From 290aeb344f27a40c50b534c43f18484b48b29102 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Sat, 17 Jul 2021 18:57:35 -0700 Subject: [PATCH 01/11] buildLinux: pass buildPackages to linuxManualConfig We should be using the _same_ buildPackages when we generate the configuration (which happens in buildLinux) as when we actually build the kernel (which happens in linuxManualConfig). This change enforces that when we callPackage `manual-config.nix` we pass on whatever `buildPackages` that `buildLinux` itself was called with. --- pkgs/os-specific/linux/kernel/generic.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index aa0f19858b84..598dac90babe 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -179,7 +179,7 @@ let }; }; # end of configfile derivation - kernel = (callPackage ./manual-config.nix {}) { + kernel = (callPackage ./manual-config.nix { inherit buildPackages; }) { inherit version modDirVersion src kernelPatches randstructSeed lib stdenv extraMakeFlags extraMeta configfile; config = { CONFIG_MODULES = "y"; CONFIG_FW_LOADER = "m"; }; From ba3c94ddde8366ef6d0acf3358ea03d54d4f99c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=22Jan=20van=20Br=C3=BCgge=22?= <"supermanitu@gmail.com"> Date: Sun, 18 Jul 2021 20:08:51 +0200 Subject: [PATCH 02/11] vimPlugins: update --- pkgs/misc/vim-plugins/generated.nix | 64 ++++++++++++++--------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/pkgs/misc/vim-plugins/generated.nix b/pkgs/misc/vim-plugins/generated.nix index a38ed64540f5..0b1fff6a2f33 100644 --- a/pkgs/misc/vim-plugins/generated.nix +++ b/pkgs/misc/vim-plugins/generated.nix @@ -425,12 +425,12 @@ final: prev: chadtree = buildVimPluginFrom2Nix { pname = "chadtree"; - version = "2021-07-17"; + version = "2021-07-18"; src = fetchFromGitHub { owner = "ms-jpq"; repo = "chadtree"; - rev = "fa78312b378a7d3a6cb1222d1df05c28238f888b"; - sha256 = "05j42c3h374hyqqb5m7dddyh4sn08cw64nji3fnv3rk63gm2r4if"; + rev = "384925e0cfa87a27387357cab144fbf392e21f61"; + sha256 = "01bg8h7276nidrgdgz6asvksi3m0g6jf8aw9bp0d4ng6s0gdfps2"; }; meta.homepage = "https://github.com/ms-jpq/chadtree/"; }; @@ -3144,12 +3144,12 @@ final: prev: neogit = buildVimPluginFrom2Nix { pname = "neogit"; - version = "2021-07-14"; + version = "2021-07-18"; src = fetchFromGitHub { owner = "TimUntersberger"; repo = "neogit"; - rev = "bf148e2534097988e61ed334edaf31b67134369b"; - sha256 = "157k4gbs0r92zwm41hh40gqxc9774g05ngan936ivnnfg5j9igsg"; + rev = "ee83d4fa8ac946e5e0064e65a5276e1ea030ae28"; + sha256 = "0mrydz0xl2yqgsp1nsz4p55mjhx7x7z7pahcq3y5mzzla687dnqg"; }; meta.homepage = "https://github.com/TimUntersberger/neogit/"; }; @@ -3412,8 +3412,8 @@ final: prev: src = fetchFromGitHub { owner = "shaunsingh"; repo = "nord.nvim"; - rev = "44ae0a84087135e23fb5a90c9726f8b161277652"; - sha256 = "0zhv06arl7x3wx20r26v3vc1i4909h657syrqbyh5k93n1hmc21j"; + rev = "02a07af329b9cb42187a2dd74aef8563f5957bfc"; + sha256 = "10yzlv3433dfdm5n1q8r4yzwx0h73nd81w60fqkfx4cl4l7l9085"; }; meta.homepage = "https://github.com/shaunsingh/nord.nvim/"; }; @@ -3804,12 +3804,12 @@ final: prev: nvim-treesitter = buildVimPluginFrom2Nix { pname = "nvim-treesitter"; - version = "2021-07-14"; + version = "2021-07-18"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter"; - rev = "d779ee79f0426711f84b770bf6ff4afda4f41c1e"; - sha256 = "0svnb4fsqsjhlqcikq0kgrwyrqfqplgvx93mhw1qhpmwfbgqn6vi"; + rev = "9144ea1107ed5aaf250bffafc1f0f32fb97cce47"; + sha256 = "05apxyy0xg6llskigirglb4a73ay8cdaw2rckl2g3d6j8ry9dkc4"; }; meta.homepage = "https://github.com/nvim-treesitter/nvim-treesitter/"; }; @@ -5129,12 +5129,12 @@ final: prev: telescope-nvim = buildVimPluginFrom2Nix { pname = "telescope-nvim"; - version = "2021-07-17"; + version = "2021-07-18"; src = fetchFromGitHub { owner = "nvim-telescope"; repo = "telescope.nvim"; - rev = "5b597e7709eec08331ce71b45193117f6fb5626b"; - sha256 = "1lwr3gayqj6h0ha749p5dfgihjlqydgaidcnblcvvj8vi10ick35"; + rev = "8c3f2b630be0241fe10709e61ee9dab473518f32"; + sha256 = "1yd1kkdp8baxrhkfsg0j0dpkprxvwi0r4xljjcdln7rpr2r0lm82"; }; meta.homepage = "https://github.com/nvim-telescope/telescope.nvim/"; }; @@ -5262,12 +5262,12 @@ final: prev: traces-vim = buildVimPluginFrom2Nix { pname = "traces-vim"; - version = "2021-06-16"; + version = "2021-07-18"; src = fetchFromGitHub { owner = "markonm"; repo = "traces.vim"; - rev = "e36a2e45791ef9078de781a781fec70e160044b0"; - sha256 = "1qndaqs38mgkl15n895nzjc98h2cy4gjgr3r72cpwhn9qmzhi5zc"; + rev = "360361b093d21531c0781c5c4a61a1e6cb3edfac"; + sha256 = "052kbzx2rqpw5mhh6w1zcj5il642w1a2wi6w4nbcw7scj4gq85pd"; }; meta.homepage = "https://github.com/markonm/traces.vim/"; }; @@ -5706,12 +5706,12 @@ final: prev: vim-airline = buildVimPluginFrom2Nix { pname = "vim-airline"; - version = "2021-07-11"; + version = "2021-07-18"; src = fetchFromGitHub { owner = "vim-airline"; repo = "vim-airline"; - rev = "4807a211cdfab3a5b5640111978ba301461c5ac1"; - sha256 = "1lrx54cfd9x6dx3kfz6x6jwakmkisj5y55s156fchdf83hsm967n"; + rev = "b861f9d2483a8b066f7b5b4dbae8990ff21455c5"; + sha256 = "0rz7p95ks4ymdwz7aqahc782msdz70qx25807cwvqh1gc9x887vq"; }; meta.homepage = "https://github.com/vim-airline/vim-airline/"; }; @@ -6786,12 +6786,12 @@ final: prev: vim-fugitive = buildVimPluginFrom2Nix { pname = "vim-fugitive"; - version = "2021-07-16"; + version = "2021-07-17"; src = fetchFromGitHub { owner = "tpope"; repo = "vim-fugitive"; - rev = "58516a13c623e6b21be6fed1f6067eed67005949"; - sha256 = "0gzdsp1gz1wpw8z47v3sr9b0ma41qnz0r4iiq0jr84srr3817zpl"; + rev = "de6495ae846b2c5913fa85d5464c036c0acdfa34"; + sha256 = "184cbh2jxwpp4zgvlfhs4qx1mr4vyq5vvv6lvk8lcng40dxfr9fg"; }; meta.homepage = "https://github.com/tpope/vim-fugitive/"; }; @@ -8349,12 +8349,12 @@ final: prev: vim-puppet = buildVimPluginFrom2Nix { pname = "vim-puppet"; - version = "2021-01-30"; + version = "2021-07-18"; src = fetchFromGitHub { owner = "rodjek"; repo = "vim-puppet"; - rev = "b282072eb145c7719319bee1963c33ad876b0cea"; - sha256 = "1m6zbyg5hh3rhwq36836ldwhgcsmh4bl0lz5g4nzpc2ch83crrn8"; + rev = "7bb7586896b7afe6e6f26bcbaf70ad8517d98018"; + sha256 = "1mqnawfpg23rwjp3zpz85s3dpspcl8zrh9dymv5p0pqbn27mlf5n"; }; meta.homepage = "https://github.com/rodjek/vim-puppet/"; }; @@ -8505,12 +8505,12 @@ final: prev: vim-ruby = buildVimPluginFrom2Nix { pname = "vim-ruby"; - version = "2021-07-07"; + version = "2021-07-18"; src = fetchFromGitHub { owner = "vim-ruby"; repo = "vim-ruby"; - rev = "0f603a17435f6b25614e70449304d38216d0e6e3"; - sha256 = "0dz4rmbifz5l03ch5rrnzb18j7kdwz1nkfz0lcvkwgxgjnrrhk15"; + rev = "482e2cec5a742920eddf644f2f1efcb15f03967c"; + sha256 = "18b3hhb1sfgip80dp7wicrsqs59narj49qlmpnfhsy29imsxzb72"; }; meta.homepage = "https://github.com/vim-ruby/vim-ruby/"; }; @@ -9250,12 +9250,12 @@ final: prev: vim-ultest = buildVimPluginFrom2Nix { pname = "vim-ultest"; - version = "2021-07-05"; + version = "2021-07-18"; src = fetchFromGitHub { owner = "rcarriga"; repo = "vim-ultest"; - rev = "43ec7b40a83fcde104d3e5e69a2c112f9dc52325"; - sha256 = "1q2rcqllip1raay9nj2cacn6vsairrywg7yxh783zf13n9bmr5vb"; + rev = "06f965a62c32906f220c37e7b758a275d6a992f6"; + sha256 = "0zgpp6g29n1kb0qi6n84i1d540g0xhw5bzj8kp5xsh5wlvn9h4fk"; }; meta.homepage = "https://github.com/rcarriga/vim-ultest/"; }; From fd2a90a1f6eb59875c2c01282534550886a07511 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20van=20Br=C3=BCgge?= Date: Sun, 18 Jul 2021 20:18:05 +0200 Subject: [PATCH 03/11] vimPlugins.vim-ormolu: init at 2020-11-25 --- pkgs/misc/vim-plugins/generated.nix | 12 ++++++++++++ pkgs/misc/vim-plugins/vim-plugin-names | 1 + 2 files changed, 13 insertions(+) diff --git a/pkgs/misc/vim-plugins/generated.nix b/pkgs/misc/vim-plugins/generated.nix index 0b1fff6a2f33..e6dd49198c92 100644 --- a/pkgs/misc/vim-plugins/generated.nix +++ b/pkgs/misc/vim-plugins/generated.nix @@ -8035,6 +8035,18 @@ final: prev: meta.homepage = "https://github.com/jceb/vim-orgmode/"; }; + vim-ormolu = buildVimPluginFrom2Nix { + pname = "vim-ormolu"; + version = "2020-11-25"; + src = fetchFromGitHub { + owner = "sdiehl"; + repo = "vim-ormolu"; + rev = "edbeb0135692345b088182963e9b229fe2235ac0"; + sha256 = "03srdix06dhz4b8g9akx448dw2rjbwj840xg7p9c5bq8kbmsjy8x"; + }; + meta.homepage = "https://github.com/sdiehl/vim-ormolu/"; + }; + vim-osc52 = buildVimPluginFrom2Nix { pname = "vim-osc52"; version = "2020-09-19"; diff --git a/pkgs/misc/vim-plugins/vim-plugin-names b/pkgs/misc/vim-plugins/vim-plugin-names index c639dcc4d1d9..1521ca5557f6 100644 --- a/pkgs/misc/vim-plugins/vim-plugin-names +++ b/pkgs/misc/vim-plugins/vim-plugin-names @@ -595,6 +595,7 @@ sakhnik/nvim-gdb saltstack/salt-vim samoshkin/vim-mergetool sbdchd/neoformat +sdiehl/vim-ormolu sebastianmarkow/deoplete-rust SevereOverfl0w/deoplete-github Shatur/neovim-ayu From af5d91db55372c9181cdfffeba32e8181ab96ec2 Mon Sep 17 00:00:00 2001 From: Elis Hirwing Date: Wed, 14 Jul 2021 20:28:10 +0200 Subject: [PATCH 04/11] hockeypuck: init at 2.1.0 --- pkgs/servers/hockeypuck/server.nix | 19 +++++++++++++++++++ pkgs/servers/hockeypuck/sources.nix | 16 ++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 3 files changed, 37 insertions(+) create mode 100644 pkgs/servers/hockeypuck/server.nix create mode 100644 pkgs/servers/hockeypuck/sources.nix diff --git a/pkgs/servers/hockeypuck/server.nix b/pkgs/servers/hockeypuck/server.nix new file mode 100644 index 000000000000..5a95f227832d --- /dev/null +++ b/pkgs/servers/hockeypuck/server.nix @@ -0,0 +1,19 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +let + sources = (import ./sources.nix) { inherit fetchFromGitHub; }; +in +buildGoModule { + inherit (sources) pname version src; + + modRoot = "src/hockeypuck/"; + vendorSha256 = null; + doCheck = false; # Uses networking for tests + + meta = with lib; { + description = "OpenPGP Key Server"; + homepage = "https://github.com/hockeypuck/hockeypuck"; + license = licenses.agpl3Plus; + maintainers = [ maintainers.etu ]; + }; +} diff --git a/pkgs/servers/hockeypuck/sources.nix b/pkgs/servers/hockeypuck/sources.nix new file mode 100644 index 000000000000..b504cd331410 --- /dev/null +++ b/pkgs/servers/hockeypuck/sources.nix @@ -0,0 +1,16 @@ +{ fetchFromGitHub }: + +let + pname = "hockeypuck"; + version = "2.1.0"; +in +{ + inherit version pname; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = version; + sha256 = "0da3ffbqck0dr7d89gy2yillp7g9a4ziyjlvrm8vgkkg2fs8dlb1"; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 52038e03e575..50652e2f9410 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5827,6 +5827,8 @@ in lua = lua5; }); + hockeypuck = callPackage ../servers/hockeypuck/server.nix { }; + holochain-go = callPackage ../servers/holochain-go { }; homesick = callPackage ../tools/misc/homesick { }; From c2e503530bf1c3aa3cb18a1752b2d1b97c690a37 Mon Sep 17 00:00:00 2001 From: Elis Hirwing Date: Sat, 17 Jul 2021 21:31:56 +0200 Subject: [PATCH 05/11] hockeypuck-web: init at 2.1.0 --- pkgs/servers/hockeypuck/web.nix | 26 ++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 28 insertions(+) create mode 100644 pkgs/servers/hockeypuck/web.nix diff --git a/pkgs/servers/hockeypuck/web.nix b/pkgs/servers/hockeypuck/web.nix new file mode 100644 index 000000000000..eda5317e8c41 --- /dev/null +++ b/pkgs/servers/hockeypuck/web.nix @@ -0,0 +1,26 @@ +{ stdenv, lib, fetchFromGitHub }: + +let + sources = (import ./sources.nix) { inherit fetchFromGitHub; }; +in +stdenv.mkDerivation { + pname = "${sources.pname}-web"; + + inherit (sources) version src; + + dontBuild = true; # We should just copy the web templates + + installPhase = '' + mkdir -p $out/share/ + + cp -vr contrib/webroot $out/share/ + cp -vr contrib/templates $out/share/ + ''; + + meta = with lib; { + description = "OpenPGP Key Server web resources"; + homepage = "https://github.com/hockeypuck/hockeypuck"; + license = licenses.gpl3Plus; + maintainers = [ maintainers.etu ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 50652e2f9410..fbdcd2b5a9e7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5829,6 +5829,8 @@ in hockeypuck = callPackage ../servers/hockeypuck/server.nix { }; + hockeypuck-web = callPackage ../servers/hockeypuck/web.nix { }; + holochain-go = callPackage ../servers/holochain-go { }; homesick = callPackage ../tools/misc/homesick { }; From 5e8e3b02bfeaa5e9811d5de312ead8b97f7d9150 Mon Sep 17 00:00:00 2001 From: Konrad Borowski Date: Sun, 18 Jul 2021 14:33:11 +0200 Subject: [PATCH 06/11] python3Packages.skytemple-files: 1.2.3 -> 1.2.4 --- pkgs/development/python-modules/skytemple-files/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/skytemple-files/default.nix b/pkgs/development/python-modules/skytemple-files/default.nix index 0df6419b526a..90fae07c475d 100644 --- a/pkgs/development/python-modules/skytemple-files/default.nix +++ b/pkgs/development/python-modules/skytemple-files/default.nix @@ -2,13 +2,13 @@ buildPythonPackage rec { pname = "skytemple-files"; - version = "1.2.3"; + version = "1.2.4"; src = fetchFromGitHub { owner = "SkyTemple"; repo = pname; rev = version; - sha256 = "sha256-/S0otBujwO/IMiLKgA2o8wlD6xk1/DpwOAfemojV9NU="; + sha256 = "1i3045bqg9h7kcx83nlrm1pmikfpi817n0gb8da29m3mqzk7lwws"; fetchSubmodules = true; }; From e949f1c73ce820d640be4a800a1a537d666c80b3 Mon Sep 17 00:00:00 2001 From: Konrad Borowski Date: Sun, 18 Jul 2021 14:34:01 +0200 Subject: [PATCH 07/11] python3Packages.skytemple-ssb-debugger: 1.2.4 -> 1.2.5 --- .../python-modules/skytemple-ssb-debugger/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/skytemple-ssb-debugger/default.nix b/pkgs/development/python-modules/skytemple-ssb-debugger/default.nix index 88ae80f7242a..745e2775985d 100644 --- a/pkgs/development/python-modules/skytemple-ssb-debugger/default.nix +++ b/pkgs/development/python-modules/skytemple-ssb-debugger/default.nix @@ -5,13 +5,13 @@ buildPythonPackage rec { pname = "skytemple-ssb-debugger"; - version = "1.2.4"; + version = "1.2.5"; src = fetchFromGitHub { owner = "SkyTemple"; repo = pname; rev = version; - sha256 = "0jmsli3wg386y0lxwddpwp1xqxsn2bsy4d1f7dyh0jjz8lqiz03i"; + sha256 = "0jkx75z8j03jfr9kzd40ip0fy24sfc7f2x430mf48xin272mc87q"; }; buildInputs = [ gobject-introspection gtk3 gtksourceview3 ]; From 3cabedec11f9100fe126dbe7d9e49f94e7c66af1 Mon Sep 17 00:00:00 2001 From: Konrad Borowski Date: Sun, 18 Jul 2021 14:38:26 +0200 Subject: [PATCH 08/11] skytemple: 1.2.3 -> 1.2.5 --- pkgs/applications/misc/skytemple/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/skytemple/default.nix b/pkgs/applications/misc/skytemple/default.nix index 0daaad2f2655..d341c9821996 100644 --- a/pkgs/applications/misc/skytemple/default.nix +++ b/pkgs/applications/misc/skytemple/default.nix @@ -2,13 +2,13 @@ python3Packages.buildPythonApplication rec { pname = "skytemple"; - version = "1.2.3"; + version = "1.2.5"; src = fetchFromGitHub { owner = "SkyTemple"; repo = pname; rev = version; - sha256 = "0l2c4qngv58j6zkp0va6m96zksx8gqn3mjc3isqybfnhjr6nd3v9"; + sha256 = "0780517gjc97wb2g67pwdv3fz3sqxm2ica1hdbrhqm4rfbnb28xr"; }; buildInputs = [ From 5972cc3119a847ef4d5bf65121c5809c70d66972 Mon Sep 17 00:00:00 2001 From: happysalada Date: Sun, 18 Jul 2021 13:01:22 +0900 Subject: [PATCH 09/11] vector: 0.14.0 -> 0.15.0 --- pkgs/tools/misc/vector/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/misc/vector/default.nix b/pkgs/tools/misc/vector/default.nix index e8c3ed7cbe9e..d9e454d4ab81 100644 --- a/pkgs/tools/misc/vector/default.nix +++ b/pkgs/tools/misc/vector/default.nix @@ -28,16 +28,16 @@ rustPlatform.buildRustPackage rec { pname = "vector"; - version = "0.14.0"; + version = "0.15.0"; src = fetchFromGitHub { owner = "timberio"; repo = pname; rev = "v${version}"; - sha256 = "sha256-wtihrR19jMJ7Kgvy6XBzOUrC/WKNVl2MVx4lWgXYlvg="; + sha256 = "sha256-8ZsZyV6zlMiNTVYPwqQi7F1OJ4hV33IqrrGkvUb8JaY="; }; - cargoSha256 = "sha256-VYIzAqh5Xxmn1koxhh+UDb2G3WS2UVXffuBY7h5Kr7A="; + cargoSha256 = "sha256-t6KeyBwIfCQTfaennFiFX3K+8unFOsduBP7nRbAo9wI="; nativeBuildInputs = [ pkg-config ]; buildInputs = [ oniguruma openssl protobuf rdkafka zstd ] ++ lib.optional stdenv.isDarwin [ Security libiconv coreutils CoreServices ]; From 09a49354b6dab9ea9807359ec3f7434b54730eab Mon Sep 17 00:00:00 2001 From: Elis Hirwing Date: Sun, 18 Jul 2021 08:49:36 +0200 Subject: [PATCH 10/11] nixos/hockeypuck: Add service for hockeypuck --- .../from_md/release-notes/rl-2111.section.xml | 7 ++ .../manual/release-notes/rl-2111.section.md | 2 + nixos/modules/module-list.nix | 1 + .../modules/services/security/hockeypuck.nix | 104 ++++++++++++++++++ 4 files changed, 114 insertions(+) create mode 100644 nixos/modules/services/security/hockeypuck.nix diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 7ebf6c0187a0..5b5f85148618 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -92,6 +92,13 @@ snapraid. + + + Hockeypuck, + a OpenPGP Key Server. Available as + services.hockeypuck. + +
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index a0ca0ca3d0ed..c1e2dadd6408 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -28,6 +28,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [snapraid](https://www.snapraid.it/), a backup program for disk arrays. Available as [snapraid](#opt-snapraid.enable). +- [Hockeypuck](https://github.com/hockeypuck/hockeypuck), a OpenPGP Key Server. Available as [services.hockeypuck](#opt-services.hockeypuck.enable). + ## Backward Incompatibilities {#sec-release-21.11-incompatibilities} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ad1bccd54289..13463359a66e 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -886,6 +886,7 @@ ./services/security/fprot.nix ./services/security/haka.nix ./services/security/haveged.nix + ./services/security/hockeypuck.nix ./services/security/hologram-server.nix ./services/security/hologram-agent.nix ./services/security/munge.nix diff --git a/nixos/modules/services/security/hockeypuck.nix b/nixos/modules/services/security/hockeypuck.nix new file mode 100644 index 000000000000..686634c8add8 --- /dev/null +++ b/nixos/modules/services/security/hockeypuck.nix @@ -0,0 +1,104 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.hockeypuck; + settingsFormat = pkgs.formats.toml { }; +in { + meta.maintainers = with lib.maintainers; [ etu ]; + + options.services.hockeypuck = { + enable = lib.mkEnableOption "Hockeypuck OpenPGP Key Server"; + + port = lib.mkOption { + default = 11371; + type = lib.types.port; + description = "HKP port to listen on."; + }; + + settings = lib.mkOption { + type = settingsFormat.type; + default = { }; + example = lib.literalExample '' + { + hockeypuck = { + loglevel = "INFO"; + logfile = "/var/log/hockeypuck/hockeypuck.log"; + indexTemplate = "''${pkgs.hockeypuck-web}/share/templates/index.html.tmpl"; + vindexTemplate = "''${pkgs.hockeypuck-web}/share/templates/index.html.tmpl"; + statsTemplate = "''${pkgs.hockeypuck-web}/share/templates/stats.html.tmpl"; + webroot = "''${pkgs.hockeypuck-web}/share/webroot"; + + hkp.bind = ":''${toString cfg.port}"; + + openpgp.db = { + driver = "postgres-jsonb"; + dsn = "database=hockeypuck host=/var/run/postgresql sslmode=disable"; + }; + }; + } + ''; + description = '' + Configuration file for hockeypuck, here you can override + certain settings (loglevel and + openpgp.db.dsn) by just setting those values. + + For other settings you need to use lib.mkForce to override them. + + This service doesn't provision or enable postgres on your + system, it rather assumes that you enable postgres and create + the database yourself. + + Example: + + services.postgresql = { + enable = true; + ensureDatabases = [ "hockeypuck" ]; + ensureUsers = [{ + name = "hockeypuck"; + ensurePermissions."DATABASE hockeypuck" = "ALL PRIVILEGES"; + }]; + }; + + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.hockeypuck.settings.hockeypuck = { + loglevel = lib.mkDefault "INFO"; + logfile = "/var/log/hockeypuck/hockeypuck.log"; + indexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl"; + vindexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl"; + statsTemplate = "${pkgs.hockeypuck-web}/share/templates/stats.html.tmpl"; + webroot = "${pkgs.hockeypuck-web}/share/webroot"; + + hkp.bind = ":${toString cfg.port}"; + + openpgp.db = { + driver = "postgres-jsonb"; + dsn = lib.mkDefault "database=hockeypuck host=/var/run/postgresql sslmode=disable"; + }; + }; + + users.users.hockeypuck = { + isSystemUser = true; + description = "Hockeypuck user"; + }; + + systemd.services.hockeypuck = { + description = "Hockeypuck OpenPGP Key Server"; + after = [ "network.target" "postgresql.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + WorkingDirectory = "/var/lib/hockeypuck"; + User = "hockeypuck"; + ExecStart = "${pkgs.hockeypuck}/bin/hockeypuck -config ${settingsFormat.generate "config.toml" cfg.settings}"; + Restart = "always"; + RestartSec = "5s"; + LogsDirectory = "hockeypuck"; + LogsDirectoryMode = "0755"; + StateDirectory = "hockeypuck"; + }; + }; + }; +} From f8b6ba005e8dc259a6ae065b1322bb879380aa57 Mon Sep 17 00:00:00 2001 From: Elis Hirwing Date: Sun, 18 Jul 2021 09:51:49 +0200 Subject: [PATCH 11/11] nixos/tests: Init hockeypuck tests --- nixos/tests/all-tests.nix | 1 + nixos/tests/hockeypuck.nix | 63 ++++++++++++++++++++++++++++++ pkgs/servers/hockeypuck/server.nix | 4 +- pkgs/servers/hockeypuck/web.nix | 4 +- 4 files changed, 70 insertions(+), 2 deletions(-) create mode 100644 nixos/tests/hockeypuck.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index fd502a473b10..746139c48169 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -174,6 +174,7 @@ in hitch = handleTest ./hitch {}; hledger-web = handleTest ./hledger-web.nix {}; hocker-fetchdocker = handleTest ./hocker-fetchdocker {}; + hockeypuck = handleTest ./hockeypuck.nix { }; home-assistant = handleTest ./home-assistant.nix {}; hostname = handleTest ./hostname.nix {}; hound = handleTest ./hound.nix {}; diff --git a/nixos/tests/hockeypuck.nix b/nixos/tests/hockeypuck.nix new file mode 100644 index 000000000000..79313f314fd2 --- /dev/null +++ b/nixos/tests/hockeypuck.nix @@ -0,0 +1,63 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: +let + gpgKeyring = (pkgs.runCommandNoCC "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } '' + mkdir -p $out + export GNUPGHOME=$out + cat > foo <OpenPGP Keyserver" in response, "HTML title not found" + + # Copy the keyring + machine.succeed("cp -R ${gpgKeyring} /tmp/GNUPGHOME") + + # Extract our GPG key id + keyId = machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --list-keys | grep dsa1024 --after-context=1 | grep -v dsa1024").strip() + + # Send the key to our local keyserver + machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --keyserver hkp://127.0.0.1:11371 --send-keys " + keyId) + + # Recieve the key from our local keyserver to a separate directory + machine.succeed("GNUPGHOME=$(mktemp -d) gpg --keyserver hkp://127.0.0.1:11371 --recv-keys " + keyId) + ''; +}) diff --git a/pkgs/servers/hockeypuck/server.nix b/pkgs/servers/hockeypuck/server.nix index 5a95f227832d..cf48fd5716c9 100644 --- a/pkgs/servers/hockeypuck/server.nix +++ b/pkgs/servers/hockeypuck/server.nix @@ -1,4 +1,4 @@ -{ lib, buildGoModule, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub, nixosTests }: let sources = (import ./sources.nix) { inherit fetchFromGitHub; }; @@ -10,6 +10,8 @@ buildGoModule { vendorSha256 = null; doCheck = false; # Uses networking for tests + passthru.tests = nixosTests.hockeypuck; + meta = with lib; { description = "OpenPGP Key Server"; homepage = "https://github.com/hockeypuck/hockeypuck"; diff --git a/pkgs/servers/hockeypuck/web.nix b/pkgs/servers/hockeypuck/web.nix index eda5317e8c41..32f2b1acd22e 100644 --- a/pkgs/servers/hockeypuck/web.nix +++ b/pkgs/servers/hockeypuck/web.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub }: +{ stdenv, lib, fetchFromGitHub, nixosTests }: let sources = (import ./sources.nix) { inherit fetchFromGitHub; }; @@ -17,6 +17,8 @@ stdenv.mkDerivation { cp -vr contrib/templates $out/share/ ''; + passthru.tests = nixosTests.hockeypuck; + meta = with lib; { description = "OpenPGP Key Server web resources"; homepage = "https://github.com/hockeypuck/hockeypuck";