Merge staging-next into staging

This commit is contained in:
github-actions[bot] 2020-12-05 12:18:20 +00:00 committed by GitHub
commit 899d916e1d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 7714 additions and 107 deletions

View file

@ -1,4 +1,4 @@
# Firefox
# Firefox {#sec-firefox}
## Build wrapped Firefox with extensions and policies
@ -44,6 +44,6 @@ To view available enterprise policies visit [enterprise policies](https://github
or type into the Firefox url bar: `about:policies#documentation`.
Nix installed addons do not have a valid signature, which is why signature verification is disabled. This does not compromise security because downloaded addons are checksumed and manual addons can't be installed.
# Troubleshooting
## Troubleshooting {#sec-firefox-troubleshooting}
If addons do not appear installed although they have been defined in your nix configuration file reset the local addon state of your Firefox profile by clicking `help -> restart with addons disabled -> restart -> refresh firefox`. This can happen if you switch from manual addon mode to nix addon mode and then back to manual mode and then again to nix addon mode.

View file

@ -482,6 +482,7 @@
./services/misc/mediatomb.nix
./services/misc/metabase.nix
./services/misc/mwlib.nix
./services/misc/n8n.nix
./services/misc/nix-daemon.nix
./services/misc/nix-gc.nix
./services/misc/nix-optimise.nix

View file

@ -0,0 +1,78 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.n8n;
format = pkgs.formats.json {};
configFile = format.generate "n8n.json" cfg.settings;
in
{
options.services.n8n = {
enable = mkEnableOption "n8n server";
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open ports in the firewall for the n8n web interface.";
};
settings = mkOption {
type = format.type;
default = {};
description = ''
Configuration for n8n, see <link xlink:href="https://docs.n8n.io/reference/configuration.html"/>
for supported values.
'';
};
};
config = mkIf cfg.enable {
services.n8n.settings = {
# We use this to open the firewall, so we need to know about the default at eval time
port = lib.mkDefault 5678;
};
systemd.services.n8n = {
description = "N8N service";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
# This folder must be writeable as the application is storing
# its data in it, so the StateDirectory is a good choice
N8N_USER_FOLDER = "/var/lib/n8n";
N8N_CONFIG_FILES = "${configFile}";
};
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.n8n}/bin/n8n";
Restart = "on-failure";
StateDirectory = "n8n";
# Basic Hardening
NoNewPrivileges = "yes";
PrivateTmp = "yes";
PrivateDevices = "yes";
DevicePolicy = "closed";
DynamicUser = "true";
ProtectSystem = "strict";
ProtectHome = "read-only";
ProtectControlGroups = "yes";
ProtectKernelModules = "yes";
ProtectKernelTunables = "yes";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
RestrictNamespaces = "yes";
RestrictRealtime = "yes";
RestrictSUIDSGID = "yes";
MemoryDenyWriteExecute = "yes";
LockPersonality = "yes";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.settings.port ];
};
};
}

View file

@ -231,6 +231,7 @@ in
mysql-autobackup = handleTest ./mysql/mysql-autobackup.nix {};
mysql-backup = handleTest ./mysql/mysql-backup.nix {};
mysql-replication = handleTest ./mysql/mysql-replication.nix {};
n8n = handleTest ./n8n.nix {};
nagios = handleTest ./nagios.nix {};
nano = handleTest ./nano.nix {};
nar-serve = handleTest ./nar-serve.nix {};

25
nixos/tests/n8n.nix Normal file
View file

@ -0,0 +1,25 @@
import ./make-test-python.nix ({ lib, ... }:
with lib;
let
port = 5678;
in
{
name = "n8n";
meta.maintainers = with maintainers; [ freezeboy ];
nodes.machine =
{ pkgs, ... }:
{
services.n8n = {
enable = true;
};
};
testScript = ''
machine.wait_for_unit("n8n.service")
machine.wait_for_open_port("${toString port}")
machine.succeed("curl --fail http://localhost:${toString port}/")
'';
})

View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "turbo-geth";
version = "2020.11.04";
version = "2020.12.01";
src = fetchFromGitHub {
owner = "ledgerwatch";
repo = pname;
rev = "v${version}";
sha256 = "1iidj7cvpazk2v419l6k7h67rkx0mni3fcxfjpwrp0815fy1c2ri";
sha256 = "0l1qj10vhfkrk66zihz8m24pnyj8jbb65a7amvphp07r199swy2a";
};
vendorSha256 = "16vawkky612zf45d8dhipjmhrprmi28z9wdcnjy07x3bxdyfbhfr";

View file

@ -6,13 +6,13 @@
mkDerivation rec {
pname = "sigil";
version = "1.4.2";
version = "1.4.3";
src = fetchFromGitHub {
repo = "Sigil";
owner = "Sigil-Ebook";
rev = version;
sha256 = "1vn444ax5af1gbhkm9lz46jc7zi4grf16cb4wqyb6hvgj2gbl0iw";
sha256 = "1hk8kmhvkwfimbxzhwbnb8qdpf4n36cdzl9wfvi574i9pps36hnz";
};
pythonPath = with python3Packages; [ lxml ];

View file

@ -17,10 +17,10 @@ let
pname = "simplenote";
version = "2.1.0";
version = "2.2.0";
sha256 = {
x86_64-linux = "0lg48nq493anpnm20vw72y242nxa1g903bxzp4pngzxyi986jddz";
x86_64-linux = "123b0fh14068s2z3k6s5mmh46xwlz02qfnpmj838zlm5hckjmifv";
}.${system} or throwSystem;
meta = with stdenv.lib; {

View file

@ -20,14 +20,14 @@
}:
mkDerivation rec {
version = "1.0.1";
version = "1.1.0";
pname = "syncthingtray";
src = fetchFromGitHub {
owner = "Martchus";
repo = "syncthingtray";
rev = "v${version}";
sha256 = "1dln5gh3p8nz9qmg07cw2s0lpzp3rfhyrwdhczj89g27bwk0lr4k";
sha256 = "0nzkzx870hzil2kny1irp4w2kxz5gmpchr2qxb7q4f9cnih92n0j";
};
buildInputs = [ qtbase cpp-utilities qtutilities ]

View file

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "toxic";
version = "0.9.1";
version = "0.10.0";
src = fetchFromGitHub {
owner = "Tox";
repo = "toxic";
rev = "v${version}";
sha256 = "1j0yd33sm824dy4mhwfxqkywa46yhqy5hd5wq4lp7lgl6m6mypar";
sha256 = "1v9cdpy6i3xl70g75zg33sqi4aqp20by0pyjhjg5iz24fxvfaw6c";
};
makeFlags = [ "PREFIX=$(out)"];

View file

@ -0,0 +1,18 @@
{ pkgs, nodejs, stdenv, lib, ... }:
let
nodePackages = import ./node-composition.nix {
inherit pkgs nodejs;
inherit (stdenv.hostPlatform) system;
};
in
nodePackages.n8n.override {
nativeBuildInputs = with pkgs.nodePackages; [
node-pre-gyp
];
meta = with lib; {
description = "Free and open fair-code licensed node based Workflow Automation Tool";
maintainers = with maintainers; [ freezeboy ];
license = licenses.asl20;
};
}

View file

@ -0,0 +1,8 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p nodePackages.node2nix
node2nix \
--node-env node-env.nix \
--input package.json \
--output node-packages.nix \
--composition node-composition.nix

View file

@ -0,0 +1,17 @@
# This file has been generated by node2nix 1.8.0. Do not edit!
{pkgs ? import <nixpkgs> {
inherit system;
}, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-12_x"}:
let
nodeEnv = import ./node-env.nix {
inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile;
inherit nodejs;
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
};
in
import ./node-packages.nix {
inherit (pkgs) fetchurl fetchgit;
inherit nodeEnv;
}

View file

@ -0,0 +1,542 @@
# This file originates from node2nix
{stdenv, nodejs, python2, utillinux, libtool, runCommand, writeTextFile}:
let
python = if nodejs ? python then nodejs.python else python2;
# Create a tar wrapper that filters all the 'Ignoring unknown extended header keyword' noise
tarWrapper = runCommand "tarWrapper" {} ''
mkdir -p $out/bin
cat > $out/bin/tar <<EOF
#! ${stdenv.shell} -e
$(type -p tar) "\$@" --warning=no-unknown-keyword --delay-directory-restore
EOF
chmod +x $out/bin/tar
'';
# Function that generates a TGZ file from a NPM project
buildNodeSourceDist =
{ name, version, src, ... }:
stdenv.mkDerivation {
name = "node-tarball-${name}-${version}";
inherit src;
buildInputs = [ nodejs ];
buildPhase = ''
export HOME=$TMPDIR
tgzFile=$(npm pack | tail -n 1) # Hooks to the pack command will add output (https://docs.npmjs.com/misc/scripts)
'';
installPhase = ''
mkdir -p $out/tarballs
mv $tgzFile $out/tarballs
mkdir -p $out/nix-support
echo "file source-dist $out/tarballs/$tgzFile" >> $out/nix-support/hydra-build-products
'';
};
includeDependencies = {dependencies}:
stdenv.lib.optionalString (dependencies != [])
(stdenv.lib.concatMapStrings (dependency:
''
# Bundle the dependencies of the package
mkdir -p node_modules
cd node_modules
# Only include dependencies if they don't exist. They may also be bundled in the package.
if [ ! -e "${dependency.name}" ]
then
${composePackage dependency}
fi
cd ..
''
) dependencies);
# Recursively composes the dependencies of a package
composePackage = { name, packageName, src, dependencies ? [], ... }@args:
builtins.addErrorContext "while evaluating node package '${packageName}'" ''
DIR=$(pwd)
cd $TMPDIR
unpackFile ${src}
# Make the base dir in which the target dependency resides first
mkdir -p "$(dirname "$DIR/${packageName}")"
if [ -f "${src}" ]
then
# Figure out what directory has been unpacked
packageDir="$(find . -maxdepth 1 -type d | tail -1)"
# Restore write permissions to make building work
find "$packageDir" -type d -exec chmod u+x {} \;
chmod -R u+w "$packageDir"
# Move the extracted tarball into the output folder
mv "$packageDir" "$DIR/${packageName}"
elif [ -d "${src}" ]
then
# Get a stripped name (without hash) of the source directory.
# On old nixpkgs it's already set internally.
if [ -z "$strippedName" ]
then
strippedName="$(stripHash ${src})"
fi
# Restore write permissions to make building work
chmod -R u+w "$strippedName"
# Move the extracted directory into the output folder
mv "$strippedName" "$DIR/${packageName}"
fi
# Unset the stripped name to not confuse the next unpack step
unset strippedName
# Include the dependencies of the package
cd "$DIR/${packageName}"
${includeDependencies { inherit dependencies; }}
cd ..
${stdenv.lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
'';
pinpointDependencies = {dependencies, production}:
let
pinpointDependenciesFromPackageJSON = writeTextFile {
name = "pinpointDependencies.js";
text = ''
var fs = require('fs');
var path = require('path');
function resolveDependencyVersion(location, name) {
if(location == process.env['NIX_STORE']) {
return null;
} else {
var dependencyPackageJSON = path.join(location, "node_modules", name, "package.json");
if(fs.existsSync(dependencyPackageJSON)) {
var dependencyPackageObj = JSON.parse(fs.readFileSync(dependencyPackageJSON));
if(dependencyPackageObj.name == name) {
return dependencyPackageObj.version;
}
} else {
return resolveDependencyVersion(path.resolve(location, ".."), name);
}
}
}
function replaceDependencies(dependencies) {
if(typeof dependencies == "object" && dependencies !== null) {
for(var dependency in dependencies) {
var resolvedVersion = resolveDependencyVersion(process.cwd(), dependency);
if(resolvedVersion === null) {
process.stderr.write("WARNING: cannot pinpoint dependency: "+dependency+", context: "+process.cwd()+"\n");
} else {
dependencies[dependency] = resolvedVersion;
}
}
}
}
/* Read the package.json configuration */
var packageObj = JSON.parse(fs.readFileSync('./package.json'));
/* Pinpoint all dependencies */
replaceDependencies(packageObj.dependencies);
if(process.argv[2] == "development") {
replaceDependencies(packageObj.devDependencies);
}
replaceDependencies(packageObj.optionalDependencies);
/* Write the fixed package.json file */
fs.writeFileSync("package.json", JSON.stringify(packageObj, null, 2));
'';
};
in
''
node ${pinpointDependenciesFromPackageJSON} ${if production then "production" else "development"}
${stdenv.lib.optionalString (dependencies != [])
''
if [ -d node_modules ]
then
cd node_modules
${stdenv.lib.concatMapStrings (dependency: pinpointDependenciesOfPackage dependency) dependencies}
cd ..
fi
''}
'';
# Recursively traverses all dependencies of a package and pinpoints all
# dependencies in the package.json file to the versions that are actually
# being used.
pinpointDependenciesOfPackage = { packageName, dependencies ? [], production ? true, ... }@args:
''
if [ -d "${packageName}" ]
then
cd "${packageName}"
${pinpointDependencies { inherit dependencies production; }}
cd ..
${stdenv.lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
fi
'';
# Extract the Node.js source code which is used to compile packages with
# native bindings
nodeSources = runCommand "node-sources" {} ''
tar --no-same-owner --no-same-permissions -xf ${nodejs.src}
mv node-* $out
'';
# Script that adds _integrity fields to all package.json files to prevent NPM from consulting the cache (that is empty)
addIntegrityFieldsScript = writeTextFile {
name = "addintegrityfields.js";
text = ''
var fs = require('fs');
var path = require('path');
function augmentDependencies(baseDir, dependencies) {
for(var dependencyName in dependencies) {
var dependency = dependencies[dependencyName];
// Open package.json and augment metadata fields
var packageJSONDir = path.join(baseDir, "node_modules", dependencyName);
var packageJSONPath = path.join(packageJSONDir, "package.json");
if(fs.existsSync(packageJSONPath)) { // Only augment packages that exist. Sometimes we may have production installs in which development dependencies can be ignored
console.log("Adding metadata fields to: "+packageJSONPath);
var packageObj = JSON.parse(fs.readFileSync(packageJSONPath));
if(dependency.integrity) {
packageObj["_integrity"] = dependency.integrity;
} else {
packageObj["_integrity"] = "sha1-000000000000000000000000000="; // When no _integrity string has been provided (e.g. by Git dependencies), add a dummy one. It does not seem to harm and it bypasses downloads.
}
if(dependency.resolved) {
packageObj["_resolved"] = dependency.resolved; // Adopt the resolved property if one has been provided
} else {
packageObj["_resolved"] = dependency.version; // Set the resolved version to the version identifier. This prevents NPM from cloning Git repositories.
}
if(dependency.from !== undefined) { // Adopt from property if one has been provided
packageObj["_from"] = dependency.from;
}
fs.writeFileSync(packageJSONPath, JSON.stringify(packageObj, null, 2));
}
// Augment transitive dependencies
if(dependency.dependencies !== undefined) {
augmentDependencies(packageJSONDir, dependency.dependencies);
}
}
}
if(fs.existsSync("./package-lock.json")) {
var packageLock = JSON.parse(fs.readFileSync("./package-lock.json"));
if(packageLock.lockfileVersion !== 1) {
process.stderr.write("Sorry, I only understand lock file version 1!\n");
process.exit(1);
}
if(packageLock.dependencies !== undefined) {
augmentDependencies(".", packageLock.dependencies);
}
}
'';
};
# Reconstructs a package-lock file from the node_modules/ folder structure and package.json files with dummy sha1 hashes
reconstructPackageLock = writeTextFile {
name = "addintegrityfields.js";
text = ''
var fs = require('fs');
var path = require('path');
var packageObj = JSON.parse(fs.readFileSync("package.json"));
var lockObj = {
name: packageObj.name,
version: packageObj.version,
lockfileVersion: 1,
requires: true,
dependencies: {}
};
function augmentPackageJSON(filePath, dependencies) {
var packageJSON = path.join(filePath, "package.json");
if(fs.existsSync(packageJSON)) {
var packageObj = JSON.parse(fs.readFileSync(packageJSON));
dependencies[packageObj.name] = {
version: packageObj.version,
integrity: "sha1-000000000000000000000000000=",
dependencies: {}
};
processDependencies(path.join(filePath, "node_modules"), dependencies[packageObj.name].dependencies);
}
}
function processDependencies(dir, dependencies) {
if(fs.existsSync(dir)) {
var files = fs.readdirSync(dir);
files.forEach(function(entry) {
var filePath = path.join(dir, entry);
var stats = fs.statSync(filePath);
if(stats.isDirectory()) {
if(entry.substr(0, 1) == "@") {
// When we encounter a namespace folder, augment all packages belonging to the scope
var pkgFiles = fs.readdirSync(filePath);
pkgFiles.forEach(function(entry) {
if(stats.isDirectory()) {
var pkgFilePath = path.join(filePath, entry);
augmentPackageJSON(pkgFilePath, dependencies);
}
});
} else {
augmentPackageJSON(filePath, dependencies);
}
}
});
}
}
processDependencies("node_modules", lockObj.dependencies);
fs.writeFileSync("package-lock.json", JSON.stringify(lockObj, null, 2));
'';
};
prepareAndInvokeNPM = {packageName, bypassCache, reconstructLock, npmFlags, production}:
let
forceOfflineFlag = if bypassCache then "--offline" else "--registry http://www.example.com";
in
''
# Pinpoint the versions of all dependencies to the ones that are actually being used
echo "pinpointing versions of dependencies..."
source $pinpointDependenciesScriptPath
# Patch the shebangs of the bundled modules to prevent them from
# calling executables outside the Nix store as much as possible
patchShebangs .
# Deploy the Node.js package by running npm install. Since the
# dependencies have been provided already by ourselves, it should not
# attempt to install them again, which is good, because we want to make
# it Nix's responsibility. If it needs to install any dependencies
# anyway (e.g. because the dependency parameters are
# incomplete/incorrect), it fails.
#
# The other responsibilities of NPM are kept -- version checks, build
# steps, postprocessing etc.
export HOME=$TMPDIR
cd "${packageName}"
runHook preRebuild
${stdenv.lib.optionalString bypassCache ''
${stdenv.lib.optionalString reconstructLock ''
if [ -f package-lock.json ]
then
echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!"
echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!"
rm package-lock.json
else
echo "No package-lock.json file found, reconstructing..."
fi
node ${reconstructPackageLock}
''}
node ${addIntegrityFieldsScript}
''}
npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${stdenv.lib.optionalString production "--production"} rebuild
if [ "''${dontNpmInstall-}" != "1" ]
then
# NPM tries to download packages even when they already exist if npm-shrinkwrap is used.
rm -f npm-shrinkwrap.json
npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${stdenv.lib.optionalString production "--production"} install
fi
'';
# Builds and composes an NPM package including all its dependencies
buildNodePackage =
{ name
, packageName
, version
, dependencies ? []
, buildInputs ? []
, production ? true
, npmFlags ? ""
, dontNpmInstall ? false
, bypassCache ? false
, reconstructLock ? false
, preRebuild ? ""
, dontStrip ? true
, unpackPhase ? "true"
, buildPhase ? "true"
, ... }@args:
let
extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" "dontStrip" "dontNpmInstall" "preRebuild" "unpackPhase" "buildPhase" ];
in
stdenv.mkDerivation ({
name = "node_${name}-${version}";
buildInputs = [ tarWrapper python nodejs ]
++ stdenv.lib.optional (stdenv.isLinux) utillinux
++ stdenv.lib.optional (stdenv.isDarwin) libtool
++ buildInputs;
inherit nodejs;
inherit dontStrip; # Stripping may fail a build for some package deployments
inherit dontNpmInstall preRebuild unpackPhase buildPhase;
compositionScript = composePackage args;
pinpointDependenciesScript = pinpointDependenciesOfPackage args;
passAsFile = [ "compositionScript" "pinpointDependenciesScript" ];
installPhase = ''
# Create and enter a root node_modules/ folder
mkdir -p $out/lib/node_modules
cd $out/lib/node_modules
# Compose the package and all its dependencies
source $compositionScriptPath
${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
# Create symlink to the deployed executable folder, if applicable
if [ -d "$out/lib/node_modules/.bin" ]
then
ln -s $out/lib/node_modules/.bin $out/bin
fi
# Create symlinks to the deployed manual page folders, if applicable
if [ -d "$out/lib/node_modules/${packageName}/man" ]
then
mkdir -p $out/share
for dir in "$out/lib/node_modules/${packageName}/man/"*
do
mkdir -p $out/share/man/$(basename "$dir")
for page in "$dir"/*
do
ln -s $page $out/share/man/$(basename "$dir")
done
done
fi
# Run post install hook, if provided
runHook postInstall
'';
} // extraArgs);
# Builds a development shell
buildNodeShell =
{ name
, packageName
, version
, src
, dependencies ? []
, buildInputs ? []
, production ? true
, npmFlags ? ""
, dontNpmInstall ? false
, bypassCache ? false
, reconstructLock ? false
, dontStrip ? true
, unpackPhase ? "true"
, buildPhase ? "true"
, ... }@args:
let
extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" ];
nodeDependencies = stdenv.mkDerivation ({
name = "node-dependencies-${name}-${version}";
buildInputs = [ tarWrapper python nodejs ]
++ stdenv.lib.optional (stdenv.isLinux) utillinux
++ stdenv.lib.optional (stdenv.isDarwin) libtool
++ buildInputs;
inherit dontStrip; # Stripping may fail a build for some package deployments
inherit dontNpmInstall unpackPhase buildPhase;
includeScript = includeDependencies { inherit dependencies; };
pinpointDependenciesScript = pinpointDependenciesOfPackage args;
passAsFile = [ "includeScript" "pinpointDependenciesScript" ];
installPhase = ''
mkdir -p $out/${packageName}
cd $out/${packageName}
source $includeScriptPath
# Create fake package.json to make the npm commands work properly
cp ${src}/package.json .
chmod 644 package.json
${stdenv.lib.optionalString bypassCache ''
if [ -f ${src}/package-lock.json ]
then
cp ${src}/package-lock.json .
fi
''}
# Go to the parent folder to make sure that all packages are pinpointed
cd ..
${stdenv.lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
# Expose the executables that were installed
cd ..
${stdenv.lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
mv ${packageName} lib
ln -s $out/lib/node_modules/.bin $out/bin
'';
} // extraArgs);
in
stdenv.mkDerivation {
name = "node-shell-${name}-${version}";
buildInputs = [ python nodejs ] ++ stdenv.lib.optional (stdenv.isLinux) utillinux ++ buildInputs;
buildCommand = ''
mkdir -p $out/bin
cat > $out/bin/shell <<EOF
#! ${stdenv.shell} -e
$shellHook
exec ${stdenv.shell}
EOF
chmod +x $out/bin/shell
'';
# Provide the dependencies in a development shell through the NODE_PATH environment variable
inherit nodeDependencies;
shellHook = stdenv.lib.optionalString (dependencies != []) ''
export NODE_PATH=${nodeDependencies}/lib/node_modules
export PATH="${nodeDependencies}/bin:$PATH"
'';
};
in
{
buildNodeSourceDist = stdenv.lib.makeOverridable buildNodeSourceDist;
buildNodePackage = stdenv.lib.makeOverridable buildNodePackage;
buildNodeShell = stdenv.lib.makeOverridable buildNodeShell;
}

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,3 @@
[
"n8n"
]

View file

@ -10,11 +10,11 @@ let
in
buildPythonApplication rec {
pname = "todoman";
version = "3.8.0";
version = "3.9.0";
src = fetchPypi {
inherit pname version;
sha256 = "1aq7f63bhs9dnwzp15nfr07f2ki6s3lnqfap3b09rhchn6lfznwb";
sha256 = "e7e5cab13ecce0562b1f13f46ab8cbc079caed4b462f2371929f8a4abff2bcbe";
};
nativeBuildInputs = [

View file

@ -48,8 +48,15 @@
+ extraPostFetch
# Remove write permissions for files unpacked with write bits set
# Fixes https://github.com/NixOS/nixpkgs/issues/38649
#
# However, we should (for the moment) retain write permission on the directory
# itself, to avoid tickling https://github.com/NixOS/nix/issues/4295 in
# single-user Nix installations. This is because in sandbox mode we'll try to
# move the path, and if we don't have write permissions on the directory,
# then we can't update the ".." entry.
+ ''
chmod -R a-w "$out"
chmod u+w "$out"
'';
} // removeAttrs args [ "stripRoot" "extraPostFetch" ])).overrideAttrs (x: {
# Hackety-hack: we actually need unzip hooks, too

View file

@ -0,0 +1,38 @@
{ stdenv, fetchFromGitHub, substituteAll, glib, gnome3, gettext }:
stdenv.mkDerivation rec {
pname = "gnome-shell-extension-EasyScreenCast";
version = "unstable-2020-11-25";
src = fetchFromGitHub {
# To make it work with gnome 3.38, using effectively: https://github.com/EasyScreenCast/EasyScreenCast/pull/276
owner = "Ian2020";
repo = "EasyScreenCast";
rev = "b1ab4a999bc7110ecbf68b5fe42c37fa67d7cb0d";
sha256 = "s9b0ITKUzgG6XOd1bK7i3mGxfc+T+UHrTZhBp0Ff8zQ=";
};
patches = [
(substituteAll {
src = ./fix-gi-path.patch;
gnomeShell = gnome3.gnome-shell;
})
];
nativeBuildInputs = [
glib gettext
];
makeFlags = [ "INSTALLBASE=$(out)/share/gnome-shell/extensions" ];
uuid = "EasyScreenCast@iacopodeenosee.gmail.com";
meta = with stdenv.lib; {
description = "Simplifies the use of the video recording function integrated in gnome shell";
homepage = "https://github.com/EasyScreenCast/EasyScreenCast";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ doronbehar ];
platforms = platforms.linux;
};
}

View file

@ -0,0 +1,16 @@
diff --git i/utilaudio.js w/utilaudio.js
index 983b29c..7a94de8 100644
--- i/utilaudio.js
+++ w/utilaudio.js
@@ -11,10 +11,7 @@
*/
const GIRepository = imports.gi.GIRepository;
-GIRepository.Repository.prepend_search_path("/usr/lib/gnome-shell");
-GIRepository.Repository.prepend_library_path("/usr/lib/gnome-shell");
-GIRepository.Repository.prepend_search_path("/usr/lib64/gnome-shell");
-GIRepository.Repository.prepend_library_path("/usr/lib64/gnome-shell");
+GIRepository.Repository.prepend_search_path("@gnomeShell@/lib/gnome-shell");
const Gvc = imports.gi.Gvc;
const Lang = imports.lang;

View file

@ -1,78 +0,0 @@
{ stdenv, fetchFromGitHub, glibcLocales
, cmake, python3, libpng, zlib
}:
stdenv.mkDerivation rec {
pname = "onnxruntime";
version = "1.3.1";
src = fetchFromGitHub {
owner = "microsoft";
repo = "onnxruntime";
rev = "v${version}";
sha256 = "0rbk1jbfc447x2wybz2hsba6w1ij0fq21996l52cqv39898lvy9d";
# TODO: use nix-versions of grpc, onnx, eigen, googletest, etc.
# submodules increase src size and compile times significantly
# not currently feasible due to how integrated cmake build is with git
fetchSubmodules = true;
# Remove unicode file names which leads to different checksums on HFS+
# vs. other filesystems because of unicode normalisation.
postFetch = ''
rm -rf $out/winml/test/collateral/models/UnicodePath/
'';
};
# TODO: build server, and move .so's to lib output
outputs = [ "out" "dev" ];
nativeBuildInputs = [
cmake
python3 # for shared-lib or server
];
buildInputs = [
# technically optional, but highly recommended
libpng
zlib
];
cmakeDir = "../cmake";
cmakeFlags = [
"-Donnxruntime_USE_OPENMP=ON"
"-Donnxruntime_BUILD_SHARED_LIB=ON"
"-Donnxruntime_ENABLE_LTO=ON"
];
# ContribOpTest.StringNormalizerTest sets locale to en_US.UTF-8"
preCheck = stdenv.lib.optionalString stdenv.isLinux ''
export LOCALE_ARCHIVE="${glibcLocales}/lib/locale/locale-archive"
'';
doCheck = true;
postInstall = ''
rm -r $out/bin # ctest runner
'';
enableParallelBuilding = true;
meta = with stdenv.lib; {
description = "Cross-platform, high performance scoring engine for ML models";
longDescription = ''
ONNX Runtime is a performance-focused complete scoring engine
for Open Neural Network Exchange (ONNX) models, with an open
extensible architecture to continually address the latest developments
in AI and Deep Learning. ONNX Runtime stays up to date with the ONNX
standard with complete implementation of all ONNX operators, and
supports all ONNX releases (1.2+) with both future and backwards
compatibility.
'';
homepage = "https://github.com/microsoft/onnxruntime";
changelog = "https://github.com/microsoft/onnxruntime/releases";
# https://github.com/microsoft/onnxruntime/blob/master/BUILD.md#architectures
platforms = platforms.unix;
license = licenses.mit;
maintainers = with maintainers; [ jonringer ];
};
}

View file

@ -2,13 +2,13 @@
buildDunePackage rec {
pname = "ppx_tools_versioned";
version = "5.3.0";
version = "5.4.0";
src = fetchFromGitHub {
owner = "ocaml-ppx";
repo = pname;
rev = version;
sha256 = "0c735w9mq49dmvkdw9ahfwh0icsk2sbhnfwmdhpibj86phfm17yj";
sha256 = "07lnj4yzwvwyh5fhpp1dxrys4ddih15jhgqjn59pmgxinbnddi66";
};
propagatedBuildInputs = [ ocaml-migrate-parsetree ];

View file

@ -1,14 +1,14 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
version = "0.3.0";
version = "0.4.0";
pname = "tempo";
src = fetchFromGitHub {
rev = "v${version}";
owner = "grafana";
repo = "tempo";
sha256 = "0inqljiavqyq8dk2w0w0l2bds5390mrf8j190yb7lqwx9ra0cjp9";
sha256 = "16hrvhnlciaf06l34p3bb3nvmxr8zwbh7zql13zja1hs0kvwxv5c";
};
vendorSha256 = null;

View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "bdf2psf";
version = "1.198";
version = "1.199";
src = fetchurl {
url = "mirror://debian/pool/main/c/console-setup/bdf2psf_${version}_all.deb";
sha256 = "1b57pk10wf667aag3mhh397sfra44gilnyyg7fm532qaw3xapv2i";
sha256 = "0qs0qrdagvnh4z20wp4v3v4ry6j5jihlpv3iqzzhdzzxjfrw9m9y";
};
nativeBuildInputs = [ dpkg ];

View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "topgrade";
version = "6.0.0";
version = "6.0.1";
src = fetchFromGitHub {
owner = "r-darwish";
repo = pname;
rev = "v${version}";
sha256 = "15ad30svvr775dxp5gwlq73xydsqwfpw650c3c3ma4jshw36w0x4";
sha256 = "1bpq4zki98vw793rvrk9qwgh62f1qwzh0cm4a3h0bif43kg836n0";
};
cargoSha256 = "0bwy2y44czhvckipvjn28j6ds1pnbj38i29hvlv4f782imfn92hz";
cargoSha256 = "1486pfiv4lfzdz3hj5z6s7q8lhzrldffji3fsf10z50sm4fhq73q";
buildInputs = lib.optional stdenv.isDarwin Foundation;

View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "zerotierone";
version = "1.6.1";
version = "1.6.2";
src = fetchFromGitHub {
owner = "zerotier";
repo = "ZeroTierOne";
rev = version;
sha256 = "0zk1lvjramahjpq94axdic8sgvvmgyg1fmcb89lynqqvh66qsv12";
sha256 = "0lky68fjrqjsd62g97jkn5a9hzj53g8wb6d2ncx8s21rknpncdar";
};
preConfigure = ''

View file

@ -1,13 +1,13 @@
{ stdenv, fetchFromGitHub, libpcap, openssl, libnetfilter_queue, libnfnetlink }:
stdenv.mkDerivation rec {
pname = "thc-ipv6";
version = "3.6";
version = "3.8";
src = fetchFromGitHub {
owner = "vanhauser-thc";
repo = pname;
rev = "v${version}";
sha256 = "1xjg30z0wzm3xvccv9cgh000i1m79p3m8f0b3s741k0mzyrk8lln";
sha256 = "07kwika1zdq62s5p5z94xznm77dxjxdg8k0hrg7wygz50151nzmx";
};
buildInputs = [

View file

@ -365,6 +365,7 @@ mapAliases ({
openjpeg_2_1 = openjpeg_2; # added 2018-10-25
opensans-ttf = open-sans; # added 2018-12-04
openssh_with_kerberos = openssh; # added 2018-01-28
onnxruntime = throw "onnxruntime has been removed due to poor maintainability"; # added 2020-12-04
osquery = throw "osquery has been removed."; # added 2019-11-24
otter-browser = throw "otter-browser has been removed from nixpkgs, as it was unmaintained"; # added 2020-02-02
owncloudclient = owncloud-client; # added 2016-08

View file

@ -2480,8 +2480,6 @@ in
oneshot = callPackage ../tools/networking/oneshot { };
onnxruntime = callPackage ../development/libraries/onnxruntime { };
xkbd = callPackage ../applications/misc/xkbd { };
libpsm2 = callPackage ../os-specific/linux/libpsm2 { };
@ -22773,6 +22771,8 @@ in
pythonPackages = python3Packages;
};
n8n = callPackage ../applications/networking/n8n {};
neap = callPackage ../applications/misc/neap { };
neomutt = callPackage ../applications/networking/mailreaders/neomutt { };
@ -26249,6 +26249,7 @@ in
dash-to-panel = callPackage ../desktops/gnome-3/extensions/dash-to-panel { };
draw-on-your-screen = callPackage ../desktops/gnome-3/extensions/draw-on-your-screen { };
drop-down-terminal = callPackage ../desktops/gnome-3/extensions/drop-down-terminal { };
easyScreenCast = callPackage ../desktops/gnome-3/extensions/EasyScreenCast { };
emoji-selector = callPackage ../desktops/gnome-3/extensions/emoji-selector { };
freon = callPackage ../desktops/gnome-3/extensions/freon { };
gsconnect = callPackage ../desktops/gnome-3/extensions/gsconnect { };