From d15de4c6db5ce58760c75fd2750e1239bceb8669 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 7 Apr 2021 20:46:10 +0200
Subject: [PATCH 1/6] nixos/k3s: add to environment.systemPackages for
adminstration
(cherry picked from commit 852739337bd5ab4c57fd1eab9e62e76ac2f1a7cc)
---
nixos/modules/services/cluster/k3s/default.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix
index 5ab0286a38a..b5506057db8 100644
--- a/nixos/modules/services/cluster/k3s/default.nix
+++ b/nixos/modules/services/cluster/k3s/default.nix
@@ -81,6 +81,8 @@ in
# supporting it, or their bundled containerd
systemd.enableUnifiedCgroupHierarchy = false;
+ environment.systemPackages = [ config.services.k3s.package ];
+
systemd.services.k3s = {
description = "k3s service";
after = [ "network.service" "firewall.service" ] ++ (optional cfg.docker "docker.service");
From eacc0f7750ffd847584eca60f3f099b0da17850d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 9 Apr 2021 11:50:03 +0200
Subject: [PATCH 2/6] k3s: add tokenFile option
To avoid having secrets in the nix store.
(cherry picked from commit 11a38f62f0bfcb655e339498897b0d25ac37fa97)
---
.../modules/services/cluster/k3s/default.nix | 23 +++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix
index b5506057db8..99e47e867b3 100644
--- a/nixos/modules/services/cluster/k3s/default.nix
+++ b/nixos/modules/services/cluster/k3s/default.nix
@@ -35,10 +35,20 @@ in
token = mkOption {
type = types.str;
- description = "The k3s token to use when connecting to the server. This option only makes sense for an agent.";
+ description = ''
+ The k3s token to use when connecting to the server. This option only makes sense for an agent.
+ WARNING: This option will expose store your token unencrypted world-readable in the nix store.
+ If this is undesired use the tokenFile option instead.
+ '';
default = "";
};
+ tokenFile = mkOption {
+ type = types.nullOr types.path;
+ description = "File path containing k3s token to use when connecting to the server. This option only makes sense for an agent.";
+ default = null;
+ };
+
docker = mkOption {
type = types.bool;
default = false;
@@ -68,8 +78,8 @@ in
message = "serverAddr should be set if role is 'agent'";
}
{
- assertion = cfg.role == "agent" -> cfg.token != "";
- message = "token should be set if role is 'agent'";
+ assertion = cfg.role == "agent" -> cfg.token != "" || cfg.tokenFile != null;
+ message = "token or tokenFile should be set if role is 'agent'";
}
];
@@ -104,7 +114,12 @@ in
"${cfg.package}/bin/k3s ${cfg.role}"
] ++ (optional cfg.docker "--docker")
++ (optional cfg.disableAgent "--disable-agent")
- ++ (optional (cfg.role == "agent") "--server ${cfg.serverAddr} --token ${cfg.token}")
+ ++ (optional (cfg.role == "agent") "--server ${cfg.serverAddr} ${
+ if cfg.tokenFile != null then
+ "--token-file ${cfg.tokenFile}"
+ else
+ "--token ${cfg.token}"
+ }")
++ [ cfg.extraFlags ]
);
};
From 07d959d0b056bc50a81c6ed6439152378dd4c75d Mon Sep 17 00:00:00 2001
From: Sander van der Burg <svanderburg@gmail.com>
Date: Fri, 6 Aug 2021 00:03:52 +0200
Subject: [PATCH 3/6] gzdoom: add desktop item
(cherry picked from commit 246ac3167d82c7adafed4a861ddb71817810586c)
---
pkgs/games/gzdoom/default.nix | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/pkgs/games/gzdoom/default.nix b/pkgs/games/gzdoom/default.nix
index 8ab54468c00..787184273fc 100644
--- a/pkgs/games/gzdoom/default.nix
+++ b/pkgs/games/gzdoom/default.nix
@@ -1,6 +1,6 @@
{ lib, stdenv, fetchFromGitHub, cmake, makeWrapper, openal, fluidsynth_1
, soundfont-fluid, libGL, SDL2, bzip2, zlib, libjpeg, libsndfile, mpg123
-, game-music-emu, pkg-config }:
+, game-music-emu, pkg-config, copyDesktopItems, makeDesktopItem }:
let
zmusic-src = fetchFromGitHub {
@@ -38,7 +38,7 @@ let
fetchSubmodules = true;
};
- nativeBuildInputs = [ cmake makeWrapper pkg-config ];
+ nativeBuildInputs = [ cmake makeWrapper pkg-config copyDesktopItems ];
buildInputs = [
SDL2
libGL
@@ -55,7 +55,18 @@ let
NIX_CFLAGS_LINK = "-lopenal -lfluidsynth";
+ desktopItems = [
+ (makeDesktopItem {
+ name = "gzdoom";
+ exec = "gzdoom";
+ desktopName = "GZDoom";
+ categories = "Game;";
+ })
+ ];
+
installPhase = ''
+ runHook preInstall
+
install -Dm755 gzdoom "$out/lib/gzdoom/gzdoom"
for i in *.pk3; do
install -Dm644 "$i" "$out/lib/gzdoom/$i"
@@ -68,6 +79,8 @@ let
done
mkdir $out/bin
makeWrapper $out/lib/gzdoom/gzdoom $out/bin/gzdoom
+
+ runHook postInstall
'';
meta = with lib; {
From b6e71616f8c461ebd72c237d7c1dd298ae9a92ed Mon Sep 17 00:00:00 2001
From: Sander van der Burg <svanderburg@gmail.com>
Date: Fri, 6 Aug 2021 00:04:17 +0200
Subject: [PATCH 4/6] quakespasm: add desktop item
(cherry picked from commit 55c21071de9d58498166ad96ddb157a4f5051702)
---
pkgs/games/quakespasm/default.nix | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/pkgs/games/quakespasm/default.nix b/pkgs/games/quakespasm/default.nix
index 64b7c8f7920..9e540052c4f 100644
--- a/pkgs/games/quakespasm/default.nix
+++ b/pkgs/games/quakespasm/default.nix
@@ -1,4 +1,5 @@
-{ lib, stdenv, SDL, fetchurl, gzip, libvorbis, libmad }:
+{ lib, stdenv, SDL, fetchurl, gzip, libvorbis, libmad, copyDesktopItems, makeDesktopItem }:
+
stdenv.mkDerivation rec {
pname = "quakespasm";
majorVersion = "0.93";
@@ -11,6 +12,7 @@ stdenv.mkDerivation rec {
sourceRoot = "${pname}-${version}/Quake";
+ nativeBuildInputs = [ copyDesktopItems ];
buildInputs = [
gzip SDL libvorbis libmad
];
@@ -24,7 +26,16 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
- meta = {
+ desktopItems = [
+ (makeDesktopItem {
+ name = "quakespasm";
+ exec = "quake";
+ desktopName = "Quakespasm";
+ categories = "Game;";
+ })
+ ];
+
+ meta = with lib; {
description = "An engine for iD software's Quake";
homepage = "http://quakespasm.sourceforge.net/";
longDescription = ''
From 22f37f4aee3fb9be43cab353cc074ea89616c170 Mon Sep 17 00:00:00 2001
From: Sander van der Burg <svanderburg@gmail.com>
Date: Fri, 6 Aug 2021 00:04:39 +0200
Subject: [PATCH 5/6] dhewm: add desktop item
(cherry picked from commit f7ae4163e027ad6269e6f51a7f9d0726a97be96b)
---
pkgs/games/dhewm3/default.nix | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/pkgs/games/dhewm3/default.nix b/pkgs/games/dhewm3/default.nix
index b5caa603eaf..beb037dc240 100644
--- a/pkgs/games/dhewm3/default.nix
+++ b/pkgs/games/dhewm3/default.nix
@@ -1,5 +1,5 @@
{ lib, stdenv, fetchFromGitHub, cmake, SDL2, libGLU, libGL, zlib, libjpeg, libogg, libvorbis
-, openal, curl }:
+, openal, curl, copyDesktopItems, makeDesktopItem }:
stdenv.mkDerivation rec {
pname = "dhewm3";
@@ -21,9 +21,18 @@ stdenv.mkDerivation rec {
cd "$(ls -d dhewm3-*.src)"/neo
'';
- nativeBuildInputs = [ cmake ];
+ nativeBuildInputs = [ cmake copyDesktopItems ];
buildInputs = [ SDL2 libGLU libGL zlib libjpeg libogg libvorbis openal curl ];
+ desktopItems = [
+ (makeDesktopItem {
+ name = "dhewm3";
+ exec = "dhewm3";
+ desktopName = "Doom 3";
+ categories = "Game;";
+ })
+ ];
+
hardeningDisable = [ "format" ];
meta = with lib; {
From 3a5ff18d64b8caed713b07e72be8016bc3bf87e1 Mon Sep 17 00:00:00 2001
From: Yuka <yuka@yuka.dev>
Date: Sat, 7 Aug 2021 12:38:46 +0200
Subject: [PATCH 6/6] mautrix-telegram: add inputs for E2BE support (#132979)
https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html
(cherry picked from commit f1d1ed4f0221d89d5e221c26114a14fe138e8982)
---
pkgs/servers/mautrix-telegram/default.nix | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/pkgs/servers/mautrix-telegram/default.nix b/pkgs/servers/mautrix-telegram/default.nix
index bf00462875b..74280f048ce 100644
--- a/pkgs/servers/mautrix-telegram/default.nix
+++ b/pkgs/servers/mautrix-telegram/default.nix
@@ -1,4 +1,6 @@
-{ lib, python3, mautrix-telegram, fetchFromGitHub }:
+{ lib, python3, mautrix-telegram, fetchFromGitHub
+, withE2BE ? true
+}:
with python3.pkgs;
@@ -39,6 +41,11 @@ in buildPythonPackage rec {
pillow
lxml
setuptools
+ ] ++ lib.optionals withE2BE [
+ asyncpg
+ python-olm
+ pycryptodome
+ unpaddedbase64
] ++ dbDrivers;
# `alembic` (a database migration tool) is only needed for the initial setup,