2.2",
"react-motion": "^0.5.2",
"react-notification": "^6.8.5",
"react-overlays": "^0.9.2",
"react-redux": "^7.2.2",
"react-overlays": "^0.9.3",
"react-redux": "^7.2.4",
"react-redux-loading-bar": "^4.0.8",
"react-router-dom": "^4.1.1",
"react-router-scroll-4": "^1.0.0-beta.1",
"react-select": "^3.1.0",
"react-select": "^4.3.0",
"react-sparklines": "^1.7.0",
"react-swipeable-views": "^0.13.9",
"react-textarea-autosize": "^8.3.0",
"react-toggle": "^4.1.1",
"redis": "^3.0.2",
"redux": "^4.0.5",
"react-textarea-autosize": "^8.3.2",
"react-toggle": "^4.1.2",
"redis": "^3.1.2",
"redux": "^4.1.0",
"redux-immutable": "^4.0.0",
"redux-thunk": "^2.2.0",
"regenerator-runtime": "^0.13.7",
@ -154,8 +152,8 @@
"requestidlecallback": "^0.3.0",
"reselect": "^4.0.0",
"rimraf": "^3.0.2",
"sass": "^1.29.0",
"sass-loader": "^10.1.0",
"sass": "^1.32.12",
"sass-loader": "^10.1.1",
"stacktrace-js": "^2.0.2",
"stringz": "^2.1.0",
"substring-trie": "^1.0.2",
@ -163,31 +161,37 @@
"tesseract.js": "^2.1.1",
"throng": "^4.0.0",
"tiny-queue": "^0.2.1",
"twitter-text": "3.1.0",
"uuid": "^8.3.1",
"webpack": "^4.44.2",
"webpack-assets-manifest": "^3.1.1",
"webpack-bundle-analyzer": "^4.1.0",
"webpack": "^4.46.0",
"webpack-assets-manifest": "^4.0.6",
"webpack-bundle-analyzer": "^4.4.1",
"webpack-cli": "^3.3.12",
"webpack-merge": "^5.4.0",
"wicg-inert": "^3.1.0",
"webpack-merge": "^5.7.3",
"wicg-inert": "^3.1.1",
"ws": "^7.4.5",
"kind-of": "^6.0.3"
},
"devDependencies": {
"@testing-library/jest-dom": "^5.11.6",
"@testing-library/react": "^11.2.2",
"@testing-library/jest-dom": "^5.12.0",
"@testing-library/react": "^11.2.6",
"babel-eslint": "^10.1.0",
"babel-jest": "^26.6.3",
"eslint": "^7.14.0",
"eslint": "^7.26.0",
"eslint-plugin-import": "~2.22.1",
"eslint-plugin-jsx-a11y": "~6.4.1",
"eslint-plugin-promise": "~4.2.1",
"eslint-plugin-react": "~7.21.5",
"eslint-plugin-promise": "~5.1.0",
"eslint-plugin-react": "~7.23.2",
"jest": "^26.6.3",
"raf": "^3.4.1",
"react-intl-translations-manager": "^5.0.3",
"react-test-renderer": "^16.14.0",
"sass-lint": "^1.13.1",
"webpack-dev-server": "^3.11.0",
"yargs": "^16.1.1"
"webpack-dev-server": "^3.11.2",
"yargs": "^17.0.1"
},
"optionalDependencies": {
"bufferutil": "^4.0.3",
"utf-8-validate": "^5.0.5"
}
}

View File

@ -1,31 +1,32 @@
diff --git a/package.json b/package.json
index 7b8f49dd8..24cdd3498 100644
index 5bc1f6bf3..8cc22a403 100644
--- a/package.json
+++ b/package.json
@@ -168,7 +168,8 @@
"webpack-bundle-analyzer": "^4.1.0",
"webpack-cli": "^3.3.12",
"webpack-merge": "^5.4.0",
- "wicg-inert": "^3.1.0"
+ "wicg-inert": "^3.1.0",
"webpack-merge": "^5.7.3",
"wicg-inert": "^3.1.1",
- "ws": "^7.4.5"
+ "ws": "^7.4.5",
+ "kind-of": "^6.0.3"
},
"devDependencies": {
"@testing-library/jest-dom": "^5.11.6",
@@ -187,8 +188,5 @@
"sass-lint": "^1.13.1",
"webpack-dev-server": "^3.11.0",
"yargs": "^16.1.1"
- },
"@testing-library/jest-dom": "^5.12.0",
@@ -188,9 +189,6 @@
"webpack-dev-server": "^3.11.2",
"yargs": "^17.0.1"
},
- "resolutions": {
- "kind-of": "^6.0.3"
}
}
- },
"optionalDependencies": {
"bufferutil": "^4.0.3",
"utf-8-validate": "^5.0.5"
diff --git a/yarn.lock b/yarn.lock
index 4aa8f6380..68d2fd8b5 100644
index 6c8bcf549..bda3adbe8 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5689,6 +5689,11 @@ is-binary-path@~2.1.0:
@@ -5833,6 +5833,11 @@ is-binary-path@~2.1.0:
dependencies:
binary-extensions "^2.0.0"
@ -37,7 +38,7 @@ index 4aa8f6380..68d2fd8b5 100644
is-callable@^1.1.4, is-callable@^1.2.2:
version "1.2.2"
resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.2.2.tgz#c7c6715cd22d4ddb48d3e19970223aceabb080d9"
@@ -6639,7 +6644,26 @@ killable@^1.0.1:
@@ -6769,7 +6774,26 @@ killable@^1.0.1:
resolved "https://registry.yarnpkg.com/killable/-/killable-1.0.1.tgz#4c8ce441187a061c7474fb87ca08e2a638194892"
integrity sha512-LzqtLKlUwirEUyl/nicirVmNiPvYs7l5n8wOPP7fyJVpUPkvCnW/vuiXGpylGUlnPDnB7311rARzAt3Mhswpjg==

View File

@ -2,8 +2,8 @@
{ fetchgit, applyPatches }: let
src = fetchgit {
url = "https://github.com/tootsuite/mastodon.git";
rev = "v3.3.0";
sha256 = "17wvggvy5mmyf3f1i5v1hgvh6wjdhg9hb3wiyfaydx0slsg03qba";
rev = "v3.4.0";
sha256 = "0wa1j4iin6nlb1p5lxzgldzgr0vhrmm835gj2zqadw37vpsxdis3";
};
in applyPatches {
inherit src;

View File

@ -1 +1 @@
"3.3.0"
"3.4.0"

View File

@ -3,7 +3,7 @@ diff -Naur --label a/package.json --label b/package.json a/package.json b/packag
+++ b/package.json
@@ -1,4 +1,5 @@
{
+ "version": "3.3.0",
+ "version": "3.4.0",
"name": "@tootsuite/mastodon",
"license": "AGPL-3.0-or-later",
"engines": {

File diff suppressed because it is too large Load Diff

View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, gnugrep, nixFlakes }:
{ lib, stdenv, fetchFromGitHub, gnugrep, nixUnstable }:
stdenv.mkDerivation rec {
pname = "nix-direnv";
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
# Substitute instead of wrapping because the resulting file is
# getting sourced, not executed:
postPatch = ''
sed -i "1a NIX_BIN_PREFIX=${nixFlakes}/bin/" direnvrc
sed -i "1a NIX_BIN_PREFIX=${nixUnstable}/bin/" direnvrc
substituteInPlace direnvrc --replace "grep" "${gnugrep}/bin/grep"
'';

View File

@ -1,7 +1,7 @@
{ lib
, buildPythonApplication
, fetchFromGitHub
, nixFlakes
, nixUnstable
, nix-prefetch
, nixpkgs-fmt
, nixpkgs-review
@ -19,7 +19,7 @@ buildPythonApplication rec {
};
makeWrapperArgs = [
"--prefix" "PATH" ":" (lib.makeBinPath [ nixFlakes nix-prefetch nixpkgs-fmt nixpkgs-review ])
"--prefix" "PATH" ":" (lib.makeBinPath [ nixUnstable nix-prefetch nixpkgs-fmt nixpkgs-review ])
];
checkPhase = ''

View File

@ -227,12 +227,4 @@ in rec {
];
});
nixExperimental = nixUnstable.overrideAttrs (prev: {
patches = (prev.patches or []) ++ [ ./enable-all-experimental.patch ];
});
nixFlakes = nixUnstable.overrideAttrs (prev: {
patches = (prev.patches or []) ++ [ ./enable-flakes.patch ];
});
}

View File

@ -1,14 +0,0 @@
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index d3b27d7be..e7d002e1d 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -172,8 +172,7 @@ MissingExperimentalFeature::MissingExperimentalFeature(std::string feature)
void Settings::requireExperimentalFeature(const std::string & name)
{
- if (!isExperimentalFeatureEnabled(name))
- throw MissingExperimentalFeature(name);
+ return;
}
bool Settings::isWSL1()

View File

@ -1,14 +0,0 @@
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 3e4ead76c..81d407236 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -923,7 +923,8 @@ public:
value.
)"};
- Setting<Strings> experimentalFeatures{this, {}, "experimental-features",
+ Setting<Strings> experimentalFeatures{
+ this, {"flakes", "nix-command"}, "experimental-features",
"Experimental Nix features to enable."};
bool isExperimentalFeatureEnabled(const std::string & name);

View File

@ -1,7 +1,7 @@
{ lib
, python3
, fetchFromGitHub
, nixFlakes
, nixUnstable
, git
}:
@ -17,7 +17,7 @@ python3.pkgs.buildPythonApplication rec {
};
makeWrapperArgs = [
"--prefix" "PATH" ":" (lib.makeBinPath [ nixFlakes git ])
"--prefix" "PATH" ":" (lib.makeBinPath [ nixUnstable git ])
];
doCheck = false;

View File

@ -492,6 +492,7 @@ mapAliases ({
nginxUnstable = nginxMainline; # added 2018-04-25
nilfs_utils = nilfs-utils; # added 2018-04-25
nix-review = nixpkgs-review; # added 2019-12-22
nixFlakes = nixUnstable; # added 2021-05-21
nmap_graphical = nmap-graphical; # added 2017-01-19
nologin = shadow; # added 2018-04-25
nxproxy = nx-libs; # added 2019-02-15

View File

@ -7092,6 +7092,11 @@ in
inherit (linuxPackages) nvidia_x11;
nvidiaGpuSupport = config.cudaSupport or false;
};
nomad_1_1 = callPackage ../applications/networking/cluster/nomad/1.1.nix {
buildGoPackage = buildGo116Package;
inherit (linuxPackages) nvidia_x11;
nvidiaGpuSupport = config.cudaSupport or false;
};
nomad-driver-podman = callPackage ../applications/networking/cluster/nomad-driver-podman { };
@ -19086,11 +19091,7 @@ in
mailman-web = with python3.pkgs; toPythonApplication mailman-web;
mastodon = callPackage ../servers/mastodon {
# With nodejs v14 the streaming endpoint breaks. Need migrate to uWebSockets.js or similar.
# https://github.com/tootsuite/mastodon/issues/15184
nodejs-slim = nodejs-slim-12_x;
};
mastodon = callPackage ../servers/mastodon { };
materialize = callPackage ../servers/sql/materialize {
inherit (buildPackages.darwin) bootstrap_cmds;
@ -30420,9 +30421,7 @@ in
})
nix
nixStable
nixUnstable
nixFlakes
nixExperimental;
nixUnstable;
nixStatic = pkgsStatic.nix;