pyrox.dev / nixpkgs
lol
fork atom

Merge staging-next into staging

github-actions[bot] afe3fd19 0e4580d4

options
unified split
Changed files
+264 -66
nixos
doc
manual
release-notes
rl-2105.xml
modules
services
misc
home-assistant.nix
networking
mosquitto.nix
tests
home-assistant.nix
mosquitto.nix
pkgs
applications
editors
neovim
default.nix
neovim-qt.nix
neovim-remote.nix
qt.nix
utils.nix
wrapper.nix
vscode
generic.nix
networking
cluster
kubelogin-oidc
default.nix
build-support
build-fhs-userenv-bubblewrap
default.nix
data
icons
tela-icon-theme
default.nix
development
libraries
py3c
default.nix
python-modules
csvw
default.nix
tools
graphics
pngquant
default.nix
top-level
all-packages.nix
+1 -1
nixos/doc/manual/release-notes/rl-2105.xml 
···

       
330

       
 

       
   </listitem>


     

       
331

       
 

       
   <listitem>


     

       
332

       
 

       
    <para>


     

       
333

       
-

       
      <literal>vim</literal> switched to Python 3, dropping all Python 2 support.


     

       
334

       
 

       
    </para>


     

       
335

       
 

       
   </listitem>


     

       
336

       
 

       
   <listitem>


     
···

       
330

       
 

       
   </listitem>


     

       
331

       
 

       
   <listitem>


     

       
332

       
 

       
    <para>


     

       
333

       
+

       
      <literal>vim</literal> and <literal>neovim</literal> switched to Python 3, dropping all Python 2 support.


     

       
334

       
 

       
    </para>


     

       
335

       
 

       
   </listitem>


     

       
336

       
 

       
   <listitem>
+69 -7
nixos/modules/services/misc/home-assistant.nix 
···

       
245

       
 

       
        rm -f "${cfg.configDir}/ui-lovelace.yaml"


     

       
246

       
 

       
        ln -s ${lovelaceConfigFile} "${cfg.configDir}/ui-lovelace.yaml"


     

       
247

       
 

       
      '');


     

       
248

       
-

       
      serviceConfig = {


     

       
249

       
-

       
        ExecStart = "${package}/bin/hass --config '${cfg.configDir}'";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
250

       
 

       
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";


     

       
251

       
 

       
        User = "hass";


     

       
252

       
 

       
        Group = "hass";


     

       
253

       
 

       
        Restart = "on-failure";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
254

       
 

       
        ProtectSystem = "strict";


     

       

       

       
     

       
255

       
 

       
        ReadWritePaths = let


     

       

       

       
     

       
256

       
 

       
          cfgPath = [ "config" "homeassistant" "allowlist_external_dirs" ];


     

       
257

       
 

       
          value = attrByPath cfgPath [] cfg;


     

       
258

       
 

       
          allowPaths = if isList value then value else singleton value;


     

       
259

       
 

       
        in [ "${cfg.configDir}" ] ++ allowPaths;


     

       
260

       
-

       
        KillSignal = "SIGINT";


     

       
261

       
-

       
        PrivateTmp = true;


     

       
262

       
-

       
        RemoveIPC = true;


     

       
263

       
-

       
        AmbientCapabilities = "cap_net_raw,cap_net_admin+eip";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
264

       
 

       
      };


     

       
265

       
 

       
      path = [


     

       
266

       
 

       
        "/run/wrappers" # needed for ping


     
···

       
278

       
 

       
      home = cfg.configDir;


     

       
279

       
 

       
      createHome = true;


     

       
280

       
 

       
      group = "hass";


     

       
281

       
-

       
      extraGroups = [ "dialout" ];


     

       
282

       
 

       
      uid = config.ids.uids.hass;


     

       
283

       
 

       
    };


     

       
284

       
 

       



     
···

       
245

       
 

       
        rm -f "${cfg.configDir}/ui-lovelace.yaml"


     

       
246

       
 

       
        ln -s ${lovelaceConfigFile} "${cfg.configDir}/ui-lovelace.yaml"


     

       
247

       
 

       
      '');


     

       
248

       
+

       
      serviceConfig = let


     

       
249

       
+

       
        # List of capabilities to equip home-assistant with, depending on configured components


     

       
250

       
+

       
        capabilities = [


     

       
251

       
+

       
          # Empty string first, so we will never accidentally have an empty capability bounding set


     

       
252

       
+

       
          # https://github.com/NixOS/nixpkgs/issues/120617#issuecomment-830685115


     

       
253

       
+

       
          ""


     

       
254

       
+

       
        ] ++ (unique (optionals (useComponent "bluetooth_tracker" || useComponent "bluetooth_le_tracker") [


     

       
255

       
+

       
          # Required for interaction with hci devices and bluetooth sockets


     

       
256

       
+

       
          # https://www.home-assistant.io/integrations/bluetooth_le_tracker/#rootless-setup-on-core-installs


     

       
257

       
+

       
          "CAP_NET_ADMIN"


     

       
258

       
+

       
          "CAP_NET_RAW"


     

       
259

       
+

       
        ] ++ lib.optionals (useComponent "emulated_hue") [


     

       
260

       
+

       
          # Alexa looks for the service on port 80


     

       
261

       
+

       
          # https://www.home-assistant.io/integrations/emulated_hue


     

       
262

       
+

       
          "CAP_NET_BIND_SERVICE"


     

       
263

       
+

       
        ] ++ lib.optionals (useComponent "nmap_tracker") [


     

       
264

       
+

       
          # https://www.home-assistant.io/integrations/nmap_tracker#linux-capabilities


     

       
265

       
+

       
          "CAP_NET_ADMIN"


     

       
266

       
+

       
          "CAP_NET_BIND_SERVICE"


     

       
267

       
+

       
          "CAP_NET_RAW"


     

       
268

       
+

       
        ]));


     

       
269

       
+

       
      in {


     

       
270

       
+

       
        ExecStart = "${package}/bin/hass --runner --config '${cfg.configDir}'";


     

       
271

       
 

       
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";


     

       
272

       
 

       
        User = "hass";


     

       
273

       
 

       
        Group = "hass";


     

       
274

       
 

       
        Restart = "on-failure";


     

       
275

       
+

       
        RestartForceExitStatus = "100";


     

       
276

       
+

       
        SuccessExitStatus = "100";


     

       
277

       
+

       
        KillSignal = "SIGINT";


     

       
278

       
+

       



     

       
279

       
+

       
        # Hardening


     

       
280

       
+

       
        AmbientCapabilities = capabilities;


     

       
281

       
+

       
        CapabilityBoundingSet = capabilities;


     

       
282

       
+

       
        DeviceAllow = [


     

       
283

       
+

       
          "char-ttyACM rw"


     

       
284

       
+

       
          "char-ttyAMA rw"


     

       
285

       
+

       
          "char-ttyUSB rw"


     

       
286

       
+

       
        ];


     

       
287

       
+

       
        DevicePolicy = "closed";


     

       
288

       
+

       
        LockPersonality = true;


     

       
289

       
+

       
        MemoryDenyWriteExecute = true;


     

       
290

       
+

       
        NoNewPrivileges = true;


     

       
291

       
+

       
        PrivateTmp = true;


     

       
292

       
+

       
        PrivateUsers = false; # prevents gaining capabilities in the host namespace


     

       
293

       
+

       
        ProtectClock = true;


     

       
294

       
+

       
        ProtectControlGroups = true;


     

       
295

       
+

       
        ProtectHome = true;


     

       
296

       
+

       
        ProtectHostname = true;


     

       
297

       
+

       
        ProtectKernelLogs = true;


     

       
298

       
+

       
        ProtectKernelModules = true;


     

       
299

       
+

       
        ProtectKernelTunables = true;


     

       
300

       
+

       
        ProtectProc = "invisible";


     

       
301

       
+

       
        ProcSubset = "pid";


     

       
302

       
 

       
        ProtectSystem = "strict";


     

       
303

       
+

       
        RemoveIPC = true;


     

       
304

       
 

       
        ReadWritePaths = let


     

       
305

       
+

       
          # Allow rw access to explicitly configured paths


     

       
306

       
 

       
          cfgPath = [ "config" "homeassistant" "allowlist_external_dirs" ];


     

       
307

       
 

       
          value = attrByPath cfgPath [] cfg;


     

       
308

       
 

       
          allowPaths = if isList value then value else singleton value;


     

       
309

       
 

       
        in [ "${cfg.configDir}" ] ++ allowPaths;


     

       
310

       
+

       
        RestrictAddressFamilies = [


     

       
311

       
+

       
          "AF_UNIX"


     

       
312

       
+

       
          "AF_INET"


     

       
313

       
+

       
          "AF_INET6"


     

       
314

       
+

       
        ] ++ optionals (useComponent "bluetooth_tracker" || useComponent "bluetooth_le_tracker") [


     

       
315

       
+

       
          "AF_BLUETOOTH"


     

       
316

       
+

       
        ];


     

       
317

       
+

       
        RestrictNamespaces = true;


     

       
318

       
+

       
        RestrictRealtime = true;


     

       
319

       
+

       
        RestrictSUIDSGID = true;


     

       
320

       
+

       
        SupplementaryGroups = [ "dialout" ];


     

       
321

       
+

       
        SystemCallArchitectures = "native";


     

       
322

       
+

       
        SystemCallFilter = [


     

       
323

       
+

       
          "@system-service"


     

       
324

       
+

       
          "~@privileged"


     

       
325

       
+

       
        ];


     

       
326

       
+

       
        UMask = "0077";


     

       
327

       
 

       
      };


     

       
328

       
 

       
      path = [


     

       
329

       
 

       
        "/run/wrappers" # needed for ping


     
···

       
341

       
 

       
      home = cfg.configDir;


     

       
342

       
 

       
      createHome = true;


     

       
343

       
 

       
      group = "hass";


     

       

       

       
     

       
344

       
 

       
      uid = config.ids.uids.hass;


     

       
345

       
 

       
    };


     

       
346
+40 -6
nixos/modules/services/networking/mosquitto.nix 
···

       
20

       
 

       
    acl_file ${aclFile}


     

       
21

       
 

       
    persistence true


     

       
22

       
 

       
    allow_anonymous ${boolToString cfg.allowAnonymous}


     

       
23

       
-

       
    bind_address ${cfg.host}


     

       
24

       
-

       
    port ${toString cfg.port}


     

       
25

       
 

       
    ${passwordConf}


     

       
26

       
 

       
    ${listenerConf}


     

       
27

       
 

       
    ${cfg.extraConf}


     
···

       
233

       
 

       
        ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf}";


     

       
234

       
 

       
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";


     

       
235

       
 

       



     

       
236

       
-

       
        ProtectSystem = "strict";


     

       
237

       
-

       
        ProtectHome = true;


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
238

       
 

       
        PrivateDevices = true;


     

       
239

       
 

       
        PrivateTmp = true;


     

       
240

       
-

       
        ReadWritePaths = "${cfg.dataDir}";


     

       

       

       
     

       
241

       
 

       
        ProtectControlGroups = true;


     

       

       

       
     

       

       

       
     

       

       

       
     

       
242

       
 

       
        ProtectKernelModules = true;


     

       
243

       
 

       
        ProtectKernelTunables = true;


     

       
244

       
-

       
        NoNewPrivileges = true;


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
245

       
 

       
      };


     

       
246

       
 

       
      preStart = ''


     

       
247

       
 

       
        rm -f ${cfg.dataDir}/passwd


     
···

       
20

       
 

       
    acl_file ${aclFile}


     

       
21

       
 

       
    persistence true


     

       
22

       
 

       
    allow_anonymous ${boolToString cfg.allowAnonymous}


     

       
23

       
+

       
    listener ${toString cfg.port} ${cfg.host}


     

       

       

       
     

       
24

       
 

       
    ${passwordConf}


     

       
25

       
 

       
    ${listenerConf}


     

       
26

       
 

       
    ${cfg.extraConf}


     
···

       
232

       
 

       
        ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf}";


     

       
233

       
 

       
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";


     

       
234

       
 

       



     

       
235

       
+

       
        # Hardening


     

       
236

       
+

       
        CapabilityBoundingSet = "";


     

       
237

       
+

       
        DevicePolicy = "closed";


     

       
238

       
+

       
        LockPersonality = true;


     

       
239

       
+

       
        MemoryDenyWriteExecute = true;


     

       
240

       
+

       
        NoNewPrivileges = true;


     

       
241

       
 

       
        PrivateDevices = true;


     

       
242

       
 

       
        PrivateTmp = true;


     

       
243

       
+

       
        PrivateUsers = true;


     

       
244

       
+

       
        ProtectClock = true;


     

       
245

       
 

       
        ProtectControlGroups = true;


     

       
246

       
+

       
        ProtectHome = true;


     

       
247

       
+

       
        ProtectHostname = true;


     

       
248

       
+

       
        ProtectKernelLogs = true;


     

       
249

       
 

       
        ProtectKernelModules = true;


     

       
250

       
 

       
        ProtectKernelTunables = true;


     

       
251

       
+

       
        ProtectProc = "invisible";


     

       
252

       
+

       
        ProcSubset = "pid";


     

       
253

       
+

       
        ProtectSystem = "strict";


     

       
254

       
+

       
        ReadWritePaths = [


     

       
255

       
+

       
          cfg.dataDir


     

       
256

       
+

       
          "/tmp"  # mosquitto_passwd creates files in /tmp before moving them


     

       
257

       
+

       
        ];


     

       
258

       
+

       
        ReadOnlyPaths = with cfg.ssl; lib.optionals (enable) [


     

       
259

       
+

       
          certfile


     

       
260

       
+

       
          keyfile


     

       
261

       
+

       
          cafile


     

       
262

       
+

       
        ];


     

       
263

       
+

       
        RemoveIPC = true;


     

       
264

       
+

       
        RestrictAddressFamilies = [


     

       
265

       
+

       
          "AF_UNIX"  # for sd_notify() call


     

       
266

       
+

       
          "AF_INET"


     

       
267

       
+

       
          "AF_INET6"


     

       
268

       
+

       
        ];


     

       
269

       
+

       
        RestrictNamespaces = true;


     

       
270

       
+

       
        RestrictRealtime = true;


     

       
271

       
+

       
        RestrictSUIDSGID = true;


     

       
272

       
+

       
        SystemCallArchitectures = "native";


     

       
273

       
+

       
        SystemCallFilter = [


     

       
274

       
+

       
          "@system-service"


     

       
275

       
+

       
          "~@privileged"


     

       
276

       
+

       
          "~@resources"


     

       
277

       
+

       
        ];


     

       
278

       
+

       
        UMask = "0077";


     

       
279

       
 

       
      };


     

       
280

       
 

       
      preStart = ''


     

       
281

       
 

       
        rm -f ${cfg.dataDir}/passwd
+12 -4
nixos/tests/home-assistant.nix 
···

       
1

       
-

       
import ./make-test-python.nix ({ pkgs, ... }:


     

       
2

       
 

       



     

       
3

       
 

       
let


     

       
4

       
 

       
  configDir = "/var/lib/foobar";


     
···

       
6

       
 

       
  mqttPassword = "secret";


     

       
7

       
 

       
in {


     

       
8

       
 

       
  name = "home-assistant";


     

       
9

       
-

       
  meta = with pkgs.lib; {


     

       
10

       
-

       
    maintainers = with maintainers; [ dotlambda ];


     

       
11

       
-

       
  };


     

       
12

       
 

       



     

       
13

       
 

       
  nodes.hass = { pkgs, ... }: {


     

       
14

       
 

       
    environment.systemPackages = with pkgs; [ mosquitto ];


     
···

       
47

       
 

       
          payload_on = "let_there_be_light";


     

       
48

       
 

       
          payload_off = "off";


     

       
49

       
 

       
        }];


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
50

       
 

       
        logger = {


     

       
51

       
 

       
          default = "info";


     

       
52

       
 

       
          logs."homeassistant.components.mqtt" = "debug";


     
···

       
82

       
 

       
        hass.succeed(


     

       
83

       
 

       
            "mosquitto_pub -V mqttv5 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light"


     

       
84

       
 

       
        )


     

       

       

       
     

       

       

       
     

       

       

       
     

       
85

       
 

       
    with subtest("Print log to ease debugging"):


     

       
86

       
 

       
        output_log = hass.succeed("cat ${configDir}/home-assistant.log")


     

       
87

       
 

       
        print("\n### home-assistant.log ###\n")


     
···

       
93

       
 

       
    # example line: 2020-06-20 10:01:32 DEBUG (MainThread) [homeassistant.components.mqtt] Received message on home-assistant/test: b'let_there_be_light'


     

       
94

       
 

       
    with subtest("Check we received the mosquitto message"):


     

       
95

       
 

       
        assert "let_there_be_light" in output_log


     

       

       

       
     

       

       

       
     

       

       

       
     

       
96

       
 

       
  '';


     

       
97

       
 

       
})


     
···

       
1

       
+

       
import ./make-test-python.nix ({ pkgs, lib, ... }:


     

       
2

       
 

       



     

       
3

       
 

       
let


     

       
4

       
 

       
  configDir = "/var/lib/foobar";


     
···

       
6

       
 

       
  mqttPassword = "secret";


     

       
7

       
 

       
in {


     

       
8

       
 

       
  name = "home-assistant";


     

       
9

       
+

       
  meta.maintainers = lib.teams.home-assistant.members;


     

       

       

       
     

       

       

       
     

       
10

       
 

       



     

       
11

       
 

       
  nodes.hass = { pkgs, ... }: {


     

       
12

       
 

       
    environment.systemPackages = with pkgs; [ mosquitto ];


     
···

       
45

       
 

       
          payload_on = "let_there_be_light";


     

       
46

       
 

       
          payload_off = "off";


     

       
47

       
 

       
        }];


     

       
48

       
+

       
        emulated_hue = {


     

       
49

       
+

       
          host_ip = "127.0.0.1";


     

       
50

       
+

       
          listen_port = 80;


     

       
51

       
+

       
        };


     

       
52

       
 

       
        logger = {


     

       
53

       
 

       
          default = "info";


     

       
54

       
 

       
          logs."homeassistant.components.mqtt" = "debug";


     
···

       
84

       
 

       
        hass.succeed(


     

       
85

       
 

       
            "mosquitto_pub -V mqttv5 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light"


     

       
86

       
 

       
        )


     

       
87

       
+

       
    with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"):


     

       
88

       
+

       
        hass.wait_for_open_port(80)


     

       
89

       
+

       
        hass.succeed("curl --fail http://localhost:80/description.xml")


     

       
90

       
 

       
    with subtest("Print log to ease debugging"):


     

       
91

       
 

       
        output_log = hass.succeed("cat ${configDir}/home-assistant.log")


     

       
92

       
 

       
        print("\n### home-assistant.log ###\n")


     
···

       
98

       
 

       
    # example line: 2020-06-20 10:01:32 DEBUG (MainThread) [homeassistant.components.mqtt] Received message on home-assistant/test: b'let_there_be_light'


     

       
99

       
 

       
    with subtest("Check we received the mosquitto message"):


     

       
100

       
 

       
        assert "let_there_be_light" in output_log


     

       
101

       
+

       



     

       
102

       
+

       
    with subtest("Check systemd unit hardening"):


     

       
103

       
+

       
        hass.log(hass.succeed("systemd-analyze security home-assistant.service"))


     

       
104

       
 

       
  '';


     

       
105

       
 

       
})
+4 -1
nixos/tests/mosquitto.nix 
···

       
1

       
-

       
import ./make-test-python.nix ({ pkgs, ... }:


     

       
2

       
 

       



     

       
3

       
 

       
let


     

       
4

       
 

       
  port = 1888;


     
···

       
30

       
 

       
          ];


     

       
31

       
 

       
        };


     

       
32

       
 

       
      };


     

       

       

       
     

       

       

       
     

       

       

       
     

       
33

       
 

       
    };


     

       
34

       
 

       



     

       
35

       
 

       
    client1 = client;


     
···

       
1

       
+

       
import ./make-test-python.nix ({ pkgs, lib, ... }:


     

       
2

       
 

       



     

       
3

       
 

       
let


     

       
4

       
 

       
  port = 1888;


     
···

       
30

       
 

       
          ];


     

       
31

       
 

       
        };


     

       
32

       
 

       
      };


     

       
33

       
+

       



     

       
34

       
+

       
      # disable private /tmp for this test


     

       
35

       
+

       
      systemd.services.mosquitto.serviceConfig.PrivateTmp = lib.mkForce false;


     

       
36

       
 

       
    };


     

       
37

       
 

       



     

       
38

       
 

       
    client1 = client;
+2 -2
pkgs/applications/editors/neovim/default.nix 
···

       
6

       
 

       



     

       
7

       
 

       
# now defaults to false because some tests can be flaky (clipboard etc)


     

       
8

       
 

       
, doCheck ? false


     

       
9

       
-

       
, nodejs ? null, fish ? null, python ? null


     

       
10

       
 

       
}:


     

       
11

       
 

       



     

       
12

       
 

       
with lib;


     
···

       
19

       
 

       
      ]


     

       
20

       
 

       
    ));


     

       
21

       
 

       



     

       
22

       
-

       
  pyEnv = python.withPackages(ps: [ ps.pynvim ps.msgpack ]);


     

       
23

       
 

       



     

       
24

       
 

       
  # FIXME: this is verry messy and strange.


     

       
25

       
 

       
  # see https://github.com/NixOS/nixpkgs/pull/80528


     
···

       
6

       
 

       



     

       
7

       
 

       
# now defaults to false because some tests can be flaky (clipboard etc)


     

       
8

       
 

       
, doCheck ? false


     

       
9

       
+

       
, nodejs ? null, fish ? null, python3 ? null


     

       
10

       
 

       
}:


     

       
11

       
 

       



     

       
12

       
 

       
with lib;


     
···

       
19

       
 

       
      ]


     

       
20

       
 

       
    ));


     

       
21

       
 

       



     

       
22

       
+

       
  pyEnv = python3.withPackages(ps: with ps; [ pynvim msgpack ]);


     

       
23

       
 

       



     

       
24

       
 

       
  # FIXME: this is verry messy and strange.


     

       
25

       
 

       
  # see https://github.com/NixOS/nixpkgs/pull/80528
+2 -2
pkgs/applications/editors/neovim/neovim-qt.nix 
···

       
1

       
 

       
{ lib, mkDerivation, fetchFromGitHub, cmake, doxygen, makeWrapper


     

       
2

       
-

       
, msgpack, neovim, pythonPackages, qtbase }:


     

       
3

       
 

       



     

       
4

       
 

       
mkDerivation rec {


     

       
5

       
 

       
  pname = "neovim-qt-unwrapped";


     
···

       
20

       
 

       
  buildInputs = [


     

       
21

       
 

       
    neovim.unwrapped # only used to generate help tags at build time


     

       
22

       
 

       
    qtbase


     

       
23

       
-

       
  ] ++ (with pythonPackages; [


     

       
24

       
 

       
    jinja2 python msgpack


     

       
25

       
 

       
  ]);


     

       
26

       
 

       



     
···

       
1

       
 

       
{ lib, mkDerivation, fetchFromGitHub, cmake, doxygen, makeWrapper


     

       
2

       
+

       
, msgpack, neovim, python3Packages, qtbase }:


     

       
3

       
 

       



     

       
4

       
 

       
mkDerivation rec {


     

       
5

       
 

       
  pname = "neovim-qt-unwrapped";


     
···

       
20

       
 

       
  buildInputs = [


     

       
21

       
 

       
    neovim.unwrapped # only used to generate help tags at build time


     

       
22

       
 

       
    qtbase


     

       
23

       
+

       
  ] ++ (with python3Packages; [


     

       
24

       
 

       
    jinja2 python msgpack


     

       
25

       
 

       
  ]);


     

       
26
+19 -4
pkgs/applications/editors/neovim/neovim-remote.nix 
···

       
1

       
-

       
{ lib, fetchFromGitHub, pythonPackages }:


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
2

       
 

       



     

       
3

       
 

       
with lib;


     

       
4

       
 

       



     

       
5

       
-

       
pythonPackages.buildPythonApplication rec {


     

       
6

       
 

       
  pname = "neovim-remote";


     

       
7

       
 

       
  version = "2.4.0";


     

       
8

       
-

       
  disabled = !pythonPackages.isPy3k;


     

       
9

       
 

       



     

       
10

       
 

       
  src = fetchFromGitHub {


     

       
11

       
 

       
    owner = "mhinz";


     
···

       
14

       
 

       
    sha256 = "0jlw0qksak4bdzddpsj74pm2f2bgpj3cwrlspdjjy0j9qzg0mpl9";


     

       
15

       
 

       
  };


     

       
16

       
 

       



     

       
17

       
-

       
  propagatedBuildInputs = with pythonPackages; [


     

       
18

       
 

       
    pynvim


     

       
19

       
 

       
    psutil


     

       
20

       
 

       
    setuptools


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
21

       
 

       
  ];


     

       
22

       
 

       



     

       
23

       
 

       
  meta = {


     
···

       
1

       
+

       
{ lib


     

       
2

       
+

       
, fetchFromGitHub


     

       
3

       
+

       
, python3


     

       
4

       
+

       
, neovim


     

       
5

       
+

       
}:


     

       
6

       
 

       



     

       
7

       
 

       
with lib;


     

       
8

       
 

       



     

       
9

       
+

       
with python3.pkgs; buildPythonApplication rec {


     

       
10

       
 

       
  pname = "neovim-remote";


     

       
11

       
 

       
  version = "2.4.0";


     

       

       

       
     

       
12

       
 

       



     

       
13

       
 

       
  src = fetchFromGitHub {


     

       
14

       
 

       
    owner = "mhinz";


     
···

       
17

       
 

       
    sha256 = "0jlw0qksak4bdzddpsj74pm2f2bgpj3cwrlspdjjy0j9qzg0mpl9";


     

       
18

       
 

       
  };


     

       
19

       
 

       



     

       
20

       
+

       
  propagatedBuildInputs = [


     

       
21

       
 

       
    pynvim


     

       
22

       
 

       
    psutil


     

       
23

       
 

       
    setuptools


     

       
24

       
+

       
  ];


     

       
25

       
+

       



     

       
26

       
+

       
  checkInputs = [


     

       
27

       
+

       
    neovim


     

       
28

       
+

       
    pytestCheckHook


     

       
29

       
+

       
  ];


     

       
30

       
+

       



     

       
31

       
+

       
  disabledTests = [


     

       
32

       
+

       
    # these tests get stuck and never return


     

       
33

       
+

       
    "test_escape_filenames_properly"


     

       
34

       
+

       
    "test_escape_single_quotes_in_filenames"


     

       
35

       
+

       
    "test_escape_double_quotes_in_filenames"


     

       
36

       
 

       
  ];


     

       
37

       
 

       



     

       
38

       
 

       
  meta = {
+1 -2
pkgs/applications/editors/neovim/qt.nix 
···

       
1

       
-

       
{ lib, stdenv, mkDerivation, fetchFromGitHub, cmake, doxygen, makeWrapper


     

       
2

       
-

       
, msgpack, neovim, pythonPackages, qtbase, neovim-qt-unwrapped }:


     

       
3

       
 

       



     

       
4

       
 

       
let


     

       
5

       
 

       
  unwrapped = neovim-qt-unwrapped;


     
···

       
1

       
+

       
{ stdenv, makeWrapper, neovim, neovim-qt-unwrapped }:


     

       

       

       
     

       
2

       
 

       



     

       
3

       
 

       
let


     

       
4

       
 

       
  unwrapped = neovim-qt-unwrapped;
+5 -12
pkgs/applications/editors/neovim/utils.nix 
···

       
4

       
 

       
, neovim-unwrapped


     

       
5

       
 

       
, bundlerEnv


     

       
6

       
 

       
, ruby


     

       
7

       
-

       
, pythonPackages


     

       
8

       
 

       
, python3Packages


     

       
9

       
 

       
, writeText


     

       
10

       
 

       
, wrapNeovimUnstable


     
···

       
48

       
 

       
      requiredPlugins = vimUtils.requiredPlugins configure;


     

       
49

       
 

       
      getDeps = attrname: map (plugin: plugin.${attrname} or (_: [ ]));


     

       
50

       
 

       



     

       
51

       
-

       
      pluginPython2Packages = getDeps "pythonDependencies" requiredPlugins;


     

       
52

       
-

       
      python2Env = pythonPackages.python.withPackages (ps:


     

       
53

       
-

       
        [ ps.pynvim ]


     

       
54

       
-

       
        ++ (extraPython2Packages ps)


     

       
55

       
-

       
        ++ (lib.concatMap (f: f ps) pluginPython2Packages));


     

       
56

       
-

       



     

       
57

       
 

       
      pluginPython3Packages = getDeps "python3Dependencies" requiredPlugins;


     

       
58

       
 

       
      python3Env = python3Packages.python.withPackages (ps:


     

       
59

       
 

       
        [ ps.pynvim ]


     
···

       
69

       
 

       
      # While the latter tells nvim that this provider is not available


     

       
70

       
 

       
      hostprog_check_table = {


     

       
71

       
 

       
        node = withNodeJs;


     

       
72

       
-

       
        python = withPython2;


     

       
73

       
 

       
        python3 = withPython3;


     

       
74

       
 

       
        ruby = withRuby;


     

       
75

       
 

       
      };


     
···

       
99

       
 

       
      manifestRc = vimUtils.vimrcContent (configure // { customRC = ""; });


     

       
100

       
 

       
      neovimRcContent = vimUtils.vimrcContent configure;


     

       
101

       
 

       
    in


     

       

       

       
     

       

       

       
     

       
102

       
 

       
    args // {


     

       
103

       
 

       
      wrapperArgs = makeWrapperArgs;


     

       
104

       
 

       
      inherit neovimRcContent;


     

       
105

       
 

       
      inherit manifestRc;


     

       
106

       
-

       
      inherit python2Env;


     

       
107

       
 

       
      inherit python3Env;


     

       
108

       
 

       
      inherit withNodeJs;


     

       
109

       
 

       
    } // lib.optionalAttrs withRuby {


     
···

       
120

       
 

       
  # to keep backwards compatibility


     

       
121

       
 

       
  legacyWrapper = neovim: {


     

       
122

       
 

       
    extraMakeWrapperArgs ? ""


     

       
123

       
-

       
    , withPython ? true


     

       
124

       
 

       
    /* the function you would have passed to python.withPackages */


     

       
125

       
 

       
    , extraPythonPackages ? (_: [])


     

       
126

       
 

       
    /* the function you would have passed to python.withPackages */


     
···

       
138

       
 

       
      else funOrList);


     

       
139

       
 

       



     

       
140

       
 

       
      res = makeNeovimConfig {


     

       
141

       
-

       
        withPython2 = withPython;


     

       
142

       
-

       
        extraPythonPackages = compatFun extraPythonPackages;


     

       
143

       
 

       
        inherit withPython3;


     

       
144

       
 

       
        extraPython3Packages = compatFun extraPython3Packages;


     

       
145

       
 

       
        inherit withNodeJs withRuby viAlias vimAlias;


     

       
146

       
 

       
        inherit configure;


     

       
147

       
 

       
      };


     

       
148

       
 

       
    in


     

       

       

       
     

       

       

       
     

       
149

       
 

       
    wrapNeovimUnstable neovim (res // {


     

       
150

       
 

       
      wrapperArgs = lib.escapeShellArgs (


     

       
151

       
 

       
        res.wrapperArgs ++ lib.optionals (configure != {}) [


     
···

       
4

       
 

       
, neovim-unwrapped


     

       
5

       
 

       
, bundlerEnv


     

       
6

       
 

       
, ruby


     

       

       

       
     

       
7

       
 

       
, python3Packages


     

       
8

       
 

       
, writeText


     

       
9

       
 

       
, wrapNeovimUnstable


     
···

       
47

       
 

       
      requiredPlugins = vimUtils.requiredPlugins configure;


     

       
48

       
 

       
      getDeps = attrname: map (plugin: plugin.${attrname} or (_: [ ]));


     

       
49

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
50

       
 

       
      pluginPython3Packages = getDeps "python3Dependencies" requiredPlugins;


     

       
51

       
 

       
      python3Env = python3Packages.python.withPackages (ps:


     

       
52

       
 

       
        [ ps.pynvim ]


     
···

       
62

       
 

       
      # While the latter tells nvim that this provider is not available


     

       
63

       
 

       
      hostprog_check_table = {


     

       
64

       
 

       
        node = withNodeJs;


     

       

       

       
     

       
65

       
 

       
        python3 = withPython3;


     

       
66

       
 

       
        ruby = withRuby;


     

       
67

       
 

       
      };


     
···

       
91

       
 

       
      manifestRc = vimUtils.vimrcContent (configure // { customRC = ""; });


     

       
92

       
 

       
      neovimRcContent = vimUtils.vimrcContent configure;


     

       
93

       
 

       
    in


     

       
94

       
+

       
    assert withPython2 -> throw "Python2 support has been removed from neovim, please remove withPython2 and extraPython2Packages.";


     

       
95

       
+

       



     

       
96

       
 

       
    args // {


     

       
97

       
 

       
      wrapperArgs = makeWrapperArgs;


     

       
98

       
 

       
      inherit neovimRcContent;


     

       
99

       
 

       
      inherit manifestRc;


     

       

       

       
     

       
100

       
 

       
      inherit python3Env;


     

       
101

       
 

       
      inherit withNodeJs;


     

       
102

       
 

       
    } // lib.optionalAttrs withRuby {


     
···

       
113

       
 

       
  # to keep backwards compatibility


     

       
114

       
 

       
  legacyWrapper = neovim: {


     

       
115

       
 

       
    extraMakeWrapperArgs ? ""


     

       
116

       
+

       
    , withPython ? false


     

       
117

       
 

       
    /* the function you would have passed to python.withPackages */


     

       
118

       
 

       
    , extraPythonPackages ? (_: [])


     

       
119

       
 

       
    /* the function you would have passed to python.withPackages */


     
···

       
131

       
 

       
      else funOrList);


     

       
132

       
 

       



     

       
133

       
 

       
      res = makeNeovimConfig {


     

       

       

       
     

       

       

       
     

       
134

       
 

       
        inherit withPython3;


     

       
135

       
 

       
        extraPython3Packages = compatFun extraPython3Packages;


     

       
136

       
 

       
        inherit withNodeJs withRuby viAlias vimAlias;


     

       
137

       
 

       
        inherit configure;


     

       
138

       
 

       
      };


     

       
139

       
 

       
    in


     

       
140

       
+

       
    assert withPython -> throw "Python2 support has been removed from neovim, please remove withPython and extraPythonPackages.";


     

       
141

       
+

       



     

       
142

       
 

       
    wrapNeovimUnstable neovim (res // {


     

       
143

       
 

       
      wrapperArgs = lib.escapeShellArgs (


     

       
144

       
 

       
        res.wrapperArgs ++ lib.optionals (configure != {}) [
+3 -5
pkgs/applications/editors/neovim/wrapper.nix 
···

       
3

       
 

       
, bundlerEnv, ruby


     

       
4

       
 

       
, nodejs


     

       
5

       
 

       
, nodePackages


     

       
6

       
-

       
, pythonPackages


     

       
7

       
 

       
, python3Packages


     

       
8

       
 

       
}:


     

       
9

       
 

       
with lib;


     
···

       
15

       
 

       
      # should contain all args but the binary


     

       
16

       
 

       
      wrapperArgs ? ""


     

       
17

       
 

       
    , manifestRc ? null


     

       
18

       
-

       
    , withPython2 ? true, python2Env ? null


     

       
19

       
 

       
    , withPython3 ? true,  python3Env ? null


     

       
20

       
 

       
    , withNodeJs ? false


     

       
21

       
 

       
    , rubyEnv ? null


     
···

       
35

       
 

       
    [ "${neovim}/bin/nvim" "${placeholder "out"}/bin/nvim" ] ++


     

       
36

       
 

       
      [ "--set" "NVIM_SYSTEM_RPLUGIN_MANIFEST" "${placeholder "out"}/rplugin.vim" ];


     

       
37

       
 

       
  in


     

       

       

       
     

       

       

       
     

       
38

       
 

       
  symlinkJoin {


     

       
39

       
 

       
      name = "neovim-${lib.getVersion neovim}";


     

       
40

       
 

       
      # Remove the symlinks created by symlinkJoin which we need to perform


     
···

       
43

       
 

       
        rm $out/share/applications/nvim.desktop


     

       
44

       
 

       
        substitute ${neovim}/share/applications/nvim.desktop $out/share/applications/nvim.desktop \


     

       
45

       
 

       
          --replace 'Name=Neovim' 'Name=WrappedNeovim'


     

       
46

       
-

       
      ''


     

       
47

       
-

       
      + optionalString withPython2 ''


     

       
48

       
-

       
        makeWrapper ${python2Env}/bin/python $out/bin/nvim-python --unset PYTHONPATH


     

       
49

       
 

       
      ''


     

       
50

       
 

       
      + optionalString withPython3 ''


     

       
51

       
 

       
        makeWrapper ${python3Env}/bin/python3 $out/bin/nvim-python3 --unset PYTHONPATH


     
···

       
3

       
 

       
, bundlerEnv, ruby


     

       
4

       
 

       
, nodejs


     

       
5

       
 

       
, nodePackages


     

       

       

       
     

       
6

       
 

       
, python3Packages


     

       
7

       
 

       
}:


     

       
8

       
 

       
with lib;


     
···

       
14

       
 

       
      # should contain all args but the binary


     

       
15

       
 

       
      wrapperArgs ? ""


     

       
16

       
 

       
    , manifestRc ? null


     

       
17

       
+

       
    , withPython2 ? false


     

       
18

       
 

       
    , withPython3 ? true,  python3Env ? null


     

       
19

       
 

       
    , withNodeJs ? false


     

       
20

       
 

       
    , rubyEnv ? null


     
···

       
34

       
 

       
    [ "${neovim}/bin/nvim" "${placeholder "out"}/bin/nvim" ] ++


     

       
35

       
 

       
      [ "--set" "NVIM_SYSTEM_RPLUGIN_MANIFEST" "${placeholder "out"}/rplugin.vim" ];


     

       
36

       
 

       
  in


     

       
37

       
+

       
  assert withPython2 -> throw "Python2 support has been removed from the neovim wrapper, please remove withPython2 and python2Env.";


     

       
38

       
+

       



     

       
39

       
 

       
  symlinkJoin {


     

       
40

       
 

       
      name = "neovim-${lib.getVersion neovim}";


     

       
41

       
 

       
      # Remove the symlinks created by symlinkJoin which we need to perform


     
···

       
44

       
 

       
        rm $out/share/applications/nvim.desktop


     

       
45

       
 

       
        substitute ${neovim}/share/applications/nvim.desktop $out/share/applications/nvim.desktop \


     

       
46

       
 

       
          --replace 'Name=Neovim' 'Name=WrappedNeovim'


     

       

       

       
     

       

       

       
     

       

       

       
     

       
47

       
 

       
      ''


     

       
48

       
 

       
      + optionalString withPython3 ''


     

       
49

       
 

       
        makeWrapper ${python3Env}/bin/python3 $out/bin/nvim-python3 --unset PYTHONPATH
+66 -4
pkgs/applications/editors/vscode/generic.nix 
···

       
1

       
 

       
{ stdenv, lib, makeDesktopItem


     

       
2

       
 

       
, unzip, libsecret, libXScrnSaver, libxshmfence, wrapGAppsHook


     

       
3

       
 

       
, gtk2, atomEnv, at-spi2-atk, autoPatchelfHook


     

       
4

       
-

       
, systemd, fontconfig, libdbusmenu


     

       

       

       
     

       
5

       
 

       



     

       
6

       
 

       
# Populate passthru.tests


     

       
7

       
 

       
, tests


     
···

       
13

       
 

       



     

       
14

       
 

       
let


     

       
15

       
 

       
  inherit (stdenv.hostPlatform) system;


     

       
16

       
-

       
in


     

       
17

       
-

       
  stdenv.mkDerivation {


     

       
18

       
 

       



     

       
19

       
 

       
    inherit pname version src sourceRoot;


     

       
20

       
 

       



     

       
21

       
 

       
    passthru = {


     

       
22

       
 

       
      inherit executableName tests;


     

       

       

       
     

       

       

       
     

       
23

       
 

       
    };


     

       
24

       
 

       



     

       
25

       
 

       
    desktopItem = makeDesktopItem {


     
···

       
97

       
 

       
    '';


     

       
98

       
 

       



     

       
99

       
 

       
    inherit meta;


     

       
100

       
-

       
  }


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     
···

       
1

       
 

       
{ stdenv, lib, makeDesktopItem


     

       
2

       
 

       
, unzip, libsecret, libXScrnSaver, libxshmfence, wrapGAppsHook


     

       
3

       
 

       
, gtk2, atomEnv, at-spi2-atk, autoPatchelfHook


     

       
4

       
+

       
, systemd, fontconfig, libdbusmenu, buildFHSUserEnvBubblewrap


     

       
5

       
+

       
, writeShellScriptBin


     

       
6

       
 

       



     

       
7

       
 

       
# Populate passthru.tests


     

       
8

       
 

       
, tests


     
···

       
14

       
 

       



     

       
15

       
 

       
let


     

       
16

       
 

       
  inherit (stdenv.hostPlatform) system;


     

       
17

       
+

       
  unwrapped = stdenv.mkDerivation {


     

       

       

       
     

       
18

       
 

       



     

       
19

       
 

       
    inherit pname version src sourceRoot;


     

       
20

       
 

       



     

       
21

       
 

       
    passthru = {


     

       
22

       
 

       
      inherit executableName tests;


     

       
23

       
+

       
      fhs = fhs {};


     

       
24

       
+

       
      fhsWithPackages = f: fhs { additionalPkgs = f; };


     

       
25

       
 

       
    };


     

       
26

       
 

       



     

       
27

       
 

       
    desktopItem = makeDesktopItem {


     
···

       
99

       
 

       
    '';


     

       
100

       
 

       



     

       
101

       
 

       
    inherit meta;


     

       
102

       
+

       
  };


     

       
103

       
+

       



     

       
104

       
+

       
  # Vscode and variants allow for users to download and use extensions


     

       
105

       
+

       
  # which often include the usage of pre-built binaries.


     

       
106

       
+

       
  # This has been an on-going painpoint for many users, as


     

       
107

       
+

       
  # a full extension update cycle has to be done through nixpkgs


     

       
108

       
+

       
  # in order to create or update extensions.


     

       
109

       
+

       
  # See: #83288 #91179 #73810 #41189


     

       
110

       
+

       
  #


     

       
111

       
+

       
  # buildFHSUserEnv allows for users to use the existing vscode


     

       
112

       
+

       
  # extension tooling without significant pain.


     

       
113

       
+

       
  fhs = { additionalPkgs ? pkgs: [] }: buildFHSUserEnvBubblewrap {


     

       
114

       
+

       
    # also determines the name of the wrapped command


     

       
115

       
+

       
    name = executableName;


     

       
116

       
+

       



     

       
117

       
+

       
    # additional libraries which are commonly needed for extensions


     

       
118

       
+

       
    targetPkgs = pkgs: (with pkgs; [


     

       
119

       
+

       
      # ld-linux-x86-64-linux.so.2 and others


     

       
120

       
+

       
      glibc


     

       
121

       
+

       



     

       
122

       
+

       
      # dotnet


     

       
123

       
+

       
      curl


     

       
124

       
+

       
      icu


     

       
125

       
+

       
      libunwind


     

       
126

       
+

       
      libuuid


     

       
127

       
+

       
      openssl


     

       
128

       
+

       
      zlib


     

       
129

       
+

       



     

       
130

       
+

       
      # mono


     

       
131

       
+

       
      krb5


     

       
132

       
+

       
    ]) ++ additionalPkgs pkgs;


     

       
133

       
+

       



     

       
134

       
+

       
    # restore desktop item icons


     

       
135

       
+

       
    extraInstallCommands = ''


     

       
136

       
+

       
      mkdir -p $out/share/applications


     

       
137

       
+

       
      for item in ${unwrapped}/share/applications/*.desktop; do


     

       
138

       
+

       
        ln -s $item $out/share/applications/


     

       
139

       
+

       
      done


     

       
140

       
+

       
    '';


     

       
141

       
+

       



     

       
142

       
+

       
    runScript = "${unwrapped}/bin/${executableName}";


     

       
143

       
+

       



     

       
144

       
+

       
    # vscode likes to kill the parent so that the


     

       
145

       
+

       
    # gui application isn't attached to the terminal session


     

       
146

       
+

       
    dieWithParent = false;


     

       
147

       
+

       



     

       
148

       
+

       
    passthru = {


     

       
149

       
+

       
      inherit executableName;


     

       
150

       
+

       
      inherit (unwrapped) pname version; # for home-manager module


     

       
151

       
+

       
    };


     

       
152

       
+

       



     

       
153

       
+

       
    meta = meta // {


     

       
154

       
+

       
      description = ''


     

       
155

       
+

       
        Wrapped variant of ${pname} which launches in a FHS compatible envrionment.


     

       
156

       
+

       
        Should allow for easy usage of extensions without nix-specific modifications.


     

       
157

       
+

       
      '';


     

       
158

       
+

       
    };


     

       
159

       
+

       
  };


     

       
160

       
+

       
in


     

       
161

       
+

       
  unwrapped


     

       
162

       
+
+3 -3
pkgs/applications/networking/cluster/kubelogin-oidc/default.nix 
···

       
2

       
 

       



     

       
3

       
 

       
buildGoModule rec {


     

       
4

       
 

       
  pname = "kubelogin";


     

       
5

       
-

       
  version = "1.23.0";


     

       
6

       
 

       



     

       
7

       
 

       
  src = fetchFromGitHub {


     

       
8

       
 

       
    owner = "int128";


     

       
9

       
 

       
    repo = pname;


     

       
10

       
 

       
    rev = "v${version}";


     

       
11

       
-

       
    sha256 = "0n94nx17c6ln2nd6d9yr93vc251y1xphq1wj2vzs4j2l8dqfyjpn";


     

       
12

       
 

       
  };


     

       
13

       
 

       



     

       
14

       
 

       
  subPackages = ["."];


     

       
15

       
 

       



     

       
16

       
-

       
  vendorSha256 = "1dvrk6z6k66wawgb50n8hbgdd8fly399mlbgnvxi671vfi7lkz09";


     

       
17

       
 

       



     

       
18

       
 

       
  # Rename the binary instead of symlinking to avoid conflict with the


     

       
19

       
 

       
  # Azure version of kubelogin


     
···

       
2

       
 

       



     

       
3

       
 

       
buildGoModule rec {


     

       
4

       
 

       
  pname = "kubelogin";


     

       
5

       
+

       
  version = "1.23.1";


     

       
6

       
 

       



     

       
7

       
 

       
  src = fetchFromGitHub {


     

       
8

       
 

       
    owner = "int128";


     

       
9

       
 

       
    repo = pname;


     

       
10

       
 

       
    rev = "v${version}";


     

       
11

       
+

       
    sha256 = "sha256-YK/QGx6QzSeyeZ61KgdYO3POJQFK1F6yJayd2gcRWS4=";


     

       
12

       
 

       
  };


     

       
13

       
 

       



     

       
14

       
 

       
  subPackages = ["."];


     

       
15

       
 

       



     

       
16

       
+

       
  vendorSha256 = "sha256-tnjgs8Ziqdo1ciVOWtL0D8puv2SZGqSHgo2SV7N8F0M=";


     

       
17

       
 

       



     

       
18

       
 

       
  # Rename the binary instead of symlinking to avoid conflict with the


     

       
19

       
 

       
  # Azure version of kubelogin
+10 -2
pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix 
···

       
14

       
 

       
, unshareNet ? false


     

       
15

       
 

       
, unshareUts ? true


     

       
16

       
 

       
, unshareCgroup ? true


     

       

       

       
     

       
17

       
 

       
, ...


     

       
18

       
 

       
}:


     

       
19

       
 

       



     
···

       
22

       
 

       
  buildFHSEnv = callPackage ./env.nix { };


     

       
23

       
 

       



     

       
24

       
 

       
  env = buildFHSEnv (removeAttrs args [


     

       
25

       
-

       
    "runScript" "extraInstallCommands" "meta" "passthru"


     

       
26

       
 

       
    "unshareUser" "unshareCgroup" "unshareUts" "unshareNet" "unsharePid" "unshareIpc"


     

       
27

       
 

       
  ]);


     

       
28

       
 

       



     
···

       
30

       
 

       
    files = [


     

       
31

       
 

       
      # NixOS Compatibility


     

       
32

       
 

       
      "static"


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
33

       
 

       
      # Users, Groups, NSS


     

       
34

       
 

       
      "passwd"


     

       
35

       
 

       
      "group"


     
···

       
136

       
 

       
      ${lib.optionalString unshareNet "--unshare-net"}


     

       
137

       
 

       
      ${lib.optionalString unshareUts "--unshare-uts"}


     

       
138

       
 

       
      ${lib.optionalString unshareCgroup "--unshare-cgroup"}


     

       
139

       
-

       
      --die-with-parent


     

       
140

       
 

       
      --ro-bind /nix /nix


     

       
141

       
 

       
      # Our glibc will look for the cache in its own path in `/nix/store`.


     

       
142

       
 

       
      # As such, we need a cache to exist there, because pressure-vessel


     
···

       
14

       
 

       
, unshareNet ? false


     

       
15

       
 

       
, unshareUts ? true


     

       
16

       
 

       
, unshareCgroup ? true


     

       
17

       
+

       
, dieWithParent ? true


     

       
18

       
 

       
, ...


     

       
19

       
 

       
}:


     

       
20

       
 

       



     
···

       
23

       
 

       
  buildFHSEnv = callPackage ./env.nix { };


     

       
24

       
 

       



     

       
25

       
 

       
  env = buildFHSEnv (removeAttrs args [


     

       
26

       
+

       
    "runScript" "extraInstallCommands" "meta" "passthru" "dieWithParent"


     

       
27

       
 

       
    "unshareUser" "unshareCgroup" "unshareUts" "unshareNet" "unsharePid" "unshareIpc"


     

       
28

       
 

       
  ]);


     

       
29

       
 

       



     
···

       
31

       
 

       
    files = [


     

       
32

       
 

       
      # NixOS Compatibility


     

       
33

       
 

       
      "static"


     

       
34

       
+

       
      "nix" # mainly for nixUnstable users, but also for access to nix/netrc


     

       
35

       
+

       
      # Shells


     

       
36

       
+

       
      "bashrc"


     

       
37

       
+

       
      "zshenv"


     

       
38

       
+

       
      "zshrc"


     

       
39

       
+

       
      "zinputrc"


     

       
40

       
+

       
      "zprofile"


     

       
41

       
 

       
      # Users, Groups, NSS


     

       
42

       
 

       
      "passwd"


     

       
43

       
 

       
      "group"


     
···

       
144

       
 

       
      ${lib.optionalString unshareNet "--unshare-net"}


     

       
145

       
 

       
      ${lib.optionalString unshareUts "--unshare-uts"}


     

       
146

       
 

       
      ${lib.optionalString unshareCgroup "--unshare-cgroup"}


     

       
147

       
+

       
      ${lib.optionalString dieWithParent "--die-with-parent"}


     

       
148

       
 

       
      --ro-bind /nix /nix


     

       
149

       
 

       
      # Our glibc will look for the cache in its own path in `/nix/store`.


     

       
150

       
 

       
      # As such, we need a cache to exist there, because pressure-vessel
+7 -3
pkgs/data/icons/tela-icon-theme/default.nix 
···

       
1

       
-

       
{ fetchFromGitHub, gtk3, hicolor-icon-theme, jdupes, lib, stdenv }:


     

       
2

       
 

       



     

       
3

       
-

       
stdenv.mkDerivation rec {


     

       
4

       
 

       
  pname = "tela-icon-theme";


     

       
5

       
 

       
  version = "2021-01-21";


     

       
6

       
 

       



     
···

       
17

       
 

       



     

       
18

       
 

       
  dontDropIconThemeCache = true;


     

       
19

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
20

       
 

       
  installPhase = ''


     

       
21

       
 

       
    runHook preInstall


     

       
22

       
 

       



     
···

       
31

       
 

       
  meta = with lib; {


     

       
32

       
 

       
    description = "A flat colorful Design icon theme";


     

       
33

       
 

       
    homepage = "https://github.com/vinceliuice/tela-icon-theme";


     

       
34

       
-

       
    license = licenses.gpl3Plus;


     

       
35

       
 

       
    platforms = platforms.unix;


     

       
36

       
 

       
    maintainers = with maintainers; [ figsoda ];


     

       
37

       
 

       
  };


     
···

       
1

       
+

       
{ fetchFromGitHub, gtk3, hicolor-icon-theme, jdupes, lib, stdenvNoCC }:


     

       
2

       
 

       



     

       
3

       
+

       
stdenvNoCC.mkDerivation rec {


     

       
4

       
 

       
  pname = "tela-icon-theme";


     

       
5

       
 

       
  version = "2021-01-21";


     

       
6

       
 

       



     
···

       
17

       
 

       



     

       
18

       
 

       
  dontDropIconThemeCache = true;


     

       
19

       
 

       



     

       
20

       
+

       
  # These fixup steps are slow and unnecessary.


     

       
21

       
+

       
  dontPatchELF = true;


     

       
22

       
+

       
  dontRewriteSymlinks = true;


     

       
23

       
+

       



     

       
24

       
 

       
  installPhase = ''


     

       
25

       
 

       
    runHook preInstall


     

       
26

       
 

       



     
···

       
35

       
 

       
  meta = with lib; {


     

       
36

       
 

       
    description = "A flat colorful Design icon theme";


     

       
37

       
 

       
    homepage = "https://github.com/vinceliuice/tela-icon-theme";


     

       
38

       
+

       
    license = licenses.gpl3Only;


     

       
39

       
 

       
    platforms = platforms.unix;


     

       
40

       
 

       
    maintainers = with maintainers; [ figsoda ];


     

       
41

       
 

       
  };
+6 -1
pkgs/development/libraries/py3c/default.nix 
···

       
11

       
 

       
    sha256 = "04i2z7hrig78clc59q3i1z2hh24g7z1bfvxznlzxv00d4s57nhpi";


     

       
12

       
 

       
  };


     

       
13

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
14

       
 

       
  makeFlags = [


     

       
15

       
 

       
    "prefix=${placeholder "out"}"


     

       
16

       
 

       
  ];


     
···

       
26

       
 

       
    homepage = "https://github.com/encukou/py3c";


     

       
27

       
 

       
    description = "Python 2/3 compatibility layer for C extensions";


     

       
28

       
 

       
    license = licenses.mit;


     

       
29

       
-

       
    maintainers = with maintainers; [ ajs124 ];


     

       
30

       
 

       
  };


     

       
31

       
 

       
}


     
···

       
11

       
 

       
    sha256 = "04i2z7hrig78clc59q3i1z2hh24g7z1bfvxznlzxv00d4s57nhpi";


     

       
12

       
 

       
  };


     

       
13

       
 

       



     

       
14

       
+

       
  postPatch = lib.optionalString stdenv.cc.isClang ''


     

       
15

       
+

       
    substituteInPlace test/setup.py \


     

       
16

       
+

       
      --replace "'-Werror', " ""


     

       
17

       
+

       
  '';


     

       
18

       
+

       



     

       
19

       
 

       
  makeFlags = [


     

       
20

       
 

       
    "prefix=${placeholder "out"}"


     

       
21

       
 

       
  ];


     
···

       
31

       
 

       
    homepage = "https://github.com/encukou/py3c";


     

       
32

       
 

       
    description = "Python 2/3 compatibility layer for C extensions";


     

       
33

       
 

       
    license = licenses.mit;


     

       
34

       
+

       
    maintainers = with maintainers; [ ajs124 dotlambda ];


     

       
35

       
 

       
  };


     

       
36

       
 

       
}
+2 -2
pkgs/development/python-modules/csvw/default.nix 
···

       
14

       
 

       



     

       
15

       
 

       
buildPythonPackage rec {


     

       
16

       
 

       
  pname = "csvw";


     

       
17

       
-

       
  version = "1.10.1";


     

       
18

       
 

       
  disabled = isPy27;


     

       
19

       
 

       



     

       
20

       
 

       
  src = fetchFromGitHub {


     

       
21

       
 

       
    owner = "cldf";


     

       
22

       
 

       
    repo = "csvw";


     

       
23

       
 

       
    rev = "v${version}";


     

       
24

       
-

       
    sha256 = "1764nfa4frjdd7v6wj35y7prnciaqz57wwygy5zfavl4laxn4nxd";


     

       
25

       
 

       
  };


     

       
26

       
 

       



     

       
27

       
 

       
  patchPhase = ''


     
···

       
14

       
 

       



     

       
15

       
 

       
buildPythonPackage rec {


     

       
16

       
 

       
  pname = "csvw";


     

       
17

       
+

       
  version = "1.10.2";


     

       
18

       
 

       
  disabled = isPy27;


     

       
19

       
 

       



     

       
20

       
 

       
  src = fetchFromGitHub {


     

       
21

       
 

       
    owner = "cldf";


     

       
22

       
 

       
    repo = "csvw";


     

       
23

       
 

       
    rev = "v${version}";


     

       
24

       
+

       
    sha256 = "0z0qxlsfxwz1qapxb4d0mz3wkj99d7zi9yrg1cbd2xp7giagb6d4";


     

       
25

       
 

       
  };


     

       
26

       
 

       



     

       
27

       
 

       
  patchPhase = ''
+7 -4
pkgs/tools/graphics/pngquant/default.nix 
···

       
2

       
 

       



     

       
3

       
 

       
stdenv.mkDerivation rec {


     

       
4

       
 

       
  pname = "pngquant";


     

       
5

       
-

       
  version = "2.12.5";


     

       
6

       
 

       



     

       
7

       
 

       
  src = fetchFromGitHub {


     

       
8

       
-

       
    owner = "pornel";


     

       
9

       
 

       
    repo = "pngquant";


     

       
10

       
 

       
    rev = version;


     

       
11

       
-

       
    sha256 = "0sq398iv5cacblz6pb4j2hn16cnszsbkahikdpfq84rb9bj0ya40";


     

       
12

       
 

       
    fetchSubmodules = true;


     

       
13

       
 

       
  };


     

       
14

       
 

       



     
···

       
17

       
 

       
  nativeBuildInputs = [ pkg-config ];


     

       
18

       
 

       
  buildInputs = [ libpng zlib lcms2 ];


     

       
19

       
 

       



     

       

       

       
     

       

       

       
     

       
20

       
 

       
  meta = with lib; {


     

       
21

       
 

       
    homepage = "https://pngquant.org/";


     

       
22

       
 

       
    description = "A tool to convert 24/32-bit RGBA PNGs to 8-bit palette with alpha channel preserved";


     

       

       

       
     

       
23

       
 

       
    platforms = platforms.unix;


     

       
24

       
-

       
    license = licenses.gpl3;


     

       
25

       
 

       
    maintainers = [ maintainers.volth ];


     

       
26

       
 

       
  };


     

       
27

       
 

       
}


     
···

       
2

       
 

       



     

       
3

       
 

       
stdenv.mkDerivation rec {


     

       
4

       
 

       
  pname = "pngquant";


     

       
5

       
+

       
  version = "2.14.1";


     

       
6

       
 

       



     

       
7

       
 

       
  src = fetchFromGitHub {


     

       
8

       
+

       
    owner = "kornelski";


     

       
9

       
 

       
    repo = "pngquant";


     

       
10

       
 

       
    rev = version;


     

       
11

       
+

       
    sha256 = "054hi33qp3jc7hv0141wi8drwdg24v5zfp8znwjmz4mcdls8vxbb";


     

       
12

       
 

       
    fetchSubmodules = true;


     

       
13

       
 

       
  };


     

       
14

       
 

       



     
···

       
17

       
 

       
  nativeBuildInputs = [ pkg-config ];


     

       
18

       
 

       
  buildInputs = [ libpng zlib lcms2 ];


     

       
19

       
 

       



     

       
20

       
+

       
  doCheck = true;


     

       
21

       
+

       



     

       
22

       
 

       
  meta = with lib; {


     

       
23

       
 

       
    homepage = "https://pngquant.org/";


     

       
24

       
 

       
    description = "A tool to convert 24/32-bit RGBA PNGs to 8-bit palette with alpha channel preserved";


     

       
25

       
+

       
    changelog = "https://github.com/kornelski/pngquant/raw/${version}/CHANGELOG";


     

       
26

       
 

       
    platforms = platforms.unix;


     

       
27

       
+

       
    license = with licenses; [ gpl3Plus hpnd bsd2 ];


     

       
28

       
 

       
    maintainers = [ maintainers.volth ];


     

       
29

       
 

       
  };


     

       
30

       
 

       
}
+5 -1
pkgs/top-level/all-packages.nix 
···

       
26636

       
 

       



     

       
26637

       
 

       
  gnvim = callPackage ../applications/editors/neovim/gnvim/wrapper.nix { };


     

       
26638

       
 

       



     

       
26639

       
-

       
  neovim-remote = callPackage ../applications/editors/neovim/neovim-remote.nix { pythonPackages = python3Packages; };


     

       
26640

       
 

       



     

       
26641

       
 

       
  vis = callPackage ../applications/editors/vis {


     

       
26642

       
 

       
    inherit (lua52Packages) lpeg;


     
···

       
26754

       
 

       
  };


     

       
26755

       
 

       



     

       
26756

       
 

       
  vscode = callPackage ../applications/editors/vscode/vscode.nix { };


     

       

       

       
     

       

       

       
     

       
26757

       
 

       



     

       
26758

       
 

       
  vscode-with-extensions = callPackage ../applications/editors/vscode/with-extensions.nix {};


     

       
26759

       
 

       



     
···

       
26762

       
 

       
  vscode-extensions = recurseIntoAttrs (callPackage ../misc/vscode-extensions {});


     

       
26763

       
 

       



     

       
26764

       
 

       
  vscodium = callPackage ../applications/editors/vscode/vscodium.nix { };


     

       

       

       
     

       

       

       
     

       
26765

       
 

       



     

       
26766

       
 

       
  code-server = callPackage ../servers/code-server {


     

       
26767

       
 

       
    inherit (darwin.apple_sdk.frameworks) AppKit Cocoa Security;


     
···

       
26636

       
 

       



     

       
26637

       
 

       
  gnvim = callPackage ../applications/editors/neovim/gnvim/wrapper.nix { };


     

       
26638

       
 

       



     

       
26639

       
+

       
  neovim-remote = callPackage ../applications/editors/neovim/neovim-remote.nix { };


     

       
26640

       
 

       



     

       
26641

       
 

       
  vis = callPackage ../applications/editors/vis {


     

       
26642

       
 

       
    inherit (lua52Packages) lpeg;


     
···

       
26754

       
 

       
  };


     

       
26755

       
 

       



     

       
26756

       
 

       
  vscode = callPackage ../applications/editors/vscode/vscode.nix { };


     

       
26757

       
+

       
  vscode-fhs = vscode.fhs;


     

       
26758

       
+

       
  vscode-fhsWithPackages = vscode.fhsWithPackages;


     

       
26759

       
 

       



     

       
26760

       
 

       
  vscode-with-extensions = callPackage ../applications/editors/vscode/with-extensions.nix {};


     

       
26761

       
 

       



     
···

       
26764

       
 

       
  vscode-extensions = recurseIntoAttrs (callPackage ../misc/vscode-extensions {});


     

       
26765

       
 

       



     

       
26766

       
 

       
  vscodium = callPackage ../applications/editors/vscode/vscodium.nix { };


     

       
26767

       
+

       
  vscodium-fhs = vscodium.fhs;


     

       
26768

       
+

       
  vscodium-fhsWithPackages = vscodium.fhsWithPackages;


     

       
26769

       
 

       



     

       
26770

       
 

       
  code-server = callPackage ../servers/code-server {


     

       
26771

       
 

       
    inherit (darwin.apple_sdk.frameworks) AppKit Cocoa Security;