}
];
- users.users = optionalAttrs (cfg.user == "naemon") (singleton
- {
- name = "naemon";
+ users.users = optionalAttrs (cfg.user == "naemon") {
+ naemon = {
group = cfg.group;
uid = config.ids.uids.nagios;
extraGroups = [ "keys" ];
- });
- users.groups = optionalAttrs (cfg.user == "naemon") (singleton
- {
- name = "naemon";
- gid = config.ids.gids.nagios;
- });
+ };
+ };
+ users.groups = optionalAttrs (cfg.user == "naemon") {
+ naemon = {
+ gid = config.ids.gids.nagios;
+ };
+ };
services.filesWatcher.naemon = {
paths = [ config.secrets.fullPaths."naemon/resources.cfg" ];
config = mkIf cfg.enable {
- users.users = optionalAttrs (cfg.user == "opendmarc") (singleton
- { name = "opendmarc";
+ users.users = optionalAttrs (cfg.user == "opendmarc") {
+ opendmarc = {
group = cfg.group;
uid = config.ids.uids.opendmarc;
- });
+ };
+ };
- users.groups = optionalAttrs (cfg.group == "opendmarc") (singleton
- { name = "opendmarc";
+ users.groups = optionalAttrs (cfg.group == "opendmarc") {
+ opendmarc = {
gid = config.ids.gids.opendmarc;
- });
+ };
+ };
environment.systemPackages = [ pkgs.opendmarc ];
(lib.optionalString config.services.httpd.Inte.enable "systemctl reload httpdInte.service")
(lib.optionalString config.services.nginx.enable "systemctl reload nginx.service")
];
- plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" "account_reg.json"];
};
description = "Default configuration for certificates";
};
myServices.databasesCerts = config.myServices.certificates.certConfig;
myServices.ircCerts = config.myServices.certificates.certConfig;
+ security.acme.acceptTerms = true;
security.acme.preliminarySelfsigned = true;
security.acme.certs = {
};
systemd.services = lib.attrsets.mapAttrs' (k: v:
- lib.attrsets.nameValuePair "acme-selfsigned-${k}" (lib.mkBefore { script =
- (lib.optionalString (builtins.elem "cert.pem" v.plugins) ''
+ lib.attrsets.nameValuePair "acme-selfsigned-${k}" { script = lib.mkBefore ''
cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem
chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem
chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem
- '') +
- (lib.optionalString (builtins.elem "chain.pem" v.plugins) ''
+
cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem
chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem
chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem
- '')
- ; })
+ '';
+ }
) config.security.acme.certs //
lib.attrsets.mapAttrs' (k: data:
lib.attrsets.nameValuePair "acme-${k}" {
enable = true;
package = cfg.package;
dataDir = cfg.dataDir;
- extraOptions = ''
- ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
- ssl_key = ${config.security.acme.certs.mysql.directory}/key.pem
- ssl_cert = ${config.security.acme.certs.mysql.directory}/fullchain.pem
+ settings = {
+ mysqld = {
+ ssl_ca = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ ssl_key = "${config.security.acme.certs.mysql.directory}/key.pem";
+ ssl_cert = "${config.security.acme.certs.mysql.directory}/fullchain.pem";
- # for replication
- log-bin=mariadb-bin
- server-id=1
+ # for replication
+ log-bin = "mariadb-bin";
+ server-id = "1";
- # this introduces a small delay before storing on disk, but
- # makes it order of magnitudes quicker
- innodb_flush_log_at_trx_commit = 0
- '';
+ # this introduces a small delay before storing on disk, but
+ # makes it order of magnitudes quicker
+ innodb_flush_log_at_trx_commit = "0";
+ };
+ };
};
users.users.mysql.extraGroups = [ "keys" ];
security.acme.certs."mysql" = config.myServices.databasesCerts // {
user = "mysql";
group = "mysql";
- plugins = [ "fullchain.pem" "key.pem" "account_key.json" "account_reg.json" ];
domain = "db-1.immae.eu";
postRun = ''
systemctl restart mysql.service
security.pam.services = let
pam_ldap = "${pkgs.pam_ldap}/lib/security/pam_ldap.so";
- in [
- {
- name = "mysql";
+ in {
+ mysql = {
text = ''
# https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/
auth required ${pam_ldap} config=${config.secrets.location}/mysql/pam
account required ${pam_ldap} config=${config.secrets.location}/mysql/pam
'';
- }
- {
- name = "mysql_replication";
+ };
+ mysql_replication = {
text = ''
auth required ${pam_ldap} config=${config.secrets.location}/mysql/pam_replication
account required ${pam_ldap} config=${config.secrets.location}/mysql/pam_replication
'';
- }
- ];
+ };
+ };
};
}
security.acme.certs."ldap" = config.myServices.databasesCerts // {
user = "openldap";
group = "openldap";
- plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
domain = "ldap.immae.eu";
postRun = ''
systemctl restart openldap.service
security.acme.certs."postgresql" = config.myServices.databasesCerts // {
user = "postgres";
group = "postgres";
- plugins = [ "fullchain.pem" "key.pem" "account_key.json" "account_reg.json" ];
domain = "db-1.immae.eu";
postRun = ''
systemctl reload postgresql.service
security.pam.services = let
pam_ldap = "${pkgs.pam_ldap}/lib/security/pam_ldap.so";
- in [
- {
- name = "postgresql";
+ in {
+ postgresql = {
text = ''
auth required ${pam_ldap} config=${config.secrets.location}/postgresql/pam
account required ${pam_ldap} config=${config.secrets.location}/postgresql/pam
'';
- }
- {
- name = "postgresql_replication";
+ };
+ postgresql_replication = {
text = ''
auth required ${pam_ldap} config=${config.secrets.location}/postgresql/pam_replication
account required ${pam_ldap} config=${config.secrets.location}/postgresql/pam_replication
'';
- }
- ];
+ };
+ };
};
}
};
};
- users.users = [
- {
- name = "ftp";
- uid = config.ids.uids.ftp; # 8
- group = "ftp";
- description = "Anonymous FTP user";
- home = "/homeless-shelter";
- extraGroups = [ "keys" ];
- }
- ];
+ users.users.ftp = {
+ uid = config.ids.uids.ftp; # 8
+ group = "ftp";
+ description = "Anonymous FTP user";
+ home = "/homeless-shelter";
+ extraGroups = [ "keys" ];
+ };
users.groups.ftp.gid = config.ids.gids.ftp;
locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
};
};
- security.acme.certs."${name}".extraDomains."status.immae.eu" = null;
+ security.acme.certs."${name}" = {
+ extraDomains."status.immae.eu" = null;
+ user = config.services.nginx.user;
+ group = config.services.nginx.group;
+ };
myServices.certificates.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
users.mutableUsers = false;
environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
- environment.systemPackages =
- let
- home-manager = builtins.fetchGit {
- url = "https://github.com/rycee/home-manager.git";
- rev = "ef64bc598f28818d56c86629dad98b468af9c071";
- ref = "release-19.03";
- };
- in
- [
- pkgs.git
- pkgs.vim
- ] ++
- (lib.optional
- (builtins.length (config.hostEnv.users pkgs) > 0)
- ((pkgs.callPackage home-manager {}).home-manager)
- );
+ environment.systemPackages = [
+ pkgs.git
+ pkgs.vim
+ ] ++
+ (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
};
}
{ privateFiles }:
-{ config, pkgs, resources, ... }:
+{ config, pkgs, resources, name, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_latest;
myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
};
myServices.certificates.enable = true;
+ security.acme.certs."${name}" = {
+ user = config.services.nginx.user;
+ group = config.services.nginx.group;
+ };
services.nginx = {
enable = true;
recommendedOptimisation = true;
# This is equivalent to setting environment.sessionVariables.NIX_PATH
nix.nixPath = [
- "home-manager=https://github.com/rycee/home-manager/archive/release-19.03.tar.gz"
- "nixpkgs=https://nixos.org/channels/nixos-19.03/nixexprs.tar.xz"
+ "home-manager=https://github.com/rycee/home-manager/archive/master.tar.gz"
+ "nixpkgs=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz"
];
nix.binaryCaches = [ "https://hydra.iohk.io" "https://cache.nixos.org" ];
nix.binaryCachePublicKeys = [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
security.acme.certs."task" = config.myServices.certificates.certConfig // {
inherit user group;
- plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
domain = fqdn;
postRun = ''
systemctl restart taskserver.service
};
config = lib.mkIf cfg.enable {
- users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
- inherit name;
- inherit uid;
- group = cfg.group;
- description = "Diaspora user";
- home = cfg.dataDir;
- packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ];
- useDefaultShell = true;
- });
- users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
- inherit name;
- inherit gid;
- });
+ users.users = lib.optionalAttrs (cfg.user == name) {
+ "${name}" = {
+ inherit uid;
+ group = cfg.group;
+ description = "Diaspora user";
+ home = cfg.dataDir;
+ packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ];
+ useDefaultShell = true;
+ };
+ };
+ users.groups = lib.optionalAttrs (cfg.group == name) {
+ "${name}" = {
+ inherit gid;
+ };
+ };
systemd.services.diaspora = {
description = "Diaspora";
};
config = lib.mkIf cfg.enable {
- users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
- inherit name;
- inherit uid;
- group = cfg.group;
- description = "Mastodon user";
- home = cfg.dataDir;
- useDefaultShell = true;
- });
- users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
- inherit name;
- inherit gid;
- });
+ users.users = lib.optionalAttrs (cfg.user == name) {
+ "${name}" = {
+ inherit uid;
+ group = cfg.group;
+ description = "Mastodon user";
+ home = cfg.dataDir;
+ useDefaultShell = true;
+ };
+ };
+ users.groups = lib.optionalAttrs (cfg.group == name) {
+ "${name}" = {
+ inherit gid;
+ };
+ };
systemd.services.mastodon-streaming = {
description = "Mastodon Streaming";
};
config = lib.mkIf cfg.enable {
- users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
- inherit name;
- inherit uid;
- group = cfg.group;
- description = "Mediagoblin user";
- home = cfg.dataDir;
- useDefaultShell = true;
- });
- users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
- inherit name;
- inherit gid;
- });
+ users.users = lib.optionalAttrs (cfg.user == name) {
+ "${name}" = {
+ inherit uid;
+ group = cfg.group;
+ description = "Mediagoblin user";
+ home = cfg.dataDir;
+ useDefaultShell = true;
+ };
+ };
+ users.groups = lib.optionalAttrs (cfg.group == name) {
+ "${name}" = {
+ inherit gid;
+ };
+ };
systemd.services.mediagoblin-web = {
description = "Mediagoblin service";
};
config = lib.mkIf cfg.enable {
- users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
- inherit name;
- inherit uid;
- group = cfg.group;
- description = "Peertube user";
- home = cfg.dataDir;
- useDefaultShell = true;
- });
- users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
- inherit name;
- inherit gid;
- });
+ users.users = lib.optionalAttrs (cfg.user == name) {
+ "${name}" = {
+ inherit uid;
+ group = cfg.group;
+ description = "Peertube user";
+ home = cfg.dataDir;
+ useDefaultShell = true;
+ };
+ };
+ users.groups = lib.optionalAttrs (cfg.group == name) {
+ "${name}" = {
+ inherit gid;
+ };
+ };
systemd.services.peertube = {
description = "Peertube";
};
virtualHosts = mkOption {
- type = with types; attrsOf (submodule (import ./vhost-options.nix));
+ type = with types; attrsOf (submodule (import <nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix>));
default = {
localhost = {
documentRoot = "${pkg}/htdocs";
+++ /dev/null
-{ config, lib, name, ... }:
-let
- inherit (lib) mkOption types;
-in
-{
- options = {
-
- proxyPass = mkOption {
- type = with types; nullOr str;
- default = null;
- example = "http://www.example.org/";
- description = ''
- Sets up a simple reverse proxy as described by <link xlink:href="https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple" />.
- '';
- };
-
- index = mkOption {
- type = with types; nullOr str;
- default = null;
- example = "index.php index.html";
- description = ''
- Adds DirectoryIndex directive. See <link xlink:href="https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex" />.
- '';
- };
-
- alias = mkOption {
- type = with types; nullOr path;
- default = null;
- example = "/your/alias/directory";
- description = ''
- Alias directory for requests. See <link xlink:href="https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias" />.
- '';
- };
-
- extraConfig = mkOption {
- type = types.lines;
- default = "";
- description = ''
- These lines go to the end of the location verbatim.
- '';
- };
-
- priority = mkOption {
- type = types.int;
- default = 1000;
- description = ''
- Order of this location block in relation to the others in the vhost.
- The semantics are the same as with `lib.mkOrder`. Smaller values have
- a greater priority.
- '';
- };
-
- };
-}
+++ /dev/null
-{ config, lib, name, ... }:
-let
- inherit (lib) literalExample mkOption nameValuePair types;
-in
-{
- options = {
-
- hostName = mkOption {
- type = types.str;
- default = name;
- description = "Canonical hostname for the server.";
- };
-
- serverAliases = mkOption {
- type = types.listOf types.str;
- default = [];
- example = ["www.example.org" "www.example.org:8080" "example.org"];
- description = ''
- Additional names of virtual hosts served by this virtual host configuration.
- '';
- };
-
- listen = mkOption {
- type = with types; listOf (submodule ({
- options = {
- port = mkOption {
- type = types.port;
- description = "Port to listen on";
- };
- ip = mkOption {
- type = types.str;
- default = "*";
- description = "IP to listen on. 0.0.0.0 for IPv4 only, * for all.";
- };
- ssl = mkOption {
- type = types.bool;
- default = false;
- description = "Whether to enable SSL (https) support.";
- };
- };
- }));
- default = [];
- example = [
- { ip = "195.154.1.1"; port = 443; ssl = true;}
- { ip = "192.154.1.1"; port = 80; }
- { ip = "*"; port = 8080; }
- ];
- description = ''
- Listen addresses and ports for this virtual host.
- <note><para>
- This option overrides <literal>addSSL</literal>, <literal>forceSSL</literal> and <literal>onlySSL</literal>.
- </para></note>
- '';
- };
-
- enableSSL = mkOption {
- type = types.bool;
- visible = false;
- default = false;
- };
-
- addSSL = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
- <literal>listen</literal> to listen on all interfaces on the respective default
- ports (80, 443).
- '';
- };
-
- onlySSL = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to enable HTTPS and reject plain HTTP connections. This will set
- defaults for <literal>listen</literal> to listen on all interfaces on port 443.
- '';
- };
-
- forceSSL = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to add a separate nginx server block that permanently redirects (301)
- all plain HTTP traffic to HTTPS. This will set defaults for
- <literal>listen</literal> to listen on all interfaces on the respective default
- ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
- '';
- };
-
- enableACME = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to ask Let's Encrypt to sign a certificate for this vhost.
- Alternately, you can use an existing certificate through <option>useACMEHost</option>.
- '';
- };
-
- useACMEHost = mkOption {
- type = types.nullOr types.str;
- default = null;
- description = ''
- A host of an existing Let's Encrypt certificate to use.
- This is useful if you have many subdomains and want to avoid hitting the
- <link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.
- Alternately, you can generate a certificate through <option>enableACME</option>.
- <emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using <xref linkend="opt-security.acme.certs"/>.</emphasis>
- '';
- };
-
- acmeRoot = mkOption {
- type = types.str;
- default = "/var/lib/acme/acme-challenges";
- description = "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here";
- };
-
- sslServerCert = mkOption {
- type = types.path;
- example = "/var/host.cert";
- description = "Path to server SSL certificate.";
- };
-
- sslServerKey = mkOption {
- type = types.path;
- example = "/var/host.key";
- description = "Path to server SSL certificate key.";
- };
-
- sslServerChain = mkOption {
- type = types.nullOr types.path;
- default = null;
- example = "/var/ca.pem";
- description = "Path to server SSL chain file.";
- };
-
- http2 = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. <emphasis>However, if you use the prefork mpm, there will
- be severe restrictions.</emphasis> Refer to <link xlink:href="https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config"/> for details.
- '';
- };
-
- adminAddr = mkOption {
- type = types.nullOr types.str;
- default = null;
- example = "admin@example.org";
- description = "E-mail address of the server administrator.";
- };
-
- documentRoot = mkOption {
- type = types.nullOr types.path;
- default = null;
- example = "/data/webserver/docs";
- description = ''
- The path of Apache's document root directory. If left undefined,
- an empty directory in the Nix store will be used as root.
- '';
- };
-
- servedDirs = mkOption {
- type = types.listOf types.attrs;
- default = [];
- example = [
- { urlPath = "/nix";
- dir = "/home/eelco/Dev/nix-homepage";
- }
- ];
- description = ''
- This option provides a simple way to serve static directories.
- '';
- };
-
- servedFiles = mkOption {
- type = types.listOf types.attrs;
- default = [];
- example = [
- { urlPath = "/foo/bar.png";
- file = "/home/eelco/some-file.png";
- }
- ];
- description = ''
- This option provides a simple way to serve individual, static files.
-
- <note><para>
- This option has been deprecated and will be removed in a future
- version of NixOS. You can achieve the same result by making use of
- the <literal>locations.<name>.alias</literal> option.
- </para></note>
- '';
- };
-
- extraConfig = mkOption {
- type = types.lines;
- default = "";
- example = ''
- <Directory /home>
- Options FollowSymlinks
- AllowOverride All
- </Directory>
- '';
- description = ''
- These lines go to httpd.conf verbatim. They will go after
- directories and directory aliases defined by default.
- '';
- };
-
- enableUserDir = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to enable serving <filename>~/public_html</filename> as
- <literal>/~<replaceable>username</replaceable></literal>.
- '';
- };
-
- globalRedirect = mkOption {
- type = types.nullOr types.str;
- default = null;
- example = http://newserver.example.org/;
- description = ''
- If set, all requests for this host are redirected permanently to
- the given URL.
- '';
- };
-
- logFormat = mkOption {
- type = types.str;
- default = "common";
- example = "combined";
- description = ''
- Log format for Apache's log files. Possible values are: combined, common, referer, agent.
- '';
- };
-
- robotsEntries = mkOption {
- type = types.lines;
- default = "";
- example = "Disallow: /foo/";
- description = ''
- Specification of pages to be ignored by web crawlers. See <link
- xlink:href='http://www.robotstxt.org/'/> for details.
- '';
- };
-
- locations = mkOption {
- type = with types; attrsOf (submodule (import ./location-options.nix));
- default = {};
- example = literalExample ''
- {
- "/" = {
- proxyPass = "http://localhost:3000";
- };
- "/foo/bar.png" = {
- alias = "/home/eelco/some-file.png";
- };
- };
- '';
- description = ''
- Declarative location config. See <link
- xlink:href="https://httpd.apache.org/docs/2.4/mod/core.html#location"/> for details.
- '';
- };
-
- };
-
- config = {
-
- locations = builtins.listToAttrs (map (elem: nameValuePair elem.urlPath { alias = elem.file; }) config.servedFiles);
-
- };
-}
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs": {
- "branch": "nixos-19.03",
+ "branch": "nixos-unstable",
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
"homepage": "https://github.com/NixOS/nixpkgs",
"owner": "NixOS",
"repo": "nixpkgs-channels",
- "rev": "34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59",
- "sha256": "11z6ajj108fy2q5g8y4higlcaqncrbjm3dnv17pvif6avagw4mcb",
+ "rev": "ae6bdcc53584aaf20211ce1814bea97ece08a248",
+ "sha256": "0hjhznns1cxgl3hww2d5si6vhy36pnm53hms9h338v6r633dcy77",
"type": "tarball",
- "url": "https://github.com/NixOS/nixpkgs-channels/archive/34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59.tar.gz",
+ "url": "https://github.com/NixOS/nixpkgs-channels/archive/ae6bdcc53584aaf20211ce1814bea97ece08a248.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs-nixops": {
- "branch": "nixos-19.09",
+ "branch": "nixos-unstable",
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
"homepage": "https://github.com/NixOS/nixpkgs",
"owner": "NixOS",
"repo": "nixpkgs-channels",
- "rev": "856dbd1a5c7fd826cf3668ff12a7389be0686f41",
- "sha256": "1d895i1lc25d2akniaqg2n1jrg2rcd1gih8rpmhyrlv4lpggfmsx",
+ "rev": "ae6bdcc53584aaf20211ce1814bea97ece08a248",
+ "sha256": "0hjhznns1cxgl3hww2d5si6vhy36pnm53hms9h338v6r633dcy77",
"type": "tarball",
- "url": "https://github.com/NixOS/nixpkgs-channels/archive/856dbd1a5c7fd826cf3668ff12a7389be0686f41.tar.gz",
+ "url": "https://github.com/NixOS/nixpkgs-channels/archive/ae6bdcc53584aaf20211ce1814bea97ece08a248.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs-nixops-next": {
$(NIXOPS_PRIV) deploy --dry-run
build:
- $(NIXOPS_PRIV) deploy --build-only --max-jobs 1
+ $(NIXOPS_PRIV) deploy --build-only --keep-going
upload:
- $(NIXOPS_PRIV) deploy --copy-only --max-concurrent-copy 1
+ $(NIXOPS_PRIV) deploy --copy-only
deploy:
$(NIXOPS_PRIV) deploy
--- /dev/null
+self: super: {
+ bonfire = let
+ click = self.python3Packages.click.overridePythonAttrs(old: rec {
+ version = "6.7";
+ src = self.python3Packages.fetchPypi {
+ pname = "click";
+ inherit version;
+ sha256 = "02qkfpykbq35id8glfgwc38yc430427yd05z1wc5cnld8zgicmgi";
+ };
+ });
+ in
+ super.bonfire.overridePythonAttrs(old: {
+ version = "0.0.8";
+ src = self.fetchFromGitHub {
+ owner = "blue-yonder";
+ repo = "bonfire";
+ rev = "0a0f18469d484aba6871fa7421bbb2c00ccefcb0";
+ sha256 = "1y2r537ibghhmk6jngw0zwvh1vn2bihqcvji50ffh1j0qc6q3x6x";
+ };
+ postPatch = "";
+ propagatedBuildInputs = self.lib.remove self.python3Packages.click old.propagatedBuildInputs ++ [ click ];
+ meta.broken = false;
+ });
+}
mariadbPAM = super.mariadb.overrideAttrs(old: {
cmakeFlags = old.cmakeFlags ++ [ "-DWITH_AUTHENTICATION_PAM=ON" ];
buildInputs = old.buildInputs ++ [ self.pam ];
- postInstall = old.postInstall + ''
- # FIXME: hack because mariadb cannot find dialog.so
- # fixed in 20.03: https://github.com/NixOS/nixpkgs/pull/80768
- ln -s /nix $out/nix
- cp "$dev"/lib/mysql/plugin/{caching_sha2_password.so,dialog.so,mysql_clear_password.so,sha256_password.so} "$out"/lib/mysql/plugin
- '';
- }) // (with super.mariadb; {
- inherit client;
- servier = super.mariadb;
- inherit connector-c;
- inherit galera;
});
}
bitlbee = import ./bitlbee;
bitlbee-discord = import ./bitlbee-discord;
+ bonfire = import ./bonfire;
bundix = import ./bundix;
dwm = import ./dwm;
elinks = import ./elinks;
ldapvi = import ./ldapvi;
lesspipe = import ./lesspipe;
mysql = import ./databases/mysql;
- neomutt = import ./neomutt;
nixops = import ./nixops;
pass = import ./pass;
pelican = import ./pelican;
postgresql = import ./databases/postgresql;
- profanity = import ./profanity;
s6 = import ./s6;
sc-im = import ./sc-im;
shaarli = import ./shaarli;
slrn = import ./slrn;
taskwarrior = import ./taskwarrior;
vcsh = import ./vcsh;
- vit = import ./vit;
weboob = import ./weboob;
weechat = import ./weechat;
ympd = import ./ympd;
doing = import ./doing;
xmr-stak = import ./xmr-stak;
- simp_le = import ./simp_le;
}
// import ./python-packages
+++ /dev/null
-commit 763056828abe9716c4dfce754a47d8ecdefb3029
-Author: Ismaël Bouya <ismael.bouya@normalesup.org>
-Date: Mon Feb 10 16:13:33 2020 +0100
-
- Fix commands that don’t need to have a non-empty mailbox to be valid
-
- Some commands act on the whole mailbox (tag-pattern, delete-pattern,
- search), and even though they don’t do anything when the mailbox is
- empty, there is no reason to fail when it happens. This commit removes
- the check that the mailbox is non-empty before doing said actions.
-
-diff --git a/index.c b/index.c
-index 0f4b9f99f..0adfc19f1 100644
---- a/index.c
-+++ b/index.c
-@@ -1642,7 +1642,7 @@ int mutt_index_menu(struct MuttWindow *dlg)
- case OP_JUMP:
- {
- int msg_num = 0;
-- if (!prereq(Context, menu, CHECK_IN_MAILBOX | CHECK_MSGCOUNT | CHECK_VISIBLE))
-+ if (!prereq(Context, menu, CHECK_IN_MAILBOX))
- break;
- if (isdigit(LastKey))
- mutt_unget_event(LastKey, 0);
-@@ -1687,7 +1687,7 @@ int mutt_index_menu(struct MuttWindow *dlg)
-
- case OP_MAIN_DELETE_PATTERN:
- if (!prereq(Context, menu,
-- CHECK_IN_MAILBOX | CHECK_MSGCOUNT | CHECK_VISIBLE | CHECK_READONLY | CHECK_ATTACH))
-+ CHECK_IN_MAILBOX | CHECK_READONLY | CHECK_ATTACH))
- {
- break;
- }
-@@ -1852,12 +1852,17 @@ int mutt_index_menu(struct MuttWindow *dlg)
- menu->redraw = REDRAW_FULL;
- break;
-
-- case OP_SEARCH:
-+ // Initiating a search can happen on an empty mailbox, but
-+ // searching for next/previous/... needs to be on a message and
-+ // thus a non-empty mailbox
- case OP_SEARCH_REVERSE:
- case OP_SEARCH_NEXT:
- case OP_SEARCH_OPPOSITE:
- if (!prereq(Context, menu, CHECK_IN_MAILBOX | CHECK_MSGCOUNT | CHECK_VISIBLE))
- break;
-+ case OP_SEARCH:
-+ if (!prereq(Context, menu, CHECK_IN_MAILBOX))
-+ break;
- menu->current = mutt_search_command(menu->current, op);
- if (menu->current == -1)
- menu->current = menu->oldcurrent;
-@@ -1926,14 +1931,14 @@ int mutt_index_menu(struct MuttWindow *dlg)
- }
-
- case OP_MAIN_TAG_PATTERN:
-- if (!prereq(Context, menu, CHECK_IN_MAILBOX | CHECK_MSGCOUNT | CHECK_VISIBLE))
-+ if (!prereq(Context, menu, CHECK_IN_MAILBOX))
- break;
- mutt_pattern_func(MUTT_TAG, _("Tag messages matching: "));
- menu->redraw |= REDRAW_INDEX | REDRAW_STATUS;
- break;
-
- case OP_MAIN_UNDELETE_PATTERN:
-- if (!prereq(Context, menu, CHECK_IN_MAILBOX | CHECK_MSGCOUNT | CHECK_VISIBLE | CHECK_READONLY))
-+ if (!prereq(Context, menu, CHECK_IN_MAILBOX | CHECK_READONLY))
- break;
- /* L10N: CHECK_ACL */
- /* L10N: Due to the implementation details we do not know whether we
-@@ -1950,7 +1955,7 @@ int mutt_index_menu(struct MuttWindow *dlg)
- break;
-
- case OP_MAIN_UNTAG_PATTERN:
-- if (!prereq(Context, menu, CHECK_IN_MAILBOX | CHECK_MSGCOUNT | CHECK_VISIBLE))
-+ if (!prereq(Context, menu, CHECK_IN_MAILBOX))
- break;
- if (mutt_pattern_func(MUTT_UNTAG, _("Untag messages matching: ")) == 0)
- menu->redraw |= REDRAW_INDEX | REDRAW_STATUS;
-@@ -3189,7 +3194,7 @@ int mutt_index_menu(struct MuttWindow *dlg)
- }
-
- case OP_MAIN_COLLAPSE_ALL:
-- if (!prereq(Context, menu, CHECK_IN_MAILBOX | CHECK_MSGCOUNT | CHECK_VISIBLE))
-+ if (!prereq(Context, menu, CHECK_IN_MAILBOX))
- break;
-
- if ((C_Sort & SORT_MASK) != SORT_THREADS)
+++ /dev/null
-self: super: {
- neomutt = super.neomutt.overrideAttrs (old:
- rec {
- name = "neomutt-${version}";
- version = "20191207";
- src = self.fetchFromGitHub {
- owner = "neomutt";
- repo = "neomutt";
- rev = version;
- sha256 = "16xr7wdmjw0i72xbnyyh098wx4cr0m8w2cr1szdi1b14p4kpgr67";
- };
- patches = old.patches or [] ++ [ ./commands.patch ];
- buildInputs = old.buildInputs ++ [ self.gdbm ];
- configureFlags = old.configureFlags ++ [ "--gdbm" ];
- doCheck = false;
- }
- );
-}
self: super: {
pelican = with self.python3Packages;
- pelican.overrideAttrs(old: self.mylibs.fetchedGithub ./pelican.json // {
+ pelican.overrideAttrs(old: {
propagatedBuildInputs = old.propagatedBuildInputs ++ [ pyyaml markdown ];
+ doInstallCheck = false;
});
}
+++ /dev/null
-{
- "tag": "4.0.1",
- "meta": {
- "name": "pelican",
- "url": "https://github.com/getpelican/pelican",
- "branch": "refs/tags/4.0.1"
- },
- "github": {
- "owner": "getpelican",
- "repo": "pelican",
- "rev": "24d6efa9fda4ad45649ddf88c1c596193d589bf8",
- "sha256": "09fcwnnfln0cl5v0qpxzrllj27znrg6dbhaksxrl0192c3mbyjvl",
- "fetchSubmodules": true
- }
-}
+++ /dev/null
-self: super: {
- profanity = (super.profanity.override {
- notifySupport = true;
- inherit (self) libnotify gpgme gdk_pixbuf;
- python = self.python3;
- }).overrideAttrs (old: rec {
- version = "0.7.1";
- pname = "profanity";
- name = "profanity-0.7.1";
- src = self.fetchFromGitHub {
- owner = "profanity-im";
- repo = "profanity";
- rev = version;
- sha256 = "1mcgr86wqyzqx7mqxfkk2jwx6cgnvrky3zi4v1ww0lh6j05wj9gf";
- };
- patches = builtins.tail old.patches;
- buildInputs = old.buildInputs ++ [ self.libsignal-protocol-c self.libgcrypt ];
- configureFlags = old.configureFlags ++ [ "--enable-plugins" "--enable-omemo" ];
- });
-}
+++ /dev/null
-self: super: {
- simp_le = self.simp_le_0_17;
-}
+++ /dev/null
-self: super:
-{
- vit = (super.vit.override { inherit (self) taskwarrior; }).overrideAttrs (old:
- self.mylibs.fetchedGithub ./vit.json // {
- buildInputs = old.buildInputs ++ (with self.perlPackages; [ TryTiny TextCharWidth ]);
- }
- );
-}
+++ /dev/null
-{
- "tag": "dbacada-1.3",
- "meta": {
- "name": "vit",
- "url": "https://github.com/scottkosty/vit",
- "branch": "1.3"
- },
- "github": {
- "owner": "scottkosty",
- "repo": "vit",
- "rev": "dbacada5867b238fdf35dbf00a3ca0daf7703038",
- "sha256": "1wlk62cv6dc0dqv8265xcx2l7ydzg40xf6l4qbrf6h5156ncc90l",
- "fetchSubmodules": true
- }
-}
weechat = super.weechat.override {
configure = { availablePlugins, ... }: {
plugins = with self; with availablePlugins; [
- # Make sure websocket_client is not 0.55.0, it provokes
- # regular crashes
- (python.withPackages (ps: with ps; assert websocket_client.version == "0.54.0"; [websocket_client emoji]))
+ (python.withPackages (ps: with ps; [websocket_client emoji]))
perl
ruby
];
fetchSubmodules = true;
};
- cargoSha256 = "1jra0635inm95xp7vg8l7s7ybijcy28956cd6jl8qw2p8bw0z1p3";
+ cargoSha256 = "0j68dsqahvgpa9ms62149530lbfa55lmpd56rgdxkrh2z32lshs8";
verifyCargoDeps = true;
}
-{ stdenv, mylibs, fetchurl, fetchgit, callPackage, nodePackages, nodejs-8_x }:
+{ stdenv, mylibs, fetchurl, fetchgit, callPackage, nodePackages, nodejs-10_x }:
let
- nodeEnv = callPackage mylibs.nodeEnv { nodejs = nodejs-8_x; };
+ nodeEnv = callPackage mylibs.nodeEnv { nodejs = nodejs-10_x; };
# built using node2nix -8 -l package-lock.json
# and changing "./." to "src"
packageEnv = import ./node-packages.nix {
{ buildPerlPackage, fetchurl, perlPackages, lib }:
buildPerlPackage rec {
- name = "mtop-${version}";
+ pname = "mtop";
version = "0.6.6";
src = fetchurl {
url = "http://downloads.sourceforge.net/project/mtop/mtop/v${version}/mtop-${version}.tar.gz";
{ lib, buildPerlPackage, fetchurl, perlPackages }:
buildPerlPackage rec {
- name = "note-1.3.26";
+ pname = "note";
+ version = "1.3.26";
src = fetchurl {
- url = "mirror://cpan/authors/id/T/TL/TLINDEN/${name}.tar.gz";
+ url = "mirror://cpan/authors/id/T/TL/TLINDEN/${pname}-${version}.tar.gz";
sha256 = "1h645rnb5vpms48fcyzvp7cwwcbf9k5xq49w2bpniyzzgk2brjrq";
};
outputs = ["out" "man"];
postInstall = let
nodeHeaders = fetchurl {
url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
- sha256 = "1g6zi96k8sbim8wa8rzskxy44mgpcv1mn2bs8p4mq36w3kwglwyj";
+ sha256 = "1df3yhlwlvai0m9kvjyknjg11hnw0kj0rnhyzbwvsfjnmr6z8r76";
};
in
''
-{ mylibs, stdenv, runCommand, writeScriptBin, buildBowerComponents, pythonPackages, libsass, python, python2, fetchurl, jq, yarn, nodejs }:
+{ mylibs, stdenv, runCommand, writeScriptBin, buildBowerComponents, pythonPackages, libsass, python, fetchurl, jq, yarn, nodejs }:
let
buildslist_src = mylibs.fetchedGit ./buildslist.json;
packagejson = runCommand "package.json" { buildInputs = [ jq ]; } ''
'';
nodeHeaders = fetchurl {
url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
- sha256 = "1g6zi96k8sbim8wa8rzskxy44mgpcv1mn2bs8p4mq36w3kwglwyj";
+ sha256 = "1df3yhlwlvai0m9kvjyknjg11hnw0kj0rnhyzbwvsfjnmr6z8r76";
};
buildslist_yarn = mylibs.yarn2nixPackage.mkYarnModules rec {
name = "buildslist-yarn-modules";
sha256 = "1spq44gg8gsviqx1dvlmjpgfc0wk0jpyx4ap01y2pad1ai9cw016";
};
propagatedBuildInputs = [ twisted.extras.tls twisted incremental dateutil ];
- doChecks = false;
+ doCheck = false;
}
+++ /dev/null
-{ stdenv, python3Packages, bash }:
-
-python3Packages.buildPythonApplication rec {
- pname = "simp_le-client";
- version = "0.17.0";
-
- src = python3Packages.fetchPypi {
- inherit pname version;
- sha256 = "0m1jynar4calaffp2zdxr5yy9vnhw2qf2hsfxwzfwf8fqb5h7bjb";
- };
-
- postPatch = ''
- # drop upper bound of idna requirement
- sed -ri "s/'(idna)<[^']+'/'\1'/" setup.py
- substituteInPlace simp_le.py \
- --replace "/bin/sh" "${bash}/bin/sh"
- '';
-
- checkPhase = ''
- $out/bin/simp_le --test
- '';
-
- propagatedBuildInputs = with python3Packages; [ acme setuptools_scm josepy idna ];
-
- meta = with stdenv.lib; {
- homepage = https://github.com/zenhack/simp_le;
- description = "Simple Let's Encrypt client";
- license = licenses.gpl3;
- maintainers = with maintainers; [ gebner makefu ];
- platforms = platforms.linux;
- };
-}
{ stdenv, mylibs, pkgconfig, libevent, lua, jansson, openssl, readline, zlib, libconfig }:
stdenv.mkDerivation (mylibs.fetchedGithub ./telegram-cli.json // {
- patches = [
- ./telegram-cli.patch
- ];
buildInputs = [ pkgconfig libevent lua jansson openssl readline zlib libconfig ];
preBuild = ''
sed -i -e 's@"/etc/" PROG_NAME "/server.pub"@"'$out'/etc/server.pub"@' main.c
{
- "tag": "6547c0b-master",
+ "tag": "3da0e4a-master",
"meta": {
"name": "telegram-cli",
- "url": "https://github.com/vysheng/tg",
+ "url": "https://github.com/kenorb-contrib/tg/",
"branch": "master"
},
"github": {
- "owner": "vysheng",
+ "owner": "kenorb-contrib",
"repo": "tg",
- "rev": "6547c0b21b977b327b3c5e8142963f4bc246187a",
- "sha256": "07sss5cnw2ygd7mp8f5532lmj7qm6ywqf4cjaq5g13i8igzqzwzj",
+ "rev": "3da0e4a54c3a63cee11aae3c23f2077adfc4949d",
+ "sha256": "0pvswzajipzkk1x5cyf10dw18ka9jalar0aa2i7y23ifm4ddnif4",
"fetchSubmodules": true
}
}
+++ /dev/null
-diff --git a/tgl/crypto/rsa_pem_openssl.c b/tgl/crypto/rsa_pem_openssl.c
-index db653f2..5e6a697 100644
---- a/tgl/crypto/rsa_pem_openssl.c
-+++ b/tgl/crypto/rsa_pem_openssl.c
-@@ -36,6 +36,12 @@ TGLC_WRAPPER_ASSOC(rsa,RSA)
- // TODO: Refactor crucial struct-identity into its own header.
- TGLC_WRAPPER_ASSOC(bn,BIGNUM)
-
-+/*
-+ * Since OpenSSL version 1.1.0 the RSA struct (rsa_st) is opaque,
-+ * see also https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
-+ */
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+
- TGLC_rsa *TGLC_rsa_new (unsigned long e, int n_bytes, const unsigned char *n) {
- RSA *ret = RSA_new ();
- ret->e = unwrap_bn (TGLC_bn_new ());
-@@ -47,7 +53,30 @@ TGLC_rsa *TGLC_rsa_new (unsigned long e, int n_bytes, const unsigned char *n) {
- #define RSA_GETTER(M) \
- TGLC_bn *TGLC_rsa_ ## M (TGLC_rsa *key) { \
- return wrap_bn (unwrap_rsa (key)->M); \
-- } \
-+ }
-+
-+#else // OPENSSL_VERSION_NUMBER
-+
-+TGLC_rsa *TGLC_rsa_new (unsigned long e, int n_bytes, const unsigned char *n) {
-+ RSA *ret = RSA_new ();
-+ BIGNUM *ret_e = unwrap_bn (TGLC_bn_new ());
-+ BIGNUM *ret_n = unwrap_bn (TGLC_bn_bin2bn (n, n_bytes, NULL));
-+ RSA_set0_key (ret, ret_n, ret_e, NULL);
-+ TGLC_bn_set_word (wrap_bn (ret_e), e);
-+ return wrap_rsa (ret);
-+}
-+
-+#define RSA_GETTER(M) \
-+TGLC_bn *TGLC_rsa_ ## M (TGLC_rsa *key) { \
-+ BIGNUM *rsa_n, *rsa_e, *rsa_d; \
-+ RSA_get0_key(unwrap_rsa (key), \
-+ (const BIGNUM **) &rsa_n, \
-+ (const BIGNUM **) &rsa_e, \
-+ (const BIGNUM **) &rsa_d); \
-+ return wrap_bn (rsa_ ## M); \
-+}
-+
-+#endif // OPENSSL_VERSION_NUMBER
-
- RSA_GETTER(n);
- RSA_GETTER(e);
-@@ -60,4 +89,4 @@ TGLC_rsa *TGLC_pem_read_RSAPublicKey (FILE *fp) {
- return wrap_rsa (PEM_read_RSAPublicKey (fp, NULL, NULL, NULL));
- }
-
--#endif
-+#endif // TGL_AVOID_OPENSSL
-diff --git a/tgl/mtproto-utils.c b/tgl/mtproto-utils.c
-index 0948bc8..cfdb216 100644
---- a/tgl/mtproto-utils.c
-+++ b/tgl/mtproto-utils.c
-@@ -98,7 +98,7 @@ static unsigned long long BN2ull (TGLC_bn *b) {
- if (sizeof (unsigned long) == 8) {
- return TGLC_bn_get_word (b);
- } else if (sizeof (unsigned long long) == 8) {
-- assert (0); // As long as nobody ever uses this code, assume it is broken.
-+// assert (0); // As long as nobody ever uses this code, assume it is broken.
- unsigned long long tmp;
- /* Here be dragons, but it should be okay due to be64toh */
- TGLC_bn_bn2bin (b, (unsigned char *) &tmp);
-@@ -112,7 +112,7 @@ static void ull2BN (TGLC_bn *b, unsigned long long val) {
- if (sizeof (unsigned long) == 8 || val < (1ll << 32)) {
- TGLC_bn_set_word (b, val);
- } else if (sizeof (unsigned long long) == 8) {
-- assert (0); // As long as nobody ever uses this code, assume it is broken.
-+// assert (0); // As long as nobody ever uses this code, assume it is broken.
- htobe64(val);
- /* Here be dragons, but it should be okay due to htobe64 */
- TGLC_bn_bin2bn ((unsigned char *) &val, 8, b);
-diff --git a/tgl/tl-parser/tl-parser.c b/tgl/tl-parser/tl-parser.c
-index 524b196..aeadbd2 100644
---- a/tgl/tl-parser/tl-parser.c
-+++ b/tgl/tl-parser/tl-parser.c
-@@ -1903,7 +1903,7 @@ struct tl_combinator_tree *tl_parse_args134 (struct tree *T) {
- //assert (S->data);
- char *name = S->data;
- if (!name) {
-- static char s[20];
-+ static char s[21];
- sprintf (s, "%lld", lrand48 () * (1ll << 32) + lrand48 ());
- name = s;
- }
./fix_build.patch
];
+ preCheck = ''
+ # Needed for urwid test
+ export LC_ALL=en_US.UTF-8
+ '';
propagatedBuildInputs = [
chardet
urwid
{ buildPerlPackage, fetchurl, perlPackages }:
buildPerlPackage rec {
- name = "tiv-${version}";
+ pname = "tiv";
version = "2015";
src = fetchurl {
url = "http://xyne.archlinux.ca/projects/tiv/src/tiv-${version}.tar.xz";
inherit (old) pname;
sha256 = "02wxsc6bhqvzh8j6w758kvgqbnj14l796mvmrcms8fgfamd2lak9";
};
+ doCheck = false;
+ doInstallCheck = false;
});
amqp = super.amqp.overridePythonAttrs(old: rec {
version = "1.4.9";
let
nodeHeaders = fetchurl {
url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
- sha256 = "1g6zi96k8sbim8wa8rzskxy44mgpcv1mn2bs8p4mq36w3kwglwyj";
+ sha256 = "1df3yhlwlvai0m9kvjyknjg11hnw0kj0rnhyzbwvsfjnmr6z8r76";
};
patchedPackages = stdenv.mkDerivation (mylibs.fetchedGithub ./peertube.json // rec {
patches = if ldap then [ ./ldap.patch ././yarn_fix_bluebird_ldap.patch ] else [ ./yarn_fix_bluebird.patch ];
projects / perso / Immae / Config / Nix.git / commitdiff
