···

       
6186
       
6186
       
 
       
    github = "meutraa";

     

       
6187
       
6187
       
 
       
    githubId = 68550871;

     

       
6188
       
6188
       
 
       
  };

     

       
6189
       
6189
       
+
       
  mephistophiles = {

     

       
6190
       
6190
       
+
       
    email = "mussitantesmortem@gmail.com";

     

       
6191
       
6191
       
+
       
    name = "Maxim Zhukov";

     

       
6192
       
6192
       
+
       
    github = "Mephistophiles";

     

       
6193
       
6193
       
+
       
    githubId = 4850908;

     

       
6194
       
6194
       
+
       
  };

     

       
6189
       
6195
       
 
       
  mfossen = {

     

       
6190
       
6196
       
 
       
    email = "msfossen@gmail.com";

     

       
6191
       
6197
       
 
       
    github = "mfossen";

     

···

       
24
       
24
       
 
       
    </para>

     

       
25
       
25
       
 
       
   </listitem>

     

       
26
       
26
       
 
       
   <listitem>

     

       
27
       
27
       
+
       
    <para>The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.</para>

     

       
28
       
28
       
+
       
   </listitem>

     

       
29
       
29
       
+
       
   <listitem>

     

       
27
       
30
       
 
       
    <para>GNOME desktop environment was upgraded to 3.38, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">release notes</link>.</para>

     

       
28
       
31
       
 
       
   </listitem>

     

       
29
       
32
       
 
       
   <listitem>

     

···

       
49
       
49
       
 
       
        rt5677-firmware

     

       
50
       
50
       
 
       
        rtl8723bs-firmware

     

       
51
       
51
       
 
       
        rtl8761b-firmware

     

       
52
       
52
       
-
       
        rtlwifi_new-firmware

     

       
52
       
52
       
+
       
        rtw88-firmware

     

       
53
       
53
       
 
       
        zd1211fw

     

       
54
       
54
       
 
       
        alsa-firmware

     

       
55
       
55
       
 
       
        sof-firmware

     

···

       
949
       
949
       
 
       
  ./services/web-servers/nginx/default.nix

     

       
950
       
950
       
 
       
  ./services/web-servers/nginx/gitweb.nix

     

       
951
       
951
       
 
       
  ./services/web-servers/phpfpm/default.nix

     

       
952
       
952
       
+
       
  ./services/web-servers/pomerium.nix

     

       
952
       
953
       
 
       
  ./services/web-servers/unit/default.nix

     

       
953
       
954
       
 
       
  ./services/web-servers/shellinabox.nix

     

       
954
       
955
       
 
       
  ./services/web-servers/tomcat.nix

     

···

       
1
       
1
       
+
       
{ config, lib, pkgs, ... }:

     

       
2
       
2
       
+
       


     

       
3
       
3
       
+
       
with lib;

     

       
4
       
4
       
+
       


     

       
5
       
5
       
+
       
let

     

       
6
       
6
       
+
       
  format = pkgs.formats.yaml {};

     

       
7
       
7
       
+
       
in

     

       
8
       
8
       
+
       
{

     

       
9
       
9
       
+
       
  options.services.pomerium = {

     

       
10
       
10
       
+
       
    enable = mkEnableOption "the Pomerium authenticating reverse proxy";

     

       
11
       
11
       
+
       


     

       
12
       
12
       
+
       
    configFile = mkOption {

     

       
13
       
13
       
+
       
      type = with types; nullOr path;

     

       
14
       
14
       
+
       
      default = null;

     

       
15
       
15
       
+
       
      description = "Path to Pomerium config YAML. If set, overrides services.pomerium.settings.";

     

       
16
       
16
       
+
       
    };

     

       
17
       
17
       
+
       


     

       
18
       
18
       
+
       
    useACMEHost = mkOption {

     

       
19
       
19
       
+
       
      type = with types; nullOr str;

     

       
20
       
20
       
+
       
      default = null;

     

       
21
       
21
       
+
       
      description = ''

     

       
22
       
22
       
+
       
        If set, use a NixOS-generated ACME certificate with the specified name.

     

       
23
       
23
       
+
       


     

       
24
       
24
       
+
       
        Note that this will require you to use a non-HTTP-based challenge, or

     

       
25
       
25
       
+
       
        disable Pomerium's in-built HTTP redirect server by setting

     

       
26
       
26
       
+
       
        http_redirect_addr to null and use a different HTTP server for serving

     

       
27
       
27
       
+
       
        the challenge response.

     

       
28
       
28
       
+
       


     

       
29
       
29
       
+
       
        If you're using an HTTP-based challenge, you should use the

     

       
30
       
30
       
+
       
        Pomerium-native autocert option instead.

     

       
31
       
31
       
+
       
      '';

     

       
32
       
32
       
+
       
    };

     

       
33
       
33
       
+
       


     

       
34
       
34
       
+
       
    settings = mkOption {

     

       
35
       
35
       
+
       
      description = ''

     

       
36
       
36
       
+
       
        The contents of Pomerium's config.yaml, in Nix expressions.

     

       
37
       
37
       
+
       


     

       
38
       
38
       
+
       
        Specifying configFile will override this in its entirety.

     

       
39
       
39
       
+
       


     

       
40
       
40
       
+
       
        See <link xlink:href="https://pomerium.io/reference/">the Pomerium

     

       
41
       
41
       
+
       
        configuration reference</link> for more information about what to put

     

       
42
       
42
       
+
       
        here.

     

       
43
       
43
       
+
       
      '';

     

       
44
       
44
       
+
       
      default = {};

     

       
45
       
45
       
+
       
      type = format.type;

     

       
46
       
46
       
+
       
    };

     

       
47
       
47
       
+
       


     

       
48
       
48
       
+
       
    secretsFile = mkOption {

     

       
49
       
49
       
+
       
      type = with types; nullOr path;

     

       
50
       
50
       
+
       
      default = null;

     

       
51
       
51
       
+
       
      description = ''

     

       
52
       
52
       
+
       
        Path to file containing secrets for Pomerium, in systemd

     

       
53
       
53
       
+
       
        EnvironmentFile format. See the systemd.exec(5) man page.

     

       
54
       
54
       
+
       
      '';

     

       
55
       
55
       
+
       
    };

     

       
56
       
56
       
+
       
  };

     

       
57
       
57
       
+
       


     

       
58
       
58
       
+
       
  config = let

     

       
59
       
59
       
+
       
    cfg = config.services.pomerium;

     

       
60
       
60
       
+
       
    cfgFile = if cfg.configFile != null then cfg.configFile else (format.generate "pomerium.yaml" cfg.settings);

     

       
61
       
61
       
+
       
  in mkIf cfg.enable ({

     

       
62
       
62
       
+
       
    systemd.services.pomerium = {

     

       
63
       
63
       
+
       
      description = "Pomerium authenticating reverse proxy";

     

       
64
       
64
       
+
       
      wants = [ "network.target" ] ++ (optional (cfg.useACMEHost != null) "acme-finished-${cfg.useACMEHost}.target");

     

       
65
       
65
       
+
       
      after = [ "network.target" ] ++ (optional (cfg.useACMEHost != null) "acme-finished-${cfg.useACMEHost}.target");

     

       
66
       
66
       
+
       
      wantedBy = [ "multi-user.target" ];

     

       
67
       
67
       
+
       
      environment = optionalAttrs (cfg.useACMEHost != null) {

     

       
68
       
68
       
+
       
        CERTIFICATE_FILE = "fullchain.pem";

     

       
69
       
69
       
+
       
        CERTIFICATE_KEY_FILE = "key.pem";

     

       
70
       
70
       
+
       
      };

     

       
71
       
71
       
+
       
      startLimitIntervalSec = 60;

     

       
72
       
72
       
+
       


     

       
73
       
73
       
+
       
      serviceConfig = {

     

       
74
       
74
       
+
       
        DynamicUser = true;

     

       
75
       
75
       
+
       
        StateDirectory = [ "pomerium" ];

     

       
76
       
76
       
+
       
        ExecStart = "${pkgs.pomerium}/bin/pomerium -config ${cfgFile}";

     

       
77
       
77
       
+
       


     

       
78
       
78
       
+
       
        PrivateUsers = false;  # breaks CAP_NET_BIND_SERVICE

     

       
79
       
79
       
+
       
        MemoryDenyWriteExecute = false;  # breaks LuaJIT

     

       
80
       
80
       
+
       


     

       
81
       
81
       
+
       
        NoNewPrivileges = true;

     

       
82
       
82
       
+
       
        PrivateTmp = true;

     

       
83
       
83
       
+
       
        PrivateDevices = true;

     

       
84
       
84
       
+
       
        DevicePolicy = "closed";

     

       
85
       
85
       
+
       
        ProtectSystem = "strict";

     

       
86
       
86
       
+
       
        ProtectHome = true;

     

       
87
       
87
       
+
       
        ProtectControlGroups = true;

     

       
88
       
88
       
+
       
        ProtectKernelModules = true;

     

       
89
       
89
       
+
       
        ProtectKernelTunables = true;

     

       
90
       
90
       
+
       
        ProtectKernelLogs = true;

     

       
91
       
91
       
+
       
        RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";

     

       
92
       
92
       
+
       
        RestrictNamespaces = true;

     

       
93
       
93
       
+
       
        RestrictRealtime = true;

     

       
94
       
94
       
+
       
        RestrictSUIDSGID = true;

     

       
95
       
95
       
+
       
        LockPersonality = true;

     

       
96
       
96
       
+
       
        SystemCallArchitectures = "native";

     

       
97
       
97
       
+
       


     

       
98
       
98
       
+
       
        EnvironmentFile = cfg.secretsFile;

     

       
99
       
99
       
+
       
        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];

     

       
100
       
100
       
+
       
        CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];

     

       
101
       
101
       
+
       


     

       
102
       
102
       
+
       
        WorkingDirectory = mkIf (cfg.useACMEHost != null) "$CREDENTIALS_DIRECTORY";

     

       
103
       
103
       
+
       
        LoadCredential = optionals (cfg.useACMEHost != null) [

     

       
104
       
104
       
+
       
          "fullchain.pem:/var/lib/acme/${cfg.useACMEHost}/fullchain.pem"

     

       
105
       
105
       
+
       
          "key.pem:/var/lib/acme/${cfg.useACMEHost}/key.pem"

     

       
106
       
106
       
+
       
        ];

     

       
107
       
107
       
+
       
      };

     

       
108
       
108
       
+
       
    };

     

       
109
       
109
       
+
       


     

       
110
       
110
       
+
       
    # postRun hooks on cert renew can't be used to restart Nginx since renewal

     

       
111
       
111
       
+
       
    # runs as the unprivileged acme user. sslTargets are added to wantedBy + before

     

       
112
       
112
       
+
       
    # which allows the acme-finished-$cert.target to signify the successful updating

     

       
113
       
113
       
+
       
    # of certs end-to-end.

     

       
114
       
114
       
+
       
    systemd.services.pomerium-config-reload = mkIf (cfg.useACMEHost != null) {

     

       
115
       
115
       
+
       
      # TODO(lukegb): figure out how to make config reloading work with credentials.

     

       
116
       
116
       
+
       


     

       
117
       
117
       
+
       
      wantedBy = [ "acme-finished-${cfg.useACMEHost}.target" "multi-user.target" ];

     

       
118
       
118
       
+
       
      # Before the finished targets, after the renew services.

     

       
119
       
119
       
+
       
      before = [ "acme-finished-${cfg.useACMEHost}.target" ];

     

       
120
       
120
       
+
       
      after = [ "acme-${cfg.useACMEHost}.service" ];

     

       
121
       
121
       
+
       
      # Block reloading if not all certs exist yet.

     

       
122
       
122
       
+
       
      unitConfig.ConditionPathExists = [ "${certs.${cfg.useACMEHost}.directory}/fullchain.pem" ];

     

       
123
       
123
       
+
       
      serviceConfig = {

     

       
124
       
124
       
+
       
        Type = "oneshot";

     

       
125
       
125
       
+
       
        TimeoutSec = 60;

     

       
126
       
126
       
+
       
        ExecCondition = "/run/current-system/systemd/bin/systemctl -q is-active pomerium.service";

     

       
127
       
127
       
+
       
        ExecStart = "/run/current-system/systemd/bin/systemctl restart pomerium.service";

     

       
128
       
128
       
+
       
      };

     

       
129
       
129
       
+
       
    };

     

       
130
       
130
       
+
       
  });

     

       
131
       
131
       
+
       
}

     

···

       
319
       
319
       
 
       
  plikd = handleTest ./plikd.nix {};

     

       
320
       
320
       
 
       
  plotinus = handleTest ./plotinus.nix {};

     

       
321
       
321
       
 
       
  podman = handleTestOn ["x86_64-linux"] ./podman.nix {};

     

       
322
       
322
       
+
       
  pomerium = handleTestOn ["x86_64-linux"] ./pomerium.nix {};

     

       
322
       
323
       
 
       
  postfix = handleTest ./postfix.nix {};

     

       
323
       
324
       
 
       
  postfix-raise-smtpd-tls-security-level = handleTest ./postfix-raise-smtpd-tls-security-level.nix {};

     

       
324
       
325
       
 
       
  postgis = handleTest ./postgis.nix {};

     

···

       
1
       
1
       
+
       
import ./make-test-python.nix ({ pkgs, ... }: {

     

       
2
       
2
       
+
       
  name = "pomerium";

     

       
3
       
3
       
+
       
  meta = with pkgs.stdenv.lib.maintainers; {

     

       
4
       
4
       
+
       
    maintainers = [ lukegb ];

     

       
5
       
5
       
+
       
  };

     

       
6
       
6
       
+
       


     

       
7
       
7
       
+
       
  nodes = let base = myIP: { pkgs, lib, ... }: {

     

       
8
       
8
       
+
       
    virtualisation.vlans = [ 1 ];

     

       
9
       
9
       
+
       
    networking = {

     

       
10
       
10
       
+
       
      dhcpcd.enable = false;

     

       
11
       
11
       
+
       
      firewall.allowedTCPPorts = [ 80 443 ];

     

       
12
       
12
       
+
       
      hosts = {

     

       
13
       
13
       
+
       
        "192.168.1.1" = [ "pomerium" "pom-auth" ];

     

       
14
       
14
       
+
       
        "192.168.1.2" = [ "backend" "dummy-oidc" ];

     

       
15
       
15
       
+
       
      };

     

       
16
       
16
       
+
       
      interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [

     

       
17
       
17
       
+
       
        { address = myIP; prefixLength = 24; }

     

       
18
       
18
       
+
       
      ];

     

       
19
       
19
       
+
       
    };

     

       
20
       
20
       
+
       
  }; in {

     

       
21
       
21
       
+
       
    pomerium = { pkgs, lib, ... }: {

     

       
22
       
22
       
+
       
      imports = [ (base "192.168.1.1") ];

     

       
23
       
23
       
+
       
      services.pomerium = {

     

       
24
       
24
       
+
       
        enable = true;

     

       
25
       
25
       
+
       
        settings = {

     

       
26
       
26
       
+
       
          address = ":80";

     

       
27
       
27
       
+
       
          insecure_server = true;

     

       
28
       
28
       
+
       
          authenticate_service_url = "http://pom-auth";

     

       
29
       
29
       
+
       


     

       
30
       
30
       
+
       
          idp_provider = "oidc";

     

       
31
       
31
       
+
       
          idp_scopes = [ "oidc" ];

     

       
32
       
32
       
+
       
          idp_client_id = "dummy";

     

       
33
       
33
       
+
       
          idp_provider_url = "http://dummy-oidc";

     

       
34
       
34
       
+
       


     

       
35
       
35
       
+
       
          policy = [{

     

       
36
       
36
       
+
       
            from = "https://my.website";

     

       
37
       
37
       
+
       
            to = "http://192.168.1.2";

     

       
38
       
38
       
+
       
            allow_public_unauthenticated_access = true;

     

       
39
       
39
       
+
       
            preserve_host_header = true;

     

       
40
       
40
       
+
       
          } {

     

       
41
       
41
       
+
       
            from = "https://login.required";

     

       
42
       
42
       
+
       
            to = "http://192.168.1.2";

     

       
43
       
43
       
+
       
            allowed_domains = [ "my.domain" ];

     

       
44
       
44
       
+
       
            preserve_host_header = true;

     

       
45
       
45
       
+
       
          }];

     

       
46
       
46
       
+
       
        };

     

       
47
       
47
       
+
       
        secretsFile = pkgs.writeText "pomerium-secrets" ''

     

       
48
       
48
       
+
       
          # 12345678901234567890123456789012 in base64

     

       
49
       
49
       
+
       
          COOKIE_SECRET=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=

     

       
50
       
50
       
+
       
          IDP_CLIENT_SECRET=dummy

     

       
51
       
51
       
+
       
        '';

     

       
52
       
52
       
+
       
      };

     

       
53
       
53
       
+
       
    };

     

       
54
       
54
       
+
       
    backend = { pkgs, lib, ... }: {

     

       
55
       
55
       
+
       
      imports = [ (base "192.168.1.2") ];

     

       
56
       
56
       
+
       
      services.nginx.enable = true;

     

       
57
       
57
       
+
       
      services.nginx.virtualHosts."my.website" = {

     

       
58
       
58
       
+
       
        root = pkgs.runCommand "testdir" {} ''

     

       
59
       
59
       
+
       
          mkdir "$out"

     

       
60
       
60
       
+
       
          echo hello world > "$out/index.html"

     

       
61
       
61
       
+
       
        '';

     

       
62
       
62
       
+
       
      };

     

       
63
       
63
       
+
       
      services.nginx.virtualHosts."dummy-oidc" = {

     

       
64
       
64
       
+
       
        root = pkgs.runCommand "testdir" {} ''

     

       
65
       
65
       
+
       
          mkdir -p "$out/.well-known"

     

       
66
       
66
       
+
       
          cat <<EOF >"$out/.well-known/openid-configuration"

     

       
67
       
67
       
+
       
            {

     

       
68
       
68
       
+
       
              "issuer": "http://dummy-oidc",

     

       
69
       
69
       
+
       
              "authorization_endpoint": "http://dummy-oidc/auth.txt",

     

       
70
       
70
       
+
       
              "token_endpoint": "http://dummy-oidc/token",

     

       
71
       
71
       
+
       
              "jwks_uri": "http://dummy-oidc/jwks.json",

     

       
72
       
72
       
+
       
              "userinfo_endpoint": "http://dummy-oidc/userinfo",

     

       
73
       
73
       
+
       
              "id_token_signing_alg_values_supported": ["RS256"]

     

       
74
       
74
       
+
       
            }

     

       
75
       
75
       
+
       
          EOF

     

       
76
       
76
       
+
       
          echo hello I am login page >"$out/auth.txt"

     

       
77
       
77
       
+
       
        '';

     

       
78
       
78
       
+
       
      };

     

       
79
       
79
       
+
       
    };

     

       
80
       
80
       
+
       
  };

     

       
81
       
81
       
+
       


     

       
82
       
82
       
+
       
  testScript = { ... }: ''

     

       
83
       
83
       
+
       
    backend.wait_for_unit("nginx")

     

       
84
       
84
       
+
       
    backend.wait_for_open_port(80)

     

       
85
       
85
       
+
       


     

       
86
       
86
       
+
       
    pomerium.wait_for_unit("pomerium")

     

       
87
       
87
       
+
       
    pomerium.wait_for_open_port(80)

     

       
88
       
88
       
+
       


     

       
89
       
89
       
+
       
    with subtest("no authentication required"):

     

       
90
       
90
       
+
       
        pomerium.succeed(

     

       
91
       
91
       
+
       
            "curl --resolve my.website:80:127.0.0.1 http://my.website | grep -q 'hello world'"

     

       
92
       
92
       
+
       
        )

     

       
93
       
93
       
+
       


     

       
94
       
94
       
+
       
    with subtest("login required"):

     

       
95
       
95
       
+
       
        pomerium.succeed(

     

       
96
       
96
       
+
       
            "curl -I --resolve login.required:80:127.0.0.1 http://login.required | grep -q pom-auth"

     

       
97
       
97
       
+
       
        )

     

       
98
       
98
       
+
       
        pomerium.succeed(

     

       
99
       
99
       
+
       
            "curl -L --resolve login.required:80:127.0.0.1 http://login.required | grep -q 'hello I am login page'"

     

       
100
       
100
       
+
       
        )

     

       
101
       
101
       
+
       
  '';

     

       
102
       
102
       
+
       
})

     

···

       
19
       
19
       
 
       


     

       
20
       
20
       
 
       
stdenv.mkDerivation rec {

     

       
21
       
21
       
 
       
  pname = "pika-backup";

     

       
22
       
22
       
-
       
  version = "0.2.2";

     

       
22
       
22
       
+
       
  version = "0.2.3";

     

       
23
       
23
       
 
       


     

       
24
       
24
       
 
       
  src = fetchFromGitLab {

     

       
25
       
25
       
 
       
    domain = "gitlab.gnome.org";

     

       
26
       
26
       
 
       
    owner = "World";

     

       
27
       
27
       
 
       
    repo = "pika-backup";

     

       
28
       
28
       
 
       
    rev = "v${version}";

     

       
29
       
29
       
-
       
    sha256 = "16284gv31wdwmb99056962d1gh6xz26ami6synr47nsbbp5l0s6k";

     

       
29
       
29
       
+
       
    sha256 = "sha256-jy22eyuzM2y7vByT3TOlAUuTKtPepkB9iiHQT1YGQ88=";

     

       
30
       
30
       
 
       
  };

     

       
31
       
31
       
 
       


     

       
32
       
32
       
 
       
  cargoDeps = rustPlatform.fetchCargoTarball {

     

       
33
       
33
       
 
       
    inherit src;

     

       
34
       
34
       
 
       
    name = "${pname}-${version}";

     

       
35
       
35
       
-
       
    sha256 = "12ymjwpxx3sdna8w5j9fnwwfk8ynk9ziwl0lkpq68y0vyllln5an";

     

       
35
       
35
       
+
       
    sha256 = "1ndcpgw18w3l5f7vv5vw8lxhgd5y1zxfarwnyfx13m7kcv8m3vyj";

     

       
36
       
36
       
 
       
  };

     

       
37
       
37
       
 
       


     

       
38
       
38
       
 
       
  patches = [

     

···

       
1
       
1
       
+
       
{ lib, fetchurl, makeDesktopItem, appimageTools, imagemagick }:

     

       
2
       
2
       
+
       


     

       
3
       
3
       
+
       
let

     

       
4
       
4
       
+
       
  pname = "chain-desktop-wallet";

     

       
5
       
5
       
+
       
  version = "0.1.1";

     

       
6
       
6
       
+
       
  name = "${pname}-${version}";

     

       
7
       
7
       
+
       


     

       
8
       
8
       
+
       
  src = fetchurl {

     

       
9
       
9
       
+
       
    url = "https://github.com/crypto-com/${pname}/releases/download/v${version}/${name}-x86_64.AppImage";

     

       
10
       
10
       
+
       
    sha256 = "12076hf8dlz0hg1pb2ixwlslrh8gi6s1iawnvhnn6vz4jmjvq356";

     

       
11
       
11
       
+
       
  };

     

       
12
       
12
       
+
       


     

       
13
       
13
       
+
       
  appimageContents = appimageTools.extractType2 { inherit name src; };

     

       
14
       
14
       
+
       
in appimageTools.wrapType2 rec {

     

       
15
       
15
       
+
       
  inherit name src;

     

       
16
       
16
       
+
       


     

       
17
       
17
       
+
       
  extraInstallCommands = ''

     

       
18
       
18
       
+
       
    mv $out/bin/${name} $out/bin/${pname}

     

       
19
       
19
       
+
       
    install -m 444 -D ${appimageContents}/${pname}.desktop $out/share/applications/${pname}.desktop

     

       
20
       
20
       
+
       
    ${imagemagick}/bin/convert ${appimageContents}/${pname}.png -resize 512x512 ${pname}_512.png

     

       
21
       
21
       
+
       
    install -m 444 -D ${pname}_512.png $out/share/icons/hicolor/512x512/apps/${pname}.png

     

       
22
       
22
       
+
       
    substituteInPlace $out/share/applications/${pname}.desktop \

     

       
23
       
23
       
+
       
      --replace 'Exec=AppRun --no-sandbox %U' "Exec=$out/bin/${pname}"

     

       
24
       
24
       
+
       
  '';

     

       
25
       
25
       
+
       


     

       
26
       
26
       
+
       
  meta = with lib; {

     

       
27
       
27
       
+
       
    description = "Crypto.org Chain desktop wallet (Beta)";

     

       
28
       
28
       
+
       
    homepage = "https://github.com/crypto-com/chain-desktop-wallet";

     

       
29
       
29
       
+
       
    license = licenses.asl20;

     

       
30
       
30
       
+
       
    maintainers = with maintainers; [ th0rgal ];

     

       
31
       
31
       
+
       
    platforms = [ "x86_64-linux" ];

     

       
32
       
32
       
+
       
  };

     

       
33
       
33
       
+
       
}

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
 
       
  "stable": {

     

       
3
       
3
       
-
       
    "version": "89.0.4389.90",

     

       
4
       
4
       
-
       
    "sha256": "16i7bgk2jbcqs2p28nk5mlf0k6wah594pcsfm8b154nxbyf0iihi",

     

       
5
       
5
       
-
       
    "sha256bin64": "1hgpx7isp9krarj7jpbhs97ym4i9j9a1srywv9pdfzbhw6cid2pk",

     

       
3
       
3
       
+
       
    "version": "89.0.4389.114",

     

       
4
       
4
       
+
       
    "sha256": "007df9p78bbmk3iyfi8qn57mmn68qqrdhx6z8n2hl8ksd7lspw7j",

     

       
5
       
5
       
+
       
    "sha256bin64": "06wblyvyr93032fbzwm6qpzz4jjm6adziq4i4n6kmfdix2ajif8a",

     

       
6
       
6
       
 
       
    "deps": {

     

       
7
       
7
       
 
       
      "gn": {

     

       
8
       
8
       
 
       
        "version": "2021-01-07",

     

···

       
14
       
14
       
 
       


     

       
15
       
15
       
 
       
stdenv.mkDerivation rec {

     

       
16
       
16
       
 
       
  pname = "lagrange";

     

       
17
       
17
       
-
       
  version = "1.2.2";

     

       
17
       
17
       
+
       
  version = "1.3.0";

     

       
18
       
18
       
 
       


     

       
19
       
19
       
 
       
  src = fetchFromGitHub {

     

       
20
       
20
       
 
       
    owner = "skyjake";

     

       
21
       
21
       
 
       
    repo = "lagrange";

     

       
22
       
22
       
 
       
    rev = "v${version}";

     

       
23
       
23
       
-
       
    sha256 = "sha256-Y+BiXKxlUSZXaLcz75l333ZBkKyII9IyTmKQwjshBkE=";

     

       
23
       
23
       
+
       
    sha256 = "sha256-85KshJEL7ri10mSm/KgcT03WLEwRMMTGczb6mGx66Jw=";

     

       
24
       
24
       
 
       
    fetchSubmodules = true;

     

       
25
       
25
       
 
       
  };

     

       
26
       
26
       
 
       


     

···

       
26
       
26
       
 
       
, libuuid

     

       
27
       
27
       
 
       
, libxcb

     

       
28
       
28
       
 
       
, libxkbcommon

     

       
29
       
29
       
+
       
, libxshmfence

     

       
29
       
30
       
 
       
, mesa

     

       
30
       
31
       
 
       
, nspr

     

       
31
       
32
       
 
       
, nss

     
···

       
117
       
118
       
 
       
      xorg.libXi

     

       
118
       
119
       
 
       
      xorg.libXrandr

     

       
119
       
120
       
 
       
      xorg.libXrender

     

       
121
       
121
       
+
       
      xorg.libxshmfence

     

       
120
       
122
       
 
       
      xorg.libXtst

     

       
121
       
123
       
 
       
      xorg.libxkbfile

     

       
122
       
124
       
 
       
    ] + ":${stdenv.cc.cc.lib}/lib64";

     

···

       
1
       
1
       
+
       
{ lib, rustPlatform, fetchFromGitHub }:

     

       
2
       
2
       
+
       


     

       
3
       
3
       
+
       
rustPlatform.buildRustPackage rec {

     

       
4
       
4
       
+
       
  pname = "i3-auto-layout";

     

       
5
       
5
       
+
       
  version = "0.2";

     

       
6
       
6
       
+
       


     

       
7
       
7
       
+
       
  src = fetchFromGitHub {

     

       
8
       
8
       
+
       
    owner = "chmln";

     

       
9
       
9
       
+
       
    repo = pname;

     

       
10
       
10
       
+
       
    rev = "v${version}";

     

       
11
       
11
       
+
       
    sha256 = "0ps08lga6qkgc8cgf5cx2lgwlqcnd2yazphh9xd2fznnzrllfxxz";

     

       
12
       
12
       
+
       
  };

     

       
13
       
13
       
+
       


     

       
14
       
14
       
+
       
  cargoSha256 = "1ch5mh515rlqmr65x96xcvrx6iaigqgjxc7sbwbznzkc5kmvwhc0";

     

       
15
       
15
       
+
       


     

       
16
       
16
       
+
       
  # Currently no tests are implemented, so we avoid building the package twice

     

       
17
       
17
       
+
       
  doCheck = false;

     

       
18
       
18
       
+
       


     

       
19
       
19
       
+
       
  meta = with lib; {

     

       
20
       
20
       
+
       
    description = "Automatic, optimal tiling for i3wm";

     

       
21
       
21
       
+
       
    homepage = "https://github.com/chmln/i3-auto-layout";

     

       
22
       
22
       
+
       
    license = licenses.mit;

     

       
23
       
23
       
+
       
    maintainers = with maintainers; [ mephistophiles ];

     

       
24
       
24
       
+
       
    platforms = platforms.linux;

     

       
25
       
25
       
+
       
  };

     

       
26
       
26
       
+
       
}

     

···

       
203
       
203
       
 
       
      qtvirtualkeyboard = callPackage ../modules/qtvirtualkeyboard.nix {};

     

       
204
       
204
       
 
       
      qtwayland = callPackage ../modules/qtwayland.nix {};

     

       
205
       
205
       
 
       
      qtwebchannel = callPackage ../modules/qtwebchannel.nix {};

     

       
206
       
206
       
-
       
      qtwebengine = callPackage ../modules/qtwebengine.nix {};

     

       
206
       
206
       
+
       
      qtwebengine = callPackage ../modules/qtwebengine.nix {

     

       
207
       
207
       
+
       
        inherit (srcs.qtwebengine) version;

     

       
208
       
208
       
+
       
      };

     

       
207
       
209
       
 
       
      qtwebglplugin = callPackage ../modules/qtwebglplugin.nix {};

     

       
208
       
210
       
 
       
      qtwebkit = callPackage ../modules/qtwebkit.nix {};

     

       
209
       
211
       
 
       
      qtwebsockets = callPackage ../modules/qtwebsockets.nix {};

     

···

       
17
       
17
       
 
       
, cups, darwin, openbsm, runCommand, xcbuild, writeScriptBin

     

       
18
       
18
       
 
       
, ffmpeg_3 ? null

     

       
19
       
19
       
 
       
, lib, stdenv, fetchpatch

     

       
20
       
20
       
+
       
, version ? null

     

       
20
       
21
       
 
       
, qtCompatVersion

     

       
21
       
22
       
 
       
}:

     

       
22
       
23
       
 
       


     
···

       
230
       
231
       
 
       
    [Paths]

     

       
231
       
232
       
 
       
    Prefix = ..

     

       
232
       
233
       
 
       
    EOF

     

       
234
       
234
       
+
       
  '' + lib.optionalString (lib.versions.majorMinor qtCompatVersion == "5.15") ''

     

       
235
       
235
       
+
       
    # Fix for out-of-sync QtWebEngine and Qt releases (since 5.15.3)

     

       
236
       
236
       
+
       
    sed 's/${lib.head (lib.splitString "-" version)} /${qtCompatVersion} /' -i "$out"/lib/cmake/*/*Config.cmake

     

       
233
       
237
       
 
       
  '';

     

       
234
       
238
       
 
       


     

       
235
       
239
       
 
       
  meta = with lib; {

     

···

       
1
       
1
       
+
       
{ lib, stdenv, fetchFromGitHub

     

       
2
       
2
       
+
       
, cmake, pkg-config

     

       
3
       
3
       
+
       
, withZlibCompat ? false

     

       
4
       
4
       
+
       
}:

     

       
5
       
5
       
+
       


     

       
6
       
6
       
+
       
stdenv.mkDerivation rec {

     

       
7
       
7
       
+
       
  pname = "zlib-ng";

     

       
8
       
8
       
+
       
  version = "2.0.2";

     

       
9
       
9
       
+
       


     

       
10
       
10
       
+
       
  src = fetchFromGitHub {

     

       
11
       
11
       
+
       
    owner = "zlib-ng";

     

       
12
       
12
       
+
       
    repo = "zlib-ng";

     

       
13
       
13
       
+
       
    rev = version;

     

       
14
       
14
       
+
       
    sha256 = "1cl6asrav2512j7p02zcpibywjljws0m7aazvb3q2r9qiyvyswji";

     

       
15
       
15
       
+
       
  };

     

       
16
       
16
       
+
       


     

       
17
       
17
       
+
       
  outputs = [ "out" "dev" "bin" ];

     

       
18
       
18
       
+
       


     

       
19
       
19
       
+
       
  nativeBuildInputs = [ cmake pkg-config ];

     

       
20
       
20
       
+
       


     

       
21
       
21
       
+
       
  cmakeFlags = [

     

       
22
       
22
       
+
       
    "-DCMAKE_INSTALL_PREFIX=/"

     

       
23
       
23
       
+
       
    "-DBUILD_SHARED_LIBS=ON"

     

       
24
       
24
       
+
       
    "-DINSTALL_UTILS=ON"

     

       
25
       
25
       
+
       
  ] ++ lib.optionals withZlibCompat [ "-DZLIB_COMPAT=ON" ];

     

       
26
       
26
       
+
       


     

       
27
       
27
       
+
       
  meta = with lib; {

     

       
28
       
28
       
+
       
    description = "zlib data compression library for the next generation systems";

     

       
29
       
29
       
+
       
    homepage    = "https://github.com/zlib-ng/zlib-ng";

     

       
30
       
30
       
+
       
    license     = licenses.zlib;

     

       
31
       
31
       
+
       
    platforms   = platforms.all;

     

       
32
       
32
       
+
       
    maintainers = with maintainers; [ izorkin ];

     

       
33
       
33
       
+
       
  };

     

       
34
       
34
       
+
       
}

     

···

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
buildPythonPackage rec {

     

       
15
       
15
       
 
       
  pname = "boto3";

     

       
16
       
16
       
-
       
  version = "1.17.40"; # N.B: if you change this, change botocore and awscli to a matching version

     

       
16
       
16
       
+
       
  version = "1.17.41"; # N.B: if you change this, change botocore and awscli to a matching version

     

       
17
       
17
       
 
       


     

       
18
       
18
       
 
       
  src = fetchPypi {

     

       
19
       
19
       
 
       
    inherit pname version;

     

       
20
       
20
       
-
       
    sha256 = "sha256-7pmbRrLGMOUOewUtbf4iQgOjSNg7AOFoylAAmvDydsE=";

     

       
20
       
20
       
+
       
    sha256 = "sha256-2FsOBdfelhabACS3aykr5isB729cqFOlElBjRrgtKrs=";

     

       
21
       
21
       
 
       
  };

     

       
22
       
22
       
 
       


     

       
23
       
23
       
 
       
  propagatedBuildInputs = [ botocore jmespath s3transfer ] ++ lib.optionals (!isPy3k) [ futures ];

     

···

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
buildPythonPackage rec {

     

       
15
       
15
       
 
       
  pname = "botocore";

     

       
16
       
16
       
-
       
  version = "1.20.40"; # N.B: if you change this, change boto3 and awscli to a matching version

     

       
16
       
16
       
+
       
  version = "1.20.41"; # N.B: if you change this, change boto3 and awscli to a matching version

     

       
17
       
17
       
 
       


     

       
18
       
18
       
 
       
  src = fetchPypi {

     

       
19
       
19
       
 
       
    inherit pname version;

     

       
20
       
20
       
-
       
    sha256 = "sha256-ajWpl3zb16g52UjdX549JgwZt93nTgqETJcgaITTu6A=";

     

       
20
       
20
       
+
       
    sha256 = "sha256-Y/ZQ/Ja84UHoGUp2HmiQ/qL7puASU676Ma5p8UUBXCE=";

     

       
21
       
21
       
 
       
  };

     

       
22
       
22
       
 
       


     

       
23
       
23
       
 
       
  propagatedBuildInputs = [

     

···

       
10
       
10
       
 
       
, protobuf3-to-dict

     

       
11
       
11
       
 
       
, smdebug-rulesconfig

     

       
12
       
12
       
 
       
, pandas

     

       
13
       
13
       
+
       
, packaging

     

       
13
       
14
       
 
       
}:

     

       
14
       
15
       
 
       


     

       
15
       
16
       
 
       
buildPythonPackage rec {

     
···

       
32
       
33
       
 
       
    google-pasta

     

       
33
       
34
       
 
       
    importlib-metadata

     

       
34
       
35
       
 
       
    numpy

     

       
36
       
36
       
+
       
    packaging

     

       
35
       
37
       
 
       
    protobuf

     

       
36
       
38
       
 
       
    protobuf3-to-dict

     

       
37
       
39
       
 
       
    smdebug-rulesconfig

     

···

       
2
       
2
       
 
       


     

       
3
       
3
       
 
       
stdenv.mkDerivation rec {

     

       
4
       
4
       
 
       
  pname = "heroku";

     

       
5
       
5
       
-
       
  version = "7.47.11";

     

       
5
       
5
       
+
       
  version = "7.51.0";

     

       
6
       
6
       
 
       


     

       
7
       
7
       
 
       
  src = fetchurl {

     

       
8
       
8
       
 
       
    url = "https://cli-assets.heroku.com/heroku-v${version}/heroku-v${version}.tar.xz";

     

       
9
       
9
       
-
       
    sha256 = "1inf2radpkd9jndap91cw0wbb2qmi71i287vyydl492372cf3cs2";

     

       
9
       
9
       
+
       
    sha256 = "0wcqk4iy4r57k6fd6l0732yp5mclqfla1lfvx96ay45jnhh7rknx";

     

       
10
       
10
       
 
       
  };

     

       
11
       
11
       
 
       


     

       
12
       
12
       
 
       
  nativeBuildInputs = [ makeWrapper ];

     

···

       
2
       
2
       
 
       


     

       
3
       
3
       
 
       
let

     

       
4
       
4
       
 
       


     

       
5
       
5
       
-
       
  major = "2020";

     

       
6
       
6
       
-
       
  minor = "11";

     

       
7
       
7
       
-
       
  patch = "23";

     

       
5
       
5
       
+
       
  major = "2021";

     

       
6
       
6
       
+
       
  minor = "03";

     

       
7
       
7
       
+
       
  patch.seriousproton = "30";

     

       
8
       
8
       
+
       
  patch.emptyepsilon = "31";

     

       
8
       
9
       
 
       


     

       
9
       
9
       
-
       
  version = "${major}.${minor}.${patch}";

     

       
10
       
10
       
+
       
  version.seriousproton = "${major}.${minor}.${patch.seriousproton}";

     

       
11
       
11
       
+
       
  version.emptyepsilon = "${major}.${minor}.${patch.emptyepsilon}";

     

       
10
       
12
       
 
       


     

       
11
       
13
       
 
       
  serious-proton = stdenv.mkDerivation {

     

       
12
       
14
       
 
       
    pname = "serious-proton";

     

       
13
       
13
       
-
       
    inherit version;

     

       
15
       
15
       
+
       
    version = version.seriousproton;

     

       
14
       
16
       
 
       


     

       
15
       
17
       
 
       
    src = fetchFromGitHub {

     

       
16
       
18
       
 
       
      owner = "daid";

     

       
17
       
19
       
 
       
      repo = "SeriousProton";

     

       
18
       
18
       
-
       
      rev = "EE-${version}";

     

       
19
       
19
       
-
       
      sha256 = "sha256-/gwJPlvvOCv5XIsiVgZ8Eb/7vgwG/V+s/soGVCfYrwo=";

     

       
20
       
20
       
+
       
      rev = "EE-${version.seriousproton}";

     

       
21
       
21
       
+
       
      sha256 = "sha256-wxb/CxJ/HKsVngeahjygZFPMMxitkHdVD0EQ3svxgIU=";

     

       
20
       
22
       
 
       
    };

     

       
21
       
23
       
 
       


     

       
22
       
24
       
 
       
    nativeBuildInputs = [ cmake ];

     
···

       
36
       
38
       
 
       


     

       
37
       
39
       
 
       
stdenv.mkDerivation {

     

       
38
       
40
       
 
       
  pname = "empty-epsilon";

     

       
39
       
39
       
-
       
  inherit version;

     

       
41
       
41
       
+
       
  version = version.emptyepsilon;

     

       
40
       
42
       
 
       


     

       
41
       
43
       
 
       
  src = fetchFromGitHub {

     

       
42
       
44
       
 
       
    owner = "daid";

     

       
43
       
45
       
 
       
    repo = "EmptyEpsilon";

     

       
44
       
44
       
-
       
    rev = "EE-${version}";

     

       
45
       
45
       
-
       
    sha256 = "sha256-HbF6xThR+ogNHbAcXF03DaBhwVhNEr5BJO7jeeVZH/o=";

     

       
46
       
46
       
+
       
    rev = "EE-${version.emptyepsilon}";

     

       
47
       
47
       
+
       
    sha256 = "sha256-x0XJPMU0prubTb4ti/W/dH5P9abNwbjqkeUhKQpct9o=";

     

       
46
       
48
       
 
       
  };

     

       
47
       
49
       
 
       


     

       
48
       
50
       
 
       
  nativeBuildInputs = [ cmake ];

     
···

       
50
       
52
       
 
       


     

       
51
       
53
       
 
       
  cmakeFlags = [

     

       
52
       
54
       
 
       
    "-DSERIOUS_PROTON_DIR=${serious-proton.src}"

     

       
53
       
53
       
-
       
    "-DCPACK_PACKAGE_VERSION=${version}"

     

       
55
       
55
       
+
       
    "-DCPACK_PACKAGE_VERSION=${version.emptyepsilon}"

     

       
54
       
56
       
 
       
    "-DCPACK_PACKAGE_VERSION_MAJOR=${major}"

     

       
55
       
57
       
 
       
    "-DCPACK_PACKAGE_VERSION_MINOR=${minor}"

     

       
56
       
56
       
-
       
    "-DCPACK_PACKAGE_VERSION_PATCH=${patch}"

     

       
58
       
58
       
+
       
    "-DCPACK_PACKAGE_VERSION_PATCH=${patch.emptyepsilon}"

     

       
57
       
59
       
 
       
  ];

     

       
58
       
60
       
 
       


     

       
59
       
61
       
 
       
  meta = with lib; {

     

···

       
106
       
106
       
 
       
    gst_all_1.gst-plugins-ugly

     

       
107
       
107
       
 
       
    gst_all_1.gst-plugins-base

     

       
108
       
108
       
 
       
    libdrm

     

       
109
       
109
       
+
       
    libxkbcommon # paradox launcher

     

       
109
       
110
       
 
       
    mono

     

       
110
       
111
       
 
       
    xorg.xkeyboardconfig

     

       
111
       
112
       
 
       
    xorg.libpciaccess

     
···

       
205
       
206
       
 
       
    libidn

     

       
206
       
207
       
 
       
    tbb

     

       
207
       
208
       
 
       
    wayland

     

       
208
       
208
       
-
       
    libxkbcommon

     

       
209
       
209
       
 
       


     

       
210
       
210
       
 
       
    # Other things from runtime

     

       
211
       
211
       
 
       
    flac

     

···

       
13
       
13
       
 
       
    },

     

       
14
       
14
       
 
       
    "5.10": {

     

       
15
       
15
       
 
       
        "extra": "-hardened1",

     

       
16
       
16
       
-
       
        "name": "linux-hardened-5.10.25-hardened1.patch",

     

       
17
       
17
       
-
       
        "sha256": "0d5fid229769frifr7g20ly553gxdqqvajfwyzqwjpr82jjzxlis",

     

       
18
       
18
       
-
       
        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.25-hardened1/linux-hardened-5.10.25-hardened1.patch"

     

       
16
       
16
       
+
       
        "name": "linux-hardened-5.10.26-hardened1.patch",

     

       
17
       
17
       
+
       
        "sha256": "08f4yks3fjv5zi85zbxa3aqfllb6nbr58hm6kchd83l6rknnix4r",

     

       
18
       
18
       
+
       
        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.26-hardened1/linux-hardened-5.10.26-hardened1.patch"

     

       
19
       
19
       
 
       
    },

     

       
20
       
20
       
 
       
    "5.11": {

     

       
21
       
21
       
 
       
        "extra": "-hardened1",

     

       
22
       
22
       
-
       
        "name": "linux-hardened-5.11.9-hardened1.patch",

     

       
23
       
23
       
-
       
        "sha256": "169jcalr81ckad08vx489h8j6k42s0rzxbpkr6knyrd7rv06ddk0",

     

       
24
       
24
       
-
       
        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.11.9-hardened1/linux-hardened-5.11.9-hardened1.patch"

     

       
22
       
22
       
+
       
        "name": "linux-hardened-5.11.10-hardened1.patch",

     

       
23
       
23
       
+
       
        "sha256": "16083fvl5km751dps7mzjc2fl1qp9jqnyn7lg8jlfxc8w32bbxwv",

     

       
24
       
24
       
+
       
        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.11.10-hardened1/linux-hardened-5.11.10-hardened1.patch"

     

       
25
       
25
       
 
       
    },

     

       
26
       
26
       
 
       
    "5.4": {

     

       
27
       
27
       
 
       
        "extra": "-hardened1",

     

···

       
3
       
3
       
 
       
with lib;

     

       
4
       
4
       
 
       


     

       
5
       
5
       
 
       
buildLinux (args // rec {

     

       
6
       
6
       
-
       
  version = "5.11.9";

     

       
6
       
6
       
+
       
  version = "5.11.10";

     

       
7
       
7
       
 
       


     

       
8
       
8
       
 
       
  # modDirVersion needs to be x.y.z, will automatically add .0 if needed

     

       
9
       
9
       
 
       
  modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;

     
···

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
  src = fetchurl {

     

       
15
       
15
       
 
       
    url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";

     

       
16
       
16
       
-
       
    sha256 = "0dcqn6s85sd4zl7rv8ay88p5z12xvy2rma0dx6g6b480rg68sxal";

     

       
16
       
16
       
+
       
    sha256 = "07fw48sy8p17jmm24x3rl99cwxiwhwjrxnmy3g542w9kzawaqwnk";

     

       
17
       
17
       
 
       
  };

     

       
18
       
18
       
 
       
} // (args.argsOverride or {}))

     

···

       
6
       
6
       
 
       
, ... } @ args:

     

       
7
       
7
       
 
       


     

       
8
       
8
       
 
       
let

     

       
9
       
9
       
-
       
  version = "5.10.21-rt34"; # updated by ./update-rt.sh

     

       
9
       
9
       
+
       
  version = "5.10.25-rt35"; # updated by ./update-rt.sh

     

       
10
       
10
       
 
       
  branch = lib.versions.majorMinor version;

     

       
11
       
11
       
 
       
  kversion = builtins.elemAt (lib.splitString "-" version) 0;

     

       
12
       
12
       
 
       
in buildLinux (args // {

     
···

       
18
       
18
       
 
       


     

       
19
       
19
       
 
       
  src = fetchurl {

     

       
20
       
20
       
 
       
    url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";

     

       
21
       
21
       
-
       
    sha256 = "1bz2gmyvpl4vsk0r6fsnh451fzvvfbv63rw8ia75gfv52vzyczwy";

     

       
21
       
21
       
+
       
    sha256 = "1p8s8vp5b6vjmvhj3plm0pr0d9qp5lrwm6l40a4bjr1vk9myf2lk";

     

       
22
       
22
       
 
       
  };

     

       
23
       
23
       
 
       


     

       
24
       
24
       
 
       
  kernelPatches = let rt-patch = {

     

       
25
       
25
       
 
       
    name = "rt";

     

       
26
       
26
       
 
       
    patch = fetchurl {

     

       
27
       
27
       
 
       
      url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";

     

       
28
       
28
       
-
       
      sha256 = "12c2qpifcgij7hilhd7xrnqaz04gqf41m93pmlm8cv4nxz58cy36";

     

       
28
       
28
       
+
       
      sha256 = "0kvawcyxg0xzhx73xs9g9s0hr7bs44sy4zvfzvcg2m9hdyafry0k";

     

       
29
       
29
       
 
       
    };

     

       
30
       
30
       
 
       
  }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches;

     

       
31
       
31
       
 
       


     

···

       
6
       
6
       
 
       
, go

     

       
7
       
7
       
 
       
, ninja

     

       
8
       
8
       
 
       
, python3

     

       
9
       
9
       
+
       
, nixosTests

     

       
9
       
10
       
 
       
}:

     

       
10
       
11
       
 
       


     

       
11
       
12
       
 
       
let

     
···

       
109
       
110
       
 
       
    "--cxxopt=-Wno-maybe-uninitialized"

     

       
110
       
111
       
 
       
    "--cxxopt=-Wno-uninitialized"

     

       
111
       
112
       
 
       
  ];

     

       
113
       
113
       
+
       


     

       
114
       
114
       
+
       
  passthru.tests = {

     

       
115
       
115
       
+
       
    # No tests for Envoy itself (yet), but it's tested as a core component of Pomerium.

     

       
116
       
116
       
+
       
    inherit (nixosTests) pomerium;

     

       
117
       
117
       
+
       
  };

     

       
112
       
118
       
 
       


     

       
113
       
119
       
 
       
  meta = with lib; {

     

       
114
       
120
       
 
       
    homepage = "https://envoyproxy.io";

     

···

       
1
       
1
       
 
       
{ callPackage, ... }@args:

     

       
2
       
2
       
 
       


     

       
3
       
3
       
 
       
callPackage ./generic.nix args {

     

       
4
       
4
       
-
       
  version = "1.19.8";

     

       
5
       
5
       
-
       
  sha256 = "01cb6hsaik1sfjihbrldmwrcn54gk4plfy350sl1b4rml6qik29h";

     

       
4
       
4
       
+
       
  version = "1.19.9";

     

       
5
       
5
       
+
       
  sha256 = "0hfqqyfgqa6wqazmb3d434nb3r5p8szfisa0m6nfh9lqdbqdyd9f";

     

       
6
       
6
       
 
       
}

     

···

       
1
       
1
       
+
       
{ buildGoModule

     

       
2
       
2
       
+
       
, fetchFromGitHub

     

       
3
       
3
       
+
       
, lib

     

       
4
       
4
       
+
       
, envoy

     

       
5
       
5
       
+
       
, zip

     

       
6
       
6
       
+
       
, nixosTests

     

       
7
       
7
       
+
       
}:

     

       
8
       
8
       
+
       


     

       
9
       
9
       
+
       
let

     

       
10
       
10
       
+
       
  inherit (lib) concatStringsSep mapAttrsToList;

     

       
11
       
11
       
+
       
in

     

       
12
       
12
       
+
       
buildGoModule rec {

     

       
13
       
13
       
+
       
  pname = "pomerium";

     

       
14
       
14
       
+
       
  version = "0.13.3";

     

       
15
       
15
       
+
       
  src = fetchFromGitHub {

     

       
16
       
16
       
+
       
    owner = "pomerium";

     

       
17
       
17
       
+
       
    repo = "pomerium";

     

       
18
       
18
       
+
       
    rev = "v${version}";

     

       
19
       
19
       
+
       
    hash = "sha256-g0w1aIHvf2rJANvGWHeUxdnyCDsvy/PQ9Kp8nDdT/0w=";

     

       
20
       
20
       
+
       
  };

     

       
21
       
21
       
+
       


     

       
22
       
22
       
+
       
  vendorSha256 = "sha256-grihU85OcGyf9/KKrv87xZonX5r+Z1oHQTf84Ya61fg=";

     

       
23
       
23
       
+
       
  subPackages = [

     

       
24
       
24
       
+
       
    "cmd/pomerium"

     

       
25
       
25
       
+
       
    "cmd/pomerium-cli"

     

       
26
       
26
       
+
       
  ];

     

       
27
       
27
       
+
       


     

       
28
       
28
       
+
       
  buildFlagsArray = let

     

       
29
       
29
       
+
       
    # Set a variety of useful meta variables for stamping the build with.

     

       
30
       
30
       
+
       
    setVars = {

     

       
31
       
31
       
+
       
      Version = "v${version}";

     

       
32
       
32
       
+
       
      BuildMeta = "nixpkgs";

     

       
33
       
33
       
+
       
      ProjectName = "pomerium";

     

       
34
       
34
       
+
       
      ProjectURL = "github.com/pomerium/pomerium";

     

       
35
       
35
       
+
       
    };

     

       
36
       
36
       
+
       
    varFlags = concatStringsSep " " (mapAttrsToList (name: value: "-X github.com/pomerium/pomerium/internal/version.${name}=${value}") setVars);

     

       
37
       
37
       
+
       
  in [

     

       
38
       
38
       
+
       
    "-ldflags=${varFlags}"

     

       
39
       
39
       
+
       
  ];

     

       
40
       
40
       
+
       


     

       
41
       
41
       
+
       
  nativeBuildInputs = [

     

       
42
       
42
       
+
       
    zip

     

       
43
       
43
       
+
       
  ];

     

       
44
       
44
       
+
       


     

       
45
       
45
       
+
       
  # Pomerium expects to have envoy append to it in a zip.

     

       
46
       
46
       
+
       
  # We use a store-only (-0) zip, so that the Nix scanner can find any store references we had in the envoy binary.

     

       
47
       
47
       
+
       
  postBuild = ''

     

       
48
       
48
       
+
       
    # Append Envoy

     

       
49
       
49
       
+
       
    pushd $NIX_BUILD_TOP

     

       
50
       
50
       
+
       
    mkdir -p envoy

     

       
51
       
51
       
+
       
    cd envoy

     

       
52
       
52
       
+
       
    cp ${envoy}/bin/envoy envoy

     

       
53
       
53
       
+
       
    zip -0 envoy.zip envoy

     

       
54
       
54
       
+
       
    popd

     

       
55
       
55
       
+
       


     

       
56
       
56
       
+
       
    mv $GOPATH/bin/pomerium $GOPATH/bin/pomerium.old

     

       
57
       
57
       
+
       
    cat $GOPATH/bin/pomerium.old $NIX_BUILD_TOP/envoy/envoy.zip >$GOPATH/bin/pomerium

     

       
58
       
58
       
+
       
    zip --adjust-sfx $GOPATH/bin/pomerium

     

       
59
       
59
       
+
       
  '';

     

       
60
       
60
       
+
       


     

       
61
       
61
       
+
       
  # We also need to set dontStrip to avoid having the envoy ZIP stripped off the end.

     

       
62
       
62
       
+
       
  dontStrip = true;

     

       
63
       
63
       
+
       


     

       
64
       
64
       
+
       
  installPhase = ''

     

       
65
       
65
       
+
       
    install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium

     

       
66
       
66
       
+
       
    install -Dm0755 $GOPATH/bin/pomerium-cli $out/bin/pomerium-cli

     

       
67
       
67
       
+
       
  '';

     

       
68
       
68
       
+
       


     

       
69
       
69
       
+
       
  passthru.tests = {

     

       
70
       
70
       
+
       
    inherit (nixosTests) pomerium;

     

       
71
       
71
       
+
       
  };

     

       
72
       
72
       
+
       


     

       
73
       
73
       
+
       
  meta = with lib; {

     

       
74
       
74
       
+
       
    homepage = "https://pomerium.io";

     

       
75
       
75
       
+
       
    description = "Authenticating reverse proxy";

     

       
76
       
76
       
+
       
    license = licenses.asl20;

     

       
77
       
77
       
+
       
    maintainers = with maintainers; [ lukegb ];

     

       
78
       
78
       
+
       
    platforms = [ "x86_64-linux" ];  # Envoy derivation is x86_64-linux only.

     

       
79
       
79
       
+
       
  };

     

       
80
       
80
       
+
       
}

     

···

       
5
       
5
       
 
       
, git, nix, nixfmt, jq, coreutils, gnused, curl, cacert }:

     

       
6
       
6
       
 
       


     

       
7
       
7
       
 
       
stdenv.mkDerivation rec {

     

       
8
       
8
       
-
       
  version = "2021-03-28";

     

       
8
       
8
       
+
       
  version = "2021-03-31";

     

       
9
       
9
       
 
       
  pname = "oh-my-zsh";

     

       
10
       
10
       
-
       
  rev = "69507c9518f7c7889d8f47ec8e67bfda02405817";

     

       
10
       
10
       
+
       
  rev = "2b1d4122796fea12dcaa7545cfca59fb43e6393e";

     

       
11
       
11
       
 
       


     

       
12
       
12
       
 
       
  src = fetchFromGitHub {

     

       
13
       
13
       
 
       
    inherit rev;

     

       
14
       
14
       
 
       
    owner = "ohmyzsh";

     

       
15
       
15
       
 
       
    repo = "ohmyzsh";

     

       
16
       
16
       
-
       
    sha256 = "0p5jjynwnf6yh2n0z46avavy7kb7dlqd145hd1qakig7csaclphd";

     

       
16
       
16
       
+
       
    sha256 = "1c1hcmvfrfwds1zn165vpfh11a19s6kb20bxy2dzpby5cs15g6bc";

     

       
17
       
17
       
 
       
  };

     

       
18
       
18
       
 
       


     

       
19
       
19
       
 
       
  installPhase = ''

     

···

       
21
       
21
       
 
       
in

     

       
22
       
22
       
 
       
with py.pkgs; buildPythonApplication rec {

     

       
23
       
23
       
 
       
  pname = "awscli";

     

       
24
       
24
       
-
       
  version = "1.19.40"; # N.B: if you change this, change botocore and boto3 to a matching version too

     

       
24
       
24
       
+
       
  version = "1.19.41"; # N.B: if you change this, change botocore and boto3 to a matching version too

     

       
25
       
25
       
 
       


     

       
26
       
26
       
 
       
  src = fetchPypi {

     

       
27
       
27
       
 
       
    inherit pname version;

     

       
28
       
28
       
-
       
    sha256 = "sha256-J1IuTA/DrBCDclRA3cjAU71Um4Eygjgo+rMTyvT/my4=";

     

       
28
       
28
       
+
       
    sha256 = "sha256-DKKE2iMn6BHmcohHY6Uv7q9Om8FkbTbsk0CaxueBJHA=";

     

       
29
       
29
       
 
       
  };

     

       
30
       
30
       
 
       


     

       
31
       
31
       
 
       
  # https://github.com/aws/aws-cli/issues/4837

     

···

       
2
       
2
       
 
       


     

       
3
       
3
       
 
       
stdenv.mkDerivation rec {

     

       
4
       
4
       
 
       
  pname = "abcMIDI";

     

       
5
       
5
       
-
       
  version = "2021.03.27";

     

       
5
       
5
       
+
       
  version = "2021.03.30";

     

       
6
       
6
       
 
       


     

       
7
       
7
       
 
       
  src = fetchzip {

     

       
8
       
8
       
 
       
    url = "https://ifdo.ca/~seymour/runabc/${pname}-${version}.zip";

     

       
9
       
9
       
-
       
    sha256 = "sha256-dOUdxH1jJUr9MkU6mf0nwbjY5NYUJpHGkjUZWbRSGsw=";

     

       
9
       
9
       
+
       
    sha256 = "sha256-eOQbvs/mtFn7AmvSezO/jRm8+cO5tF7ggcF9DwwfqVc=";

     

       
10
       
10
       
 
       
  };

     

       
11
       
11
       
 
       


     

       
12
       
12
       
 
       
  meta = with lib; {

     

···

       
2
       
2
       
 
       


     

       
3
       
3
       
 
       
buildGoModule rec {

     

       
4
       
4
       
 
       
  pname = "oneshot";

     

       
5
       
5
       
-
       
  version = "1.3.1";

     

       
5
       
5
       
+
       
  version = "1.4.1";

     

       
6
       
6
       
 
       


     

       
7
       
7
       
 
       
  src = fetchFromGitHub {

     

       
8
       
8
       
 
       
    owner = "raphaelreyna";

     

       
9
       
9
       
 
       
    repo = "oneshot";

     

       
10
       
10
       
 
       
    rev = "v${version}";

     

       
11
       
11
       
-
       
    sha256 = "047mncv9abs4xj7bh9lhc3wan37cldjjyrpkis7pvx6zhzml74kf";

     

       
11
       
11
       
+
       
    sha256 = "sha256-UD67xYBb1rvGMSPurte5z2Hcd7+JtXDPbgp3BVBdLuk=";

     

       
12
       
12
       
 
       
  };

     

       
13
       
13
       
 
       


     

       
14
       
14
       
-
       
  vendorSha256 = "1cxr96yrrmz37r542mc5376jll9lqjqm18k8761h9jqfbzmh9rkp";

     

       
14
       
14
       
+
       
  vendorSha256 = "sha256-d+YE618OywSDOWiiULHENFEqzRmFVUFKPuPXnL1JubM=";

     

       
15
       
15
       
 
       


     

       
16
       
16
       
 
       
  doCheck = false;

     

       
17
       
17
       
 
       


     

···

       
12
       
12
       
 
       


     

       
13
       
13
       
 
       
rustPlatform.buildRustPackage rec {

     

       
14
       
14
       
 
       
  pname = "prs";

     

       
15
       
15
       
-
       
  version = "0.2.6";

     

       
15
       
15
       
+
       
  version = "0.2.7";

     

       
16
       
16
       
 
       


     

       
17
       
17
       
 
       
  src = fetchFromGitLab {

     

       
18
       
18
       
 
       
    owner = "timvisee";

     

       
19
       
19
       
 
       
    repo = "prs";

     

       
20
       
20
       
 
       
    rev = "v${version}";

     

       
21
       
21
       
-
       
    sha256 = "sha256-2fpR9XCcKby+hI7Dzpr2qi1QgOzdgJp0Um57tQmi01A=";

     

       
21
       
21
       
+
       
    sha256 = "sha256-1Jrgf5UW6k0x3q6kQIB6Q7moOhConEnUU9r+21W5Uu8=";

     

       
22
       
22
       
 
       
  };

     

       
23
       
23
       
 
       


     

       
24
       
24
       
-
       
  cargoSha256 = "sha256-0oWNGrJ24gPkPp5PR/pQ1tIYkXztQJFAdPz162V5THY=";

     

       
24
       
24
       
+
       
  cargoSha256 = "sha256-N3pLW/OGeurrl+AlwdfbZ3T7WzEOAuyUMdIR164Xp7k=";

     

       
25
       
25
       
 
       


     

       
26
       
26
       
 
       
  postPatch = ''

     

       
27
       
27
       
 
       
    # The GPGME backend is recommended

     

···

       
1
       
1
       
+
       
{ lib, python3Packages, fetchFromGitHub, fetchurl, youtube-dl, git }:

     

       
2
       
2
       
+
       


     

       
3
       
3
       
+
       
let

     

       
4
       
4
       
+
       
  install_freedesktop = fetchurl {

     

       
5
       
5
       
+
       
    url = "https://github.com/thann/install_freedesktop/tarball/2673e8da4a67bee0ffc52a0ea381a541b4becdd4";

     

       
6
       
6
       
+
       
    sha256 = "0j8d5jdcyqbl5p6sc1ags86v3hr2sghmqqi99d1mvc064g90ckrv";

     

       
7
       
7
       
+
       
  };

     

       
8
       
8
       
+
       
in

     

       
9
       
9
       
+
       
python3Packages.buildPythonApplication rec {

     

       
10
       
10
       
+
       
  pname = "play-with-mpv";

     

       
11
       
11
       
+
       
  version = "unstable-2020-05-18";

     

       
12
       
12
       
+
       


     

       
13
       
13
       
+
       
  src = fetchFromGitHub {

     

       
14
       
14
       
+
       
      owner = "thann";

     

       
15
       
15
       
+
       
      repo = "play-with-mpv";

     

       
16
       
16
       
+
       
      rev = "656448e03fe9de9e8bd21959f2a3b47c4acb8c3e";

     

       
17
       
17
       
+
       
      sha256 = "1qma8b3lnkdhxdjsnrq7n9zgy53q62j4naaqqs07kjxbn72zb4p4";

     

       
18
       
18
       
+
       
  };

     

       
19
       
19
       
+
       


     

       
20
       
20
       
+
       
  nativeBuildInputs = [ git ];

     

       
21
       
21
       
+
       
  propagatedBuildInputs = [ youtube-dl ];

     

       
22
       
22
       
+
       


     

       
23
       
23
       
+
       
  postPatch = ''

     

       
24
       
24
       
+
       
    substituteInPlace setup.py --replace \

     

       
25
       
25
       
+
       
    '"https://github.com/thann/install_freedesktop/tarball/master#egg=install_freedesktop-0.2.0"' \

     

       
26
       
26
       
+
       
    '"file://${install_freedesktop}#egg=install_freedesktop-0.2.0"'

     

       
27
       
27
       
+
       
  '';

     

       
28
       
28
       
+
       


     

       
29
       
29
       
+
       
  meta = with lib; {

     

       
30
       
30
       
+
       
    description = "Chrome extension and python server that allows you to play videos in webpages with MPV instead";

     

       
31
       
31
       
+
       
    homepage = "https://github.com/Thann/play-with-mpv";

     

       
32
       
32
       
+
       
    license = licenses.mit;

     

       
33
       
33
       
+
       
    maintainers = with maintainers; [ dawidsowa ];

     

       
34
       
34
       
+
       
  };

     

       
35
       
35
       
+
       
}

     

···

       
1496
       
1496
       
 
       


     

       
1497
       
1497
       
 
       
  pebble = callPackage ../tools/admin/pebble { };

     

       
1498
       
1498
       
 
       


     

       
1499
       
1499
       
+
       
  play-with-mpv = callPackage ../tools/video/play-with-mpv { };

     

       
1500
       
1500
       
+
       


     

       
1499
       
1501
       
 
       
  reattach-to-user-namespace = callPackage ../os-specific/darwin/reattach-to-user-namespace {};

     

       
1500
       
1502
       
 
       


     

       
1501
       
1503
       
 
       
  skhd = callPackage ../os-specific/darwin/skhd {

     
···

       
17785
       
17787
       
 
       


     

       
17786
       
17788
       
 
       
  zlib = callPackage ../development/libraries/zlib { };

     

       
17787
       
17789
       
 
       


     

       
17790
       
17790
       
+
       
  zlib-ng = callPackage ../development/libraries/zlib-ng { };

     

       
17791
       
17791
       
+
       


     

       
17788
       
17792
       
 
       
  libdynd = callPackage ../development/libraries/libdynd { };

     

       
17789
       
17793
       
 
       


     

       
17790
       
17794
       
 
       
  zlog = callPackage ../development/libraries/zlog { };

     
···

       
18538
       
18542
       
 
       
    gperf = gperf_3_0;

     

       
18539
       
18543
       
 
       
  };

     

       
18540
       
18544
       
 
       
  pflogsumm = callPackage ../servers/mail/postfix/pflogsumm.nix { };

     

       
18545
       
18545
       
+
       


     

       
18546
       
18546
       
+
       
  pomerium = callPackage ../servers/http/pomerium { };

     

       
18541
       
18547
       
 
       


     

       
18542
       
18548
       
 
       
  postgrey = callPackage ../servers/mail/postgrey { };

     

       
18543
       
18549
       
 
       


     
···

       
19893
       
19899
       
 
       
  });

     

       
19894
       
19900
       
 
       


     

       
19895
       
19901
       
 
       
  # The current default kernel / kernel modules.

     

       
19896
       
19896
       
-
       
  linuxPackages = linuxPackages_5_4;

     

       
19902
       
19902
       
+
       
  linuxPackages = linuxPackages_5_10;

     

       
19897
       
19903
       
 
       
  linux = linuxPackages.kernel;

     

       
19898
       
19904
       
 
       


     

       
19899
       
19905
       
 
       
  # Update this when adding the newest kernel major version!

     
···

       
23367
       
23373
       
 
       
  i3 = callPackage ../applications/window-managers/i3 {

     

       
23368
       
23374
       
 
       
    xcb-util-cursor = if stdenv.isDarwin then xcb-util-cursor-HEAD else xcb-util-cursor;

     

       
23369
       
23375
       
 
       
  };

     

       
23376
       
23376
       
+
       


     

       
23377
       
23377
       
+
       
  i3-auto-layout = callPackage ../applications/window-managers/i3/auto-layout.nix { };

     

       
23370
       
23378
       
 
       


     

       
23371
       
23379
       
 
       
  i3-gaps = callPackage ../applications/window-managers/i3/gaps.nix { };

     

       
23372
       
23380
       
 
       


     
···

       
28627
       
28635
       
 
       
  coq2html = callPackage ../applications/science/logic/coq2html { };

     

       
28628
       
28636
       
 
       


     

       
28629
       
28637
       
 
       
  cryptoverif = callPackage ../applications/science/logic/cryptoverif { };

     

       
28638
       
28638
       
+
       


     

       
28639
       
28639
       
+
       
  crypto-org-wallet = callPackage ../applications/blockchains/crypto-org-wallet.nix { };

     

       
28630
       
28640
       
 
       


     

       
28631
       
28641
       
 
       
  caprice32 = callPackage ../misc/emulators/caprice32 { };

     

       
28632
       
28642