From: Ismaƫl Bouya Date: Sat, 8 Aug 2020 19:40:31 +0000 (+0200) Subject: Upgrade nixos-unstable X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=2053ddac783c931053676ebc2b02bc8b82d89399 Upgrade nixos-unstable --- diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix index 0304b89..aa25d1f 100644 --- a/modules/private/mail/dovecot.nix +++ b/modules/private/mail/dovecot.nix @@ -69,12 +69,12 @@ in mailUser = "vhost"; mailGroup = "vhost"; createMailUser = false; - mailboxes = [ - { name = "Trash"; auto = "subscribe"; specialUse = "Trash"; } - { name = "Junk"; auto = "subscribe"; specialUse = "Junk"; } - { name = "Sent"; auto = "subscribe"; specialUse = "Sent"; } - { name = "Drafts"; auto = "subscribe"; specialUse = "Drafts"; } - ]; + mailboxes = { + Trash = { auto = "subscribe"; specialUse = "Trash"; }; + Junk = { auto = "subscribe"; specialUse = "Junk"; }; + Sent = { auto = "subscribe"; specialUse = "Sent"; }; + Drafts = { auto = "subscribe"; specialUse = "Drafts"; }; + }; mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap"; sslServerCert = "/var/lib/acme/mail/fullchain.pem"; sslServerKey = "/var/lib/acme/mail/key.pem"; diff --git a/modules/private/system.nix b/modules/private/system.nix index 0ab4a81..bca6e19 100644 --- a/modules/private/system.nix +++ b/modules/private/system.nix @@ -54,7 +54,7 @@ pkgs.tcpdump pkgs.tshark pkgs.tcpflow - pkgs.mitmproxy + # pkgs.mitmproxy # failing pkgs.nmap pkgs.p0f pkgs.socat diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix index a0d56cc..ca9a052 100644 --- a/modules/private/system/dilion.nix +++ b/modules/private/system/dilion.nix @@ -42,7 +42,7 @@ }; system.nssModules = [ pkgs.libvirt ]; - system.nssHosts = lib.mkForce [ "files" "libvirt_guest" "mymachines" "dns" "myhostname" ]; + system.nssDatabases.hosts = lib.mkForce [ "files" "libvirt_guest" "mymachines" "dns" "myhostname" ]; programs.zsh.enable = true; users.users.backup = { diff --git a/modules/private/websites/isabelle/aten_app/default.nix b/modules/private/websites/isabelle/aten_app/default.nix index 30d10ba..f967b9a 100644 --- a/modules/private/websites/isabelle/aten_app/default.nix +++ b/modules/private/websites/isabelle/aten_app/default.nix @@ -1,12 +1,16 @@ { environment ? "prod" , varDir ? "/var/lib/aten_${environment}" -, composerEnv, fetchgit, runCommand, nodejs, jq, libsass, python, fetchurl, yarn2nix-moretea, sources }: +, composerEnv, fetchgit, runCommand, nodejs-10_x, jq, libsass, python, fetchurl, yarn2nix-moretea, yarn, sources }: let + yarn2nix-moretea' = yarn2nix-moretea.override({ + yarn = yarn.override({ nodejs = nodejs-10_x; }); + nodejs = nodejs-10_x; + }); packagesource = sources.websites-isabelle-aten; packagejson = runCommand "package.json" { buildInputs = [ jq ]; } '' cat ${packagesource}/package.json | jq -r '.version = "v1.0.0"|.name="aten"' > $out ''; - yarnModules = yarn2nix-moretea.mkYarnModules rec { + yarnModules = yarn2nix-moretea'.mkYarnModules rec { name = "aten-yarn"; pname = name; version = "v1.0.0"; @@ -18,8 +22,8 @@ let buildInputs = [ libsass python ]; postInstall = let nodeHeaders = fetchurl { - url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz"; - sha256 = "1prvrcvbyal39k9axfwjixs4wfgs1m8xy4prsl0kq0s0n7r7nxzj"; + url = "https://nodejs.org/download/release/v${nodejs-10_x.version}/node-v${nodejs-10_x.version}-headers.tar.gz"; + sha256 = "15hkcbs328d3rc1s14rmky8lh8d3rr86l8k0bia0ggxzwl23lj9c"; }; in '' @@ -46,7 +50,7 @@ let rm -rf var/{log,cache} ln -sf ${varDir}/{log,cache} var/ ''; - buildInputs = [ yarnModules yarn2nix-moretea.yarn ]; + buildInputs = [ yarnModules yarn2nix-moretea'.yarn ]; passthru = { inherit varDir; inherit environment; diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix index 0ae7893..8385bc7 100644 --- a/modules/private/websites/leila/production.nix +++ b/modules/private/websites/leila/production.nix @@ -25,7 +25,7 @@ in { phpOptions = config.services.phpfpm.phpOptions + '' disable_functions = "mail" ''; - phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [ e.imagick ]); + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick ]); phpEnv = { PATH = lib.makeBinPath [ pkgs.imagemagick ]; }; diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix index e6f8ecb..50ed528 100644 --- a/modules/private/websites/tools/cloud/default.nix +++ b/modules/private/websites/tools/cloud/default.nix @@ -171,7 +171,7 @@ in { user = "wwwrun"; group = "wwwrun"; settings = phpFpm.pool; - phpPackage = pkgs.php74.withExtensions(e: pkgs.php74.enabledExtensions ++ [ e.redis e.apcu e.opcache ]); + phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [ all.redis all.apcu all.opcache ]); }; services.cron = { diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix index 7c60ae4..4636a6c 100644 --- a/modules/private/websites/tools/mail/default.nix +++ b/modules/private/websites/tools/mail/default.nix @@ -65,7 +65,7 @@ in phpOptions = config.services.phpfpm.phpOptions + '' date.timezone = 'CET' ''; - phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [ e.imagick ]); + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick ]); }; services.phpfpm.pools.rainloop = { user = "wwwrun"; diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix index af03550..a4ba344 100644 --- a/modules/private/websites/tools/tools/adminer.nix +++ b/modules/private/websites/tools/tools/adminer.nix @@ -1,4 +1,4 @@ -{ adminer, php74, php74base, myPhpPackages, lib, forcePhpSocket ? null }: +{ adminer, php74, myPhpPackages, lib, forcePhpSocket ? null }: rec { activationScript = { deps = [ "httpd" ]; @@ -10,7 +10,7 @@ rec { phpFpm = rec { user = apache.user; group = apache.group; - phpPackage = php74base.withExtensions (e: (lib.remove e.mysqli php74.enabledExtensions) ++ [myPhpPackages.mysqli_pam]); + phpPackage = php74.withExtensions ({ enabled, all }: (lib.remove all.mysqli enabled) ++ [myPhpPackages.mysqli_pam]); settings = { "listen.owner" = apache.user; "listen.group" = apache.group; diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 93d1122..1e30eed 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix @@ -17,7 +17,7 @@ let wallabag = pkgs.callPackage ./wallabag.nix { wallabag = pkgs.webapps.wallabag.override { composerEnv = pkgs.composerEnv.override { - php = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]); + php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); }; }; env = config.myEnv.tools.wallabag; @@ -324,7 +324,7 @@ in { "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"; }; - phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [e.mysqli e.redis e.apcu e.opcache ]); + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]); }; adminer = adminer.phpFpm; ttrss = { @@ -337,7 +337,7 @@ in { user = "wwwrun"; group = "wwwrun"; settings = wallabag.phpFpm.pool; - phpPackage = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]); + phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); }; yourls = { user = "wwwrun"; diff --git a/nix/sources.json b/nix/sources.json index 34a3cee..016b8c4 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -111,10 +111,10 @@ "homepage": "https://github.com/NixOS/nixpkgs", "owner": "NixOS", "repo": "nixpkgs-channels", - "rev": "fce7562cf46727fdaf801b232116bc9ce0512049", - "sha256": "14rvi69ji61x3z88vbn17rg5vxrnw2wbnanxb7y0qzyqrj7spapx", + "rev": "840c782d507d60aaa49aa9e3f6d0b0e780912742", + "sha256": "14q3kvnmgz19pgwyq52gxx0cs90ddf24pnplmq33pdddbb6c51zn", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs-channels/archive/fce7562cf46727fdaf801b232116bc9ce0512049.tar.gz", + "url": "https://github.com/NixOS/nixpkgs-channels/archive/840c782d507d60aaa49aa9e3f6d0b0e780912742.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs-nixops-next": { @@ -162,13 +162,6 @@ "type": "git", "version": "1a0c9eb-local" }, - "webapps-mediagoblin": { - "ref": "stable", - "repo": "git://git.savannah.gnu.org/mediagoblin.git", - "rev": "cd465ebfec837a75a44c4ebd727dffe2fff6d850", - "type": "git", - "version": "cd465eb-stable" - }, "webapps-surfer": { "ref": "master", "repo": "https://git.immae.eu/perso/Immae/Projets/Nodejs/Surfer.git", diff --git a/overlays/nixops/default.nix b/overlays/nixops/default.nix index a297685..14aec3b 100644 --- a/overlays/nixops/default.nix +++ b/overlays/nixops/default.nix @@ -14,6 +14,7 @@ self: super: { sed -i -e '/^import sys$/s/$/; sys.tracebacklimit = 0/' scripts/nixops sed -i -e "/'keyFile'/s/'path'/'string'/" nixops/backends/__init__.py + sed -i -e "/security.initialRootPassword/d" nix/hetzner.nix ''; }); } diff --git a/overlays/php-packages/mysqli_patch.patch b/overlays/php-packages/mysqli_patch.patch index 0ec3a3b..a8f03e3 100644 --- a/overlays/php-packages/mysqli_patch.patch +++ b/overlays/php-packages/mysqli_patch.patch @@ -1,5 +1,5 @@ ---- a/mysqli_nonapi.c -+++ b/mysqli_nonapi.c +--- a/ext/mysqli/mysqli_nonapi.c ++++ b/ext/mysqli/mysqli_nonapi.c @@ -263,7 +263,7 @@ void mysqli_common_connect(INTERNAL_FUNC php_mysqli_set_error(mysql_errno(mysql->mysql), (char *) mysql_error(mysql->mysql)); diff --git a/pkgs/python-packages/buildbot/plugins/buildslist/default.nix b/pkgs/python-packages/buildbot/plugins/buildslist/default.nix index 3f77f63..4ab4c54 100644 --- a/pkgs/python-packages/buildbot/plugins/buildslist/default.nix +++ b/pkgs/python-packages/buildbot/plugins/buildslist/default.nix @@ -1,14 +1,18 @@ -{ stdenv, runCommand, writeScriptBin, buildBowerComponents, pythonPackages, libsass, python, fetchurl, jq, yarn, nodejs, yarn2nix-moretea, sources }: +{ stdenv, runCommand, writeScriptBin, buildBowerComponents, pythonPackages, libsass, python, fetchurl, jq, yarn, nodejs-10_x, yarn2nix-moretea, sources }: let + yarn2nix-moretea' = yarn2nix-moretea.override({ + yarn = yarn.override({ nodejs = nodejs-10_x; }); + nodejs = nodejs-10_x; + }); buildslist_src = sources.buildbot-plugin-buildslist; packagejson = runCommand "package.json" { buildInputs = [ jq ]; } '' cat ${buildslist_src}/package.json | jq -r '.version = "${pythonPackages.buildbot-pkg.version}"|.license= "MIT"' > $out ''; nodeHeaders = fetchurl { - url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz"; - sha256 = "1prvrcvbyal39k9axfwjixs4wfgs1m8xy4prsl0kq0s0n7r7nxzj"; + url = "https://nodejs.org/download/release/v${nodejs-10_x.version}/node-v${nodejs-10_x.version}-headers.tar.gz"; + sha256 = "15hkcbs328d3rc1s14rmky8lh8d3rr86l8k0bia0ggxzwl23lj9c"; }; - buildslist_yarn = yarn2nix-moretea.mkYarnModules rec { + buildslist_yarn = yarn2nix-moretea'.mkYarnModules rec { name = "buildslist-yarn-modules"; pname = name; inherit (pythonPackages.buildbot-pkg) version; @@ -53,7 +57,7 @@ pythonPackages.buildPythonPackage rec { (klein.overridePythonAttrs(old: { checkPhase = ""; })) buildbot-pkg ]; - nativeBuildInputs = [ fakeYarn nodejs ]; + nativeBuildInputs = [ fakeYarn nodejs-10_x ]; buildInputs = [ buildslist_yarn buildslist_bower ]; doCheck = false; diff --git a/pkgs/status_engine/worker.nix b/pkgs/status_engine/worker.nix index 6c14449..1232303 100644 --- a/pkgs/status_engine/worker.nix +++ b/pkgs/status_engine/worker.nix @@ -1,7 +1,6 @@ -{ stdenv, mylibs, composerEnv, fetchurl, gearmand, callPackage, php73, php73base, config_file ? "/var/lib/status_engine/ui.yml" }: +{ stdenv, mylibs, composerEnv, fetchurl, gearmand, callPackage, php73, config_file ? "/var/lib/status_engine/ui.yml" }: let - # FIXME: present in php73.buildPecl in latest nixpkgs-unstable - gearman = (callPackage { php = php73base; }) rec { + gearman = php73.buildPecl rec { version = "2.0.6"; pname = "gearman"; src = fetchurl { @@ -13,7 +12,7 @@ let }; in (composerEnv.override { - php = php73.withExtensions(e: php73.enabledExtensions ++ (with php73.extensions; [gearman redis mbstring bcmath json iconv])); + php = php73.withExtensions({ enabled, all }: enabled ++ (with all; [gearman redis mbstring bcmath json iconv])); }).buildPackage (mylibs.fetchedGithub ./worker.json // import ./worker_php_packages.nix { inherit composerEnv fetchurl; } // rec { postInstall = '' diff --git a/pkgs/webapps/mediagoblin/default.nix b/pkgs/webapps/mediagoblin/default.nix index 29c1981..22cb292 100644 --- a/pkgs/webapps/mediagoblin/default.nix +++ b/pkgs/webapps/mediagoblin/default.nix @@ -1,4 +1,4 @@ -{ makeWrapper, stdenv, writeScript, fetchurl, buildBowerComponents, mylibs, which, python36, gst_all_1, automake, autoconf, nodejs, nodePackages, lib, callPackage, sources }: +{ makeWrapper, stdenv, writeScript, fetchurl, buildBowerComponents, mylibs, which, python36, gst_all_1, automake, autoconf, nodejs, nodePackages, lib, callPackage, fetchgit }: let overridePython = let packageOverrides = self: super: { @@ -38,6 +38,7 @@ let inherit (old) pname; sha256 = "2dea4d16d073c902c3b89d9b96620fb6729ac0f7a923bbc777cb4ad827c0c61a"; }; + doCheck = false; }); kombu = super.kombu.overridePythonAttrs(old: rec { version = "3.0.37"; @@ -49,6 +50,14 @@ let propagatedBuildInputs = old.propagatedBuildInputs ++ [ self.anyjson ]; doCheck = false; }); + markdown = super.markdown.overridePythonAttrs(old: rec { + version = "3.1.1"; + src = self.fetchPypi { + inherit version; + inherit (old) pname; + sha256 = "2e50876bcdd74517e7b71f3e7a76102050edec255b3983403f1a63e7c8a41e7a"; + }; + }); sqlalchemy = super.sqlalchemy.overridePythonAttrs(old: rec { version = "1.1.18"; src = self.fetchPypi { @@ -74,6 +83,14 @@ let }; propagatedBuildInputs = with self; [ six paste PasteDeploy ]; }); + werkzeug = super.werkzeug.overridePythonAttrs(old: rec { + version = "0.16.1"; + src = self.fetchPypi { + inherit version; + inherit (old) pname; + sha256 = "b353856d37dec59d6511359f97f6a4b2468442e454bd1c98298ddce53cac1f04"; + }; + }); }; in python36.override { inherit packageOverrides; }; @@ -108,7 +125,13 @@ let load_entry_point('mediagoblin', 'console_scripts', 'gmg')() ) ''; - mediagoblinSrc = sources.webapps-mediagoblin; + mediagoblinSrc = fetchgit { + name = "mediagoblin"; + url = "git://git.savannah.gnu.org/mediagoblin.git"; + rev = "cd465ebfec837a75a44c4ebd727dffe2fff6d850"; + sha256 = "1yz4i4i97z3rxl534a6psaybyjbyp5nnc52v3nvbpzc4pd2s69mx"; + fetchSubmodules = true; # important! + }; bowerComponents = buildBowerComponents { name = "mediagoblin-bower-components"; generated = ./bower-packages.nix; @@ -133,7 +156,7 @@ let package = stdenv.mkDerivation rec { pname = "mediagoblin"; name = "${pname}-${version}"; - version = mediagoblinSrc.version; + version = "cd465eb-stable"; src = mediagoblinSrc; preConfigure = '' # ./bootstrap.sh diff --git a/pkgs/webapps/peertube/default.nix b/pkgs/webapps/peertube/default.nix index dd3a462..c38cc15 100644 --- a/pkgs/webapps/peertube/default.nix +++ b/pkgs/webapps/peertube/default.nix @@ -3,7 +3,7 @@ let nodeHeaders = fetchurl { url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz"; - sha256 = "1prvrcvbyal39k9axfwjixs4wfgs1m8xy4prsl0kq0s0n7r7nxzj"; + sha256 = "12415ss4fxxafp3w8rxp2jbb16y0d7f01b7wv72nmy3cwiqxqkhn"; }; source = mylibs.fetchedGithub ./peertube.json; patchedSource = stdenv.mkDerivation (source // rec { @@ -43,12 +43,17 @@ let bcrypt = { buildInputs = [ nodePackages.node-pre-gyp ]; postInstall = let + node_module_version = "72"; bcrypt_lib = fetchurl { - url = "https://github.com/kelektiv/node.bcrypt.js/releases/download/v3.0.7/bcrypt_lib-v3.0.7-node-v64-linux-x64-glibc.tar.gz"; - sha256 = "0gbq4grhp5wl0f9yqb4y43kjfh8nivfd6y0nkv1x6gfvs2v23wb0"; + url = "https://github.com/kelektiv/node.bcrypt.js/releases/download/v3.0.7/bcrypt_lib-v3.0.7-node-v${node_module_version}-linux-x64-glibc.tar.gz"; + sha256 = "0kpm9j0yc4lqsafldfsql3m72rr1fapljlb6ddxvy3zi13rb7ppx"; }; in '' + if [ "$(node -e "console.log(process.versions.modules)")" != "${node_module_version}" ]; then + echo "mismatching version with nodejs please update bcrypt derivation" + false + fi mkdir lib && tar -C lib -xf ${bcrypt_lib} patchShebangs ../node-pre-gyp npm run install