public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
github-actions[bot] 2021-02-15 12:20:12 +00:00 committed by GitHub
commit cd518a718b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 103 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/config/users-groups.nix
View File

@ -568,7 +568,7 @@ in {
# Install all the user shells # Install all the user shells
environment.systemPackages = systemShells; environment.systemPackages = systemShells;
environment.etc = (mapAttrs' (name: { packages, ... }: { environment.etc = (mapAttrs' (_: { packages, name, ... }: {
name = "profiles/per-user/${name}"; name = "profiles/per-user/${name}";
value.source = pkgs.buildEnv { value.source = pkgs.buildEnv {
name = "user-environment"; name = "user-environment";

106
nixos/modules/services/web-apps/mastodon.nix
View File

@ -25,10 +25,28 @@ let
ES_ENABLED = if (cfg.elasticsearch.host != null) then "true" else "false"; ES_ENABLED = if (cfg.elasticsearch.host != null) then "true" else "false";
ES_HOST = cfg.elasticsearch.host; ES_HOST = cfg.elasticsearch.host;
ES_PORT = toString(cfg.elasticsearch.port); ES_PORT = toString(cfg.elasticsearch.port);
TRUSTED_PROXY_IP = cfg.trustedProxy;
} }
// (if cfg.smtp.authenticate then { SMTP_LOGIN = cfg.smtp.user; } else {}) // (if cfg.smtp.authenticate then { SMTP_LOGIN = cfg.smtp.user; } else {})
// cfg.extraConfig; // cfg.extraConfig;
cfgService = {
# User and group
User = cfg.user;
Group = cfg.group;
# State directory and mode
StateDirectory = "mastodon";
StateDirectoryMode = "0750";
# Logs directory and mode
LogsDirectory = "mastodon";
LogsDirectoryMode = "0750";
# Access write directories
UMask = "0027";
# Sandboxing
PrivateTmp = true;
};
envFile = pkgs.writeText "mastodon.env" (lib.concatMapStrings (s: s + "\n") ( envFile = pkgs.writeText "mastodon.env" (lib.concatMapStrings (s: s + "\n") (
(lib.concatLists (lib.mapAttrsToList (name: value: (lib.concatLists (lib.mapAttrsToList (name: value:
if value != null then [ if value != null then [
@ -179,6 +197,26 @@ in {
type = lib.types.str; type = lib.types.str;
}; };
trustedProxy = lib.mkOption {
description = ''
You need to set it to the IP from which your reverse proxy sends requests to Mastodon's web process,
otherwise Mastodon will record the reverse proxy's own IP as the IP of all requests, which would be
bad because IP addresses are used for important rate limits and security functions.
'';
type = lib.types.str;
default = "127.0.0.1";
};
enableUnixSocket = lib.mkOption {
description = ''
Instead of binding to an IP address like 127.0.0.1, you may bind to a Unix socket. This variable
is process-specific, e.g. you need different values for every process, and it works for both web (Puma)
processes and streaming API (Node.js) processes.
'';
type = lib.types.bool;
default = true;
};
redis = { redis = {
createLocally = lib.mkOption { createLocally = lib.mkOption {
description = "Configure local Redis server for Mastodon."; description = "Configure local Redis server for Mastodon.";
@ -370,19 +408,16 @@ in {
environment = env; environment = env;
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.package; WorkingDirectory = cfg.package;
LogsDirectory = "mastodon"; } // cfgService;
StateDirectory = "mastodon";
};
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
systemd.services.mastodon-init-db = lib.mkIf cfg.automaticMigrations { systemd.services.mastodon-init-db = lib.mkIf cfg.automaticMigrations {
script = '' script = ''
if [ `psql mastodon -c \ if [ `psql ${cfg.database.name} -c \
"select count(*) from pg_class c \ "select count(*) from pg_class c \
join pg_namespace s on s.oid = c.relnamespace \ join pg_namespace s on s.oid = c.relnamespace \
where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \ where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \
@ -397,14 +432,9 @@ in {
environment = env; environment = env;
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = "/var/lib/mastodon/.secrets_env"; EnvironmentFile = "/var/lib/mastodon/.secrets_env";
PrivateTmp = true;
LogsDirectory = "mastodon";
StateDirectory = "mastodon";
WorkingDirectory = cfg.package; WorkingDirectory = cfg.package;
}; } // cfgService;
after = [ "mastodon-init-dirs.service" "network.target" ] ++ (if databaseActuallyCreateLocally then [ "postgresql.service" ] else []); after = [ "mastodon-init-dirs.service" "network.target" ] ++ (if databaseActuallyCreateLocally then [ "postgresql.service" ] else []);
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
@ -415,21 +445,20 @@ in {
++ (if cfg.automaticMigrations then [ "mastodon-init-db.service" ] else [ "mastodon-init-dirs.service" ]); ++ (if cfg.automaticMigrations then [ "mastodon-init-db.service" ] else [ "mastodon-init-dirs.service" ]);
description = "Mastodon streaming"; description = "Mastodon streaming";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment = env // { environment = env // (if cfg.enableUnixSocket
PORT = toString(cfg.streamingPort); then { SOCKET = "/run/mastodon-streaming/streaming.socket"; }
}; else { PORT = toString(cfg.streamingPort); }
);
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.nodejs-slim}/bin/node streaming"; ExecStart = "${pkgs.nodejs-slim}/bin/node streaming";
Restart = "always"; Restart = "always";
RestartSec = 20; RestartSec = 20;
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.package;
EnvironmentFile = "/var/lib/mastodon/.secrets_env"; EnvironmentFile = "/var/lib/mastodon/.secrets_env";
PrivateTmp = true; WorkingDirectory = cfg.package;
LogsDirectory = "mastodon"; # Runtime directory and mode
StateDirectory = "mastodon"; RuntimeDirectory = "mastodon-streaming";
}; RuntimeDirectoryMode = "0750";
} // cfgService;
}; };
systemd.services.mastodon-web = { systemd.services.mastodon-web = {
@ -438,21 +467,20 @@ in {
++ (if cfg.automaticMigrations then [ "mastodon-init-db.service" ] else [ "mastodon-init-dirs.service" ]); ++ (if cfg.automaticMigrations then [ "mastodon-init-db.service" ] else [ "mastodon-init-dirs.service" ]);
description = "Mastodon web"; description = "Mastodon web";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment = env // { environment = env // (if cfg.enableUnixSocket
PORT = toString(cfg.webPort); then { SOCKET = "/run/mastodon-web/web.socket"; }
}; else { PORT = toString(cfg.webPort); }
);
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/puma -C config/puma.rb"; ExecStart = "${cfg.package}/bin/puma -C config/puma.rb";
Restart = "always"; Restart = "always";
RestartSec = 20; RestartSec = 20;
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.package;
EnvironmentFile = "/var/lib/mastodon/.secrets_env"; EnvironmentFile = "/var/lib/mastodon/.secrets_env";
PrivateTmp = true; WorkingDirectory = cfg.package;
LogsDirectory = "mastodon"; # Runtime directory and mode
StateDirectory = "mastodon"; RuntimeDirectory = "mastodon-web";
}; RuntimeDirectoryMode = "0750";
} // cfgService;
path = with pkgs; [ file imagemagick ffmpeg ]; path = with pkgs; [ file imagemagick ffmpeg ];
}; };
@ -469,14 +497,9 @@ in {
ExecStart = "${cfg.package}/bin/sidekiq -c 25 -r ${cfg.package}"; ExecStart = "${cfg.package}/bin/sidekiq -c 25 -r ${cfg.package}";
Restart = "always"; Restart = "always";
RestartSec = 20; RestartSec = 20;
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.package;
EnvironmentFile = "/var/lib/mastodon/.secrets_env"; EnvironmentFile = "/var/lib/mastodon/.secrets_env";
PrivateTmp = true; WorkingDirectory = cfg.package;
LogsDirectory = "mastodon"; } // cfgService;
StateDirectory = "mastodon";
};
path = with pkgs; [ file imagemagick ffmpeg ]; path = with pkgs; [ file imagemagick ffmpeg ];
}; };
@ -495,12 +518,12 @@ in {
}; };
locations."@proxy" = { locations."@proxy" = {
proxyPass = "http://127.0.0.1:${toString(cfg.webPort)}"; proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-web/web.socket" else "http://127.0.0.1:${toString(cfg.webPort)}");
proxyWebsockets = true; proxyWebsockets = true;
}; };
locations."/api/v1/streaming/" = { locations."/api/v1/streaming/" = {
proxyPass = "http://127.0.0.1:${toString(cfg.streamingPort)}/"; proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-streaming/streaming.socket" else "http://127.0.0.1:${toString(cfg.streamingPort)}/");
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
@ -532,6 +555,7 @@ in {
}; };
}) })
(lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package mastodonEnv ]) (lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package mastodonEnv ])
(lib.mkIf cfg.configureNginx {${config.services.nginx.user}.extraGroups = [ cfg.user ];})
]; ];
users.groups.mastodon = lib.mkIf (cfg.group == "mastodon") { }; users.groups.mastodon = lib.mkIf (cfg.group == "mastodon") { };

4
pkgs/applications/window-managers/i3/default.nix
View File

@ -5,11 +5,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "i3"; pname = "i3";
version = "4.19"; version = "4.19.1";
src = fetchurl { src = fetchurl {
url = "https://i3wm.org/downloads/${pname}-${version}.tar.xz"; url = "https://i3wm.org/downloads/${pname}-${version}.tar.xz";
sha256 = "0wjq6lkidg0g474xsln1fhbxci7zclq3748sda10f1n7q01qp95c"; sha256 = "sha256-IoTIEvxongM42P6b4LjRVS5Uj8Fo0WX3lbJr9JfCK0c=";
}; };
nativeBuildInputs = [ pkg-config makeWrapper meson ninja installShellFiles ]; nativeBuildInputs = [ pkg-config makeWrapper meson ninja installShellFiles ];

27
pkgs/development/tools/rust/cargo-whatfeatures/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ lib, stdenv, fetchFromGitHub, rustPlatform, pkg-config, openssl, Security }:
rustPlatform.buildRustPackage rec {
pname = "cargo-whatfeatures";
version = "0.9.6";
src = fetchFromGitHub {
owner = "museun";
repo = pname;
rev = "v${version}";
sha256 = "0vki37pxngg15za9c1z61dc6sqk0j59s0qhcf9hplnym4ib5kqx1";
};
cargoSha256 = "sha256-nNV7UXjKZNFmTqW4H0qsNuBW9XOP2V9nfotewtI9mYE";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ openssl ]
++ lib.optionals stdenv.isDarwin [ Security ];
meta = with lib; {
description = "A simple cargo plugin to get a list of features for a specific crate";
homepage = "https://github.com/museun/cargo-whatfeatures";
license = with licenses; [ mit asl20 ];
maintainers = with maintainers; [ ivan-babrou ];
};
}

6
pkgs/tools/text/ripgrep/default.nix
View File

@ -4,6 +4,7 @@
, rustPlatform , rustPlatform
, asciidoctor , asciidoctor
, installShellFiles , installShellFiles
, pkg-config
, Security , Security
, withPCRE2 ? true , withPCRE2 ? true
, pcre2 ? null , pcre2 ? null
@ -24,9 +25,10 @@ rustPlatform.buildRustPackage rec {
cargoBuildFlags = lib.optional withPCRE2 "--features pcre2"; cargoBuildFlags = lib.optional withPCRE2 "--features pcre2";
nativeBuildInputs = [ asciidoctor installShellFiles ]; nativeBuildInputs = [ asciidoctor installShellFiles ]
++ lib.optional withPCRE2 pkg-config;
buildInputs = (lib.optional withPCRE2 pcre2) buildInputs = (lib.optional withPCRE2 pcre2)
++ (lib.optional stdenv.isDarwin Security); ++ (lib.optional stdenv.isDarwin Security);
preFixup = '' preFixup = ''
installManPage $releaseDir/build/ripgrep-*/out/rg.1 installManPage $releaseDir/build/ripgrep-*/out/rg.1

4
pkgs/top-level/all-packages.nix
View File

@ -10856,6 +10856,10 @@ in
inherit (darwin.apple_sdk.frameworks) Security; inherit (darwin.apple_sdk.frameworks) Security;
}; };
cargo-whatfeatures = callPackage ../development/tools/rust/cargo-whatfeatures {
inherit (darwin.apple_sdk.frameworks) Security;
};
crate2nix = callPackage ../development/tools/rust/crate2nix { }; crate2nix = callPackage ../development/tools/rust/crate2nix { };
convco = callPackage ../development/tools/convco { convco = callPackage ../development/tools/convco {