talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge remote-tracking branch 'origin/master' into staging-next

Browse Source
This commit is contained in:
K900 2025-07-11 09:24:31 +03:00
commit 77e81dbfc2
66 changed files with 1614 additions and 549 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/filesystem.nix
View File

@ -385,7 +385,6 @@ in
recurseIntoAttrs recurseIntoAttrs
removeSuffix removeSuffix
; ;
inherit (lib.path) append;
# Generate an attrset corresponding to a given directory. # Generate an attrset corresponding to a given directory.
# This function is outside `packagesFromDirectoryRecursive`'s lambda expression, # This function is outside `packagesFromDirectoryRecursive`'s lambda expression,
@ -396,7 +395,7 @@ in
name: type: name: type:
# for each directory entry # for each directory entry
let let
path = append directory name; path = directory + "/${name}";
in in
if type == "directory" then if type == "directory" then
{ {
@ -429,7 +428,7 @@ in
directory, directory,
}@args: }@args:
let let
defaultPath = append directory "package.nix"; defaultPath = directory + "/package.nix";
in in
if pathExists defaultPath then if pathExists defaultPath then
# if `${directory}/package.nix` exists, call it directly # if `${directory}/package.nix` exists, call it directly

28
lib/tests/misc.nix
View File

@ -4158,6 +4158,34 @@ runTests {
}; };
}; };
# Make sure that passing a string for the `directory` works.
#
# See: https://github.com/NixOS/nixpkgs/pull/361424#discussion_r1934813568
# See: https://github.com/NixOS/nix/issues/9428
testPackagesFromDirectoryRecursiveStringDirectory = {
expr = packagesFromDirectoryRecursive {
callPackage = path: overrides: import path overrides;
# Do NOT remove the `builtins.toString` call here!!!
directory = builtins.toString ./packages-from-directory/plain;
};
expected = {
a = "a";
b = "b";
# Note: Other files/directories in `./test-data/c/` are ignored and can be
# used by `package.nix`.
c = "c";
my-namespace = {
d = "d";
e = "e";
f = "f";
my-sub-namespace = {
g = "g";
h = "h";
};
};
};
};
# Check that `packagesFromDirectoryRecursive` can process a directory with a # Check that `packagesFromDirectoryRecursive` can process a directory with a
# top-level `package.nix` file into a single package. # top-level `package.nix` file into a single package.
testPackagesFromDirectoryRecursiveTopLevelPackageNix = { testPackagesFromDirectoryRecursiveTopLevelPackageNix = {

2
nixos/doc/manual/release-notes/rl-2505.section.md
View File

@ -222,6 +222,8 @@ Alongside many enhancements to NixOS modules and general system improvements, th
- [Limine](https://github.com/limine-bootloader/limine) a modern, advanced, portable, multiprotocol bootloader and boot manager. Available as [boot.loader.limine](#opt-boot.loader.limine.enable). - [Limine](https://github.com/limine-bootloader/limine) a modern, advanced, portable, multiprotocol bootloader and boot manager. Available as [boot.loader.limine](#opt-boot.loader.limine.enable).
- [tee-supplicant](https://github.com/OP-TEE/optee_client), a userspace supplicant for OP-TEE OS. Available as [services.tee-supplicant](#opt-services.tee-supplicant.enable).
- [Orthanc](https://orthanc.uclouvain.be/) a lightweight, RESTful DICOM server for healthcare and medical research. Available as [services.orthanc](#opt-services.orthanc.enable). - [Orthanc](https://orthanc.uclouvain.be/) a lightweight, RESTful DICOM server for healthcare and medical research. Available as [services.orthanc](#opt-services.orthanc.enable).
- [Docling Serve](https://github.com/docling-project/docling-serve) running [Docling](https://github.com/docling-project/docling) as an API service. Available as [services.docling-serve](#opt-services.docling-serve.enable). - [Docling Serve](https://github.com/docling-project/docling-serve) running [Docling](https://github.com/docling-project/docling) as an API service. Available as [services.docling-serve](#opt-services.docling-serve.enable).

2
nixos/modules/module-list.nix
View File

@ -930,6 +930,7 @@
./services/misc/taskchampion-sync-server.nix ./services/misc/taskchampion-sync-server.nix
./services/misc/taskserver ./services/misc/taskserver
./services/misc/tautulli.nix ./services/misc/tautulli.nix
./services/misc/tee-supplicant
./services/misc/tiddlywiki.nix ./services/misc/tiddlywiki.nix
./services/misc/tp-auto-kbbl.nix ./services/misc/tp-auto-kbbl.nix
./services/misc/transfer-sh.nix ./services/misc/transfer-sh.nix
@ -1413,6 +1414,7 @@
./services/search/hound.nix ./services/search/hound.nix
./services/search/manticore.nix ./services/search/manticore.nix
./services/search/meilisearch.nix ./services/search/meilisearch.nix
./services/search/nominatim.nix
./services/search/opensearch.nix ./services/search/opensearch.nix
./services/search/qdrant.nix ./services/search/qdrant.nix
./services/search/quickwit.nix ./services/search/quickwit.nix

14
nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix
View File

@ -10,18 +10,9 @@
nvidia-driver, nvidia-driver,
runtimeShell, runtimeShell,
writeScriptBin, writeScriptBin,
extraArgs,
}: }:
let let
mkMount =
{
hostPath,
containerPath,
mountOptions,
}:
{
inherit hostPath containerPath;
options = mountOptions;
};
mountToCommand = mountToCommand =
mount: mount:
"additionalMount \"${mount.hostPath}\" \"${mount.containerPath}\" '${builtins.toJSON mount.mountOptions}'"; "additionalMount \"${mount.hostPath}\" \"${mount.containerPath}\" '${builtins.toJSON mount.mountOptions}'";
@ -48,7 +39,8 @@ writeScriptBin "nvidia-cdi-generator" ''
--device-name-strategy ${device-name-strategy} \ --device-name-strategy ${device-name-strategy} \
--ldconfig-path ${lib.getExe' glibc "ldconfig"} \ --ldconfig-path ${lib.getExe' glibc "ldconfig"} \
--library-search-path ${lib.getLib nvidia-driver}/lib \ --library-search-path ${lib.getLib nvidia-driver}/lib \
--nvidia-cdi-hook-path ${lib.getExe' nvidia-container-toolkit.tools "nvidia-cdi-hook"} --nvidia-cdi-hook-path ${lib.getExe' nvidia-container-toolkit.tools "nvidia-cdi-hook"} \
${lib.escapeShellArgs extraArgs}
} }
function additionalMount { function additionalMount {

9
nixos/modules/services/hardware/nvidia-container-toolkit/default.nix
View File

@ -120,6 +120,14 @@
}; };
package = lib.mkPackageOption pkgs "nvidia-container-toolkit" { }; package = lib.mkPackageOption pkgs "nvidia-container-toolkit" { };
extraArgs = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = ''
Extra arguments to be passed to nvidia-ctk.
'';
};
}; };
}; };
@ -241,6 +249,7 @@
device-name-strategy device-name-strategy
discovery-mode discovery-mode
mounts mounts
extraArgs
; ;
nvidia-container-toolkit = config.hardware.nvidia-container-toolkit.package; nvidia-container-toolkit = config.hardware.nvidia-container-toolkit.package;
nvidia-driver = config.hardware.nvidia.package; nvidia-driver = config.hardware.nvidia.package;

95
nixos/modules/services/misc/tee-supplicant/default.nix Normal file
View File

@ -0,0 +1,95 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (lib)
getExe'
mkEnableOption
mkIf
mkOption
mkPackageOption
types
;
cfg = config.services.tee-supplicant;
taDir = "optee_armtz";
trustedApplications = pkgs.linkFarm "runtime-trusted-applications" (
map (
ta:
let
# This is safe since we are using it as the path value, so the context
# will still ensure that this nix store path exists on the running
# system.
taFile = builtins.baseNameOf (builtins.unsafeDiscardStringContext ta);
in
{
name = "lib/${taDir}/${taFile}";
path = ta;
}
) cfg.trustedApplications
);
in
{
options.services.tee-supplicant = {
enable = mkEnableOption "OP-TEE userspace supplicant";
package = mkPackageOption pkgs "optee-client" { };
trustedApplications = mkOption {
type = types.listOf types.path;
default = [ ];
description = ''
A list of full paths to trusted applications that will be loaded at
runtime by tee-supplicant.
'';
};
pluginPath = mkOption {
type = types.path;
default = "/run/current-system/sw/lib/tee-supplicant/plugins";
description = ''
The directory where plugins will be loaded from on startup.
'';
};
reeFsParentPath = mkOption {
type = types.path;
default = "/var/lib/tee";
description = ''
The directory where the secure filesystem will be stored in the rich
execution environment (REE FS).
'';
};
};
config = mkIf cfg.enable {
environment = mkIf (cfg.trustedApplications != [ ]) {
systemPackages = [ trustedApplications ];
pathsToLink = [ "/lib/${taDir}" ];
};
systemd.services.tee-supplicant = {
description = "Userspace supplicant for OPTEE-OS";
serviceConfig = {
ExecStart = toString [
(getExe' cfg.package "tee-supplicant")
"--ta-dir ${taDir}"
"--fs-parent-path ${cfg.reeFsParentPath}"
"--plugin-path ${cfg.pluginPath}"
];
Restart = "always";
};
after = [ "modprobe@optee.service" ];
wants = [ "modprobe@optee.service" ];
wantedBy = [ "multi-user.target" ];
};
};
}

3
nixos/modules/services/networking/syncthing.nix
View File

@ -847,7 +847,8 @@ in
]; ];
}; };
systemd.packages = [ pkgs.syncthing ]; environment.systemPackages = [ cfg.package ];
systemd.packages = [ cfg.package ];
users.users = mkIf (cfg.systemService && cfg.user == defaultUser) { users.users = mkIf (cfg.systemService && cfg.user == defaultUser) {
${defaultUser} = { ${defaultUser} = {

324
nixos/modules/services/search/nominatim.nix Normal file
View File

@ -0,0 +1,324 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.services.nominatim;
localDb = cfg.database.host == "localhost";
uiPackage = cfg.ui.package.override { customConfig = cfg.ui.config; };
in
{
options.services.nominatim = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable nominatim.
Also enables nginx virtual host management. Further nginx configuration
can be done by adapting `services.nginx.virtualHosts.<name>`.
See [](#opt-services.nginx.virtualHosts).
'';
};
package = lib.mkPackageOption pkgs.python3Packages "nominatim-api" { };
hostName = lib.mkOption {
type = lib.types.str;
description = "Hostname to use for the nginx vhost.";
example = "nominatim.example.com";
};
settings = lib.mkOption {
default = { };
type = lib.types.attrsOf lib.types.str;
example = lib.literalExpression ''
{
NOMINATIM_REPLICATION_URL = "https://planet.openstreetmap.org/replication/minute";
NOMINATIM_REPLICATION_MAX_DIFF = "100";
}
'';
description = ''
Nominatim configuration settings.
For the list of available configuration options see
<https://nominatim.org/release-docs/latest/customize/Settings>.
'';
};
ui = {
package = lib.mkPackageOption pkgs "nominatim-ui" { };
config = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = ''
Nominatim UI configuration placed to theme/config.theme.js file.
For the list of available configuration options see
<https://github.com/osm-search/nominatim-ui/blob/master/dist/config.defaults.js>.
'';
example = ''
Nominatim_Config.Page_Title='My Nominatim instance';
Nominatim_Config.Nominatim_API_Endpoint='https://localhost/';
'';
};
};
database = {
host = lib.mkOption {
type = lib.types.str;
default = "localhost";
description = ''
Host of the postgresql server. If not set to `localhost`, Nominatim
database and postgresql superuser with appropriate permissions must
exist on target host.
'';
};
port = lib.mkOption {
type = lib.types.port;
default = 5432;
description = "Port of the postgresql database.";
};
dbname = lib.mkOption {
type = lib.types.str;
default = "nominatim";
description = "Name of the postgresql database.";
};
superUser = lib.mkOption {
type = lib.types.str;
default = "nominatim";
description = ''
Postgresql database superuser used to create Nominatim database and
import data. If `database.host` is set to `localhost`, a unix user and
group of the same name will be automatically created.
'';
};
apiUser = lib.mkOption {
type = lib.types.str;
default = "nominatim-api";
description = ''
Postgresql database user with read-only permissions used for Nominatim
web API service.
'';
};
passwordFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
Password file used for Nominatim database connection.
Must be readable only for the Nominatim web API user.
The file must be a valid `.pgpass` file as described in:
<https://www.postgresql.org/docs/current/libpq-pgpass.html>
In most cases, the following will be enough:
```
*:*:*:*:<password>
```
'';
};
extraConnectionParams = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = ''
Extra Nominatim database connection parameters.
Format:
<param1>=<value1>;<param2>=<value2>
See <https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS>.
'';
};
};
};
config =
let
nominatimSuperUserDsn =
"pgsql:dbname=${cfg.database.dbname};"
+ "user=${cfg.database.superUser}"
+ lib.optionalString (cfg.database.extraConnectionParams != null) (
";" + cfg.database.extraConnectionParams
);
nominatimApiDsn =
"pgsql:dbname=${cfg.database.dbname}"
+ lib.optionalString (!localDb) (
";host=${cfg.database.host};"
+ "port=${toString cfg.database.port};"
+ "user=${cfg.database.apiUser}"
)
+ lib.optionalString (cfg.database.extraConnectionParams != null) (
";" + cfg.database.extraConnectionParams
);
in
lib.mkIf cfg.enable {
# CLI package
environment.systemPackages = [ pkgs.nominatim ];
# Database
users.users.${cfg.database.superUser} = lib.mkIf localDb {
group = cfg.database.superUser;
isSystemUser = true;
createHome = false;
};
users.groups.${cfg.database.superUser} = lib.mkIf localDb { };
services.postgresql = lib.mkIf localDb {
enable = true;
extensions = ps: with ps; [ postgis ];
ensureUsers = [
{
name = cfg.database.superUser;
ensureClauses.superuser = true;
}
{
name = cfg.database.apiUser;
}
];
};
# TODO: add nominatim-update service
systemd.services.nominatim-init = lib.mkIf localDb {
after = [ "postgresql-setup.service" ];
requires = [ "postgresql-setup.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
User = cfg.database.superUser;
RemainAfterExit = true;
PrivateTmp = true;
};
script = ''
sql="SELECT COUNT(*) FROM pg_database WHERE datname='${cfg.database.dbname}'"
db_exists=$(${pkgs.postgresql}/bin/psql --dbname postgres -tAc "$sql")
if [ "$db_exists" == "0" ]; then
${lib.getExe pkgs.nominatim} import --prepare-database
else
echo "Database ${cfg.database.dbname} already exists. Skipping ..."
fi
'';
path = [
pkgs.postgresql
];
environment = {
NOMINATIM_DATABASE_DSN = nominatimSuperUserDsn;
NOMINATIM_DATABASE_WEBUSER = cfg.database.apiUser;
} // cfg.settings;
};
# Web API service
users.users.${cfg.database.apiUser} = {
group = cfg.database.apiUser;
isSystemUser = true;
createHome = false;
};
users.groups.${cfg.database.apiUser} = { };
systemd.services.nominatim = {
after = [ "network.target" ] ++ lib.optionals localDb [ "nominatim-init.service" ];
requires = lib.optionals localDb [ "nominatim-init.service" ];
bindsTo = lib.optionals localDb [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
wants = [ "network.target" ];
serviceConfig = {
Type = "simple";
User = cfg.database.apiUser;
ExecStart = ''
${pkgs.python3Packages.gunicorn}/bin/gunicorn \
--bind unix:/run/nominatim.sock \
--workers 4 \
--worker-class uvicorn.workers.UvicornWorker "nominatim_api.server.falcon.server:run_wsgi()"
'';
Environment = lib.optional (
cfg.database.passwordFile != null
) "PGPASSFILE=${cfg.database.passwordFile}";
ExecReload = "${pkgs.procps}/bin/kill -s HUP $MAINPID";
KillMode = "mixed";
TimeoutStopSec = 5;
};
environment = {
PYTHONPATH =
with pkgs.python3Packages;
pkgs.python3Packages.makePythonPath [
cfg.package
falcon
uvicorn
];
NOMINATIM_DATABASE_DSN = nominatimApiDsn;
NOMINATIM_DATABASE_WEBUSER = cfg.database.apiUser;
} // cfg.settings;
};
systemd.sockets.nominatim = {
before = [ "nominatim.service" ];
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = "/run/nominatim.sock";
SocketUser = cfg.database.apiUser;
SocketGroup = config.services.nginx.group;
};
};
services.nginx = {
enable = true;
appendHttpConfig = ''
map $args $format {
default default;
~(^|&)format=html(&|$) html;
}
map $uri/$format $forward_to_ui {
default 0; # No forwarding by default.
# Redirect to HTML UI if explicitly requested.
~/reverse.*/html 1;
~/search.*/html 1;
~/lookup.*/html 1;
~/details.*/html 1;
}
'';
upstreams.nominatim = {
servers = {
"unix:/run/nominatim.sock" = { };
};
};
virtualHosts = {
${cfg.hostName} = {
forceSSL = lib.mkDefault true;
enableACME = lib.mkDefault true;
locations = {
"= /" = {
extraConfig = ''
return 301 $scheme://$http_host/ui/search.html;
'';
};
"/" = {
proxyPass = "http://nominatim";
extraConfig = ''
if ($forward_to_ui) {
rewrite ^(/[^/.]*) /ui$1.html redirect;
}
'';
};
"/ui/" = {
alias = "${uiPackage}/";
};
};
};
};
};
};
}

37
nixos/tests/all-tests.nix
View File

@ -605,7 +605,7 @@ in
gns3-server = runTest ./gns3-server.nix; gns3-server = runTest ./gns3-server.nix;
gnupg = runTest ./gnupg.nix; gnupg = runTest ./gnupg.nix;
goatcounter = runTest ./goatcounter.nix; goatcounter = runTest ./goatcounter.nix;
go-camo = handleTest ./go-camo.nix { }; go-camo = runTest ./go-camo.nix;
go-neb = runTest ./go-neb.nix; go-neb = runTest ./go-neb.nix;
gobgpd = runTest ./gobgpd.nix; gobgpd = runTest ./gobgpd.nix;
gocd-agent = runTest ./gocd-agent.nix; gocd-agent = runTest ./gocd-agent.nix;
@ -649,10 +649,22 @@ in
harmonia = runTest ./harmonia.nix; harmonia = runTest ./harmonia.nix;
headscale = runTest ./headscale.nix; headscale = runTest ./headscale.nix;
healthchecks = runTest ./web-apps/healthchecks.nix; healthchecks = runTest ./web-apps/healthchecks.nix;
hbase2 = handleTest ./hbase.nix { package = pkgs.hbase2; }; hbase2 = runTest {
hbase_2_5 = handleTest ./hbase.nix { package = pkgs.hbase_2_5; }; imports = [ ./hbase.nix ];
hbase_2_4 = handleTest ./hbase.nix { package = pkgs.hbase_2_4; }; _module.args.getPackage = pkgs: pkgs.hbase2;
hbase3 = handleTest ./hbase.nix { package = pkgs.hbase3; }; };
hbase_2_5 = runTest {
imports = [ ./hbase.nix ];
_module.args.getPackage = pkgs: pkgs.hbase_2_5;
};
hbase_2_4 = runTest {
imports = [ ./hbase.nix ];
_module.args.getPackage = pkgs: pkgs.hbase_2_4;
};
hbase3 = runTest {
imports = [ ./hbase.nix ];
_module.args.getPackage = pkgs: pkgs.hbase3;
};
hedgedoc = runTest ./hedgedoc.nix; hedgedoc = runTest ./hedgedoc.nix;
herbstluftwm = runTest ./herbstluftwm.nix; herbstluftwm = runTest ./herbstluftwm.nix;
homebox = runTest ./homebox.nix; homebox = runTest ./homebox.nix;
@ -1014,6 +1026,7 @@ in
nixseparatedebuginfod = runTest ./nixseparatedebuginfod.nix; nixseparatedebuginfod = runTest ./nixseparatedebuginfod.nix;
node-red = runTest ./node-red.nix; node-red = runTest ./node-red.nix;
nomad = runTest ./nomad.nix; nomad = runTest ./nomad.nix;
nominatim = runTest ./nominatim.nix;
non-default-filesystems = handleTest ./non-default-filesystems.nix { }; non-default-filesystems = handleTest ./non-default-filesystems.nix { };
non-switchable-system = runTest ./non-switchable-system.nix; non-switchable-system = runTest ./non-switchable-system.nix;
noto-fonts = runTest ./noto-fonts.nix; noto-fonts = runTest ./noto-fonts.nix;
@ -1067,6 +1080,7 @@ in
openvscode-server = runTest ./openvscode-server.nix; openvscode-server = runTest ./openvscode-server.nix;
open-webui = runTest ./open-webui.nix; open-webui = runTest ./open-webui.nix;
openvswitch = runTest ./openvswitch.nix; openvswitch = runTest ./openvswitch.nix;
optee = handleTestOn [ "aarch64-linux" ] ./optee.nix { };
orangefs = runTest ./orangefs.nix; orangefs = runTest ./orangefs.nix;
os-prober = handleTestOn [ "x86_64-linux" ] ./os-prober.nix { }; os-prober = handleTestOn [ "x86_64-linux" ] ./os-prober.nix { };
osquery = handleTestOn [ "x86_64-linux" ] ./osquery.nix { }; osquery = handleTestOn [ "x86_64-linux" ] ./osquery.nix { };
@ -1319,7 +1333,7 @@ in
stratis = handleTest ./stratis { }; stratis = handleTest ./stratis { };
strongswan-swanctl = runTest ./strongswan-swanctl.nix; strongswan-swanctl = runTest ./strongswan-swanctl.nix;
stub-ld = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./stub-ld.nix { }; stub-ld = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./stub-ld.nix { };
stunnel = handleTest ./stunnel.nix { }; stunnel = import ./stunnel.nix { inherit runTest; };
sudo = runTest ./sudo.nix; sudo = runTest ./sudo.nix;
sudo-rs = runTest ./sudo-rs.nix; sudo-rs = runTest ./sudo-rs.nix;
sunshine = runTest ./sunshine.nix; sunshine = runTest ./sunshine.nix;
@ -1364,7 +1378,7 @@ in
systemd-initrd-luks-tpm2 = runTest ./systemd-initrd-luks-tpm2.nix; systemd-initrd-luks-tpm2 = runTest ./systemd-initrd-luks-tpm2.nix;
systemd-initrd-luks-unl0kr = runTest ./systemd-initrd-luks-unl0kr.nix; systemd-initrd-luks-unl0kr = runTest ./systemd-initrd-luks-unl0kr.nix;
systemd-initrd-modprobe = runTest ./systemd-initrd-modprobe.nix; systemd-initrd-modprobe = runTest ./systemd-initrd-modprobe.nix;
systemd-initrd-networkd = handleTest ./systemd-initrd-networkd.nix { }; systemd-initrd-networkd = import ./systemd-initrd-networkd.nix { inherit runTest; };
systemd-initrd-networkd-ssh = runTest ./systemd-initrd-networkd-ssh.nix; systemd-initrd-networkd-ssh = runTest ./systemd-initrd-networkd-ssh.nix;
systemd-initrd-networkd-openvpn = handleTestOn [ systemd-initrd-networkd-openvpn = handleTestOn [
"x86_64-linux" "x86_64-linux"
@ -1386,9 +1400,7 @@ in
systemd-networkd = runTest ./systemd-networkd.nix; systemd-networkd = runTest ./systemd-networkd.nix;
systemd-networkd-bridge = runTest ./systemd-networkd-bridge.nix; systemd-networkd-bridge = runTest ./systemd-networkd-bridge.nix;
systemd-networkd-dhcpserver = runTest ./systemd-networkd-dhcpserver.nix; systemd-networkd-dhcpserver = runTest ./systemd-networkd-dhcpserver.nix;
systemd-networkd-dhcpserver-static-leases = systemd-networkd-dhcpserver-static-leases = runTest ./systemd-networkd-dhcpserver-static-leases.nix;
handleTest ./systemd-networkd-dhcpserver-static-leases.nix
{ };
systemd-networkd-ipv6-prefix-delegation = systemd-networkd-ipv6-prefix-delegation =
handleTest ./systemd-networkd-ipv6-prefix-delegation.nix handleTest ./systemd-networkd-ipv6-prefix-delegation.nix
{ }; { };
@ -1555,7 +1567,10 @@ in
xterm = runTest ./xterm.nix; xterm = runTest ./xterm.nix;
xxh = runTest ./xxh.nix; xxh = runTest ./xxh.nix;
yarr = runTest ./yarr.nix; yarr = runTest ./yarr.nix;
ydotool = handleTest ./ydotool.nix { }; ydotool = import ./ydotool.nix {
inherit (pkgs) lib;
inherit runTest;
};
yggdrasil = runTest ./yggdrasil.nix; yggdrasil = runTest ./yggdrasil.nix;
your_spotify = runTest ./your_spotify.nix; your_spotify = runTest ./your_spotify.nix;
zammad = runTest ./zammad.nix; zammad = runTest ./zammad.nix;

52
nixos/tests/go-camo.nix
View File

@ -1,36 +1,26 @@
{ lib, ... }:
let
key_val = "12345678";
in
{ {
system ? builtins.currentSystem, name = "go-camo-file-key";
config ? { }, meta = {
pkgs ? import ../.. { inherit system config; }, maintainers = [ lib.maintainers.viraptor ];
}: };
with import ../lib/testing-python.nix { inherit system pkgs; }; nodes.machine =
{ pkgs, ... }:
{ {
gocamo_file_key = services.go-camo = {
let enable = true;
key_val = "12345678"; keyFile = pkgs.writeText "foo" key_val;
in
makeTest {
name = "go-camo-file-key";
meta = {
maintainers = [ pkgs.lib.maintainers.viraptor ];
}; };
nodes.machine =
{ config, pkgs, ... }:
{
services.go-camo = {
enable = true;
keyFile = pkgs.writeText "foo" key_val;
};
};
# go-camo responds to http requests
testScript = ''
machine.wait_for_unit("go-camo.service")
machine.wait_for_open_port(8080)
machine.succeed("curl http://localhost:8080")
'';
}; };
# go-camo responds to http requests
testScript = ''
machine.wait_for_unit("go-camo.service")
machine.wait_for_open_port(8080)
machine.succeed("curl http://localhost:8080")
'';
} }

66
nixos/tests/hbase.nix
View File

@ -1,39 +1,33 @@
import ./make-test-python.nix ( { getPackage, lib, ... }:
{ {
pkgs, name = "hbase-standalone";
lib,
package ? pkgs.hbase,
...
}:
{
name = "hbase-standalone";
meta = with lib.maintainers; { meta = with lib.maintainers; {
maintainers = [ illustris ]; maintainers = [ illustris ];
};
nodes.hbase =
{ pkgs, ... }:
let
package = getPackage pkgs;
in
{
services.hbase-standalone = {
enable = true;
inherit package;
# Needed for standalone mode in hbase 2+
# This setting and standalone mode are not suitable for production
settings."hbase.unsafe.stream.capability.enforce" = "false";
};
environment.systemPackages = [
package
];
}; };
nodes = { testScript = ''
hbase = start_all()
{ pkgs, ... }: hbase.wait_for_unit("hbase.service")
{ hbase.wait_until_succeeds("echo \"create 't1','f1'\" | sudo -u hbase hbase shell -n")
services.hbase-standalone = { assert "NAME => 'f1'" in hbase.succeed("echo \"describe 't1'\" | sudo -u hbase hbase shell -n")
enable = true; '';
inherit package; }
# Needed for standalone mode in hbase 2+
# This setting and standalone mode are not suitable for production
settings."hbase.unsafe.stream.capability.enforce" = "false";
};
environment.systemPackages = with pkgs; [
package
];
};
};
testScript = ''
start_all()
hbase.wait_for_unit("hbase.service")
hbase.wait_until_succeeds("echo \"create 't1','f1'\" | sudo -u hbase hbase shell -n")
assert "NAME => 'f1'" in hbase.succeed("echo \"describe 't1'\" | sudo -u hbase hbase shell -n")
'';
}
)

187
nixos/tests/nominatim.nix Normal file
View File

@ -0,0 +1,187 @@
{ pkgs, lib, ... }:
let
# Andorra - the smallest dataset in Europe (3.1 MB)
osmData = pkgs.fetchurl {
url = "https://web.archive.org/web/20250430211212/https://download.geofabrik.de/europe/andorra-latest.osm.pbf";
hash = "sha256-Ey+ipTOFUm80rxBteirPW5N4KxmUsg/pCE58E/2rcyE=";
};
in
{
name = "nominatim";
meta = {
maintainers = with lib.teams; [
geospatial
ngi
];
};
nodes = {
# nominatim - self contained host
nominatim =
{ config, pkgs, ... }:
{
# Nominatim
services.nominatim = {
enable = true;
hostName = "nominatim";
settings = {
NOMINATIM_IMPORT_STYLE = "admin";
};
ui = {
config = ''
Nominatim_Config.Page_Title='Test Nominatim instance';
Nominatim_Config.Nominatim_API_Endpoint='https://localhost/';
'';
};
};
# Disable SSL
services.nginx.virtualHosts.nominatim = {
forceSSL = false;
enableACME = false;
};
# Database
services.postgresql = {
enableTCPIP = true;
authentication = lib.mkForce ''
local all all trust
host all all 0.0.0.0/0 md5
host all all ::0/0 md5
'';
};
systemd.services.postgresql-setup.postStart = ''
psql --command "ALTER ROLE \"nominatim-api\" WITH PASSWORD 'password';"
'';
networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ];
};
# api - web API only
api =
{ config, pkgs, ... }:
{
# Database password
system.activationScripts = {
passwordFile.text = with config.services.nominatim.database; ''
mkdir -p /run/secrets
echo "${host}:${toString port}:${dbname}:${apiUser}:password" \
> /run/secrets/pgpass
chown nominatim-api:nominatim-api /run/secrets/pgpass
chmod 0600 /run/secrets/pgpass
'';
};
# Nominatim
services.nominatim = {
enable = true;
hostName = "nominatim";
settings = {
NOMINATIM_LOG_DB = "yes";
};
database = {
host = "nominatim";
passwordFile = "/run/secrets/pgpass";
extraConnectionParams = "application_name=nominatim;connect_timeout=2";
};
};
# Disable SSL
services.nginx.virtualHosts.nominatim = {
forceSSL = false;
enableACME = false;
};
};
};
testScript = ''
# Test nominatim host
nominatim.start()
nominatim.wait_for_unit("nominatim.service")
# Import OSM data
nominatim.succeed("""
cd /tmp
sudo -u nominatim \
NOMINATIM_DATABASE_WEBUSER=nominatim-api \
NOMINATIM_IMPORT_STYLE=admin \
nominatim import --continue import-from-file --osm-file ${osmData}
""")
nominatim.succeed("systemctl restart nominatim.service")
# Test CLI
nominatim.succeed("sudo -u nominatim-api nominatim search --query Andorra")
# Test web API
nominatim.succeed("curl 'http://localhost/status' | grep OK")
nominatim.succeed("""
curl "http://localhost/search?q=Andorra&format=geojson" | grep "Andorra"
curl "http://localhost/reverse?lat=42.5407167&lon=1.5732033&format=geojson"
""")
# Test UI
nominatim.succeed("""
curl "http://localhost/ui/search.html" \
| grep "<title>Nominatim Demo</title>"
""")
# Test api host
api.start()
api.wait_for_unit("nominatim.service")
# Test web API
api.succeed("""
curl "http://localhost/search?q=Andorra&format=geojson" | grep "Andorra"
curl "http://localhost/reverse?lat=42.5407167&lon=1.5732033&format=geojson"
""")
# Test format rewrites
# Redirect / to search
nominatim.succeed("""
curl --verbose "http://localhost" 2>&1 \
| grep "Location: http://localhost/ui/search.html"
""")
# Return text by default
nominatim.succeed("""
curl --verbose "http://localhost/status" 2>&1 \
| grep "Content-Type: text/plain"
""")
# Return JSON by default
nominatim.succeed("""
curl --verbose "http://localhost/search?q=Andorra" 2>&1 \
| grep "Content-Type: application/json"
""")
# Return XML by default
nominatim.succeed("""
curl --verbose "http://localhost/lookup" 2>&1 \
| grep "Content-Type: text/xml"
curl --verbose "http://localhost/reverse?lat=0&lon=0" 2>&1 \
| grep "Content-Type: text/xml"
""")
# Redirect explicitly requested HTML format
nominatim.succeed("""
curl --verbose "http://localhost/search?format=html" 2>&1 \
| grep "Location: http://localhost/ui/search.html"
curl --verbose "http://localhost/reverse?format=html" 2>&1 \
| grep "Location: http://localhost/ui/reverse.html"
""")
# Return explicitly requested JSON format
nominatim.succeed("""
curl --verbose "http://localhost/search?format=json" 2>&1 \
| grep "Content-Type: application/json"
curl --verbose "http://localhost/reverse?format=json" 2>&1 \
| grep "Content-Type: application/json"
""")
'';
}

72
nixos/tests/optee.nix Normal file
View File

@ -0,0 +1,72 @@
import ./make-test-python.nix (
{ pkgs, lib, ... }:
{
name = "optee";
meta = with pkgs.lib.maintainers; {
maintainers = [ jmbaur ];
};
nodes.machine =
{ config, pkgs, ... }:
let
inherit (pkgs) armTrustedFirmwareQemu opteeQemuAarch64 ubootQemuAarch64;
# Default environment for qemu-arm64 uboot does not work well with
# large nixos kernel/initrds.
uboot = ubootQemuAarch64.overrideAttrs (old: {
postPatch =
(old.postPatch or "")
+ ''
substituteInPlace board/emulation/qemu-arm/qemu-arm.env \
--replace-fail "ramdisk_addr_r=0x44000000" "ramdisk_addr_r=0x46000000"
'';
});
bios = armTrustedFirmwareQemu.override {
extraMakeFlags = [
"SPD=opteed"
"BL32=${opteeQemuAarch64}/tee-header_v2.bin"
"BL32_EXTRA1=${opteeQemuAarch64}/tee-pager_v2.bin"
"BL32_EXTRA2=${opteeQemuAarch64}/tee-pageable_v2.bin"
"BL33=${uboot}/u-boot.bin"
"all"
"fip"
];
filesToInstall = [
"build/qemu/release/bl1.bin"
"build/qemu/release/fip.bin"
];
postInstall = ''
dd if=$out/bl1.bin of=$out/bios.bin bs=4096 conv=notrunc
dd if=$out/fip.bin of=$out/bios.bin seek=64 bs=4096 conv=notrunc
'';
};
in
{
virtualisation = {
inherit bios;
cores = 2;
qemu.options = [
"-machine virt,secure=on,accel=tcg,gic-version=2"
"-cpu cortex-a57"
];
};
# VM boots up via qfw
boot.loader.grub.enable = false;
services.tee-supplicant = {
enable = true;
# pkcs11 trusted application
trustedApplications = [ "${opteeQemuAarch64.devkit}/ta/fd02c9da-306c-48c7-a49c-bbd827ae86ee.ta" ];
};
};
testScript = ''
machine.wait_for_unit("tee-supplicant.service")
out = machine.succeed("${pkgs.opensc}/bin/pkcs11-tool --module ${lib.getLib pkgs.optee-client}/lib/libckteec.so --list-token-slots")
if out.find("OP-TEE PKCS11 TA") < 0:
raise Exception("optee pkcs11 token not found")
'';
}
)

29
nixos/tests/stunnel.nix
View File

@ -1,11 +1,4 @@
{ { runTest }:
system ? builtins.currentSystem,
config ? { },
pkgs ? import ../.. { inherit system config; },
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib;
let let
stunnelCommon = { stunnelCommon = {
@ -20,7 +13,12 @@ let
}; };
}; };
makeCert = makeCert =
{ config, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
systemd.services.create-test-cert = { systemd.services.create-test-cert = {
wantedBy = [ "sysinit.target" ]; wantedBy = [ "sysinit.target" ];
@ -32,14 +30,14 @@ let
unitConfig.DefaultDependencies = false; unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = '' script = ''
${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName} ${lib.getExe pkgs.openssl} req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}
( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem ) ( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )
chown stunnel /test-key.pem /test-key-and-cert.pem chown stunnel /test-key.pem /test-key-and-cert.pem
''; '';
}; };
}; };
serverCommon = serverCommon =
{ pkgs, ... }: { lib, pkgs, ... }:
{ {
networking.firewall.allowedTCPPorts = [ 443 ]; networking.firewall.allowedTCPPorts = [ 443 ];
services.stunnel.servers.https = { services.stunnel.servers.https = {
@ -51,7 +49,7 @@ let
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = '' script = ''
cd /etc/webroot cd /etc/webroot
${pkgs.python3}/bin/python -m http.server 80 ${lib.getExe' pkgs.python3 "python"} -m http.server 80
''; '';
}; };
}; };
@ -61,10 +59,9 @@ let
server_cert = ${src}.succeed("cat /test-cert.pem") server_cert = ${src}.succeed("cat /test-cert.pem")
${dest}.succeed("echo %s > ${filename}" % quote(server_cert)) ${dest}.succeed("echo %s > ${filename}" % quote(server_cert))
''; '';
in in
{ {
basicServer = makeTest { basicServer = runTest {
name = "basicServer"; name = "basicServer";
nodes = { nodes = {
@ -92,7 +89,7 @@ in
''; '';
}; };
serverAndClient = makeTest { serverAndClient = runTest {
name = "serverAndClient"; name = "serverAndClient";
nodes = { nodes = {
@ -150,7 +147,7 @@ in
''; '';
}; };
mutualAuth = makeTest { mutualAuth = runTest {
name = "mutualAuth"; name = "mutualAuth";
nodes = rec { nodes = rec {

150
nixos/tests/systemd-initrd-networkd.nix
View File

@ -1,61 +1,80 @@
{ { runTest }:
system ? builtins.currentSystem,
config ? { },
pkgs ? import ../.. { inherit system config; },
lib ? pkgs.lib,
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
let let
inherit (lib.maintainers) elvishjerricco; common =
{ pkgs, ... }:
common = { {
boot.initrd.systemd = { boot.initrd.systemd = {
enable = true; enable = true;
network.wait-online.timeout = 10; network.wait-online.timeout = 10;
network.wait-online.anyInterface = true; network.wait-online.anyInterface = true;
targets.network-online.requiredBy = [ "initrd.target" ]; targets.network-online.requiredBy = [ "initrd.target" ];
services.systemd-networkd-wait-online.requiredBy = [ "network-online.target" ]; services.systemd-networkd-wait-online.requiredBy = [ "network-online.target" ];
initrdBin = [ initrdBin = [
pkgs.iproute2 pkgs.iproute2
pkgs.iputils pkgs.iputils
pkgs.gnugrep pkgs.gnugrep
]; ];
};
testing.initrdBackdoor = true;
boot.initrd.network.enable = true;
}; };
testing.initrdBackdoor = true;
boot.initrd.network.enable = true;
};
mkFlushTest = mkFlushTest =
flush: script: flush: script:
makeTest { runTest (
name = "systemd-initrd-network-${lib.optionalString (!flush) "no-"}flush"; { lib, ... }:
meta.maintainers = [ elvishjerricco ]; {
name = "systemd-initrd-network-${lib.optionalString (!flush) "no-"}flush";
meta.maintainers = with lib.maintainers; [ elvishjerricco ];
nodes.machine = { nodes.machine =
imports = [ common ]; { pkgs, ... }:
{
imports = [ common ];
boot.initrd.network.flushBeforeStage2 = flush; boot.initrd.network.flushBeforeStage2 = flush;
systemd.services.check-flush = { systemd.services.check-flush = {
requiredBy = [ "multi-user.target" ]; requiredBy = [ "multi-user.target" ];
before = [ before = [
"network-pre.target" "network-pre.target"
"multi-user.target" "multi-user.target"
"shutdown.target" "shutdown.target"
]; ];
conflicts = [ "shutdown.target" ]; conflicts = [ "shutdown.target" ];
wants = [ "network-pre.target" ]; wants = [ "network-pre.target" ];
unitConfig.DefaultDependencies = false; unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
path = [ path = [
pkgs.iproute2 pkgs.iproute2
pkgs.iputils pkgs.iputils
pkgs.gnugrep pkgs.gnugrep
]; ];
inherit script; inherit script;
}; };
}; };
testScript = ''
machine.wait_for_unit("network-online.target")
machine.succeed(
"ip addr | grep 10.0.2.15",
"ping -c1 10.0.2.2",
)
machine.switch_root()
machine.wait_for_unit("multi-user.target")
'';
}
);
in
{
basic = runTest (
{ lib, ... }:
{
name = "systemd-initrd-network";
meta.maintainers = with lib.maintainers; [ elvishjerricco ];
nodes.machine = common;
testScript = '' testScript = ''
machine.wait_for_unit("network-online.target") machine.wait_for_unit("network-online.target")
@ -65,33 +84,14 @@ let
) )
machine.switch_root() machine.switch_root()
# Make sure the systemd-network user was set correctly in initrd
machine.wait_for_unit("multi-user.target") machine.wait_for_unit("multi-user.target")
machine.succeed("[ $(stat -c '%U,%G' /run/systemd/netif/links) = systemd-network,systemd-network ]")
machine.succeed("ip addr show >&2")
machine.succeed("ip route show >&2")
''; '';
}; }
);
in
{
basic = makeTest {
name = "systemd-initrd-network";
meta.maintainers = [ elvishjerricco ];
nodes.machine = common;
testScript = ''
machine.wait_for_unit("network-online.target")
machine.succeed(
"ip addr | grep 10.0.2.15",
"ping -c1 10.0.2.2",
)
machine.switch_root()
# Make sure the systemd-network user was set correctly in initrd
machine.wait_for_unit("multi-user.target")
machine.succeed("[ $(stat -c '%U,%G' /run/systemd/netif/links) = systemd-network,systemd-network ]")
machine.succeed("ip addr show >&2")
machine.succeed("ip route show >&2")
'';
};
doFlush = mkFlushTest true '' doFlush = mkFlushTest true ''
if ip addr | grep 10.0.2.15; then if ip addr | grep 10.0.2.15; then

166
nixos/tests/systemd-networkd-dhcpserver-static-leases.nix
View File

@ -1,96 +1,94 @@
# In contrast to systemd-networkd-dhcpserver, this test configures # In contrast to systemd-networkd-dhcpserver, this test configures
# the router with a static DHCP lease for the client's MAC address. # the router with a static DHCP lease for the client's MAC address.
import ./make-test-python.nix ( { lib, ... }:
{ lib, ... }: {
{ name = "systemd-networkd-dhcpserver-static-leases";
name = "systemd-networkd-dhcpserver-static-leases"; meta = with lib.maintainers; {
meta = with lib.maintainers; { maintainers = [ veehaitch ];
maintainers = [ veehaitch ]; };
}; nodes = {
nodes = { router = {
router = { virtualisation.vlans = [ 1 ];
virtualisation.vlans = [ 1 ]; systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; networking = {
networking = { useNetworkd = true;
useNetworkd = true; useDHCP = false;
useDHCP = false; firewall.enable = false;
firewall.enable = false;
};
systemd.network = {
networks = {
# systemd-networkd will load the first network unit file
# that matches, ordered lexiographically by filename.
# /etc/systemd/network/{40-eth1,99-main}.network already
# exists. This network unit must be loaded for the test,
# however, hence why this network is named such.
"01-eth1" = {
name = "eth1";
networkConfig = {
DHCPServer = true;
Address = "10.0.0.1/24";
};
dhcpServerStaticLeases = [
{
MACAddress = "02:de:ad:be:ef:01";
Address = "10.0.0.10";
}
];
};
};
};
}; };
systemd.network = {
client = { networks = {
virtualisation.vlans = [ 1 ]; # systemd-networkd will load the first network unit file
systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; # that matches, ordered lexiographically by filename.
systemd.network = { # /etc/systemd/network/{40-eth1,99-main}.network already
enable = true; # exists. This network unit must be loaded for the test,
links."10-eth1" = { # however, hence why this network is named such.
matchConfig.OriginalName = "eth1"; "01-eth1" = {
linkConfig.MACAddress = "02:de:ad:be:ef:01"; name = "eth1";
};
networks."40-eth1" = {
matchConfig.Name = "eth1";
networkConfig = { networkConfig = {
DHCP = "ipv4"; DHCPServer = true;
IPv6AcceptRA = false; Address = "10.0.0.1/24";
}; };
# This setting is important to have the router assign the dhcpServerStaticLeases = [
# configured lease based on the client's MAC address. Also see: {
# https://github.com/systemd/systemd/issues/21368#issuecomment-982193546 MACAddress = "02:de:ad:be:ef:01";
dhcpV4Config.ClientIdentifier = "mac"; Address = "10.0.0.10";
linkConfig.RequiredForOnline = "routable"; }
];
}; };
}; };
networking = {
useDHCP = false;
firewall.enable = false;
interfaces.eth1 = lib.mkForce { };
};
}; };
}; };
testScript = ''
start_all()
with subtest("check router network configuration"): client = {
router.systemctl("start systemd-networkd-wait-online.service") virtualisation.vlans = [ 1 ];
router.wait_for_unit("systemd-networkd-wait-online.service") systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
eth1_status = router.succeed("networkctl status eth1") systemd.network = {
assert "Network File: /etc/systemd/network/01-eth1.network" in eth1_status, \ enable = true;
"The router interface eth1 is not using the expected network file" links."10-eth1" = {
assert "10.0.0.1" in eth1_status, "Did not find expected router IPv4" matchConfig.OriginalName = "eth1";
linkConfig.MACAddress = "02:de:ad:be:ef:01";
};
networks."40-eth1" = {
matchConfig.Name = "eth1";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = false;
};
# This setting is important to have the router assign the
# configured lease based on the client's MAC address. Also see:
# https://github.com/systemd/systemd/issues/21368#issuecomment-982193546
dhcpV4Config.ClientIdentifier = "mac";
linkConfig.RequiredForOnline = "routable";
};
};
networking = {
useDHCP = false;
firewall.enable = false;
interfaces.eth1 = lib.mkForce { };
};
};
};
testScript = ''
start_all()
with subtest("check client network configuration"): with subtest("check router network configuration"):
client.systemctl("start systemd-networkd-wait-online.service") router.systemctl("start systemd-networkd-wait-online.service")
client.wait_for_unit("systemd-networkd-wait-online.service") router.wait_for_unit("systemd-networkd-wait-online.service")
eth1_status = client.succeed("networkctl status eth1") eth1_status = router.succeed("networkctl status eth1")
assert "Network File: /etc/systemd/network/40-eth1.network" in eth1_status, \ assert "Network File: /etc/systemd/network/01-eth1.network" in eth1_status, \
"The client interface eth1 is not using the expected network file" "The router interface eth1 is not using the expected network file"
assert "10.0.0.10" in eth1_status, "Did not find expected client IPv4" assert "10.0.0.1" in eth1_status, "Did not find expected router IPv4"
with subtest("router and client can reach each other"): with subtest("check client network configuration"):
client.wait_until_succeeds("ping -c 5 10.0.0.1") client.systemctl("start systemd-networkd-wait-online.service")
router.wait_until_succeeds("ping -c 5 10.0.0.10") client.wait_for_unit("systemd-networkd-wait-online.service")
''; eth1_status = client.succeed("networkctl status eth1")
} assert "Network File: /etc/systemd/network/40-eth1.network" in eth1_status, \
) "The client interface eth1 is not using the expected network file"
assert "10.0.0.10" in eth1_status, "Did not find expected client IPv4"
with subtest("router and client can reach each other"):
client.wait_until_succeeds("ping -c 5 10.0.0.1")
router.wait_until_succeeds("ping -c 5 10.0.0.10")
'';
}

278
nixos/tests/ydotool.nix
View File

@ -1,16 +1,12 @@
{ { runTest, lib }:
system ? builtins.currentSystem,
config ? { },
pkgs ? import ../.. { inherit system config; },
lib ? pkgs.lib,
}:
let let
makeTest = import ./make-test-python.nix;
textInput = "This works."; textInput = "This works.";
inputBoxText = "Enter input"; inputBoxText = "Enter input";
inputBox = pkgs.writeShellScript "zenity-input" '' inputBox =
${lib.getExe pkgs.zenity} --entry --text '${inputBoxText}:' > /tmp/output & pkgs:
''; pkgs.writeShellScript "zenity-input" ''
${lib.getExe pkgs.zenity} --entry --text '${inputBoxText}:' > /tmp/output &
'';
asUser = '' asUser = ''
def as_user(cmd: str): def as_user(cmd: str):
""" """
@ -20,124 +16,137 @@ let
''; '';
in in
{ {
headless = makeTest { headless = runTest (
name = "headless"; { lib, ... }:
{
name = "headless";
enableOCR = true; enableOCR = true;
nodes.machine = { nodes.machine = {
imports = [ ./common/user-account.nix ]; imports = [ ./common/user-account.nix ];
users.users.alice.extraGroups = [ "ydotool" ]; users.users.alice.extraGroups = [ "ydotool" ];
programs.ydotool.enable = true; programs.ydotool.enable = true;
services.getty.autologinUser = "alice"; services.getty.autologinUser = "alice";
}; };
testScript = testScript =
asUser asUser
+ '' + ''
start_all() start_all()
machine.wait_for_unit("multi-user.target") machine.wait_for_unit("multi-user.target")
machine.wait_for_text("alice") machine.wait_for_text("alice")
machine.succeed(as_user("ydotool type 'echo ${textInput} > /tmp/output'")) # text input machine.succeed(as_user("ydotool type 'echo ${textInput} > /tmp/output'")) # text input
machine.succeed(as_user("ydotool key 28:1 28:0")) # text input machine.succeed(as_user("ydotool key 28:1 28:0")) # text input
machine.screenshot("headless_input") machine.screenshot("headless_input")
machine.wait_for_file("/tmp/output") machine.wait_for_file("/tmp/output")
machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input
''; '';
meta.maintainers = with lib.maintainers; [ meta.maintainers = with lib.maintainers; [
OPNA2608 OPNA2608
quantenzitrone quantenzitrone
];
};
x11 = makeTest {
name = "x11";
enableOCR = true;
nodes.machine = {
imports = [
./common/user-account.nix
./common/auto.nix
./common/x11.nix
]; ];
}
);
users.users.alice.extraGroups = [ "ydotool" ]; x11 = runTest (
{ config, lib, ... }:
{
name = "x11";
programs.ydotool.enable = true; enableOCR = true;
test-support.displayManager.auto = { nodes.machine =
enable = true; { lib, ... }:
user = "alice"; {
}; imports = [
./common/user-account.nix
./common/auto.nix
./common/x11.nix
];
services.xserver.windowManager.dwm.enable = true; users.users.alice.extraGroups = [ "ydotool" ];
services.displayManager.defaultSession = lib.mkForce "none+dwm";
};
testScript = programs.ydotool.enable = true;
asUser
+ '' test-support.displayManager.auto = {
enable = true;
user = "alice";
};
services.xserver.windowManager.dwm.enable = true;
services.displayManager.defaultSession = lib.mkForce "none+dwm";
};
testScript =
asUser
+ ''
start_all()
machine.wait_for_x()
machine.execute(as_user("${inputBox config.node.pkgs}"))
machine.wait_for_text("${inputBoxText}")
machine.succeed(as_user("ydotool type '${textInput}'")) # text input
machine.screenshot("x11_input")
machine.succeed(as_user("ydotool mousemove -a 400 110")) # mouse input
machine.succeed(as_user("ydotool click 0xC0")) # mouse input
machine.wait_for_file("/tmp/output")
machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input
'';
meta.maintainers = with lib.maintainers; [
OPNA2608
quantenzitrone
];
}
);
wayland = runTest (
{ lib, ... }:
{
name = "wayland";
enableOCR = true;
nodes.machine =
{ pkgs, ... }:
{
imports = [ ./common/user-account.nix ];
services.cage = {
enable = true;
user = "alice";
};
programs.ydotool.enable = true;
services.cage.program = inputBox pkgs;
};
testScript = ''
start_all() start_all()
machine.wait_for_x() machine.wait_for_unit("graphical.target")
machine.execute(as_user("${inputBox}"))
machine.wait_for_text("${inputBoxText}") machine.wait_for_text("${inputBoxText}")
machine.succeed(as_user("ydotool type '${textInput}'")) # text input machine.succeed("ydotool type '${textInput}'") # text input
machine.screenshot("x11_input") machine.screenshot("wayland_input")
machine.succeed(as_user("ydotool mousemove -a 400 110")) # mouse input machine.succeed("ydotool mousemove -a 100 100") # mouse input
machine.succeed(as_user("ydotool click 0xC0")) # mouse input machine.succeed("ydotool click 0xC0") # mouse input
machine.wait_for_file("/tmp/output") machine.wait_for_file("/tmp/output")
machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input
''; '';
meta.maintainers = with lib.maintainers; [ meta.maintainers = with lib.maintainers; [
OPNA2608 OPNA2608
quantenzitrone quantenzitrone
]; ];
}; }
);
wayland = makeTest {
name = "wayland";
enableOCR = true;
nodes.machine = {
imports = [ ./common/user-account.nix ];
services.cage = {
enable = true;
user = "alice";
};
programs.ydotool.enable = true;
services.cage.program = inputBox;
};
testScript = ''
start_all()
machine.wait_for_unit("graphical.target")
machine.wait_for_text("${inputBoxText}")
machine.succeed("ydotool type '${textInput}'") # text input
machine.screenshot("wayland_input")
machine.succeed("ydotool mousemove -a 100 100") # mouse input
machine.succeed("ydotool click 0xC0") # mouse input
machine.wait_for_file("/tmp/output")
machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input
'';
meta.maintainers = with lib.maintainers; [
OPNA2608
quantenzitrone
];
};
customGroup = customGroup =
let let
@ -147,38 +156,41 @@ in
outsideGroupUsername = "other-user"; outsideGroupUsername = "other-user";
groupName = "custom-group"; groupName = "custom-group";
in in
makeTest { runTest (
inherit name; { lib, ... }:
{
inherit name;
nodes."${nodeName}" = { nodes."${nodeName}" = {
programs.ydotool = { programs.ydotool = {
enable = true; enable = true;
group = groupName; group = groupName;
}; };
users.users = { users.users = {
"${insideGroupUsername}" = { "${insideGroupUsername}" = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ groupName ]; extraGroups = [ groupName ];
};
"${outsideGroupUsername}".isNormalUser = true;
}; };
"${outsideGroupUsername}".isNormalUser = true;
}; };
};
testScript = '' testScript = ''
start_all() start_all()
# Wait for service to start # Wait for service to start
${nodeName}.wait_for_unit("multi-user.target") ${nodeName}.wait_for_unit("multi-user.target")
${nodeName}.wait_for_unit("ydotoold.service") ${nodeName}.wait_for_unit("ydotoold.service")
# Verify that user with the configured group can use the service # Verify that user with the configured group can use the service
${nodeName}.succeed("sudo --login --user=${insideGroupUsername} ydotool type 'Hello, World!'") ${nodeName}.succeed("sudo --login --user=${insideGroupUsername} ydotool type 'Hello, World!'")
# Verify that user without the configured group can't use the service # Verify that user without the configured group can't use the service
${nodeName}.fail("sudo --login --user=${outsideGroupUsername} ydotool type 'Hello, World!'") ${nodeName}.fail("sudo --login --user=${outsideGroupUsername} ydotool type 'Hello, World!'")
''; '';
meta.maintainers = with lib.maintainers; [ l0b0 ]; meta.maintainers = with lib.maintainers; [ l0b0 ];
}; }
);
} }

14
pkgs/applications/networking/browsers/chromium/info.json
View File

@ -802,7 +802,7 @@
} }
}, },
"ungoogled-chromium": { "ungoogled-chromium": {
"version": "138.0.7204.96", "version": "138.0.7204.100",
"deps": { "deps": {
"depot_tools": { "depot_tools": {
"rev": "a8900cc0f023d6a662eb66b317e8ddceeb113490", "rev": "a8900cc0f023d6a662eb66b317e8ddceeb113490",
@ -813,16 +813,16 @@
"hash": "sha256-UB9a7Fr1W0yYld6WbXyRR8dFqWsj/zx4KumDZ5JQKSM=" "hash": "sha256-UB9a7Fr1W0yYld6WbXyRR8dFqWsj/zx4KumDZ5JQKSM="
}, },
"ungoogled-patches": { "ungoogled-patches": {
"rev": "138.0.7204.96-1", "rev": "138.0.7204.100-1",
"hash": "sha256-tOQSvdwK3lMN/7l23rbw7txJ/ovRguSXe9oMeol63Cs=" "hash": "sha256-zIBOQlW8UAE7n8x6R5LLjiNUquLOiTPvyxx4sM9r85Y="
}, },
"npmHash": "sha256-8d5VTHutv51libabhxv7SqPRcHfhVmGDSOvTSv013rE=" "npmHash": "sha256-8d5VTHutv51libabhxv7SqPRcHfhVmGDSOvTSv013rE="
}, },
"DEPS": { "DEPS": {
"src": { "src": {
"url": "https://chromium.googlesource.com/chromium/src.git", "url": "https://chromium.googlesource.com/chromium/src.git",
"rev": "f01343ee86bdb55cc999f82381f038cdbf20db62", "rev": "5f45b4744e3d5ba82c2ca6d942f1e7a516110752",
"hash": "sha256-9Ryxv2DvnIKVk4ZvjXegubFDUNzJ3YXGPuYHlntC3RU=", "hash": "sha256-bI75IXPl6YeauK2oTnUURh1ch1H7KKw/QzKYZ/q6htI=",
"recompress": true "recompress": true
}, },
"src/third_party/clang-format/script": { "src/third_party/clang-format/script": {
@ -1047,8 +1047,8 @@
}, },
"src/third_party/devtools-frontend/src": { "src/third_party/devtools-frontend/src": {
"url": "https://chromium.googlesource.com/devtools/devtools-frontend", "url": "https://chromium.googlesource.com/devtools/devtools-frontend",
"rev": "f8dfe8b36e516cef8a5a169e88d16480d8abdc68", "rev": "a6dbe06dafbad00ef4b0ea139ece1a94a5e2e6d8",
"hash": "sha256-7ygnGBAeiLxwbTx5s7LRs9+ZOe06tr8VFcSY5cVHnS4=" "hash": "sha256-XkyJFRxo3ZTBGfKdTwSIo14SLNPQAKQvY4lEX03j6LM="
}, },
"src/third_party/dom_distiller_js/dist": { "src/third_party/dom_distiller_js/dist": {
"url": "https://chromium.googlesource.com/chromium/dom-distiller/dist.git", "url": "https://chromium.googlesource.com/chromium/dom-distiller/dist.git",

1
pkgs/build-support/dart/build-dart-application/default.nix
View File

@ -101,6 +101,7 @@ let
} // sdkSourceBuilders; } // sdkSourceBuilders;
}; };
packageConfig = generators.linkPackageConfig { packageConfig = generators.linkPackageConfig {
inherit pubspecLock;
packageConfig = pub2nix.generatePackageConfig { packageConfig = pub2nix.generatePackageConfig {
pname = if args.pname != null then "${args.pname}-${args.version}" else null; pname = if args.pname != null then "${args.pname}-${args.version}" else null;

27
pkgs/build-support/dart/build-dart-application/generators.nix
View File

@ -49,6 +49,7 @@ let
# Adds the root package to a dependency package_config.json file from pub2nix. # Adds the root package to a dependency package_config.json file from pub2nix.
linkPackageConfig = linkPackageConfig =
{ {
pubspecLock,
packageConfig, packageConfig,
extraSetupCommands ? "", extraSetupCommands ? "",
}: }:
@ -67,15 +68,27 @@ let
dontBuild = true; dontBuild = true;
installPhase = '' installPhase =
runHook preInstall let
m = builtins.match "^[[:space:]]*(\\^|>=|>)?[[:space:]]*([0-9]+\\.[0-9]+)\\.[0-9]+.*$" pubspecLock.sdks.dart;
languageVersion =
if m != null then
(builtins.elemAt m 1)
else if pubspecLock.sdks.dart == "any" then
"null"
else
# https://github.com/dart-lang/pub/blob/15b96589066884300a30bdc356566f3398794857/lib/src/language_version.dart#L109
"2.7";
in
''
runHook preInstall
packageName="$(yq --raw-output .name pubspec.yaml)" packageName="$(yq --raw-output .name pubspec.yaml)"
jq --arg name "$packageName" '.packages |= . + [{ name: $name, rootUri: "../", packageUri: "lib/" }]' '${packageConfig}' > "$out" jq --arg name "$packageName" --arg languageVersion ${languageVersion} '.packages |= . + [{ name: $name, rootUri: "../", packageUri: "lib/", languageVersion: (if $languageVersion == "null" then null else $languageVersion end) }]' '${packageConfig}' > "$out"
${extraSetupCommands} ${extraSetupCommands}
runHook postInstall runHook postInstall
''; '';
} }
); );
in in

18
pkgs/build-support/fetchhg/default.nix
View File

@ -30,16 +30,14 @@ lib.extendMkDerivation {
outputHashAlgo = if finalAttrs.hash != null && finalAttrs.hash != "" then null else "sha256"; outputHashAlgo = if finalAttrs.hash != null && finalAttrs.hash != "" then null else "sha256";
outputHashMode = "recursive"; outputHashMode = "recursive";
outputHash = outputHash = lib.throwIf (hash != null && sha256 != null) "Only one of sha256 or hash can be set" (
lib.throwIf (finalAttrs.hash != null && sha256 != null) "Only one of sha256 or hash can be set" if finalAttrs.hash != null then
( finalAttrs.hash
if finalAttrs.hash != null then else if sha256 != null then
finalAttrs.hash sha256
else if sha256 != null then else
sha256 ""
else );
""
);
inherit url rev hash; inherit url rev hash;
inherit preferLocalBuild; inherit preferLocalBuild;

6
pkgs/by-name/ac/act/package.nix
View File

@ -8,7 +8,7 @@
}: }:
let let
version = "0.2.78"; version = "0.2.79";
in in
buildGoModule { buildGoModule {
pname = "act"; pname = "act";
@ -18,10 +18,10 @@ buildGoModule {
owner = "nektos"; owner = "nektos";
repo = "act"; repo = "act";
tag = "v${version}"; tag = "v${version}";
hash = "sha256-S4Ev7MszuvlsUstnjOltYnZTuhzeqP/GDqMEWsFLe5Y="; hash = "sha256-tIp9iG8SCppg+tX/KdvAON5fKAHAlU01GSJEgvm2JSg=";
}; };
vendorHash = "sha256-YH5SIZ73VYqg7+sSJpvqkIlBUy1rs3uNEWiEBDRdkQw="; vendorHash = "sha256-wMtRpFUOMia7ZbuKUUkkcr2Gi88fiZydqFSVSAdiKdo=";
doCheck = false; doCheck = false;

4
pkgs/by-name/aw/aws-lc/package.nix
View File

@ -10,13 +10,13 @@
}: }:
stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation (finalAttrs: {
pname = "aws-lc"; pname = "aws-lc";
version = "1.53.1"; version = "1.55.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "aws"; owner = "aws";
repo = "aws-lc"; repo = "aws-lc";
rev = "v${finalAttrs.version}"; rev = "v${finalAttrs.version}";
hash = "sha256-1liZ1xellboNNsL7D6vqYk9sHFpWN5c0o8B1S9B5Gnc="; hash = "sha256-Ul+PoOItv7FU7v7NkpaCrZrr/ULnI9FSv6T8ePzTMCs=";
}; };
outputs = [ outputs = [

6
pkgs/by-name/bi/bibiman/package.nix
View File

@ -8,18 +8,18 @@
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "bibiman"; pname = "bibiman";
version = "0.12.4"; version = "0.13.1";
src = fetchFromGitea { src = fetchFromGitea {
domain = "codeberg.org"; domain = "codeberg.org";
owner = "lukeflo"; owner = "lukeflo";
repo = "bibiman"; repo = "bibiman";
tag = "v${version}"; tag = "v${version}";
hash = "sha256-6duqLBPm6GlBHm3Kr4foHF1MKodYOYKKDITk/BiX6mA="; hash = "sha256-MdUabJQ5x3/n7dfbIjAqK9hDQ+lLNOtXknY4fTSW67Q=";
}; };
useFetchCargoVendor = true; useFetchCargoVendor = true;
cargoHash = "sha256-tbgzjTsK88+G4Wxex4Tl0K5Ii99tPNud3UEDzAHaI0M="; cargoHash = "sha256-FARk/BCssI35aS4yxUnfGoV6C3i4/a/LQcEMIKD29Ac=";
nativeInstallCheckInputs = [ nativeInstallCheckInputs = [
versionCheckHook versionCheckHook

6
pkgs/by-name/br/bruno/package.nix
View File

@ -19,20 +19,20 @@
buildNpmPackage rec { buildNpmPackage rec {
pname = "bruno"; pname = "bruno";
version = "2.6.1"; version = "2.7.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "usebruno"; owner = "usebruno";
repo = "bruno"; repo = "bruno";
tag = "v${version}"; tag = "v${version}";
hash = "sha256-GR/TmBuZbt/8cB9gtRPgzSVnzdrB1BKhYjahfJ3ErgQ="; hash = "sha256-qNZCLd4FixJ+I5xaIIQ9EIKfCXnPOZFGbXHkgagBbFE=";
postFetch = '' postFetch = ''
${lib.getExe npm-lockfile-fix} $out/package-lock.json ${lib.getExe npm-lockfile-fix} $out/package-lock.json
''; '';
}; };
npmDepsHash = "sha256-/u7xyd1+RXNN7khVOglzYGMCI+fPjyiuSF2BSZAqEtI="; npmDepsHash = "sha256-osdjtn9jn6T1YizQM7I9cfiHvIkrZ8HRDNjsR+FS/DE=";
npmFlags = [ "--legacy-peer-deps" ]; npmFlags = [ "--legacy-peer-deps" ];
nativeBuildInputs = nativeBuildInputs =

4
pkgs/by-name/by/byedpi/package.nix
View File

@ -6,13 +6,13 @@
}: }:
stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation (finalAttrs: {
pname = "byedpi"; pname = "byedpi";
version = "0.17"; version = "0.17.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "hufrea"; owner = "hufrea";
repo = "byedpi"; repo = "byedpi";
tag = "v${finalAttrs.version}"; tag = "v${finalAttrs.version}";
hash = "sha256-JedtEgkj21pDnNM19Oq6asI7iMIHZqf3ZolDlUDhHg8="; hash = "sha256-an0UmsAZw5DJMuM4WpAWBVVN0ZVBpXhn0cbZ0ZbfBjo=";
}; };
installPhase = '' installPhase = ''

6
pkgs/by-name/ca/cargo-mobile2/package.nix
View File

@ -10,7 +10,7 @@
let let
pname = "cargo-mobile2"; pname = "cargo-mobile2";
version = "0.20.1"; version = "0.20.2";
in in
rustPlatform.buildRustPackage { rustPlatform.buildRustPackage {
inherit pname version; inherit pname version;
@ -18,7 +18,7 @@ rustPlatform.buildRustPackage {
owner = "tauri-apps"; owner = "tauri-apps";
repo = "cargo-mobile2"; repo = "cargo-mobile2";
rev = "cargo-mobile2-v${version}"; rev = "cargo-mobile2-v${version}";
hash = "sha256-gKqGmd34nNKMc3fl5lMH09oOGnmRaMDBwsbHhAeUMBc="; hash = "sha256-mXedzfAN40IG8ivcSa/tf/Ys/rKcwkCmxU7/ja9ec2U=";
}; };
# Manually specify the sourceRoot since this crate depends on other crates in the workspace. Relevant info at # Manually specify the sourceRoot since this crate depends on other crates in the workspace. Relevant info at
@ -26,7 +26,7 @@ rustPlatform.buildRustPackage {
# sourceRoot = "${src.name}/tooling/cli"; # sourceRoot = "${src.name}/tooling/cli";
useFetchCargoVendor = true; useFetchCargoVendor = true;
cargoHash = "sha256-QEZe+7/i0XygXxs7pwdS9WtYbE2pfrUuRQC0dm+WqTo="; cargoHash = "sha256-Y1ykz7QU48AJVKBcYdrWEuNcahontkaJyFmrrh4eQs0=";
preBuild = '' preBuild = ''
mkdir -p $out/share/ mkdir -p $out/share/

8
pkgs/by-name/cl/claude-code/package-lock.json generated
View File

@ -6,13 +6,13 @@
"packages": { "packages": {
"": { "": {
"dependencies": { "dependencies": {
"@anthropic-ai/claude-code": "^1.0.44" "@anthropic-ai/claude-code": "^1.0.48"
} }
}, },
"node_modules/@anthropic-ai/claude-code": { "node_modules/@anthropic-ai/claude-code": {
"version": "1.0.44", "version": "1.0.48",
"resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-1.0.44.tgz", "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-1.0.48.tgz",
"integrity": "sha512-GCX0KeMcyhLlfs/dLWlMiHShAMmjt8d7xcVUS53z7VnV6s3cIIrRPsKQ/xX/Q9rFm5dSVmRnzU88Ku28fb3QKQ==", "integrity": "sha512-h63VBAZZ6Pl/DlYW2PjbfUeicZ4r9VSl8dymD3d+1lZEHwCPgfMpu3g+30+FDMs79Xqc7qSDm6CRnMApxhbjqw==",
"hasInstallScript": true, "hasInstallScript": true,
"license": "SEE LICENSE IN README.md", "license": "SEE LICENSE IN README.md",
"bin": { "bin": {

6
pkgs/by-name/cl/claude-code/package.nix
View File

@ -7,16 +7,16 @@
buildNpmPackage rec { buildNpmPackage rec {
pname = "claude-code"; pname = "claude-code";
version = "1.0.44"; version = "1.0.48";
nodejs = nodejs_20; # required for sandboxed Nix builds on Darwin nodejs = nodejs_20; # required for sandboxed Nix builds on Darwin
src = fetchzip { src = fetchzip {
url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"; url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz";
hash = "sha256-Dnooy0KNfhirTu7hv6DfwL7SHwf++CKtG8VHptNhcxU="; hash = "sha256-nl7NGiREuFpbr0if273FfbSpjD/BG8a/uMXfYtiZgbE=";
}; };
npmDepsHash = "sha256-Q3m4q0g/H5ZWmnMXSipRt3FUFu+SgDAJutVelQsv9ls="; npmDepsHash = "sha256-ppsyT+VXXaIP1ncuJx1I8M6eLTk7zP1KStf5nnWSwSo=";
postPatch = '' postPatch = ''
cp ${./package-lock.json} package-lock.json cp ${./package-lock.json} package-lock.json

6
pkgs/by-name/cl/clorinde/package.nix
View File

@ -8,17 +8,17 @@
rustPlatform.buildRustPackage (finalAttrs: { rustPlatform.buildRustPackage (finalAttrs: {
pname = "clorinde"; pname = "clorinde";
version = "0.16.0"; version = "1.0.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "halcyonnouveau"; owner = "halcyonnouveau";
repo = "clorinde"; repo = "clorinde";
tag = "clorinde-v${finalAttrs.version}"; tag = "clorinde-v${finalAttrs.version}";
hash = "sha256-ze/PEML1buh3HlVgz6ifMPWfZnr6eT3VpIXf7jR68jw="; hash = "sha256-AYoSs3rDZ5j8Xt6E4X7RmgccM3bng3rgWzVLFjhmfR0=";
}; };
useFetchCargoVendor = true; useFetchCargoVendor = true;
cargoHash = "sha256-dp5m/PLVG8xUM6LCq48NKK0P8di44keB/YZ9ocfL0Bg="; cargoHash = "sha256-hxOVocfQvBlaYh227SVLYncfVZ80bDxIvoMtthaqQqc=";
cargoBuildFlags = [ "--package=clorinde" ]; cargoBuildFlags = [ "--package=clorinde" ];

4
pkgs/by-name/fa/fantomas/package.nix
View File

@ -2,9 +2,9 @@
buildDotnetGlobalTool { buildDotnetGlobalTool {
pname = "fantomas"; pname = "fantomas";
version = "7.0.2"; version = "7.0.3";
nugetHash = "sha256-BAaENIm/ksTiXrUImRgKoIXTGIlgsX7ch6ayoFjhJXA="; nugetHash = "sha256-0XlfV7SxXPDnk/CjkUesJSaH0cxlNHJ+Jj86zNUhkNA=";
meta = with lib; { meta = with lib; {
description = "F# source code formatter"; description = "F# source code formatter";

4
pkgs/by-name/gi/gitaly/package.nix
View File

@ -7,7 +7,7 @@
}: }:
let let
version = "18.1.1"; version = "18.1.2";
package_version = "v${lib.versions.major version}"; package_version = "v${lib.versions.major version}";
gitaly_package = "gitlab.com/gitlab-org/gitaly/${package_version}"; gitaly_package = "gitlab.com/gitlab-org/gitaly/${package_version}";
@ -21,7 +21,7 @@ let
owner = "gitlab-org"; owner = "gitlab-org";
repo = "gitaly"; repo = "gitaly";
rev = "v${version}"; rev = "v${version}";
hash = "sha256-R79UV6QIEO/B7xQ3ds4scm7twHmalziksKBJ97tYVJM="; hash = "sha256-ErA04W6rWsjSay02bst0ur1mztrdo8SW/mpGtln4unI=";
}; };
vendorHash = "sha256-BTpcnaHNyLgdAA9KqqA+mBo18fmQ0+OwLGNOPHRJ/IE="; vendorHash = "sha256-BTpcnaHNyLgdAA9KqqA+mBo18fmQ0+OwLGNOPHRJ/IE=";

6
pkgs/by-name/gi/gitlab-container-registry/package.nix
View File

@ -6,7 +6,7 @@
buildGoModule rec { buildGoModule rec {
pname = "gitlab-container-registry"; pname = "gitlab-container-registry";
version = "4.23.1"; version = "4.24.0";
rev = "v${version}-gitlab"; rev = "v${version}-gitlab";
# nixpkgs-update: no auto update # nixpkgs-update: no auto update
@ -14,10 +14,10 @@ buildGoModule rec {
owner = "gitlab-org"; owner = "gitlab-org";
repo = "container-registry"; repo = "container-registry";
inherit rev; inherit rev;
hash = "sha256-eCuSuQXtzd2jLJf9G8DO1KGXdT8bYGe9tcKw6BZNiiI="; hash = "sha256-GNL7L6DKIKEgDEZQkeHNOn4R5SnWnHvNoUIs2YLjoR8=";
}; };
vendorHash = "sha256-OrdlQp+USRf+Yc7UDjIncDpbuRu5ui6TUoYY2MMc8Ro="; vendorHash = "sha256-zisadCxyfItD/n7VGbtbvhl8MRHiqdw0Kkrg6ebgS/8=";
checkFlags = checkFlags =
let let

4
pkgs/by-name/gi/gitlab-pages/package.nix
View File

@ -6,14 +6,14 @@
buildGoModule rec { buildGoModule rec {
pname = "gitlab-pages"; pname = "gitlab-pages";
version = "18.1.1"; version = "18.1.2";
# nixpkgs-update: no auto update # nixpkgs-update: no auto update
src = fetchFromGitLab { src = fetchFromGitLab {
owner = "gitlab-org"; owner = "gitlab-org";
repo = "gitlab-pages"; repo = "gitlab-pages";
rev = "v${version}"; rev = "v${version}";
hash = "sha256-tqT+ARebnBhBHzOenkL/o7/tf4/urxKFAOFMwCQSzeA="; hash = "sha256-XY/WK19nujQPdsicGDHS5gEZf3uJZdW41R4xK9hDML0=";
}; };
vendorHash = "sha256-6ZHKwPhC3N813kiw1NnPOMVc2CBSIClwc4MunDi0gCk="; vendorHash = "sha256-6ZHKwPhC3N813kiw1NnPOMVc2CBSIClwc4MunDi0gCk=";

12
pkgs/by-name/gi/gitlab/data.json
View File

@ -1,15 +1,15 @@
{ {
"version": "18.1.1", "version": "18.1.2",
"repo_hash": "1agw51d1qvvx6yyzz71sz4mkx04ic8hmql8lggz3x5scnhglnzjq", "repo_hash": "072ib6rc7mw9pdzql8514k4z76i1ahssyj5kypgyvf9qj4naym0b",
"yarn_hash": "0c5pp3dpvw0q0nfl6w1lpdmk7dvkfinwb7z7a3vq22wgzca23x2m", "yarn_hash": "0c5pp3dpvw0q0nfl6w1lpdmk7dvkfinwb7z7a3vq22wgzca23x2m",
"owner": "gitlab-org", "owner": "gitlab-org",
"repo": "gitlab", "repo": "gitlab",
"rev": "v18.1.1-ee", "rev": "v18.1.2-ee",
"passthru": { "passthru": {
"GITALY_SERVER_VERSION": "18.1.1", "GITALY_SERVER_VERSION": "18.1.2",
"GITLAB_PAGES_VERSION": "18.1.1", "GITLAB_PAGES_VERSION": "18.1.2",
"GITLAB_SHELL_VERSION": "14.42.0", "GITLAB_SHELL_VERSION": "14.42.0",
"GITLAB_ELASTICSEARCH_INDEXER_VERSION": "5.6.0", "GITLAB_ELASTICSEARCH_INDEXER_VERSION": "5.6.0",
"GITLAB_WORKHORSE_VERSION": "18.1.1" "GITLAB_WORKHORSE_VERSION": "18.1.2"
} }
} }

2
pkgs/by-name/gi/gitlab/gitlab-workhorse/default.nix
View File

@ -10,7 +10,7 @@ in
buildGoModule rec { buildGoModule rec {
pname = "gitlab-workhorse"; pname = "gitlab-workhorse";
version = "18.1.1"; version = "18.1.2";
# nixpkgs-update: no auto update # nixpkgs-update: no auto update
src = fetchFromGitLab { src = fetchFromGitLab {

4
pkgs/by-name/gi/gitlab/rubyEnv/Gemfile
View File

@ -648,7 +648,9 @@ gem 'gitaly', '~> 18.1.0.pre.rc1', feature_category: :gitaly
# KAS GRPC protocol definitions # KAS GRPC protocol definitions
gem 'gitlab-kas-grpc', '~> 17.11.0', feature_category: :deployment_management gem 'gitlab-kas-grpc', '~> 17.11.0', feature_category: :deployment_management
gem 'grpc', '~> 1.72.0', feature_category: :shared # Lock until 1.74.0 is available
# https://gitlab.com/gitlab-com/gl-infra/production/-/issues/20067
gem 'grpc', '= 1.63.0', feature_category: :shared
gem 'google-protobuf', '~> 3.25', '>= 3.25.3', feature_category: :shared gem 'google-protobuf', '~> 3.25', '>= 3.25.3', feature_category: :shared

8
pkgs/by-name/gi/gitlab/rubyEnv/Gemfile.lock
View File

@ -48,7 +48,7 @@ PATH
google-cloud-storage_transfer (~> 1.2.0) google-cloud-storage_transfer (~> 1.2.0)
google-protobuf (~> 3.25, >= 3.25.3) google-protobuf (~> 3.25, >= 3.25.3)
googleauth (~> 1.8.1) googleauth (~> 1.8.1)
grpc (~> 1.72.0) grpc (= 1.63.0)
json (~> 2.7) json (~> 2.7)
jwt (~> 2.5) jwt (~> 2.5)
logger (~> 1.5) logger (~> 1.5)
@ -956,8 +956,8 @@ GEM
graphql (~> 2.0) graphql (~> 2.0)
html-pipeline (~> 2.14, >= 2.14.3) html-pipeline (~> 2.14, >= 2.14.3)
sass-embedded (~> 1.58) sass-embedded (~> 1.58)
grpc (1.72.0) grpc (1.63.0)
google-protobuf (>= 3.25, < 5.0) google-protobuf (~> 3.25)
googleapis-common-protos-types (~> 1.0) googleapis-common-protos-types (~> 1.0)
grpc-google-iam-v1 (1.5.0) grpc-google-iam-v1 (1.5.0)
google-protobuf (~> 3.18) google-protobuf (~> 3.18)
@ -2210,7 +2210,7 @@ DEPENDENCIES
graphlyte (~> 1.0.0) graphlyte (~> 1.0.0)
graphql (= 2.4.13) graphql (= 2.4.13)
graphql-docs (~> 5.0.0) graphql-docs (~> 5.0.0)
grpc (~> 1.72.0) grpc (= 1.63.0)
gssapi (~> 1.3.1) gssapi (~> 1.3.1)
guard-rspec guard-rspec
haml_lint (~> 0.58) haml_lint (~> 0.58)

4
pkgs/by-name/gi/gitlab/rubyEnv/gemset.nix
View File

@ -3886,10 +3886,10 @@ src: {
platforms = [ ]; platforms = [ ];
source = { source = {
remotes = [ "https://rubygems.org" ]; remotes = [ "https://rubygems.org" ];
sha256 = "02gakdhvpl777b41i8cgkrj7gk0jlq4fza9hjksp2r7ryji0vyjn"; sha256 = "11ink0ayf14qgs3msn5a7dpg49vm3ck2415r64nfk1i8xv286hsz";
type = "gem"; type = "gem";
}; };
version = "1.72.0"; version = "1.63.0";
}; };
grpc-google-iam-v1 = { grpc-google-iam-v1 = {
dependencies = [ dependencies = [

5
pkgs/by-name/go/go-camo/package.nix
View File

@ -3,6 +3,7 @@
buildGo124Module, buildGo124Module,
fetchFromGitHub, fetchFromGitHub,
installShellFiles, installShellFiles,
nixosTests,
scdoc, scdoc,
}: }:
@ -43,6 +44,10 @@ buildGo124Module rec {
rm pkg/camo/proxy_{,filter_}test.go rm pkg/camo/proxy_{,filter_}test.go
''; '';
passthru.tests = {
inherit (nixosTests) go-camo;
};
meta = { meta = {
description = "Camo server is a special type of image proxy that proxies non-secure images over SSL/TLS"; description = "Camo server is a special type of image proxy that proxies non-secure images over SSL/TLS";
homepage = "https://github.com/cactus/go-camo"; homepage = "https://github.com/cactus/go-camo";

4
pkgs/by-name/go/go-musicfox/package.nix
View File

@ -11,13 +11,13 @@
buildGoModule rec { buildGoModule rec {
pname = "go-musicfox"; pname = "go-musicfox";
version = "4.6.2"; version = "4.6.3";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "go-musicfox"; owner = "go-musicfox";
repo = "go-musicfox"; repo = "go-musicfox";
rev = "v${version}"; rev = "v${version}";
hash = "sha256-GpzbHShQvsgPNnUjk52PSDhvmxEuJVXNXI7z8ESv6QQ="; hash = "sha256-TxBd+Q7tEyJpcUwOWAl2U1gmdNRYrBkGCtT961/8K1E=";
}; };
deleteVendor = true; deleteVendor = true;

4
pkgs/by-name/ja/janus-gateway/package.nix
View File

@ -34,13 +34,13 @@ in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "janus-gateway"; pname = "janus-gateway";
version = "1.3.1"; version = "1.3.2";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "meetecho"; owner = "meetecho";
repo = "janus-gateway"; repo = "janus-gateway";
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256-Y4MdbB706aziKPxM9y/3uCKpc60dMDlV0xgugDjfa7A="; sha256 = "sha256-FvTNe2lpDBchhVLTD+fKtwTcuqsuSEeNWcRAbLibLbc=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

4
pkgs/by-name/li/limine/package.nix
View File

@ -42,14 +42,14 @@ in
# as bootloader for various platforms and corresponding binary and helper files. # as bootloader for various platforms and corresponding binary and helper files.
stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation (finalAttrs: {
pname = "limine"; pname = "limine";
version = "9.3.4"; version = "9.4.0";
# We don't use the Git source but the release tarball, as the source has a # We don't use the Git source but the release tarball, as the source has a
# `./bootstrap` script performing network access to download resources. # `./bootstrap` script performing network access to download resources.
# Packaging that in Nix is very cumbersome. # Packaging that in Nix is very cumbersome.
src = fetchurl { src = fetchurl {
url = "https://github.com/limine-bootloader/limine/releases/download/v${finalAttrs.version}/limine-${finalAttrs.version}.tar.gz"; url = "https://github.com/limine-bootloader/limine/releases/download/v${finalAttrs.version}/limine-${finalAttrs.version}.tar.gz";
hash = "sha256-GXArMxm7vDyUShTIM1O8/4M8h/ol/b8YcsXdodxJqeM="; hash = "sha256-ddQB0wKMhKSnPrJflgsDfyWCzOiFehf/2CijPiVk65U=";
}; };
enableParallelBuilding = true; enableParallelBuilding = true;

4
pkgs/by-name/ll/llama-cpp/package.nix
View File

@ -72,13 +72,13 @@ let
in in
effectiveStdenv.mkDerivation (finalAttrs: { effectiveStdenv.mkDerivation (finalAttrs: {
pname = "llama-cpp"; pname = "llama-cpp";
version = "5760"; version = "5836";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "ggml-org"; owner = "ggml-org";
repo = "llama.cpp"; repo = "llama.cpp";
tag = "b${finalAttrs.version}"; tag = "b${finalAttrs.version}";
hash = "sha256-sl1lhj40c546YRuCTn6BlmS60Rd2TBKNx4TaQ0I6110="; hash = "sha256-fo6wnwN3a4xZamwm68EVLNVfQkk+vSxgEoORQKLzdH8=";
leaveDotGit = true; leaveDotGit = true;
postFetch = '' postFetch = ''
git -C "$out" rev-parse --short HEAD > $out/COMMIT git -C "$out" rev-parse --short HEAD > $out/COMMIT

9
pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_models.py
View File

@ -108,9 +108,9 @@ def test_flake_from_arg(
return_value=True, return_value=True,
), ),
patch( patch(
"pathlib.Path.is_symlink", "pathlib.Path.resolve",
autospec=True, autospec=True,
return_value=False, return_value=Path("/etc/nixos/flake.nix"),
), ),
): ):
assert m.Flake.from_arg(None, None) == m.Flake( assert m.Flake.from_arg(None, None) == m.Flake(
@ -123,11 +123,6 @@ def test_flake_from_arg(
autospec=True, autospec=True,
return_value=True, return_value=True,
), ),
patch(
"pathlib.Path.is_symlink",
autospec=True,
return_value=True,
),
patch( patch(
"pathlib.Path.resolve", "pathlib.Path.resolve",
autospec=True, autospec=True,

7
pkgs/by-name/no/nominatim-ui/package.nix
View File

@ -3,6 +3,7 @@
stdenv, stdenv,
fetchFromGitHub, fetchFromGitHub,
fetchYarnDeps, fetchYarnDeps,
nixosTests,
writableTmpDirAsHomeHook, writableTmpDirAsHomeHook,
writeText, writeText,
@ -10,7 +11,7 @@
nodejs, nodejs,
yarn, yarn,
# Custom application configuration placed to theme/config.theme.js file # Custom application configuration placed to theme/config.theme.js file.
# For the list of available configuration options see # For the list of available configuration options see
# https://github.com/osm-search/nominatim-ui/blob/master/dist/config.defaults.js # https://github.com/osm-search/nominatim-ui/blob/master/dist/config.defaults.js
customConfig ? null, customConfig ? null,
@ -83,6 +84,10 @@ stdenv.mkDerivation (finalAttrs: {
runHook postInstall runHook postInstall
''; '';
passthru.tests = {
inherit (nixosTests) nominatim;
};
meta = { meta = {
description = "Debugging user interface for Nominatim geocoder"; description = "Debugging user interface for Nominatim geocoder";
homepage = "https://github.com/osm-search/nominatim-ui"; homepage = "https://github.com/osm-search/nominatim-ui";

6
pkgs/by-name/no/nominatim/package.nix
View File

@ -7,6 +7,7 @@
python3Packages, python3Packages,
nominatim, # required for testVersion nominatim, # required for testVersion
nixosTests,
testers, testers,
}: }:
@ -64,8 +65,9 @@ python3Packages.buildPythonApplication rec {
pythonImportsCheck = [ "nominatim_db" ]; pythonImportsCheck = [ "nominatim_db" ];
passthru = { passthru.tests = {
tests.version = testers.testVersion { package = nominatim; }; version = testers.testVersion { package = nominatim; };
inherit (nixosTests) nominatim;
}; };
meta = { meta = {

72
pkgs/by-name/op/optee-client/package.nix Normal file
View File

@ -0,0 +1,72 @@
{
fetchFromGitHub,
isNixOS ? true,
lib,
libuuid,
pkg-config,
stdenv,
which,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "optee-client";
version = "4.6.0";
src = fetchFromGitHub {
owner = "OP-TEE";
repo = "optee_client";
rev = finalAttrs.version;
hash = "sha256-hHEIn0WU4XfqwZbOdg9kwSDxDcvK7Tvxtelamfc3IRM=";
};
outputs = [
"out"
"lib"
"dev"
];
strictDeps = true;
enableParallelBuilding = true;
nativeBuildInputs = [
which
pkg-config
];
buildInputs = [ libuuid ];
makeFlags =
[
"CROSS_COMPILE=${stdenv.cc.targetPrefix}"
"DESTDIR=$(out)"
"SBINDIR=/bin"
"INCLUDEDIR=/include"
"LIBDIR=/lib"
]
++
# If we are building for NixOS, change default optee config to use paths
# that will work well with NixOS.
lib.optionals isNixOS [
"CFG_TEE_CLIENT_LOAD_PATH=/run/current-system/sw/lib"
"CFG_TEE_PLUGIN_LOAD_PATH=/run/current-system/sw/lib/tee-supplicant/plugins"
"CFG_TEE_FS_PARENT_PATH=/var/lib/tee"
];
preFixup = ''
mkdir -p "$lib" "$dev"
mv "$out/lib" "$lib"
mv "$out/include" "$dev"
'';
meta = {
description = "Normal world client for OPTEE OS";
homepage = "https://github.com/OP-TEE/optee_client";
changelog = "https://github.com/OP-TEE/optee_client/releases/tag/${finalAttrs.version}";
license = lib.licenses.bsd2;
maintainers = [ lib.maintainers.jmbaur ];
platforms = [
"aarch64-linux"
"armv7l-linux"
];
};
})

6
pkgs/by-name/pi/pimsync/package.nix
View File

@ -12,17 +12,17 @@
rustPlatform.buildRustPackage (finalAttrs: { rustPlatform.buildRustPackage (finalAttrs: {
pname = "pimsync"; pname = "pimsync";
version = "0.4.2"; version = "0.4.3";
src = fetchFromSourcehut { src = fetchFromSourcehut {
owner = "~whynothugo"; owner = "~whynothugo";
repo = "pimsync"; repo = "pimsync";
rev = "v${finalAttrs.version}"; rev = "v${finalAttrs.version}";
hash = "sha256-6oV9E6Q6FmCh24xT9+lsQ47GVs70sSujsn54dX6CPgY="; hash = "sha256-VPrEY3aJKhn96oaehJ8MrrUj0XoSOMWC7APbnw6OrsQ=";
}; };
useFetchCargoVendor = true; useFetchCargoVendor = true;
cargoHash = "sha256-vnBk0uojWDM9PS8v5Qda2UflmIFZ09Qp9l25qTTWGMc="; cargoHash = "sha256-m5tg50C6DMFuBrCW9sxYfeRRZv6Sncp8X40fzaKEsi0=";
PIMSYNC_VERSION = finalAttrs.version; PIMSYNC_VERSION = finalAttrs.version;

35
pkgs/by-name/ru/rustical/package.nix Normal file
View File

@ -0,0 +1,35 @@
{
lib,
rustPlatform,
fetchFromGitHub,
pkg-config,
openssl,
}:
rustPlatform.buildRustPackage (finalAttrs: {
pname = "rustical";
version = "0.4.11";
src = fetchFromGitHub {
owner = "lennart-k";
repo = "rustical";
tag = "v${finalAttrs.version}";
hash = "sha256-QWuJKEc6hBA2rdbaqdhrah+WyRwVd91Y8/BIOaKlW28=";
};
cargoHash = "sha256-dQF+6my+TxZ6niFO5OnLXcPt0LGEymaXE9NqZWU5HJk=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ openssl ];
env.OPENSSL_NO_VENDOR = true;
meta = {
description = "Yet another calendar server aiming to be simple, fast and passwordless";
homepage = "https://github.com/lennart-k/rustical";
changelog = "https://github.com/lennart-k/rustical/releases/tag/v${finalAttrs.version}";
license = lib.licenses.agpl3Plus;
maintainers = with lib.maintainers; [ PopeRigby ];
mainProgram = "rustical";
};
})

4
pkgs/by-name/si/signal-export/package.nix
View File

@ -7,13 +7,13 @@
python3.pkgs.buildPythonApplication rec { python3.pkgs.buildPythonApplication rec {
pname = "signal-export"; pname = "signal-export";
version = "3.5.1"; version = "3.6.0";
pyproject = true; pyproject = true;
src = fetchPypi { src = fetchPypi {
inherit version; inherit version;
pname = "signal_export"; pname = "signal_export";
hash = "sha256-UhLWSYdJEDhZ1zI3nxhJoqeH8JfR4s9Hdp6fJ4UNROQ="; hash = "sha256-lflRY6EC9fqgdYwQ9Incc2PJ22okZC9Juu6X7pxGJ8w=";
}; };
build-system = with python3.pkgs; [ build-system = with python3.pkgs; [

34
pkgs/by-name/up/upbound/sources-main.json
View File

@ -8,38 +8,38 @@
"fetchurlAttrSet": { "fetchurlAttrSet": {
"docker-credential-up": { "docker-credential-up": {
"aarch64-darwin": { "aarch64-darwin": {
"hash": "sha256-ByiFy8k6qwKXTp7iLoojUNNKhhZnbqc6ms6g+r4f9u0=", "hash": "sha256-9X6D0WI9Vru/M3oQ/yK0AJjth6MTGfxeEf5Axx2rAlc=",
"url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/darwin_arm64.tar.gz" "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/darwin_arm64.tar.gz"
}, },
"aarch64-linux": { "aarch64-linux": {
"hash": "sha256-qis91nt43HGEfuqcCH5ri/s4QiHiMrRMTinSUjQeI3o=", "hash": "sha256-g7AzAp4cdJIsZ3mtkYF2MzlLHgwauFORaIkQ6mdwkuI=",
"url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/linux_arm64.tar.gz" "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/linux_arm64.tar.gz"
}, },
"x86_64-darwin": { "x86_64-darwin": {
"hash": "sha256-s2ORdd3G87Vo9I5zSZXGisjSMr0x86sCu6WOxOZBWTk=", "hash": "sha256-8F7r3o3e3Mo+GDicS+5Hg6qNz5B+Tt8OHcosHzpZUQM=",
"url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/darwin_amd64.tar.gz" "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/darwin_amd64.tar.gz"
}, },
"x86_64-linux": { "x86_64-linux": {
"hash": "sha256-5q/XactXioaOqUYwrojg5xgZg+pKjqnxR9tB8ILaaHg=", "hash": "sha256-3TduM86fAb3cIFhb8SNrAFisu9RjQ7H0gtd7csJfSb0=",
"url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/linux_amd64.tar.gz" "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/linux_amd64.tar.gz"
} }
}, },
"up": { "up": {
"aarch64-darwin": { "aarch64-darwin": {
"hash": "sha256-Rud8CPSlxl08cRjChFsZFG6Mfro8BiRWN7f2+DRwUsE=", "hash": "sha256-xLIdYSR+ILRY2qf5lPMroxZDvDEfDYxrz3cX4ZI0+h0=",
"url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/darwin_arm64.tar.gz" "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/darwin_arm64.tar.gz"
}, },
"aarch64-linux": { "aarch64-linux": {
"hash": "sha256-KN84vzXue9Tc8O9Ci/4emI7GOX8pETcVc/hpFuBJmy4=", "hash": "sha256-nUOTdWTUJe8eyHTIF4b/00Q9J0Qb4QaAIdAz90h4yHo=",
"url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/linux_arm64.tar.gz" "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/linux_arm64.tar.gz"
}, },
"x86_64-darwin": { "x86_64-darwin": {
"hash": "sha256-qHN7PSqU5nK5Dh8k4HEjwTmjN/yIoJh7VBoQ/dJS3/s=", "hash": "sha256-qn2cfprwaLP7chMcWN+zw8+G/tHGNlJtPMX6iB9XjCY=",
"url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/darwin_amd64.tar.gz" "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/darwin_amd64.tar.gz"
}, },
"x86_64-linux": { "x86_64-linux": {
"hash": "sha256-mw80qJ+9CRQFFKF7bhWiEYcW1P7Jm4dqkXTN+F8erPM=", "hash": "sha256-AAmdDWW0MmLYP5viRJ0BpXIVpmU7R6iSN5hwGm6HIuc=",
"url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/linux_amd64.tar.gz" "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/linux_amd64.tar.gz"
} }
} }
}, },
@ -49,5 +49,5 @@
"x86_64-darwin", "x86_64-darwin",
"x86_64-linux" "x86_64-linux"
], ],
"version": "0.39.0-87.g20595f83" "version": "0.39.0-115.gbdd4b5af"
} }

4
pkgs/by-name/wi/wireless-regdb/package.nix
View File

@ -7,11 +7,11 @@
stdenvNoCC.mkDerivation rec { stdenvNoCC.mkDerivation rec {
pname = "wireless-regdb"; pname = "wireless-regdb";
version = "2025.02.20"; version = "2025.07.10";
src = fetchurl { src = fetchurl {
url = "https://www.kernel.org/pub/software/network/${pname}/${pname}-${version}.tar.xz"; url = "https://www.kernel.org/pub/software/network/${pname}/${pname}-${version}.tar.xz";
hash = "sha256-V/jnchz1qIDBOuDCAu27IQkqBg1F+enFm80qgnK/pFY="; hash = "sha256-qDQLzc0bXbbHkUmHnRIrFw87sHU4FxjU9Cmtgxpvoo0=";
}; };
dontBuild = true; dontBuild = true;

4
pkgs/development/python-modules/arviz/default.nix
View File

@ -39,14 +39,14 @@
buildPythonPackage rec { buildPythonPackage rec {
pname = "arviz"; pname = "arviz";
version = "0.21.0"; version = "0.22.0";
pyproject = true; pyproject = true;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "arviz-devs"; owner = "arviz-devs";
repo = "arviz"; repo = "arviz";
tag = "v${version}"; tag = "v${version}";
hash = "sha256-rrOvdyZE0wo3iiiQ2hHklAtLU38mXs3hLsb+Fwy9eAk="; hash = "sha256-ZzZZKEtpVy44119H+upU36VLriZjjwPz3gqgKrL+gRI=";
}; };
build-system = [ build-system = [

7
pkgs/development/python-modules/mmengine/default.nix
View File

@ -9,6 +9,7 @@
# dependencies # dependencies
addict, addict,
distutils,
matplotlib, matplotlib,
numpy, numpy,
opencv4, opencv4,
@ -67,17 +68,13 @@ buildPythonPackage rec {
+ '' + ''
substituteInPlace tests/test_config/test_lazy.py \ substituteInPlace tests/test_config/test_lazy.py \
--replace-fail "import numpy.compat" "" --replace-fail "import numpy.compat" ""
substituteInPlace mmengine/utils/dl_utils/collect_env.py \
--replace-fail \
"from distutils" \
"from setuptools._distutils"
''; '';
build-system = [ setuptools ]; build-system = [ setuptools ];
dependencies = [ dependencies = [
addict addict
distutils
matplotlib matplotlib
numpy numpy
opencv4 opencv4

4
pkgs/development/python-modules/orbax-checkpoint/default.nix
View File

@ -35,14 +35,14 @@
buildPythonPackage rec { buildPythonPackage rec {
pname = "orbax-checkpoint"; pname = "orbax-checkpoint";
version = "0.11.18"; version = "0.11.19";
pyproject = true; pyproject = true;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "google"; owner = "google";
repo = "orbax"; repo = "orbax";
tag = "v${version}"; tag = "v${version}";
hash = "sha256-Uosd2TfC3KJMp46SnNnodPBc+G1nNdqFOwPQA+aVyrQ="; hash = "sha256-j15E4jGvxIjEdWG6Lwr9mvPXr9WifrD1zFF6Vj+7wik=";
}; };
sourceRoot = "${src.name}/checkpoint"; sourceRoot = "${src.name}/checkpoint";

88
pkgs/development/python-modules/sqlite-vec/default.nix Normal file
View File

@ -0,0 +1,88 @@
{
lib,
buildPythonPackage,
fetchpatch,
# build-system
setuptools,
setuptools-scm,
# dependencies
sqlite-vec-c, # alias for pkgs.sqlite-vec
# optional dependencies
numpy,
# check inputs
openai,
pytestCheckHook,
}:
buildPythonPackage rec {
inherit (sqlite-vec-c) pname version src;
pyproject = true;
# The actual source root is bindings/python but the patches
# apply to the bindings directory.
# This is a known issue, see https://discourse.nixos.org/t/how-to-apply-patches-with-sourceroot/59727
sourceRoot = "${src.name}/bindings";
patches = [
(fetchpatch {
# https://github.com/asg017/sqlite-vec/pull/233
name = "add-python-build-files.patch";
url = "https://github.com/asg017/sqlite-vec/commit/c1917deb11aa79dcac32440679345b93e13b1b86.patch";
hash = "sha256-4/9QLKuM/1AbD8AQHwJ14rhWVYVc+MILvK6+tWwWQlw=";
stripLen = 1;
})
(fetchpatch {
# https://github.com/asg017/sqlite-vec/pull/233
name = "add-python-test.patch";
url = "https://github.com/asg017/sqlite-vec/commit/608972c9dcbfc7f4583e99fd8de6e5e16da11081.patch";
hash = "sha256-8dfw7zs7z2FYh8DoAxurMYCDMOheg8Zl1XGcPw1A1BM=";
stripLen = 1;
})
];
# Change into the proper directory for building, move `extra_init.py` into its proper location,
# and supply the path to the library.
postPatch = ''
cd python
mv extra_init.py sqlite_vec/
substituteInPlace sqlite_vec/__init__.py \
--replace-fail "@libpath@" "${lib.getLib sqlite-vec-c}/lib/"
'';
build-system = [
setuptools
setuptools-scm
];
dependencies = [
sqlite-vec-c
];
optional-dependencies = {
numpy = [
numpy
];
};
nativeCheckInputs = [
numpy
openai
pytestCheckHook
sqlite-vec-c
];
pythonImportsCheck = [ "sqlite_vec" ];
meta = sqlite-vec-c.meta // {
description = "Python bindings for sqlite-vec";
maintainers = [ lib.maintainers.sarahec ];
badPlatforms = [
# segfaults during test
"x86_64-darwin"
];
};
}

4
pkgs/development/python-modules/timm/default.nix
View File

@ -22,14 +22,14 @@
buildPythonPackage rec { buildPythonPackage rec {
pname = "timm"; pname = "timm";
version = "1.0.16"; version = "1.0.17";
pyproject = true; pyproject = true;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "huggingface"; owner = "huggingface";
repo = "pytorch-image-models"; repo = "pytorch-image-models";
tag = "v${version}"; tag = "v${version}";
hash = "sha256-8z23KQvb+wAlM/IXDC9j6OV8ioZE1dx0xhITSzdHoeY="; hash = "sha256-NWWKDWcwRrQ2lrNSbkA2xepAoPP7+0G7g7eIjGLZSCw=";
}; };
build-system = [ pdm-backend ]; build-system = [ pdm-backend ];

4
pkgs/development/python-modules/txtai/default.nix
View File

@ -24,7 +24,7 @@
hnswlib, hnswlib,
pgvector, pgvector,
sqlalchemy, sqlalchemy,
sqlite-vec, sqlite-vec-c,
# api # api
aiohttp, aiohttp,
fastapi, fastapi,
@ -103,7 +103,7 @@ let
hnswlib hnswlib
pgvector pgvector
sqlalchemy sqlalchemy
sqlite-vec sqlite-vec-c
]; ];
api = [ api = [
aiohttp aiohttp

14
pkgs/development/tools/analysis/flow/default.nix
View File

@ -7,19 +7,15 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "flow"; pname = "flow";
version = "0.238.3"; version = "0.274.2";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "facebook"; owner = "facebook";
repo = "flow"; repo = "flow";
rev = "v${version}"; tag = "v${version}";
hash = "sha256-WlHta/wXTULehopXeIUdNAQb12Lf0SJnm1HIVHTDshA="; hash = "sha256-ZktRFFgPvIfbsAY3C6g3s3zqX3wES+QShu811m183cA=";
}; };
postPatch = ''
substituteInPlace src/services/inference/check_cache.ml --replace 'Core_kernel' 'Core'
'';
makeFlags = [ "FLOW_RELEASE=1" ]; makeFlags = [ "FLOW_RELEASE=1" ];
installPhase = '' installPhase = ''
@ -39,12 +35,12 @@ stdenv.mkDerivation rec {
buildInputs = ( buildInputs = (
with ocamlPackages; with ocamlPackages;
[ [
core_kernel camlp-streams
dtoa dtoa
fileutils fileutils
lwt_log lwt_log
lwt_ppx lwt_ppx
ocaml_lwt lwt
ppx_deriving ppx_deriving
ppx_gen_rec ppx_gen_rec
ppx_let ppx_let

12
pkgs/misc/arm-trusted-firmware/default.nix
View File

@ -18,7 +18,7 @@
}: }:
let let
buildArmTrustedFirmware = buildArmTrustedFirmware = lib.makeOverridable (
{ {
filesToInstall, filesToInstall,
installDir ? "$out", installDir ? "$out",
@ -59,8 +59,11 @@ let
depsBuildBuild = [ buildPackages.stdenv.cc ]; depsBuildBuild = [ buildPackages.stdenv.cc ];
# For Cortex-M0 firmware in RK3399 nativeBuildInputs = [
nativeBuildInputs = [ pkgsCross.arm-embedded.stdenv.cc ]; pkgsCross.arm-embedded.stdenv.cc # For Cortex-M0 firmware in RK3399
openssl # For fiptool
];
# Make the new toolchain guessing (from 2.11+) happy # Make the new toolchain guessing (from 2.11+) happy
# https://github.com/ARM-software/arm-trusted-firmware/blob/4ec2948fe3f65dba2f19e691e702f7de2949179c/make_helpers/toolchains/rk3399-m0.mk#L21-L22 # https://github.com/ARM-software/arm-trusted-firmware/blob/4ec2948fe3f65dba2f19e691e702f7de2949179c/make_helpers/toolchains/rk3399-m0.mk#L21-L22
rk3399-m0-oc = "${pkgsCross.arm-embedded.stdenv.cc.targetPrefix}objcopy"; rk3399-m0-oc = "${pkgsCross.arm-embedded.stdenv.cc.targetPrefix}objcopy";
@ -112,7 +115,8 @@ let
// extraMeta; // extraMeta;
} }
// builtins.removeAttrs args [ "extraMeta" ] // builtins.removeAttrs args [ "extraMeta" ]
); )
);
in in
{ {

127
pkgs/misc/optee-os/default.nix Normal file
View File

@ -0,0 +1,127 @@
{
dtc,
fetchFromGitHub,
lib,
pkgsBuildBuild,
stdenv,
}:
let
defaultVersion = "4.6.0";
defaultSrc = fetchFromGitHub {
owner = "OP-TEE";
repo = "optee_os";
rev = defaultVersion;
hash = "sha256-4z706DNfZE+CAPOa362CNSFhAN1KaNyKcI9C7+MRccs=";
};
buildOptee = lib.makeOverridable (
{
version ? null,
src ? null,
platform,
extraMakeFlags ? [ ],
extraMeta ? { },
...
}@args:
let
inherit (stdenv.hostPlatform) is32bit is64bit;
taTarget =
{
"arm" = "ta_arm32";
"arm64" = "ta_arm64";
}
.${stdenv.hostPlatform.linuxArch};
in
stdenv.mkDerivation (
{
pname = "optee-os-${platform}";
version = if src == null then defaultVersion else version;
src = if src == null then defaultSrc else src;
postPatch = ''
patchShebangs $(find -type d -name scripts -printf '%p ')
'';
outputs = [
"out"
"devkit"
];
strictDeps = true;
enableParallelBuilding = true;
depsBuildBuild = [ pkgsBuildBuild.stdenv.cc ];
nativeBuildInputs = [
dtc
(pkgsBuildBuild.python3.withPackages (
p: with p; [
pyelftools
cryptography
]
))
];
makeFlags =
[
"O=out"
"PLATFORM=${platform}"
"CFG_USER_TA_TARGETS=${taTarget}"
]
++ (lib.optionals (is32bit) [
"CFG_ARM32_core=y"
"CROSS_COMPILE32=${stdenv.cc.targetPrefix}"
])
++ (lib.optionals (is64bit) [
"CFG_ARM64_core=y"
"CROSS_COMPILE64=${stdenv.cc.targetPrefix}"
])
++ extraMakeFlags;
installPhase = ''
runHook preInstall
mkdir -p $out
cp out/core/{tee.elf,tee-pageable_v2.bin,tee.bin,tee-header_v2.bin,tee-pager_v2.bin,tee-raw.bin} $out
cp -r out/export-${taTarget} $devkit
runHook postInstall
'';
meta =
with lib;
{
description = "A Trusted Execution Environment for ARM";
homepage = "https://github.com/OP-TEE/optee_os";
changelog = "https://github.com/OP-TEE/optee_os/blob/${defaultVersion}/CHANGELOG.md";
license = licenses.bsd2;
maintainers = [ maintainers.jmbaur ];
}
// extraMeta;
}
// removeAttrs args [ "extraMeta" ]
)
);
in
{
inherit buildOptee;
opteeQemuArm = buildOptee {
platform = "vexpress";
extraMakeFlags = [ "PLATFORM_FLAVOR=qemu_virt" ];
extraMeta.platforms = [ "armv7l-linux" ];
};
opteeQemuAarch64 = buildOptee {
platform = "vexpress";
extraMakeFlags = [ "PLATFORM_FLAVOR=qemu_armv8a" ];
extraMeta.platforms = [ "aarch64-linux" ];
};
}

6
pkgs/servers/home-assistant/custom-lovelace-modules/hourly-weather/package.nix
View File

@ -6,16 +6,16 @@
buildNpmPackage rec { buildNpmPackage rec {
pname = "hourly-weather"; pname = "hourly-weather";
version = "6.6.1"; version = "6.7.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "decompil3d"; owner = "decompil3d";
repo = "lovelace-hourly-weather"; repo = "lovelace-hourly-weather";
rev = version; rev = version;
hash = "sha256-D2kCUcUgLyMVeba3xc02q/5PrEzXrBVCX+75F58j8y0="; hash = "sha256-VrHgFup2hAnoxqJQGw23ZiPFpAwfgSLC97U+KHV3PKQ=";
}; };
npmDepsHash = "sha256-gpyqQd4pRF4xKgfT9gRAVnXLSFThjfJV2yu4zOCvVpg="; npmDepsHash = "sha256-wXL1wLdBp8gkAfY29AS1fM/ZpCCoP1u9PTxDIahy1cg=";
env.CYPRESS_INSTALL_BINARY = "0"; env.CYPRESS_INSTALL_BINARY = "0";

10
pkgs/top-level/all-packages.nix
View File

@ -7232,9 +7232,7 @@ with pkgs;
haskellPackages.callPackage ../tools/misc/fffuu { } haskellPackages.callPackage ../tools/misc/fffuu { }
); );
flow = callPackage ../development/tools/analysis/flow { flow = callPackage ../development/tools/analysis/flow { };
ocamlPackages = ocaml-ng.ocamlPackages_4_14;
};
framac = callPackage ../by-name/fr/framac/package.nix { framac = callPackage ../by-name/fr/framac/package.nix {
ocamlPackages = ocaml-ng.ocamlPackages_5_2; ocamlPackages = ocaml-ng.ocamlPackages_5_2;
@ -7434,6 +7432,12 @@ with pkgs;
libiberty_static = libiberty.override { staticBuild = true; }; libiberty_static = libiberty.override { staticBuild = true; };
}; };
inherit (callPackage ../misc/optee-os { })
buildOptee
opteeQemuArm
opteeQemuAarch64
;
patchelf = callPackage ../development/tools/misc/patchelf { }; patchelf = callPackage ../development/tools/misc/patchelf { };
patchelfUnstable = lowPrio (callPackage ../development/tools/misc/patchelf/unstable.nix { }); patchelfUnstable = lowPrio (callPackage ../development/tools/misc/patchelf/unstable.nix { });

6
pkgs/top-level/python-packages.nix
View File

@ -17031,6 +17031,10 @@ self: super: with self; {
sqlite-utils = callPackage ../development/python-modules/sqlite-utils { }; sqlite-utils = callPackage ../development/python-modules/sqlite-utils { };
sqlite-vec = callPackage ../development/python-modules/sqlite-vec {
sqlite-vec-c = pkgs.sqlite-vec;
};
sqlitedict = callPackage ../development/python-modules/sqlitedict { }; sqlitedict = callPackage ../development/python-modules/sqlitedict { };
sqliteschema = callPackage ../development/python-modules/sqliteschema { }; sqliteschema = callPackage ../development/python-modules/sqliteschema { };
@ -18332,7 +18336,7 @@ self: super: with self; {
txrequests = callPackage ../development/python-modules/txrequests { }; txrequests = callPackage ../development/python-modules/txrequests { };
txtai = callPackage ../development/python-modules/txtai { }; txtai = callPackage ../development/python-modules/txtai { sqlite-vec-c = pkgs.sqlite-vec; };
txtorcon = callPackage ../development/python-modules/txtorcon { }; txtorcon = callPackage ../development/python-modules/txtorcon { };