Merge staging-next into staging

This commit is contained in:
github-actions[bot] 2021-07-19 06:02:01 +00:00 committed by GitHub
commit f60c09468f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 302 additions and 42 deletions

View file

@ -98,6 +98,13 @@
<link linkend="opt-snapraid.enable">snapraid</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/hockeypuck/hockeypuck">Hockeypuck</link>,
a OpenPGP Key Server. Available as
<link linkend="opt-services.hockeypuck.enable">services.hockeypuck</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-incompatibilities">

View file

@ -30,6 +30,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [snapraid](https://www.snapraid.it/), a backup program for disk arrays.
Available as [snapraid](#opt-snapraid.enable).
- [Hockeypuck](https://github.com/hockeypuck/hockeypuck), a OpenPGP Key Server. Available as [services.hockeypuck](#opt-services.hockeypuck.enable).
## Backward Incompatibilities {#sec-release-21.11-incompatibilities}

View file

@ -886,6 +886,7 @@
./services/security/fprot.nix
./services/security/haka.nix
./services/security/haveged.nix
./services/security/hockeypuck.nix
./services/security/hologram-server.nix
./services/security/hologram-agent.nix
./services/security/munge.nix

View file

@ -0,0 +1,104 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.hockeypuck;
settingsFormat = pkgs.formats.toml { };
in {
meta.maintainers = with lib.maintainers; [ etu ];
options.services.hockeypuck = {
enable = lib.mkEnableOption "Hockeypuck OpenPGP Key Server";
port = lib.mkOption {
default = 11371;
type = lib.types.port;
description = "HKP port to listen on.";
};
settings = lib.mkOption {
type = settingsFormat.type;
default = { };
example = lib.literalExample ''
{
hockeypuck = {
loglevel = "INFO";
logfile = "/var/log/hockeypuck/hockeypuck.log";
indexTemplate = "''${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
vindexTemplate = "''${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
statsTemplate = "''${pkgs.hockeypuck-web}/share/templates/stats.html.tmpl";
webroot = "''${pkgs.hockeypuck-web}/share/webroot";
hkp.bind = ":''${toString cfg.port}";
openpgp.db = {
driver = "postgres-jsonb";
dsn = "database=hockeypuck host=/var/run/postgresql sslmode=disable";
};
};
}
'';
description = ''
Configuration file for hockeypuck, here you can override
certain settings (<literal>loglevel</literal> and
<literal>openpgp.db.dsn</literal>) by just setting those values.
For other settings you need to use lib.mkForce to override them.
This service doesn't provision or enable postgres on your
system, it rather assumes that you enable postgres and create
the database yourself.
Example:
<literal>
services.postgresql = {
enable = true;
ensureDatabases = [ "hockeypuck" ];
ensureUsers = [{
name = "hockeypuck";
ensurePermissions."DATABASE hockeypuck" = "ALL PRIVILEGES";
}];
};
</literal>
'';
};
};
config = lib.mkIf cfg.enable {
services.hockeypuck.settings.hockeypuck = {
loglevel = lib.mkDefault "INFO";
logfile = "/var/log/hockeypuck/hockeypuck.log";
indexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
vindexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
statsTemplate = "${pkgs.hockeypuck-web}/share/templates/stats.html.tmpl";
webroot = "${pkgs.hockeypuck-web}/share/webroot";
hkp.bind = ":${toString cfg.port}";
openpgp.db = {
driver = "postgres-jsonb";
dsn = lib.mkDefault "database=hockeypuck host=/var/run/postgresql sslmode=disable";
};
};
users.users.hockeypuck = {
isSystemUser = true;
description = "Hockeypuck user";
};
systemd.services.hockeypuck = {
description = "Hockeypuck OpenPGP Key Server";
after = [ "network.target" "postgresql.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
WorkingDirectory = "/var/lib/hockeypuck";
User = "hockeypuck";
ExecStart = "${pkgs.hockeypuck}/bin/hockeypuck -config ${settingsFormat.generate "config.toml" cfg.settings}";
Restart = "always";
RestartSec = "5s";
LogsDirectory = "hockeypuck";
LogsDirectoryMode = "0755";
StateDirectory = "hockeypuck";
};
};
};
}

View file

@ -174,6 +174,7 @@ in
hitch = handleTest ./hitch {};
hledger-web = handleTest ./hledger-web.nix {};
hocker-fetchdocker = handleTest ./hocker-fetchdocker {};
hockeypuck = handleTest ./hockeypuck.nix { };
home-assistant = handleTest ./home-assistant.nix {};
hostname = handleTest ./hostname.nix {};
hound = handleTest ./hound.nix {};

View file

@ -0,0 +1,63 @@
import ./make-test-python.nix ({ lib, pkgs, ... }:
let
gpgKeyring = (pkgs.runCommandNoCC "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
mkdir -p $out
export GNUPGHOME=$out
cat > foo <<EOF
%echo Generating a basic OpenPGP key
%no-protection
Key-Type: DSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: Foo Example
Name-Email: foo@example.org
Expire-Date: 0
# Do a commit here, so that we can later print "done"
%commit
%echo done
EOF
gpg --batch --generate-key foo
rm $out/S.gpg-agent $out/S.gpg-agent.*
'');
in {
name = "hockeypuck";
meta.maintainers = with lib.maintainers; [ etu ];
machine = { ... }: {
# Used for test
environment.systemPackages = [ pkgs.gnupg ];
services.hockeypuck.enable = true;
services.postgresql = {
enable = true;
ensureDatabases = [ "hockeypuck" ];
ensureUsers = [{
name = "hockeypuck";
ensurePermissions."DATABASE hockeypuck" = "ALL PRIVILEGES";
}];
};
};
testScript = ''
machine.wait_for_unit("hockeypuck.service")
machine.wait_for_open_port(11371)
response = machine.succeed("curl -vvv -s http://127.0.0.1:11371/")
assert "<title>OpenPGP Keyserver</title>" in response, "HTML title not found"
# Copy the keyring
machine.succeed("cp -R ${gpgKeyring} /tmp/GNUPGHOME")
# Extract our GPG key id
keyId = machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --list-keys | grep dsa1024 --after-context=1 | grep -v dsa1024").strip()
# Send the key to our local keyserver
machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --keyserver hkp://127.0.0.1:11371 --send-keys " + keyId)
# Recieve the key from our local keyserver to a separate directory
machine.succeed("GNUPGHOME=$(mktemp -d) gpg --keyserver hkp://127.0.0.1:11371 --recv-keys " + keyId)
'';
})

View file

@ -2,13 +2,13 @@
python3Packages.buildPythonApplication rec {
pname = "skytemple";
version = "1.2.3";
version = "1.2.5";
src = fetchFromGitHub {
owner = "SkyTemple";
repo = pname;
rev = version;
sha256 = "0l2c4qngv58j6zkp0va6m96zksx8gqn3mjc3isqybfnhjr6nd3v9";
sha256 = "0780517gjc97wb2g67pwdv3fz3sqxm2ica1hdbrhqm4rfbnb28xr";
};
buildInputs = [

View file

@ -2,13 +2,13 @@
buildPythonPackage rec {
pname = "skytemple-files";
version = "1.2.3";
version = "1.2.4";
src = fetchFromGitHub {
owner = "SkyTemple";
repo = pname;
rev = version;
sha256 = "sha256-/S0otBujwO/IMiLKgA2o8wlD6xk1/DpwOAfemojV9NU=";
sha256 = "1i3045bqg9h7kcx83nlrm1pmikfpi817n0gb8da29m3mqzk7lwws";
fetchSubmodules = true;
};

View file

@ -5,13 +5,13 @@
buildPythonPackage rec {
pname = "skytemple-ssb-debugger";
version = "1.2.4";
version = "1.2.5";
src = fetchFromGitHub {
owner = "SkyTemple";
repo = pname;
rev = version;
sha256 = "0jmsli3wg386y0lxwddpwp1xqxsn2bsy4d1f7dyh0jjz8lqiz03i";
sha256 = "0jkx75z8j03jfr9kzd40ip0fy24sfc7f2x430mf48xin272mc87q";
};
buildInputs = [ gobject-introspection gtk3 gtksourceview3 ];

View file

@ -425,12 +425,12 @@ final: prev:
chadtree = buildVimPluginFrom2Nix {
pname = "chadtree";
version = "2021-07-17";
version = "2021-07-18";
src = fetchFromGitHub {
owner = "ms-jpq";
repo = "chadtree";
rev = "fa78312b378a7d3a6cb1222d1df05c28238f888b";
sha256 = "05j42c3h374hyqqb5m7dddyh4sn08cw64nji3fnv3rk63gm2r4if";
rev = "384925e0cfa87a27387357cab144fbf392e21f61";
sha256 = "01bg8h7276nidrgdgz6asvksi3m0g6jf8aw9bp0d4ng6s0gdfps2";
};
meta.homepage = "https://github.com/ms-jpq/chadtree/";
};
@ -3144,12 +3144,12 @@ final: prev:
neogit = buildVimPluginFrom2Nix {
pname = "neogit";
version = "2021-07-14";
version = "2021-07-18";
src = fetchFromGitHub {
owner = "TimUntersberger";
repo = "neogit";
rev = "bf148e2534097988e61ed334edaf31b67134369b";
sha256 = "157k4gbs0r92zwm41hh40gqxc9774g05ngan936ivnnfg5j9igsg";
rev = "ee83d4fa8ac946e5e0064e65a5276e1ea030ae28";
sha256 = "0mrydz0xl2yqgsp1nsz4p55mjhx7x7z7pahcq3y5mzzla687dnqg";
};
meta.homepage = "https://github.com/TimUntersberger/neogit/";
};
@ -3412,8 +3412,8 @@ final: prev:
src = fetchFromGitHub {
owner = "shaunsingh";
repo = "nord.nvim";
rev = "44ae0a84087135e23fb5a90c9726f8b161277652";
sha256 = "0zhv06arl7x3wx20r26v3vc1i4909h657syrqbyh5k93n1hmc21j";
rev = "02a07af329b9cb42187a2dd74aef8563f5957bfc";
sha256 = "10yzlv3433dfdm5n1q8r4yzwx0h73nd81w60fqkfx4cl4l7l9085";
};
meta.homepage = "https://github.com/shaunsingh/nord.nvim/";
};
@ -3804,12 +3804,12 @@ final: prev:
nvim-treesitter = buildVimPluginFrom2Nix {
pname = "nvim-treesitter";
version = "2021-07-14";
version = "2021-07-18";
src = fetchFromGitHub {
owner = "nvim-treesitter";
repo = "nvim-treesitter";
rev = "d779ee79f0426711f84b770bf6ff4afda4f41c1e";
sha256 = "0svnb4fsqsjhlqcikq0kgrwyrqfqplgvx93mhw1qhpmwfbgqn6vi";
rev = "9144ea1107ed5aaf250bffafc1f0f32fb97cce47";
sha256 = "05apxyy0xg6llskigirglb4a73ay8cdaw2rckl2g3d6j8ry9dkc4";
};
meta.homepage = "https://github.com/nvim-treesitter/nvim-treesitter/";
};
@ -5129,12 +5129,12 @@ final: prev:
telescope-nvim = buildVimPluginFrom2Nix {
pname = "telescope-nvim";
version = "2021-07-17";
version = "2021-07-18";
src = fetchFromGitHub {
owner = "nvim-telescope";
repo = "telescope.nvim";
rev = "5b597e7709eec08331ce71b45193117f6fb5626b";
sha256 = "1lwr3gayqj6h0ha749p5dfgihjlqydgaidcnblcvvj8vi10ick35";
rev = "8c3f2b630be0241fe10709e61ee9dab473518f32";
sha256 = "1yd1kkdp8baxrhkfsg0j0dpkprxvwi0r4xljjcdln7rpr2r0lm82";
};
meta.homepage = "https://github.com/nvim-telescope/telescope.nvim/";
};
@ -5262,12 +5262,12 @@ final: prev:
traces-vim = buildVimPluginFrom2Nix {
pname = "traces-vim";
version = "2021-06-16";
version = "2021-07-18";
src = fetchFromGitHub {
owner = "markonm";
repo = "traces.vim";
rev = "e36a2e45791ef9078de781a781fec70e160044b0";
sha256 = "1qndaqs38mgkl15n895nzjc98h2cy4gjgr3r72cpwhn9qmzhi5zc";
rev = "360361b093d21531c0781c5c4a61a1e6cb3edfac";
sha256 = "052kbzx2rqpw5mhh6w1zcj5il642w1a2wi6w4nbcw7scj4gq85pd";
};
meta.homepage = "https://github.com/markonm/traces.vim/";
};
@ -5706,12 +5706,12 @@ final: prev:
vim-airline = buildVimPluginFrom2Nix {
pname = "vim-airline";
version = "2021-07-11";
version = "2021-07-18";
src = fetchFromGitHub {
owner = "vim-airline";
repo = "vim-airline";
rev = "4807a211cdfab3a5b5640111978ba301461c5ac1";
sha256 = "1lrx54cfd9x6dx3kfz6x6jwakmkisj5y55s156fchdf83hsm967n";
rev = "b861f9d2483a8b066f7b5b4dbae8990ff21455c5";
sha256 = "0rz7p95ks4ymdwz7aqahc782msdz70qx25807cwvqh1gc9x887vq";
};
meta.homepage = "https://github.com/vim-airline/vim-airline/";
};
@ -6786,12 +6786,12 @@ final: prev:
vim-fugitive = buildVimPluginFrom2Nix {
pname = "vim-fugitive";
version = "2021-07-16";
version = "2021-07-17";
src = fetchFromGitHub {
owner = "tpope";
repo = "vim-fugitive";
rev = "58516a13c623e6b21be6fed1f6067eed67005949";
sha256 = "0gzdsp1gz1wpw8z47v3sr9b0ma41qnz0r4iiq0jr84srr3817zpl";
rev = "de6495ae846b2c5913fa85d5464c036c0acdfa34";
sha256 = "184cbh2jxwpp4zgvlfhs4qx1mr4vyq5vvv6lvk8lcng40dxfr9fg";
};
meta.homepage = "https://github.com/tpope/vim-fugitive/";
};
@ -8035,6 +8035,18 @@ final: prev:
meta.homepage = "https://github.com/jceb/vim-orgmode/";
};
vim-ormolu = buildVimPluginFrom2Nix {
pname = "vim-ormolu";
version = "2020-11-25";
src = fetchFromGitHub {
owner = "sdiehl";
repo = "vim-ormolu";
rev = "edbeb0135692345b088182963e9b229fe2235ac0";
sha256 = "03srdix06dhz4b8g9akx448dw2rjbwj840xg7p9c5bq8kbmsjy8x";
};
meta.homepage = "https://github.com/sdiehl/vim-ormolu/";
};
vim-osc52 = buildVimPluginFrom2Nix {
pname = "vim-osc52";
version = "2020-09-19";
@ -8349,12 +8361,12 @@ final: prev:
vim-puppet = buildVimPluginFrom2Nix {
pname = "vim-puppet";
version = "2021-01-30";
version = "2021-07-18";
src = fetchFromGitHub {
owner = "rodjek";
repo = "vim-puppet";
rev = "b282072eb145c7719319bee1963c33ad876b0cea";
sha256 = "1m6zbyg5hh3rhwq36836ldwhgcsmh4bl0lz5g4nzpc2ch83crrn8";
rev = "7bb7586896b7afe6e6f26bcbaf70ad8517d98018";
sha256 = "1mqnawfpg23rwjp3zpz85s3dpspcl8zrh9dymv5p0pqbn27mlf5n";
};
meta.homepage = "https://github.com/rodjek/vim-puppet/";
};
@ -8505,12 +8517,12 @@ final: prev:
vim-ruby = buildVimPluginFrom2Nix {
pname = "vim-ruby";
version = "2021-07-07";
version = "2021-07-18";
src = fetchFromGitHub {
owner = "vim-ruby";
repo = "vim-ruby";
rev = "0f603a17435f6b25614e70449304d38216d0e6e3";
sha256 = "0dz4rmbifz5l03ch5rrnzb18j7kdwz1nkfz0lcvkwgxgjnrrhk15";
rev = "482e2cec5a742920eddf644f2f1efcb15f03967c";
sha256 = "18b3hhb1sfgip80dp7wicrsqs59narj49qlmpnfhsy29imsxzb72";
};
meta.homepage = "https://github.com/vim-ruby/vim-ruby/";
};
@ -9250,12 +9262,12 @@ final: prev:
vim-ultest = buildVimPluginFrom2Nix {
pname = "vim-ultest";
version = "2021-07-05";
version = "2021-07-18";
src = fetchFromGitHub {
owner = "rcarriga";
repo = "vim-ultest";
rev = "43ec7b40a83fcde104d3e5e69a2c112f9dc52325";
sha256 = "1q2rcqllip1raay9nj2cacn6vsairrywg7yxh783zf13n9bmr5vb";
rev = "06f965a62c32906f220c37e7b758a275d6a992f6";
sha256 = "0zgpp6g29n1kb0qi6n84i1d540g0xhw5bzj8kp5xsh5wlvn9h4fk";
};
meta.homepage = "https://github.com/rcarriga/vim-ultest/";
};

View file

@ -595,6 +595,7 @@ sakhnik/nvim-gdb
saltstack/salt-vim
samoshkin/vim-mergetool
sbdchd/neoformat
sdiehl/vim-ormolu
sebastianmarkow/deoplete-rust
SevereOverfl0w/deoplete-github
Shatur/neovim-ayu

View file

@ -179,7 +179,7 @@ let
};
}; # end of configfile derivation
kernel = (callPackage ./manual-config.nix {}) {
kernel = (callPackage ./manual-config.nix { inherit buildPackages; }) {
inherit version modDirVersion src kernelPatches randstructSeed lib stdenv extraMakeFlags extraMeta configfile;
config = { CONFIG_MODULES = "y"; CONFIG_FW_LOADER = "m"; };

View file

@ -0,0 +1,21 @@
{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
let
sources = (import ./sources.nix) { inherit fetchFromGitHub; };
in
buildGoModule {
inherit (sources) pname version src;
modRoot = "src/hockeypuck/";
vendorSha256 = null;
doCheck = false; # Uses networking for tests
passthru.tests = nixosTests.hockeypuck;
meta = with lib; {
description = "OpenPGP Key Server";
homepage = "https://github.com/hockeypuck/hockeypuck";
license = licenses.agpl3Plus;
maintainers = [ maintainers.etu ];
};
}

View file

@ -0,0 +1,16 @@
{ fetchFromGitHub }:
let
pname = "hockeypuck";
version = "2.1.0";
in
{
inherit version pname;
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = version;
sha256 = "0da3ffbqck0dr7d89gy2yillp7g9a4ziyjlvrm8vgkkg2fs8dlb1";
};
}

View file

@ -0,0 +1,28 @@
{ stdenv, lib, fetchFromGitHub, nixosTests }:
let
sources = (import ./sources.nix) { inherit fetchFromGitHub; };
in
stdenv.mkDerivation {
pname = "${sources.pname}-web";
inherit (sources) version src;
dontBuild = true; # We should just copy the web templates
installPhase = ''
mkdir -p $out/share/
cp -vr contrib/webroot $out/share/
cp -vr contrib/templates $out/share/
'';
passthru.tests = nixosTests.hockeypuck;
meta = with lib; {
description = "OpenPGP Key Server web resources";
homepage = "https://github.com/hockeypuck/hockeypuck";
license = licenses.gpl3Plus;
maintainers = [ maintainers.etu ];
};
}

View file

@ -28,16 +28,16 @@
rustPlatform.buildRustPackage rec {
pname = "vector";
version = "0.14.0";
version = "0.15.0";
src = fetchFromGitHub {
owner = "timberio";
repo = pname;
rev = "v${version}";
sha256 = "sha256-wtihrR19jMJ7Kgvy6XBzOUrC/WKNVl2MVx4lWgXYlvg=";
sha256 = "sha256-8ZsZyV6zlMiNTVYPwqQi7F1OJ4hV33IqrrGkvUb8JaY=";
};
cargoSha256 = "sha256-VYIzAqh5Xxmn1koxhh+UDb2G3WS2UVXffuBY7h5Kr7A=";
cargoSha256 = "sha256-t6KeyBwIfCQTfaennFiFX3K+8unFOsduBP7nRbAo9wI=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ oniguruma openssl protobuf rdkafka zstd ]
++ lib.optional stdenv.isDarwin [ Security libiconv coreutils CoreServices ];

View file

@ -5821,6 +5821,10 @@ in
lua = lua5;
});
hockeypuck = callPackage ../servers/hockeypuck/server.nix { };
hockeypuck-web = callPackage ../servers/hockeypuck/web.nix { };
holochain-go = callPackage ../servers/holochain-go { };
homesick = callPackage ../tools/misc/homesick { };