From 7135ac0e005453a8e94854ded879fd1bcc741220 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Tue, 8 Jun 2021 21:29:18 +0200 Subject: [PATCH 1/9] nixos/gitlab: add extraEnv option This allows users to define custom environment variables for gitlab, without having to modify the service file directly --- nixos/modules/services/misc/gitlab.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 253d87537cfe..9f4af76b1cf6 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -156,7 +156,7 @@ let prometheus_multiproc_dir = "/run/gitlab"; RAILS_ENV = "production"; MALLOC_ARENA_MAX = "2"; - }; + } // cfg.extraEnv; gitlab-rake = pkgs.stdenv.mkDerivation { name = "gitlab-rake"; @@ -277,6 +277,14 @@ in { ''; }; + extraEnv = mkOption { + type = types.attrsOf types.str; + default = {}; + description = '' + Additional environment variables for the GitLab environment. + ''; + }; + backup.startAt = mkOption { type = with types; either str (listOf str); default = []; From f4ddc02b0e75fa051bebcc5b882443a3970ed7ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Wed, 9 Jun 2021 23:19:25 +0200 Subject: [PATCH 2/9] nixos/gitlab: add container registry --- nixos/modules/services/misc/gitlab.nix | 98 ++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 9f4af76b1cf6..317b4a546da5 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -140,6 +140,14 @@ let port = 3807; }; }; + registry = lib.optionalAttrs cfg.registry.enable { + enabled = true; + host = cfg.registry.externalAddress; + port = cfg.registry.externalPort; + key = cfg.registry.keyFile; + api_url = "http://${config.services.dockerRegistry.listenAddress}:${toString config.services.dockerRegistry.port}/"; + issuer = "gitlab-issuer"; + }; extra = {}; uploads.storage_path = cfg.statePath; }; @@ -516,6 +524,58 @@ in { ''; }; + registry = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable GitLab container registry."; + }; + host = mkOption { + type = types.str; + default = config.services.gitlab.host; + description = "GitLab container registry host name."; + }; + port = mkOption { + type = types.int; + default = 4567; + description = "GitLab container registry port."; + }; + certFile = mkOption { + type = types.path; + default = null; + description = "Path to GitLab container registry certificate."; + }; + keyFile = mkOption { + type = types.path; + default = null; + description = "Path to GitLab container registry certificate-key."; + }; + defaultForProjects = mkOption { + type = types.bool; + default = cfg.registry.enable; + description = "If GitLab container registry should be enabled by default for projects."; + }; + issuer = mkOption { + type = types.str; + default = "gitlab-issuer"; + description = "GitLab container registry issuer."; + }; + serviceName = mkOption { + type = types.str; + default = "container_registry"; + description = "GitLab container registry service name."; + }; + externalAddress = mkOption { + type = types.str; + default = ""; + description = "External address used to access registry from the internet"; + }; + externalPort = mkOption { + type = types.int; + description = "External port used to access registry from the internet"; + }; + }; + smtp = { enable = mkOption { type = types.bool; @@ -909,6 +969,44 @@ in { }; }; + systemd.services.gitlab-registry-cert = optionalAttrs cfg.registry.enable { + path = with pkgs; [ openssl ]; + + script = '' + mkdir -p $(dirname ${cfg.registry.keyFile}) + mkdir -p $(dirname ${cfg.registry.certFile}) + openssl req -nodes -newkey rsa:4096 -keyout ${cfg.registry.keyFile} -out /tmp/registry-auth.csr -subj "/CN=${cfg.registry.issuer}" + openssl x509 -in /tmp/registry-auth.csr -out ${cfg.registry.certFile} -req -signkey ${cfg.registry.keyFile} -days 3650 + chown ${cfg.user}:${cfg.group} $(dirname ${cfg.registry.keyFile}) + chown ${cfg.user}:${cfg.group} $(dirname ${cfg.registry.certFile}) + chown ${cfg.user}:${cfg.group} ${cfg.registry.keyFile} + chown ${cfg.user}:${cfg.group} ${cfg.registry.certFile} + ''; + + serviceConfig = { + ConditionPathExists = "!${cfg.registry.certFile}"; + }; + }; + + # Ensure Docker Registry launches after the certificate generation job + systemd.services.docker-registry = optionalAttrs cfg.registry.enable { + wants = [ "gitlab-registry-cert.service" ]; + }; + + # Enable Docker Registry, if GitLab-Container Registry is enabled + services.dockerRegistry = optionalAttrs cfg.registry.enable { + enable = true; + enableDelete = true; # This must be true, otherwise GitLab won't manage it correctly + extraConfig = { + auth.token = { + realm = "http${if cfg.https == true then "s" else ""}://${cfg.host}/jwt/auth"; + service = cfg.registry.serviceName; + issuer = cfg.registry.issuer; + rootcertbundle = cfg.registry.certFile; + }; + }; + }; + # Use postfix to send out mails. services.postfix.enable = mkDefault (cfg.smtp.enable && cfg.smtp.address == "localhost"); From 77a197f54a1e6e2c2024b8a3a6c601238dce6d22 Mon Sep 17 00:00:00 2001 From: Raphael Borun Das Gupta Date: Sat, 3 Jul 2021 23:38:18 +0200 Subject: [PATCH 3/9] python3Packages.pytest-rerunfailures: 9.1.1 -> 10.1 --- .../python-modules/pytest-rerunfailures/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pytest-rerunfailures/default.nix b/pkgs/development/python-modules/pytest-rerunfailures/default.nix index b0b0e2372f41..a643e7dc5a54 100644 --- a/pkgs/development/python-modules/pytest-rerunfailures/default.nix +++ b/pkgs/development/python-modules/pytest-rerunfailures/default.nix @@ -2,13 +2,13 @@ buildPythonPackage rec { pname = "pytest-rerunfailures"; - version = "9.1.1"; + version = "10.1"; disabled = pythonOlder "3.5"; src = fetchPypi { inherit pname version; - sha256 = "1cb11a17fc121b3918414eb5eaf314ee325f2e693ac7cb3f6abf7560790827f2"; + sha256 = "7617c06de13ee6dd2df9add7e275bfb2bcebbaaf3e450f5937cd0200df824273"; }; buildInputs = [ pytest ]; From fa9f6c56a8b9340aa9dcf02cdd0026bdb0e61422 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 6 Jul 2021 10:10:09 +0200 Subject: [PATCH 4/9] makeself: disable tests for now, working around #110149 I couldn't find an easy way to work around this while doing the tests, so let's disable them for now and work on fixing the sandbox shell instead (and re-enable tests after that is deployed; I hope). --- pkgs/applications/misc/makeself/default.nix | 6 ++++-- .../misc/makeself/tests-use-better-shell.patch | 10 ---------- 2 files changed, 4 insertions(+), 12 deletions(-) delete mode 100644 pkgs/applications/misc/makeself/tests-use-better-shell.patch diff --git a/pkgs/applications/misc/makeself/default.nix b/pkgs/applications/misc/makeself/default.nix index 353fe6614833..12d4f62a7834 100644 --- a/pkgs/applications/misc/makeself/default.nix +++ b/pkgs/applications/misc/makeself/default.nix @@ -12,10 +12,12 @@ stdenv.mkDerivation rec { sha256 = "07cq7q71bv3fwddkp2863ylry2ivds00f8sjy8npjpdbkailxm21"; }; - patches = [ ./tests-use-better-shell.patch ]; postPatch = "patchShebangs test"; - doCheck = true; + # Issue #110149: our default /bin/sh apparently has 32-bit math only + # (attribute busybox-sandbox-shell), and that causes problems + # when running these tests inside build, based on free disk space. + doCheck = false; checkTarget = "test"; checkInputs = [ which zstd pbzip2 ]; diff --git a/pkgs/applications/misc/makeself/tests-use-better-shell.patch b/pkgs/applications/misc/makeself/tests-use-better-shell.patch deleted file mode 100644 index 159a93622ad2..000000000000 --- a/pkgs/applications/misc/makeself/tests-use-better-shell.patch +++ /dev/null @@ -1,10 +0,0 @@ -Use full bash's sh in tests instead of /bin/sh, as that would be -too minimalist in the build sandbox. See issue: -https://github.com/NixOS/nixpkgs/issues/110149#issuecomment-874258128 -diff --git a/test/extracttest b/test/extracttest ---- a/test/extracttest -+++ b/test/extracttest -@@ -9,2 +9,3 @@ setupTests() { - $SUT $* archive makeself-test.run "Test $*" echo Testing -+ sed "1s|/bin|$(dirname "$SHELL")|" -i ./makeself-test.run - } From f526256a6f2e7eacc564347a35a86218065ca1ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 6 Jul 2021 10:43:39 +0200 Subject: [PATCH 5/9] busybox-sandbox-shell: use 64-bit numbers in `test` command The default is C int, which usually gives 32-bit even on 64-bit Linux. This will be the right way to fix #110149 (but needs to be deployed). --- pkgs/os-specific/linux/busybox/sandbox-shell.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/os-specific/linux/busybox/sandbox-shell.nix b/pkgs/os-specific/linux/busybox/sandbox-shell.nix index f5db0b25f18f..fa70e5f91d80 100644 --- a/pkgs/os-specific/linux/busybox/sandbox-shell.nix +++ b/pkgs/os-specific/linux/busybox/sandbox-shell.nix @@ -8,6 +8,7 @@ busybox.override { CONFIG_FEATURE_FANCY_ECHO y CONFIG_FEATURE_SH_MATH y CONFIG_FEATURE_SH_MATH_64 y + CONFIG_FEATURE_TEST_64 y CONFIG_ASH y CONFIG_ASH_OPTIMIZE_FOR_SIZE y From e009ef23ae68290565ea28d5fd9e33bdbdbb4f19 Mon Sep 17 00:00:00 2001 From: Gauvain 'GovanifY' Roussel-Tarbouriech Date: Tue, 6 Jul 2021 17:13:34 +0200 Subject: [PATCH 6/9] weechatScripts.highmon: init at 2.7 --- .../irc/weechat/scripts/default.nix | 2 ++ .../irc/weechat/scripts/highmon/default.nix | 31 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 pkgs/applications/networking/irc/weechat/scripts/highmon/default.nix diff --git a/pkgs/applications/networking/irc/weechat/scripts/default.nix b/pkgs/applications/networking/irc/weechat/scripts/default.nix index ea665160f605..4b5d9e83334d 100644 --- a/pkgs/applications/networking/irc/weechat/scripts/default.nix +++ b/pkgs/applications/networking/irc/weechat/scripts/default.nix @@ -24,4 +24,6 @@ weechat-go = callPackage ./weechat-go { }; buffer_autoset = callPackage ./buffer_autoset { }; + + highmon = callPackage ./highmon { }; } diff --git a/pkgs/applications/networking/irc/weechat/scripts/highmon/default.nix b/pkgs/applications/networking/irc/weechat/scripts/highmon/default.nix new file mode 100644 index 000000000000..f65322465707 --- /dev/null +++ b/pkgs/applications/networking/irc/weechat/scripts/highmon/default.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchurl, weechat }: + +stdenv.mkDerivation { + pname = "highmon"; + version = "2.7"; + + src = fetchurl { + url = "https://raw.githubusercontent.com/KenjiE20/highmon/182e67d070c75efc81999e68c2ac7fdfe44d2872/highmon.pl"; + sha256 = "1vvgzscb12l3cp2nq954fx6j3awvpjsb0nqylal51ps9cq9a3wir"; + }; + + dontUnpack = true; + + passthru.scripts = [ "highmon.pl" ]; + + installPhase = '' + runHook preInstall + + install -D $src $out/share/highmon.pl + + runHook postInstall + ''; + + meta = with lib; { + inherit (weechat.meta) platforms; + homepage = "https://github.com/KenjiE20/highmon/"; + description = "highmon.pl is a weechat script that adds 'Highlight Monitor'."; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ govanify ]; + }; +} From a2c311fc1d178fe59c6296a2ef8901e11defa5cf Mon Sep 17 00:00:00 2001 From: Ben Siraphob Date: Wed, 7 Jul 2021 00:24:47 +0700 Subject: [PATCH 7/9] electron-cash: fix build on darwin --- pkgs/applications/misc/electron-cash/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/misc/electron-cash/default.nix b/pkgs/applications/misc/electron-cash/default.nix index c852620d7989..4f8c5f8bb8b5 100644 --- a/pkgs/applications/misc/electron-cash/default.nix +++ b/pkgs/applications/misc/electron-cash/default.nix @@ -1,4 +1,4 @@ -{ lib, fetchFromGitHub, python3Packages, qtbase, fetchpatch, wrapQtAppsHook +{ lib, stdenv, fetchFromGitHub, python3Packages, qtbase, fetchpatch, wrapQtAppsHook , secp256k1 }: python3Packages.buildPythonApplication rec { @@ -61,7 +61,7 @@ python3Packages.buildPythonApplication rec { pytest electroncash/tests ''; - postInstall = '' + postInstall = lib.optionalString stdenv.isLinux '' substituteInPlace $out/share/applications/electron-cash.desktop \ --replace "Exec=electron-cash" "Exec=$out/bin/electron-cash" ''; @@ -92,7 +92,7 @@ python3Packages.buildPythonApplication rec { of the blockchain. ''; homepage = "https://www.electroncash.org/"; - platforms = platforms.linux; + platforms = platforms.unix; maintainers = with maintainers; [ lassulus nyanloutre oxalica ]; license = licenses.mit; }; From 8eb54b8e0907ce37ba0eeeacfb67676d42d857bc Mon Sep 17 00:00:00 2001 From: Delan Azabani Date: Wed, 7 Jul 2021 04:05:37 +0800 Subject: [PATCH 8/9] bore: init at 0.3.3 (#129295) --- pkgs/tools/networking/bore/default.nix | 47 ++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 5 +++ 2 files changed, 52 insertions(+) create mode 100644 pkgs/tools/networking/bore/default.nix diff --git a/pkgs/tools/networking/bore/default.nix b/pkgs/tools/networking/bore/default.nix new file mode 100644 index 000000000000..b22cdb0c2ae4 --- /dev/null +++ b/pkgs/tools/networking/bore/default.nix @@ -0,0 +1,47 @@ +{ lib, stdenv, rustPlatform, fetchFromBitbucket, llvmPackages, Libsystem, SystemConfiguration, installShellFiles }: + +rustPlatform.buildRustPackage rec { + pname = "bore"; + version = "0.3.3"; + + src = fetchFromBitbucket { + owner = "delan"; + repo = "nonymous"; + rev = version; + sha256 = "0gws1f625izrb3armh6bay1k8l9p9csl37jx03yss1r720k4vn2x"; + }; + + cargoSha256 = "1n09gcp1y885lz6g2f73zw3fd0fmv7nwlvaqba2yl0kylzk7naa6"; + cargoBuildFlags = "-p ${pname}"; + + # FIXME can’t test --all-targets and --doc in a single invocation + cargoTestFlags = "--features std --all-targets --workspace"; + + nativeBuildInputs = [ installShellFiles ] + ++ lib.optional stdenv.isDarwin llvmPackages.libclang; + + buildInputs = lib.optionals stdenv.isDarwin [ + Libsystem + SystemConfiguration + ]; + + LIBCLANG_PATH="${llvmPackages.libclang.lib}/lib"; + + postInstall = '' + installManPage $src/bore/doc/bore.1 + ''; + + doInstallCheck = true; + installCheckPhase = '' + printf '\0\0\0\0\0\0\0\0\0\0\0\0' \ + | $out/bin/bore --decode \ + | grep -q ';; NoError #0 Query 0 0 0 0 flags' + ''; + + meta = with lib; { + description = "DNS query tool"; + homepage = "https://crates.io/crates/bore"; + license = licenses.isc; + maintainers = [ maintainers.delan ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ed5db21296cf..fa17692f12f0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3831,6 +3831,11 @@ in agebox = callPackage ../tools/security/agebox { }; + bore = callPackage ../tools/networking/bore { + inherit (darwin) Libsystem; + inherit (darwin.apple_sdk.frameworks) SystemConfiguration; + }; + brotli = callPackage ../tools/compression/brotli { }; biosdevname = callPackage ../tools/networking/biosdevname { }; From e1bc891aec5e3c5ba26349f9664829b0cbbd18e8 Mon Sep 17 00:00:00 2001 From: Robert Helgesson Date: Tue, 6 Jul 2021 23:54:43 +0200 Subject: [PATCH 9/9] trash-cli: 0.21.6.10.1 -> 0.21.6.30 --- pkgs/tools/misc/trash-cli/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/trash-cli/default.nix b/pkgs/tools/misc/trash-cli/default.nix index ff218eb10844..dbc00e13e1ae 100644 --- a/pkgs/tools/misc/trash-cli/default.nix +++ b/pkgs/tools/misc/trash-cli/default.nix @@ -2,13 +2,13 @@ python3Packages.buildPythonApplication rec { pname = "trash-cli"; - version = "0.21.6.10.1"; + version = "0.21.6.30"; src = fetchFromGitHub { owner = "andreafrancia"; repo = "trash-cli"; rev = version; - sha256 = "0mhpzf3vmd876aldl5gazmk4si0zvrh0v1rwsz2hbrn0571zmzy9"; + sha256 = "09vwg4jpx7pl7rd5ybq5ldgwky8zzf59msmzvmim9vipnmjgkxv7"; }; propagatedBuildInputs = [ python3Packages.psutil ];