Merge staging-next into staging
This commit is contained in:
commit
cdd91475d5
11 changed files with 204 additions and 20 deletions
|
@ -140,6 +140,14 @@ let
|
|||
port = 3807;
|
||||
};
|
||||
};
|
||||
registry = lib.optionalAttrs cfg.registry.enable {
|
||||
enabled = true;
|
||||
host = cfg.registry.externalAddress;
|
||||
port = cfg.registry.externalPort;
|
||||
key = cfg.registry.keyFile;
|
||||
api_url = "http://${config.services.dockerRegistry.listenAddress}:${toString config.services.dockerRegistry.port}/";
|
||||
issuer = "gitlab-issuer";
|
||||
};
|
||||
extra = {};
|
||||
uploads.storage_path = cfg.statePath;
|
||||
};
|
||||
|
@ -156,7 +164,7 @@ let
|
|||
prometheus_multiproc_dir = "/run/gitlab";
|
||||
RAILS_ENV = "production";
|
||||
MALLOC_ARENA_MAX = "2";
|
||||
};
|
||||
} // cfg.extraEnv;
|
||||
|
||||
gitlab-rake = pkgs.stdenv.mkDerivation {
|
||||
name = "gitlab-rake";
|
||||
|
@ -277,6 +285,14 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
extraEnv = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
default = {};
|
||||
description = ''
|
||||
Additional environment variables for the GitLab environment.
|
||||
'';
|
||||
};
|
||||
|
||||
backup.startAt = mkOption {
|
||||
type = with types; either str (listOf str);
|
||||
default = [];
|
||||
|
@ -508,6 +524,58 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
registry = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable GitLab container registry.";
|
||||
};
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = config.services.gitlab.host;
|
||||
description = "GitLab container registry host name.";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 4567;
|
||||
description = "GitLab container registry port.";
|
||||
};
|
||||
certFile = mkOption {
|
||||
type = types.path;
|
||||
default = null;
|
||||
description = "Path to GitLab container registry certificate.";
|
||||
};
|
||||
keyFile = mkOption {
|
||||
type = types.path;
|
||||
default = null;
|
||||
description = "Path to GitLab container registry certificate-key.";
|
||||
};
|
||||
defaultForProjects = mkOption {
|
||||
type = types.bool;
|
||||
default = cfg.registry.enable;
|
||||
description = "If GitLab container registry should be enabled by default for projects.";
|
||||
};
|
||||
issuer = mkOption {
|
||||
type = types.str;
|
||||
default = "gitlab-issuer";
|
||||
description = "GitLab container registry issuer.";
|
||||
};
|
||||
serviceName = mkOption {
|
||||
type = types.str;
|
||||
default = "container_registry";
|
||||
description = "GitLab container registry service name.";
|
||||
};
|
||||
externalAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "External address used to access registry from the internet";
|
||||
};
|
||||
externalPort = mkOption {
|
||||
type = types.int;
|
||||
description = "External port used to access registry from the internet";
|
||||
};
|
||||
};
|
||||
|
||||
smtp = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -905,6 +973,44 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services.gitlab-registry-cert = optionalAttrs cfg.registry.enable {
|
||||
path = with pkgs; [ openssl ];
|
||||
|
||||
script = ''
|
||||
mkdir -p $(dirname ${cfg.registry.keyFile})
|
||||
mkdir -p $(dirname ${cfg.registry.certFile})
|
||||
openssl req -nodes -newkey rsa:4096 -keyout ${cfg.registry.keyFile} -out /tmp/registry-auth.csr -subj "/CN=${cfg.registry.issuer}"
|
||||
openssl x509 -in /tmp/registry-auth.csr -out ${cfg.registry.certFile} -req -signkey ${cfg.registry.keyFile} -days 3650
|
||||
chown ${cfg.user}:${cfg.group} $(dirname ${cfg.registry.keyFile})
|
||||
chown ${cfg.user}:${cfg.group} $(dirname ${cfg.registry.certFile})
|
||||
chown ${cfg.user}:${cfg.group} ${cfg.registry.keyFile}
|
||||
chown ${cfg.user}:${cfg.group} ${cfg.registry.certFile}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ConditionPathExists = "!${cfg.registry.certFile}";
|
||||
};
|
||||
};
|
||||
|
||||
# Ensure Docker Registry launches after the certificate generation job
|
||||
systemd.services.docker-registry = optionalAttrs cfg.registry.enable {
|
||||
wants = [ "gitlab-registry-cert.service" ];
|
||||
};
|
||||
|
||||
# Enable Docker Registry, if GitLab-Container Registry is enabled
|
||||
services.dockerRegistry = optionalAttrs cfg.registry.enable {
|
||||
enable = true;
|
||||
enableDelete = true; # This must be true, otherwise GitLab won't manage it correctly
|
||||
extraConfig = {
|
||||
auth.token = {
|
||||
realm = "http${if cfg.https == true then "s" else ""}://${cfg.host}/jwt/auth";
|
||||
service = cfg.registry.serviceName;
|
||||
issuer = cfg.registry.issuer;
|
||||
rootcertbundle = cfg.registry.certFile;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Use postfix to send out mails.
|
||||
services.postfix.enable = mkDefault (cfg.smtp.enable && cfg.smtp.address == "localhost");
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, fetchFromGitHub, python3Packages, qtbase, fetchpatch, wrapQtAppsHook
|
||||
{ lib, stdenv, fetchFromGitHub, python3Packages, qtbase, fetchpatch, wrapQtAppsHook
|
||||
, secp256k1 }:
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
|
@ -61,7 +61,7 @@ python3Packages.buildPythonApplication rec {
|
|||
pytest electroncash/tests
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
postInstall = lib.optionalString stdenv.isLinux ''
|
||||
substituteInPlace $out/share/applications/electron-cash.desktop \
|
||||
--replace "Exec=electron-cash" "Exec=$out/bin/electron-cash"
|
||||
'';
|
||||
|
@ -92,7 +92,7 @@ python3Packages.buildPythonApplication rec {
|
|||
of the blockchain.
|
||||
'';
|
||||
homepage = "https://www.electroncash.org/";
|
||||
platforms = platforms.linux;
|
||||
platforms = platforms.unix;
|
||||
maintainers = with maintainers; [ lassulus nyanloutre oxalica ];
|
||||
license = licenses.mit;
|
||||
};
|
||||
|
|
|
@ -12,10 +12,12 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "07cq7q71bv3fwddkp2863ylry2ivds00f8sjy8npjpdbkailxm21";
|
||||
};
|
||||
|
||||
patches = [ ./tests-use-better-shell.patch ];
|
||||
postPatch = "patchShebangs test";
|
||||
|
||||
doCheck = true;
|
||||
# Issue #110149: our default /bin/sh apparently has 32-bit math only
|
||||
# (attribute busybox-sandbox-shell), and that causes problems
|
||||
# when running these tests inside build, based on free disk space.
|
||||
doCheck = false;
|
||||
checkTarget = "test";
|
||||
checkInputs = [ which zstd pbzip2 ];
|
||||
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
Use full bash's sh in tests instead of /bin/sh, as that would be
|
||||
too minimalist in the build sandbox. See issue:
|
||||
https://github.com/NixOS/nixpkgs/issues/110149#issuecomment-874258128
|
||||
diff --git a/test/extracttest b/test/extracttest
|
||||
--- a/test/extracttest
|
||||
+++ b/test/extracttest
|
||||
@@ -9,2 +9,3 @@ setupTests() {
|
||||
$SUT $* archive makeself-test.run "Test $*" echo Testing
|
||||
+ sed "1s|/bin|$(dirname "$SHELL")|" -i ./makeself-test.run
|
||||
}
|
|
@ -24,4 +24,6 @@
|
|||
weechat-go = callPackage ./weechat-go { };
|
||||
|
||||
buffer_autoset = callPackage ./buffer_autoset { };
|
||||
|
||||
highmon = callPackage ./highmon { };
|
||||
}
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
{ lib, stdenv, fetchurl, weechat }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
pname = "highmon";
|
||||
version = "2.7";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/KenjiE20/highmon/182e67d070c75efc81999e68c2ac7fdfe44d2872/highmon.pl";
|
||||
sha256 = "1vvgzscb12l3cp2nq954fx6j3awvpjsb0nqylal51ps9cq9a3wir";
|
||||
};
|
||||
|
||||
dontUnpack = true;
|
||||
|
||||
passthru.scripts = [ "highmon.pl" ];
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
install -D $src $out/share/highmon.pl
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
inherit (weechat.meta) platforms;
|
||||
homepage = "https://github.com/KenjiE20/highmon/";
|
||||
description = "highmon.pl is a weechat script that adds 'Highlight Monitor'.";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = with maintainers; [ govanify ];
|
||||
};
|
||||
}
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "pytest-rerunfailures";
|
||||
version = "9.1.1";
|
||||
version = "10.1";
|
||||
|
||||
disabled = pythonOlder "3.5";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1cb11a17fc121b3918414eb5eaf314ee325f2e693ac7cb3f6abf7560790827f2";
|
||||
sha256 = "7617c06de13ee6dd2df9add7e275bfb2bcebbaaf3e450f5937cd0200df824273";
|
||||
};
|
||||
|
||||
buildInputs = [ pytest ];
|
||||
|
|
|
@ -8,6 +8,7 @@ busybox.override {
|
|||
CONFIG_FEATURE_FANCY_ECHO y
|
||||
CONFIG_FEATURE_SH_MATH y
|
||||
CONFIG_FEATURE_SH_MATH_64 y
|
||||
CONFIG_FEATURE_TEST_64 y
|
||||
|
||||
CONFIG_ASH y
|
||||
CONFIG_ASH_OPTIMIZE_FOR_SIZE y
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "trash-cli";
|
||||
version = "0.21.6.10.1";
|
||||
version = "0.21.6.30";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "andreafrancia";
|
||||
repo = "trash-cli";
|
||||
rev = version;
|
||||
sha256 = "0mhpzf3vmd876aldl5gazmk4si0zvrh0v1rwsz2hbrn0571zmzy9";
|
||||
sha256 = "09vwg4jpx7pl7rd5ybq5ldgwky8zzf59msmzvmim9vipnmjgkxv7";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ python3Packages.psutil ];
|
||||
|
|
47
pkgs/tools/networking/bore/default.nix
Normal file
47
pkgs/tools/networking/bore/default.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{ lib, stdenv, rustPlatform, fetchFromBitbucket, llvmPackages, Libsystem, SystemConfiguration, installShellFiles }:
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "bore";
|
||||
version = "0.3.3";
|
||||
|
||||
src = fetchFromBitbucket {
|
||||
owner = "delan";
|
||||
repo = "nonymous";
|
||||
rev = version;
|
||||
sha256 = "0gws1f625izrb3armh6bay1k8l9p9csl37jx03yss1r720k4vn2x";
|
||||
};
|
||||
|
||||
cargoSha256 = "1n09gcp1y885lz6g2f73zw3fd0fmv7nwlvaqba2yl0kylzk7naa6";
|
||||
cargoBuildFlags = "-p ${pname}";
|
||||
|
||||
# FIXME can’t test --all-targets and --doc in a single invocation
|
||||
cargoTestFlags = "--features std --all-targets --workspace";
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ]
|
||||
++ lib.optional stdenv.isDarwin llvmPackages.libclang;
|
||||
|
||||
buildInputs = lib.optionals stdenv.isDarwin [
|
||||
Libsystem
|
||||
SystemConfiguration
|
||||
];
|
||||
|
||||
LIBCLANG_PATH="${llvmPackages.libclang.lib}/lib";
|
||||
|
||||
postInstall = ''
|
||||
installManPage $src/bore/doc/bore.1
|
||||
'';
|
||||
|
||||
doInstallCheck = true;
|
||||
installCheckPhase = ''
|
||||
printf '\0\0\0\0\0\0\0\0\0\0\0\0' \
|
||||
| $out/bin/bore --decode \
|
||||
| grep -q ';; NoError #0 Query 0 0 0 0 flags'
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "DNS query tool";
|
||||
homepage = "https://crates.io/crates/bore";
|
||||
license = licenses.isc;
|
||||
maintainers = [ maintainers.delan ];
|
||||
};
|
||||
}
|
|
@ -3831,6 +3831,11 @@ in
|
|||
|
||||
agebox = callPackage ../tools/security/agebox { };
|
||||
|
||||
bore = callPackage ../tools/networking/bore {
|
||||
inherit (darwin) Libsystem;
|
||||
inherit (darwin.apple_sdk.frameworks) SystemConfiguration;
|
||||
};
|
||||
|
||||
brotli = callPackage ../tools/compression/brotli { };
|
||||
|
||||
biosdevname = callPackage ../tools/networking/biosdevname { };
|
||||
|
|
Loading…
Reference in a new issue