commit b66e31c26a31eebc4ccf3c25f04046c5d4fa1a86 · pyrox.dev/nixpkgs

nixos/doc/manual/redirects.json

···

       2
       2
        
         "book-nixos-manual": [

     

       3
       3
        
           "index.html#book-nixos-manual"

     

       4
       4
        
         ],

     

       5
       5
       +
         "module-services-anubis": [

     

       6
       6
       +
           "index.html#module-services-anubis"

     

       7
       7
       +
         ],

     

       8
       8
       +
         "module-services-anubis-configuration": [

     

       9
       9
       +
           "index.html#module-services-anubis-configuration"

     

       10
       10
       +
         ],

     

       11
       11
       +
         "module-services-anubis-quickstart": [

     

       12
       12
       +
           "index.html#module-services-anubis-quickstart"

     

       13
       13
       +
         ],

     

       5
       14
        
         "module-services-crab-hole": [

     

       6
       15
        
           "index.html#module-services-crab-hole"

     

       7
       16
        
         ],

nixos/doc/manual/release-notes/rl-2505.section.md

···

       165
       165
        
       

     

       166
       166
        
       - [PDS](https://github.com/bluesky-social/pds), Personal Data Server for [bsky](https://bsky.social/). Available as [services.pds](option.html#opt-services.pds).

     

       167
       167
        
       

     

       168
       168
       +
       - [Anubis](https://github.com/TecharoHQ/anubis), a scraper defense software. Available as [services.anubis](options.html#opt-services.anubis).

     

       169
       169
       +
       

     

       168
       170
        
       - [synapse-auto-compressor](https://github.com/matrix-org/rust-synapse-compress-state?tab=readme-ov-file#automated-tool-synapse_auto_compressor), a rust-based matrix-synapse state compressor for postgresql. Available as [services.synapse-auto-compressor](#opt-services.synapse-auto-compressor.enable).

     

       169
       171
        
       

     

       170
       172
        
       - [mqtt-exporter](https://github.com/kpetremann/mqtt-exporter/), a Prometheus exporter for exposing messages from MQTT. Available as [services.prometheus.exporters.mqtt](#opt-services.prometheus.exporters.mqtt.enable).

nixos/modules/module-list.nix

···

       1048
       1048
        
         ./services/networking/adguardhome.nix

     

       1049
       1049
        
         ./services/networking/alice-lg.nix

     

       1050
       1050
        
         ./services/networking/amuled.nix

     

       1051
       1051
       +
         ./services/networking/anubis.nix

     

       1051
       1052
        
         ./services/networking/aria2.nix

     

       1052
       1053
        
         ./services/networking/asterisk.nix

     

       1053
       1054
        
         ./services/networking/atftpd.nix

+61

nixos/modules/services/networking/anubis.md

···

       1
       1
       +
       # Anubis {#module-services-anubis}

     

       2
       2
       +
       

     

       3
       3
       +
       [Anubis](https://anubis.techaro.lol) is a scraper defense software that blocks AI scrapers. It is designed to sit

     

       4
       4
       +
       between a reverse proxy and the service to be protected.

     

       5
       5
       +
       

     

       6
       6
       +
       ## Quickstart {#module-services-anubis-quickstart}

     

       7
       7
       +
       

     

       8
       8
       +
       This module is designed to use Unix domain sockets as the socket paths can be automatically configured for multiple

     

       9
       9
       +
       instances, but TCP sockets are also supported.

     

       10
       10
       +
       

     

       11
       11
       +
       A minimal configuration with [nginx](#opt-services.nginx.enable) may look like the following:

     

       12
       12
       +
       

     

       13
       13
       +
       ```nix

     

       14
       14
       +
       { config, ... }: {

     

       15
       15
       +
         services.anubis.instances.default.settings.TARGET = "http://localhost:8000";

     

       16
       16
       +
       

     

       17
       17
       +
         # required due to unix socket permissions

     

       18
       18
       +
         users.users.nginx.extraGroups = [ config.users.groups.anubis.name ];

     

       19
       19
       +
         services.nginx.virtualHosts."example.com" = {

     

       20
       20
       +
           locations = {

     

       21
       21
       +
             "/".proxyPass = "http://unix:${config.services.anubis.instances.default.settings.BIND}";

     

       22
       22
       +
           };

     

       23
       23
       +
         };

     

       24
       24
       +
       }

     

       25
       25
       +
       ```

     

       26
       26
       +
       

     

       27
       27
       +
       If Unix domain sockets are not needed or desired, this module supports operating with only TCP sockets.

     

       28
       28
       +
       

     

       29
       29
       +
       ```nix

     

       30
       30
       +
       {

     

       31
       31
       +
         services.anubis = {

     

       32
       32
       +
           instances.default = {

     

       33
       33
       +
             settings = {

     

       34
       34
       +
               TARGET = "http://localhost:8080";

     

       35
       35
       +
               BIND = ":9000";

     

       36
       36
       +
               BIND_NETWORK = "tcp";

     

       37
       37
       +
               METRICS_BIND = "127.0.0.1:9001";

     

       38
       38
       +
               METRICS_BIND_NETWORK = "tcp";

     

       39
       39
       +
             };

     

       40
       40
       +
           };

     

       41
       41
       +
         };

     

       42
       42
       +
       }

     

       43
       43
       +
       ```

     

       44
       44
       +
       

     

       45
       45
       +
       ## Configuration {#module-services-anubis-configuration}

     

       46
       46
       +
       

     

       47
       47
       +
       It is possible to configure default settings for all instances of Anubis, via {option}`services.anubis.defaultOptions`.

     

       48
       48
       +
       

     

       49
       49
       +
       ```nix

     

       50
       50
       +
       {

     

       51
       51
       +
         services.anubis.defaultOptions = {

     

       52
       52
       +
           botPolicy = { dnsbl = false; };

     

       53
       53
       +
           settings.DIFFICULTY = 3;

     

       54
       54
       +
         };

     

       55
       55
       +
       }

     

       56
       56
       +
       ```

     

       57
       57
       +
       

     

       58
       58
       +
       Note that at the moment, a custom bot policy is not merged with the baked-in one. That means to only override a setting

     

       59
       59
       +
       like `dnsbl`, copying the entire bot policy is required. Check

     

       60
       60
       +
       [the upstream repository](https://github.com/TecharoHQ/anubis/blob/1509b06cb921aff842e71fbb6636646be6ed5b46/cmd/anubis/botPolicies.json)

     

       61
       61
       +
       for the policy.

+314

nixos/modules/services/networking/anubis.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       let

     

       8
       8
       +
         inherit (lib) types;

     

       9
       9
       +
         jsonFormat = pkgs.formats.json { };

     

       10
       10
       +
       

     

       11
       11
       +
         cfg = config.services.anubis;

     

       12
       12
       +
         enabledInstances = lib.filterAttrs (_: conf: conf.enable) cfg.instances;

     

       13
       13
       +
         instanceName = name: if name == "" then "anubis" else "anubis-${name}";

     

       14
       14
       +
       

     

       15
       15
       +
         commonSubmodule =

     

       16
       16
       +
           isDefault:

     

       17
       17
       +
           let

     

       18
       18
       +
             mkDefaultOption =

     

       19
       19
       +
               path: opts:

     

       20
       20
       +
               lib.mkOption (

     

       21
       21
       +
                 opts

     

       22
       22
       +
                 // lib.optionalAttrs (!isDefault && opts ? default) {

     

       23
       23
       +
                   default =

     

       24
       24
       +
                     lib.attrByPath (lib.splitString "." path)

     

       25
       25
       +
                       (throw "This is a bug in the Anubis module. Please report this as an issue.")

     

       26
       26
       +
                       cfg.defaultOptions;

     

       27
       27
       +
                   defaultText = lib.literalExpression "config.services.anubis.defaultOptions.${path}";

     

       28
       28
       +
                 }

     

       29
       29
       +
               );

     

       30
       30
       +
           in

     

       31
       31
       +
           { name, ... }:

     

       32
       32
       +
           {

     

       33
       33
       +
             options = {

     

       34
       34
       +
               enable = lib.mkEnableOption "this instance of Anubis" // {

     

       35
       35
       +
                 default = true;

     

       36
       36
       +
               };

     

       37
       37
       +
               user = mkDefaultOption "user" {

     

       38
       38
       +
                 default = "anubis";

     

       39
       39
       +
                 description = ''

     

       40
       40
       +
                   The user under which Anubis is run.

     

       41
       41
       +
       

     

       42
       42
       +
                   This module utilizes systemd's DynamicUser feature. See the corresponding section in

     

       43
       43
       +
                   {manpage}`systemd.exec(5)` for more details.

     

       44
       44
       +
                 '';

     

       45
       45
       +
                 type = types.str;

     

       46
       46
       +
               };

     

       47
       47
       +
               group = mkDefaultOption "group" {

     

       48
       48
       +
                 default = "anubis";

     

       49
       49
       +
                 description = ''

     

       50
       50
       +
                   The group under which Anubis is run.

     

       51
       51
       +
       

     

       52
       52
       +
                   This module utilizes systemd's DynamicUser feature. See the corresponding section in

     

       53
       53
       +
                   {manpage}`systemd.exec(5)` for more details.

     

       54
       54
       +
                 '';

     

       55
       55
       +
                 type = types.str;

     

       56
       56
       +
               };

     

       57
       57
       +
       

     

       58
       58
       +
               botPolicy = lib.mkOption {

     

       59
       59
       +
                 default = null;

     

       60
       60
       +
                 description = ''

     

       61
       61
       +
                   Anubis policy configuration in Nix syntax. Set to `null` to use the baked-in policy which should be

     

       62
       62
       +
                   sufficient for most use-cases.

     

       63
       63
       +
       

     

       64
       64
       +
                   This option has no effect if `settings.POLICY_FNAME` is set to a different value, which is useful for

     

       65
       65
       +
                   importing an existing configuration.

     

       66
       66
       +
       

     

       67
       67
       +
                   See [the documentation](https://anubis.techaro.lol/docs/admin/policies) for details.

     

       68
       68
       +
                 '';

     

       69
       69
       +
                 type = types.nullOr jsonFormat.type;

     

       70
       70
       +
               };

     

       71
       71
       +
       

     

       72
       72
       +
               extraFlags = mkDefaultOption "extraFlags" {

     

       73
       73
       +
                 default = [ ];

     

       74
       74
       +
                 description = "A list of extra flags to be passed to Anubis.";

     

       75
       75
       +
                 example = [ "-metrics-bind \"\"" ];

     

       76
       76
       +
                 type = types.listOf types.str;

     

       77
       77
       +
               };

     

       78
       78
       +
       

     

       79
       79
       +
               settings = lib.mkOption {

     

       80
       80
       +
                 default = { };

     

       81
       81
       +
                 description = ''

     

       82
       82
       +
                   Freeform configuration via environment variables for Anubis.

     

       83
       83
       +
       

     

       84
       84
       +
                   See [the documentation](https://anubis.techaro.lol/docs/admin/installation) for a complete list of

     

       85
       85
       +
                   available environment variables.

     

       86
       86
       +
                 '';

     

       87
       87
       +
                 type = types.submodule [

     

       88
       88
       +
                   {

     

       89
       89
       +
                     freeformType =

     

       90
       90
       +
                       with types;

     

       91
       91
       +
                       attrsOf (

     

       92
       92
       +
                         nullOr (oneOf [

     

       93
       93
       +
                           str

     

       94
       94
       +
                           int

     

       95
       95
       +
                           bool

     

       96
       96
       +
                         ])

     

       97
       97
       +
                       );

     

       98
       98
       +
       

     

       99
       99
       +
                     options = {

     

       100
       100
       +
                       # BIND and METRICS_BIND are defined in instance specific options, since global defaults don't make sense

     

       101
       101
       +
                       BIND_NETWORK = mkDefaultOption "settings.BIND_NETWORK" {

     

       102
       102
       +
                         default = "unix";

     

       103
       103
       +
                         description = ''

     

       104
       104
       +
                           The network family that Anubis should bind to.

     

       105
       105
       +
       

     

       106
       106
       +
                           Accepts anything supported by Go's [`net.Listen`](https://pkg.go.dev/net#Listen).

     

       107
       107
       +
       

     

       108
       108
       +
                           Common values are `tcp` and `unix`.

     

       109
       109
       +
                         '';

     

       110
       110
       +
                         example = "tcp";

     

       111
       111
       +
                         type = types.str;

     

       112
       112
       +
                       };

     

       113
       113
       +
                       METRICS_BIND_NETWORK = mkDefaultOption "settings.METRICS_BIND_NETWORK" {

     

       114
       114
       +
                         default = "unix";

     

       115
       115
       +
                         description = ''

     

       116
       116
       +
                           The network family that the metrics server should bind to.

     

       117
       117
       +
       

     

       118
       118
       +
                           Accepts anything supported by Go's [`net.Listen`](https://pkg.go.dev/net#Listen).

     

       119
       119
       +
       

     

       120
       120
       +
                           Common values are `tcp` and `unix`.

     

       121
       121
       +
                         '';

     

       122
       122
       +
                         example = "tcp";

     

       123
       123
       +
                         type = types.str;

     

       124
       124
       +
                       };

     

       125
       125
       +
                       SOCKET_MODE = mkDefaultOption "settings.SOCKET_MODE" {

     

       126
       126
       +
                         default = "0770";

     

       127
       127
       +
                         description = "The permissions on the Unix domain sockets created.";

     

       128
       128
       +
                         example = "0700";

     

       129
       129
       +
                         type = types.str;

     

       130
       130
       +
                       };

     

       131
       131
       +
                       DIFFICULTY = mkDefaultOption "settings.DIFFICULTY" {

     

       132
       132
       +
                         default = 4;

     

       133
       133
       +
                         description = ''

     

       134
       134
       +
                           The difficulty required for clients to solve the challenge.

     

       135
       135
       +
       

     

       136
       136
       +
                           Currently, this means the amount of leading zeros in a successful response.

     

       137
       137
       +
                         '';

     

       138
       138
       +
                         type = types.int;

     

       139
       139
       +
                         example = 5;

     

       140
       140
       +
                       };

     

       141
       141
       +
                       SERVE_ROBOTS_TXT = mkDefaultOption "settings.SERVE_ROBOTS_TXT" {

     

       142
       142
       +
                         default = false;

     

       143
       143
       +
                         description = ''

     

       144
       144
       +
                           Whether to serve a default robots.txt that denies access to common AI bots by name and all other

     

       145
       145
       +
                           bots by wildcard.

     

       146
       146
       +
                         '';

     

       147
       147
       +
                         type = types.bool;

     

       148
       148
       +
                       };

     

       149
       149
       +
       

     

       150
       150
       +
                       # generated by default

     

       151
       151
       +
                       POLICY_FNAME = mkDefaultOption "settings.POLICY_FNAME" {

     

       152
       152
       +
                         default = null;

     

       153
       153
       +
                         description = ''

     

       154
       154
       +
                           The bot policy file to use. Leave this as `null` to respect the value set in

     

       155
       155
       +
                           {option}`services.anubis.instances.<name>.botPolicy`.

     

       156
       156
       +
                         '';

     

       157
       157
       +
                         type = types.nullOr types.path;

     

       158
       158
       +
                       };

     

       159
       159
       +
                     };

     

       160
       160
       +
                   }

     

       161
       161
       +
                   (lib.optionalAttrs (!isDefault) (instanceSpecificOptions name))

     

       162
       162
       +
                 ];

     

       163
       163
       +
               };

     

       164
       164
       +
             };

     

       165
       165
       +
           };

     

       166
       166
       +
       

     

       167
       167
       +
         instanceSpecificOptions = name: {

     

       168
       168
       +
           options = {

     

       169
       169
       +
             # see other options above

     

       170
       170
       +
             BIND = lib.mkOption {

     

       171
       171
       +
               default = "/run/anubis/${instanceName name}.sock";

     

       172
       172
       +
               description = ''

     

       173
       173
       +
                 The address that Anubis listens to. See Go's [`net.Listen`](https://pkg.go.dev/net#Listen) for syntax.

     

       174
       174
       +
       

     

       175
       175
       +
                 Defaults to Unix domain sockets. To use TCP sockets, set this to a TCP address and `BIND_NETWORK` to `"tcp"`.

     

       176
       176
       +
               '';

     

       177
       177
       +
               example = ":8080";

     

       178
       178
       +
               type = types.str;

     

       179
       179
       +
             };

     

       180
       180
       +
             METRICS_BIND = lib.mkOption {

     

       181
       181
       +
               default = "/run/anubis/${instanceName name}-metrics.sock";

     

       182
       182
       +
               description = ''

     

       183
       183
       +
                 The address Anubis' metrics server listens to. See Go's [`net.Listen`](https://pkg.go.dev/net#Listen) for

     

       184
       184
       +
                 syntax.

     

       185
       185
       +
       

     

       186
       186
       +
                 The metrics server is enabled by default and may be disabled. However, due to implementation details, this is

     

       187
       187
       +
                 only possible by setting a command line flag. See {option}`services.anubis.defaultOptions.extraFlags` for an

     

       188
       188
       +
                 example.

     

       189
       189
       +
       

     

       190
       190
       +
                 Defaults to Unix domain sockets. To use TCP sockets, set this to a TCP address and `METRICS_BIND_NETWORK` to

     

       191
       191
       +
                 `"tcp"`.

     

       192
       192
       +
               '';

     

       193
       193
       +
               example = "127.0.0.1:8081";

     

       194
       194
       +
               type = types.str;

     

       195
       195
       +
             };

     

       196
       196
       +
             TARGET = lib.mkOption {

     

       197
       197
       +
               description = ''

     

       198
       198
       +
                 The reverse proxy target that Anubis is protecting. This is a required option.

     

       199
       199
       +
       

     

       200
       200
       +
                 The usage of Unix domain sockets is supported by the following syntax: `unix:///path/to/socket.sock`.

     

       201
       201
       +
               '';

     

       202
       202
       +
               example = "http://127.0.0.1:8000";

     

       203
       203
       +
               type = types.str;

     

       204
       204
       +
             };

     

       205
       205
       +
           };

     

       206
       206
       +
         };

     

       207
       207
       +
       in

     

       208
       208
       +
       {

     

       209
       209
       +
         options.services.anubis = {

     

       210
       210
       +
           package = lib.mkPackageOption pkgs "anubis" { };

     

       211
       211
       +
       

     

       212
       212
       +
           defaultOptions = lib.mkOption {

     

       213
       213
       +
             default = { };

     

       214
       214
       +
             description = "Default options for all instances of Anubis.";

     

       215
       215
       +
             type = types.submodule (commonSubmodule true);

     

       216
       216
       +
           };

     

       217
       217
       +
       

     

       218
       218
       +
           instances = lib.mkOption {

     

       219
       219
       +
             default = { };

     

       220
       220
       +
             description = ''

     

       221
       221
       +
               An attribute set of Anubis instances.

     

       222
       222
       +
       

     

       223
       223
       +
               The attribute name may be an empty string, in which case the `-<name>` suffix is not added to the service name

     

       224
       224
       +
               and socket paths.

     

       225
       225
       +
             '';

     

       226
       226
       +
             type = types.attrsOf (types.submodule (commonSubmodule false));

     

       227
       227
       +
           };

     

       228
       228
       +
         };

     

       229
       229
       +
       

     

       230
       230
       +
         config = lib.mkIf (enabledInstances != { }) {

     

       231
       231
       +
           users.users = lib.mkIf (cfg.defaultOptions.user == "anubis") {

     

       232
       232
       +
             anubis = {

     

       233
       233
       +
               isSystemUser = true;

     

       234
       234
       +
               group = cfg.defaultOptions.group;

     

       235
       235
       +
             };

     

       236
       236
       +
           };

     

       237
       237
       +
       

     

       238
       238
       +
           users.groups = lib.mkIf (cfg.defaultOptions.group == "anubis") {

     

       239
       239
       +
             anubis = { };

     

       240
       240
       +
           };

     

       241
       241
       +
       

     

       242
       242
       +
           systemd.services = lib.mapAttrs' (

     

       243
       243
       +
             name: instance:

     

       244
       244
       +
             lib.nameValuePair "${instanceName name}" {

     

       245
       245
       +
               description = "Anubis (${if name == "" then "default" else name} instance)";

     

       246
       246
       +
               wantedBy = [ "multi-user.target" ];

     

       247
       247
       +
               after = [ "network-online.target" ];

     

       248
       248
       +
               wants = [ "network-online.target" ];

     

       249
       249
       +
       

     

       250
       250
       +
               environment = lib.mapAttrs (lib.const (lib.generators.mkValueStringDefault { })) (

     

       251
       251
       +
                 lib.filterAttrs (_: v: v != null) instance.settings

     

       252
       252
       +
               );

     

       253
       253
       +
       

     

       254
       254
       +
               serviceConfig = {

     

       255
       255
       +
                 User = instance.user;

     

       256
       256
       +
                 Group = instance.group;

     

       257
       257
       +
                 DynamicUser = true;

     

       258
       258
       +
       

     

       259
       259
       +
                 ExecStart = lib.concatStringsSep " " (

     

       260
       260
       +
                   (lib.singleton (lib.getExe cfg.package)) ++ instance.extraFlags

     

       261
       261
       +
                 );

     

       262
       262
       +
                 RuntimeDirectory =

     

       263
       263
       +
                   if

     

       264
       264
       +
                     lib.any (lib.hasPrefix "/run/anubis") (

     

       265
       265
       +
                       with instance.settings;

     

       266
       266
       +
                       [

     

       267
       267
       +
                         BIND

     

       268
       268
       +
                         METRICS_BIND

     

       269
       269
       +
                       ]

     

       270
       270
       +
                     )

     

       271
       271
       +
                   then

     

       272
       272
       +
                     "anubis"

     

       273
       273
       +
                   else

     

       274
       274
       +
                     null;

     

       275
       275
       +
       

     

       276
       276
       +
                 # hardening

     

       277
       277
       +
                 NoNewPrivileges = true;

     

       278
       278
       +
                 CapabilityBoundingSet = null;

     

       279
       279
       +
                 SystemCallFilter = [

     

       280
       280
       +
                   "@system-service"

     

       281
       281
       +
                   "~@privileged"

     

       282
       282
       +
                 ];

     

       283
       283
       +
                 SystemCallArchitectures = "native";

     

       284
       284
       +
                 MemoryDenyWriteExecute = true;

     

       285
       285
       +
       

     

       286
       286
       +
                 PrivateUsers = true;

     

       287
       287
       +
                 PrivateTmp = true;

     

       288
       288
       +
                 PrivateDevices = true;

     

       289
       289
       +
                 ProtectHome = true;

     

       290
       290
       +
                 ProtectClock = true;

     

       291
       291
       +
                 ProtectHostname = true;

     

       292
       292
       +
                 ProtectKernelLogs = true;

     

       293
       293
       +
                 ProtectKernelModules = true;

     

       294
       294
       +
                 ProtectKernelTunables = true;

     

       295
       295
       +
                 ProtectProc = "invisible";

     

       296
       296
       +
                 ProtectSystem = "strict";

     

       297
       297
       +
                 ProtectControlGroups = "strict";

     

       298
       298
       +
                 LockPersonality = true;

     

       299
       299
       +
                 RestrictRealtime = true;

     

       300
       300
       +
                 RestrictSUIDSGID = true;

     

       301
       301
       +
                 RestrictNamespaces = true;

     

       302
       302
       +
                 RestrictAddressFamilies = [

     

       303
       303
       +
                   "AF_UNIX"

     

       304
       304
       +
                   "AF_INET"

     

       305
       305
       +
                   "AF_INET6"

     

       306
       306
       +
                 ];

     

       307
       307
       +
               };

     

       308
       308
       +
             }

     

       309
       309
       +
           ) enabledInstances;

     

       310
       310
       +
         };

     

       311
       311
       +
       

     

       312
       312
       +
         meta.maintainers = with lib.maintainers; [ soopyc ];

     

       313
       313
       +
         meta.doc = ./anubis.md;

     

       314
       314
       +
       }

nixos/tests/all-tests.nix

···

       198
       198
        
         amd-sev = runTest ./amd-sev.nix;

     

       199
       199
        
         angie-api = runTest ./angie-api.nix;

     

       200
       200
        
         anki-sync-server = runTest ./anki-sync-server.nix;

     

       201
       201
       +
         anubis = runTest ./anubis.nix;

     

       201
       202
        
         anuko-time-tracker = runTest ./anuko-time-tracker.nix;

     

       202
       203
        
         apcupsd = runTest ./apcupsd.nix;

     

       203
       204
        
         apfs = runTest ./apfs.nix;

+98

nixos/tests/anubis.nix

···

       1
       1
       +
       { lib, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         name = "anubis";

     

       4
       4
       +
         meta.maintainers = [ lib.maintainers.soopyc ];

     

       5
       5
       +
       

     

       6
       6
       +
         nodes.machine =

     

       7
       7
       +
           {

     

       8
       8
       +
             config,

     

       9
       9
       +
             pkgs,

     

       10
       10
       +
             ...

     

       11
       11
       +
           }:

     

       12
       12
       +
           {

     

       13
       13
       +
             services.anubis.instances = {

     

       14
       14
       +
               "".settings.TARGET = "http://localhost:8080";

     

       15
       15
       +
       

     

       16
       16
       +
               "tcp" = {

     

       17
       17
       +
                 user = "anubis-tcp";

     

       18
       18
       +
                 group = "anubis-tcp";

     

       19
       19
       +
                 settings = {

     

       20
       20
       +
                   TARGET = "http://localhost:8080";

     

       21
       21
       +
                   BIND = ":9000";

     

       22
       22
       +
                   BIND_NETWORK = "tcp";

     

       23
       23
       +
                   METRICS_BIND = ":9001";

     

       24
       24
       +
                   METRICS_BIND_NETWORK = "tcp";

     

       25
       25
       +
                 };

     

       26
       26
       +
               };

     

       27
       27
       +
       

     

       28
       28
       +
               "unix-upstream" = {

     

       29
       29
       +
                 group = "nginx";

     

       30
       30
       +
                 settings.TARGET = "unix:///run/nginx/nginx.sock";

     

       31
       31
       +
               };

     

       32
       32
       +
             };

     

       33
       33
       +
       

     

       34
       34
       +
             # support

     

       35
       35
       +
             users.users.nginx.extraGroups = [ config.users.groups.anubis.name ];

     

       36
       36
       +
             services.nginx = {

     

       37
       37
       +
               enable = true;

     

       38
       38
       +
               recommendedProxySettings = true;

     

       39
       39
       +
               virtualHosts."basic.localhost".locations = {

     

       40
       40
       +
                 "/".proxyPass = "http://unix:${config.services.anubis.instances."".settings.BIND}";

     

       41
       41
       +
                 "/metrics".proxyPass = "http://unix:${config.services.anubis.instances."".settings.METRICS_BIND}";

     

       42
       42
       +
               };

     

       43
       43
       +
       

     

       44
       44
       +
               virtualHosts."tcp.localhost".locations = {

     

       45
       45
       +
                 "/".proxyPass = "http://localhost:9000";

     

       46
       46
       +
                 "/metrics".proxyPass = "http://localhost:9001";

     

       47
       47
       +
               };

     

       48
       48
       +
       

     

       49
       49
       +
               virtualHosts."unix.localhost".locations = {

     

       50
       50
       +
                 "/".proxyPass = "http://unix:${config.services.anubis.instances.unix-upstream.settings.BIND}";

     

       51
       51
       +
               };

     

       52
       52
       +
       

     

       53
       53
       +
               # emulate an upstream with nginx, listening on tcp and unix sockets.

     

       54
       54
       +
               virtualHosts."upstream.localhost" = {

     

       55
       55
       +
                 default = true; # make nginx match this vhost for `localhost`

     

       56
       56
       +
                 listen = [

     

       57
       57
       +
                   { addr = "unix:/run/nginx/nginx.sock"; }

     

       58
       58
       +
                   {

     

       59
       59
       +
                     addr = "localhost";

     

       60
       60
       +
                     port = 8080;

     

       61
       61
       +
                   }

     

       62
       62
       +
                 ];

     

       63
       63
       +
                 locations."/" = {

     

       64
       64
       +
                   tryFiles = "$uri $uri/index.html =404";

     

       65
       65
       +
                   root = pkgs.runCommand "anubis-test-upstream" { } ''

     

       66
       66
       +
                     mkdir $out

     

       67
       67
       +
                     echo "it works" >> $out/index.html

     

       68
       68
       +
                   '';

     

       69
       69
       +
                 };

     

       70
       70
       +
               };

     

       71
       71
       +
             };

     

       72
       72
       +
           };

     

       73
       73
       +
       

     

       74
       74
       +
         testScript = ''

     

       75
       75
       +
           for unit in ["nginx", "anubis", "anubis-tcp", "anubis-unix-upstream"]:

     

       76
       76
       +
             machine.wait_for_unit(unit + ".service")

     

       77
       77
       +
       

     

       78
       78
       +
           for port in [9000, 9001]:

     

       79
       79
       +
             machine.wait_for_open_port(port)

     

       80
       80
       +
       

     

       81
       81
       +
           for instance in ["anubis", "anubis-unix-upstream"]:

     

       82
       82
       +
             machine.wait_for_open_unix_socket(f"/run/anubis/{instance}.sock")

     

       83
       83
       +
             machine.wait_for_open_unix_socket(f"/run/anubis/{instance}-metrics.sock")

     

       84
       84
       +
       

     

       85
       85
       +
           # Default unix socket mode

     

       86
       86
       +
           machine.succeed('curl -f http://basic.localhost | grep "it works"')

     

       87
       87
       +
           machine.succeed('curl -f http://basic.localhost -H "User-Agent: Mozilla" | grep anubis')

     

       88
       88
       +
           machine.succeed('curl -f http://basic.localhost/metrics | grep anubis_challenges_issued')

     

       89
       89
       +
           machine.succeed('curl -f -X POST http://basic.localhost/.within.website/x/cmd/anubis/api/make-challenge | grep challenge')

     

       90
       90
       +
       

     

       91
       91
       +
           # TCP mode

     

       92
       92
       +
           machine.succeed('curl -f http://tcp.localhost -H "User-Agent: Mozilla" | grep anubis')

     

       93
       93
       +
           machine.succeed('curl -f http://tcp.localhost/metrics | grep anubis_challenges_issued')

     

       94
       94
       +
       

     

       95
       95
       +
           # Upstream is a unix socket mode

     

       96
       96
       +
           machine.succeed('curl -f http://unix.localhost/index.html | grep "it works"')

     

       97
       97
       +
         '';

     

       98
       98
       +
       }

+2 -2

pkgs/applications/networking/browsers/firefox/packages/firefox-beta.nix

···

       10
       10
        
       buildMozillaMach rec {

     

       11
       11
        
         pname = "firefox-beta";

     

       12
       12
        
         binaryName = pname;

     

       13
       13
       -
         version = "137.0b6";

     

       13
       13
       +
         version = "138.0b4";

     

       14
       14
        
         applicationName = "Firefox Beta";

     

       15
       15
        
         src = fetchurl {

     

       16
       16
        
           url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";

     

       17
       17
       -
           sha512 = "84c010f6e21957768a6fcebe6ec2f0e6a50b45b6a416cad3701f36d69dff9a448423e5b4f2ce0dc7abe46cb40ec02872027ad855b9afef355006ba32e13f4e27";

     

       17
       17
       +
           sha512 = "a8f9e645c80d9c40b0435ee00261aa9fcac801efcfcbf42b10e6af9390290b9f643358aca6a01d9465eab3b64f46b2b71b4a3ea4c7e0a8f96bdfce15bf817f92";

     

       18
       18
        
         };

     

       19
       19
        
       

     

       20
       20
        
         meta = {

+2 -2

pkgs/by-name/ar/archipelago/package.nix

···

       7
       7
        
       }:

     

       8
       8
        
       let

     

       9
       9
        
         pname = "archipelago";

     

       10
       10
       -
         version = "0.6.0";

     

       10
       10
       +
         version = "0.6.1";

     

       11
       11
        
         src = fetchurl {

     

       12
       12
        
           url = "https://github.com/ArchipelagoMW/Archipelago/releases/download/${version}/Archipelago_${version}_linux-x86_64.AppImage";

     

       13
       13
       -
           hash = "sha256-hpyMi/Zd4yDKd/53xuChRTQDD9QkcyqwqrmwoWSQMkY=";

     

       13
       13
       +
           hash = "sha256-8mPlR5xVnHL9I0rV4bMFaffSJv7dMlCcPHrLkM/pyVU=";

     

       14
       14
        
         };

     

       15
       15
        
       

     

       16
       16
        
         appimageContents = appimageTools.extractType2 { inherit pname version src; };

+3 -3

pkgs/by-name/bu/buf/package.nix

···

       11
       11
        
       

     

       12
       12
        
       buildGoModule rec {

     

       13
       13
        
         pname = "buf";

     

       14
       14
       -
         version = "1.51.0";

     

       14
       14
       +
         version = "1.52.0";

     

       15
       15
        
       

     

       16
       16
        
         src = fetchFromGitHub {

     

       17
       17
        
           owner = "bufbuild";

     

       18
       18
        
           repo = "buf";

     

       19
       19
        
           rev = "v${version}";

     

       20
       20
       -
           hash = "sha256-/6SDsIVyorDWjOkdUB1t0vAA2VLy6MiGyiFo+2rUfEU=";

     

       20
       20
       +
           hash = "sha256-Jg3UcSPkJgYxdxRJJCCzxp+pGarToEQut9k/drIdka4=";

     

       21
       21
        
         };

     

       22
       22
        
       

     

       23
       23
       -
         vendorHash = "sha256-4GD2yNfYTQobPeJ+zPQ+ECDTeNUi4PK8oXSxpBF/4Wk=";

     

       23
       23
       +
         vendorHash = "sha256-+zJ2pCLyXnqFOIWWfnhAzSnUOjQSDo4AqCxBNNZED7E=";

     

       24
       24
        
       

     

       25
       25
        
         patches = [

     

       26
       26
        
           # Skip a test that requires networking to be available to work.

+2 -2

pkgs/by-name/co/codesnap/package.nix

···

       7
       7
        
       }:

     

       8
       8
        
       rustPlatform.buildRustPackage rec {

     

       9
       9
        
         pname = "codesnap";

     

       10
       10
       -
         version = "0.10.5";

     

       10
       10
       +
         version = "0.10.7";

     

       11
       11
        
       

     

       12
       12
        
         src = fetchFromGitHub {

     

       13
       13
        
           owner = "mistricky";

     

       14
       14
        
           repo = "CodeSnap";

     

       15
       15
        
           tag = "v${version}";

     

       16
       16
       -
           hash = "sha256-g2Xu/PKRSYrHKDJ5/MZRUkDQeYuxvNWPTuymhI8Iu5Q=";

     

       16
       16
       +
           hash = "sha256-gDV66eLHcg7OuVR0Wo5x3anqKjnS/BsCCVaR6VOnM+s=";

     

       17
       17
        
         };

     

       18
       18
        
       

     

       19
       19
        
         useFetchCargoVendor = true;

+3 -3

pkgs/by-name/dr/dracula-theme/package.nix

···

       8
       8
        
       

     

       9
       9
        
       let

     

       10
       10
        
         themeName = "Dracula";

     

       11
       11
       -
         version = "4.0.0-unstable-2025-03-22";

     

       11
       11
       +
         version = "4.0.0-unstable-2025-04-01";

     

       12
       12
        
       in

     

       13
       13
        
       stdenvNoCC.mkDerivation {

     

       14
       14
        
         pname = "dracula-theme";

     
···

       17
       17
        
         src = fetchFromGitHub {

     

       18
       18
        
           owner = "dracula";

     

       19
       19
        
           repo = "gtk";

     

       20
       20
       -
           rev = "e7f118ac0434988800453bc30671b55ccfe02bd9";

     

       21
       21
       -
           hash = "sha256-f7bYYkAm4f0kSaDY1X2ZLLxlXwzUdFtjHkIeX0QmX9w=";

     

       20
       20
       +
           rev = "ceeb13795df115d150fca7c8ae1721b9a618cb3b";

     

       21
       21
       +
           hash = "sha256-vdA3pkMha+vFQwAspZVLIkNi1VviArN+VUoievdrHZM=";

     

       22
       22
        
         };

     

       23
       23
        
       

     

       24
       24
        
         propagatedUserEnvPkgs = [

+4 -4

pkgs/by-name/go/godns/package.nix

···

       10
       10
        
       

     

       11
       11
        
       buildGoModule rec {

     

       12
       12
        
         pname = "godns";

     

       13
       13
       -
         version = "3.2.2";

     

       13
       13
       +
         version = "3.2.3";

     

       14
       14
        
       

     

       15
       15
        
         src = fetchFromGitHub {

     

       16
       16
        
           owner = "TimothyYe";

     

       17
       17
        
           repo = "godns";

     

       18
       18
        
           tag = "v${version}";

     

       19
       19
       -
           hash = "sha256-2VBgc+cp1IF3GprSt0oc5WOAepmV8dGhKjwodZ2JS6k=";

     

       19
       19
       +
           hash = "sha256-gKfuyw3cayDNHW2RrPaq1+vETDWyu5yxoiQvmRquwDU=";

     

       20
       20
        
         };

     

       21
       21
        
       

     

       22
       22
       -
         vendorHash = "sha256-cR+hlIGRPffP21lqDZmqBF4unS6ZyEvEvRlTrswg+js=";

     

       22
       22
       +
         vendorHash = "sha256-3HN67FUtLfIF/V/Ax/UsFD/hmm1g+MsAZkQsZ/DvEcI=";

     

       23
       23
        
         npmDeps = fetchNpmDeps {

     

       24
       24
        
           src = "${src}/web";

     

       25
       25
       -
           hash = "sha256-lchAfi97a97TPs22ML3sMrlSZdvWMMC+wBrGbvke5rg=";

     

       25
       25
       +
           hash = "sha256-wumu3uTzZh4uXlxaDfS8rxWapjkKnzCQGk3izH242qc=";

     

       26
       26
        
         };

     

       27
       27
        
       

     

       28
       28
        
         npmRoot = "web";

+2 -2

pkgs/by-name/in/incus-ui-canonical/package.nix

···

       20
       20
        
       in

     

       21
       21
        
       stdenv.mkDerivation rec {

     

       22
       22
        
         pname = "incus-ui-canonical";

     

       23
       23
       -
         version = "0.15.1";

     

       23
       23
       +
         version = "0.15.2";

     

       24
       24
        
       

     

       25
       25
        
         src = fetchFromGitHub {

     

       26
       26
        
           owner = "zabbly";

     

       27
       27
        
           repo = "incus-ui-canonical";

     

       28
       28
        
           # only use tags prefixed by incus- they are the tested fork versions

     

       29
       29
        
           tag = "incus-${version}";

     

       30
       30
       -
           hash = "sha256-oXdkMalzAAcHEwca6h83cHH4buC/gGu5F3S82RM+IX4=";

     

       30
       30
       +
           hash = "sha256-jcdjbrQsBshpSogPkDO2DHYIyWmxEOJbFFG25X2mni0=";

     

       31
       31
        
         };

     

       32
       32
        
       

     

       33
       33
        
         offlineCache = fetchYarnDeps {

+3 -3

pkgs/by-name/in/incus/lts.nix

···

       1
       1
        
       import ./generic.nix {

     

       2
       2
       -
         hash = "sha256-+W4imWem5iQ6nPVcoObc4COFxQVED0ppVd/YC+Nqtgw=";

     

       3
       3
       -
         version = "6.0.3";

     

       4
       4
       -
         vendorHash = "sha256-ZUtWzbAjHij95khYx8lWYEpA8ITlMtKpObG5Vl7aE90=";

     

       2
       2
       +
         hash = "sha256-zwefzCmj4K1GJRbherOS28swLoGbHnUxbF9bmLOh738=";

     

       3
       3
       +
         version = "6.0.4";

     

       4
       4
       +
         vendorHash = "sha256-4of741V2ztxkyI2r5UVEL5ON/9kaDTygosLxyTw6ShQ=";

     

       5
       5
        
         patches = [

     

       6
       6
        
           # qemu 9.1 compat, remove when added to LTS

     

       7
       7
        
           ./572afb06f66f83ca95efa1b9386fceeaa1c9e11b.patch

+2 -2

pkgs/by-name/lx/lxc/package.nix

···

       22
       22
        
       

     

       23
       23
        
       stdenv.mkDerivation (finalAttrs: {

     

       24
       24
        
         pname = "lxc";

     

       25
       25
       -
         version = "6.0.3";

     

       25
       25
       +
         version = "6.0.4";

     

       26
       26
        
       

     

       27
       27
        
         src = fetchFromGitHub {

     

       28
       28
        
           owner = "lxc";

     

       29
       29
        
           repo = "lxc";

     

       30
       30
        
           tag = "v${finalAttrs.version}";

     

       31
       31
       -
           hash = "sha256-h41lcHGjJmIH28XRpM0gdFsOQOCLSWevSLfvQ7gIf7Q=";

     

       31
       31
       +
           hash = "sha256-zmL568PprrpIWTVCkScXHEzTZ+NduSH4r8ETnz4NY64=";

     

       32
       32
        
         };

     

       33
       33
        
       

     

       34
       34
        
         nativeBuildInputs = [

+10 -3

pkgs/by-name/lx/lxcfs/package.nix

···

       17
       17
        
       

     

       18
       18
        
       stdenv.mkDerivation rec {

     

       19
       19
        
         pname = "lxcfs";

     

       20
       20
       -
         version = "6.0.3";

     

       20
       20
       +
         version = "6.0.4";

     

       21
       21
        
       

     

       22
       22
        
         src = fetchFromGitHub {

     

       23
       23
        
           owner = "lxc";

     

       24
       24
        
           repo = "lxcfs";

     

       25
       25
       -
           rev = "v${version}";

     

       26
       26
       -
           hash = "sha256-+Xlx1E6ggB/Vx3yOJGgh4UfEvaVyT7uOttaxelDA7Iw=";

     

       25
       25
       +
           tag = "v${version}";

     

       26
       26
       +
           hash = "sha256-jmadClC/3nHfNL+F/gC5NM6u03OE9flEVtPU28nylw4=";

     

       27
       27
        
         };

     

       28
       28
        
       

     

       29
       29
        
         patches = [

     
···

       57
       57
        
             lib.makeBinPath [

     

       58
       58
        
               coreutils

     

       59
       59
        
               util-linux

     

       60
       60
       +
             ]

     

       61
       61
       +
           }

     

       62
       62
       +
       

     

       63
       63
       +
           # requires access to sleep

     

       64
       64
       +
           wrapProgram "$out/share/lxcfs/lxc.reboot.hook" --prefix PATH : ${

     

       65
       65
       +
             lib.makeBinPath [

     

       66
       66
       +
               coreutils

     

       60
       67
        
             ]

     

       61
       68
        
           }

     

       62
       69
        
         '';

+3 -3

pkgs/by-name/ne/netbird/package.nix

···

       31
       31
        
       in

     

       32
       32
        
       buildGoModule (finalAttrs: {

     

       33
       33
        
         pname = "netbird";

     

       34
       34
       -
         version = "0.39.2";

     

       34
       34
       +
         version = "0.40.0";

     

       35
       35
        
       

     

       36
       36
        
         src = fetchFromGitHub {

     

       37
       37
        
           owner = "netbirdio";

     

       38
       38
        
           repo = "netbird";

     

       39
       39
        
           tag = "v${finalAttrs.version}";

     

       40
       40
       -
           hash = "sha256-K1qnQfkptMFviWWqzDA+yju/L/aMNTyO3qDHzMJnXzU=";

     

       40
       40
       +
           hash = "sha256-GbKA6tJLCQNCiG9rj3iW4l51nQEbt42u7B6tFCbDSTQ=";

     

       41
       41
        
         };

     

       42
       42
        
       

     

       43
       43
       -
         vendorHash = "sha256-yNFyW1D2gFkt2VDTyiaDXPw0zrT4KBQTe72x0Jh0jOs=";

     

       43
       43
       +
         vendorHash = "sha256-vy725OvkYLyCDYEmnPpXJWqyofb29GiP4GkLn1GInm0=";

     

       44
       44
        
       

     

       45
       45
        
         nativeBuildInputs = [ installShellFiles ] ++ lib.optional ui pkg-config;

     

       46
       46

-2

pkgs/by-name/ni/nixos-rebuild-ng/README.md

···

       148
       148
        
       

     

       149
       149
        
       ## TODON'T

     

       150
       150
        
       

     

       151
       151
       -
       - Reimplement `systemd-run` logic: will be moved to the new

     

       152
       152
       -
         [`apply`](https://github.com/NixOS/nixpkgs/pull/344407) script

     

       153
       151
        
       - Nix bootstrap: it is only used for non-Flake paths and it is basically

     

       154
       152
        
         useless nowadays. It was created at a time when Nix was changing frequently

     

       155
       153
        
         and there was a need to bootstrap a new version of Nix before evaluating the

+30 -1

pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/nix.py

···

       29
       29
        
       

     

       30
       30
        
       FLAKE_FLAGS: Final = ["--extra-experimental-features", "nix-command flakes"]

     

       31
       31
        
       FLAKE_REPL_TEMPLATE: Final = "repl.nix.template"

     

       32
       32
       +
       SWITCH_TO_CONFIGURATION_CMD_PREFIX: Final = [

     

       33
       33
       +
           "systemd-run",

     

       34
       34
       +
           "-E",

     

       35
       35
       +
           # Will be set to new value early in switch-to-configuration script,

     

       36
       36
       +
           # but interpreter starts out with old value

     

       37
       37
       +
           "LOCALE_ARCHIVE",

     

       38
       38
       +
           "-E",

     

       39
       39
       +
           "NIXOS_INSTALL_BOOTLOADER",

     

       40
       40
       +
           "--collect",

     

       41
       41
       +
           "--no-ask-password",

     

       42
       42
       +
           "--pipe",

     

       43
       43
       +
           "--quiet",

     

       44
       44
       +
           "--same-dir",

     

       45
       45
       +
           "--service-type=exec",

     

       46
       46
       +
           "--unit=nixos-rebuild-switch-to-configuration",

     

       47
       47
       +
       ]

     

       32
       48
        
       logger = logging.getLogger(__name__)

     

       33
       49
        
       

     

       34
       50
        
       

     
···

       628
       644
        
               if not path_to_config.exists():

     

       629
       645
        
                   raise NRError(f"specialisation not found: {specialisation}")

     

       630
       646
        
       

     

       647
       647
       +
           r = run_wrapper(

     

       648
       648
       +
               ["test", "-d", "/run/systemd/system"],

     

       649
       649
       +
               remote=target_host,

     

       650
       650
       +
               check=False,

     

       651
       651
       +
           )

     

       652
       652
       +
           cmd = SWITCH_TO_CONFIGURATION_CMD_PREFIX

     

       653
       653
       +
           if r.returncode:

     

       654
       654
       +
               logger.debug(

     

       655
       655
       +
                   "skipping systemd-run to switch configuration since systemd is "

     

       656
       656
       +
                   + "not working in target host"

     

       657
       657
       +
               )

     

       658
       658
       +
               cmd = []

     

       659
       659
       +
       

     

       631
       660
        
           run_wrapper(

     

       632
       632
       -
               [path_to_config / "bin/switch-to-configuration", str(action)],

     

       661
       661
       +
               [*cmd, path_to_config / "bin/switch-to-configuration", str(action)],

     

       633
       662
        
               extra_env={"NIXOS_INSTALL_BOOTLOADER": "1" if install_bootloader else "0"},

     

       634
       663
        
               remote=target_host,

     

       635
       664
        
               sudo=sudo,

+88 -11

pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_main.py

···

       234
       234
        
       

     

       235
       235
        
           nr.execute(["nixos-rebuild", "boot", "--no-flake", "-vvv", "--no-reexec"])

     

       236
       236
        
       

     

       237
       237
       -
           assert mock_run.call_count == 6

     

       237
       237
       +
           assert mock_run.call_count == 7

     

       238
       238
        
           mock_run.assert_has_calls(

     

       239
       239
        
               [

     

       240
       240
        
                   call(

     
···

       279
       279
        
                       **DEFAULT_RUN_KWARGS,

     

       280
       280
        
                   ),

     

       281
       281
        
                   call(

     

       282
       282
       -
                       [config_path / "bin/switch-to-configuration", "boot"],

     

       282
       282
       +
                       ["test", "-d", "/run/systemd/system"],

     

       283
       283
       +
                       check=False,

     

       284
       284
       +
                       **DEFAULT_RUN_KWARGS,

     

       285
       285
       +
                   ),

     

       286
       286
       +
                   call(

     

       287
       287
       +
                       [

     

       288
       288
       +
                           *nr.nix.SWITCH_TO_CONFIGURATION_CMD_PREFIX,

     

       289
       289
       +
                           config_path / "bin/switch-to-configuration",

     

       290
       290
       +
                           "boot",

     

       291
       291
       +
                       ],

     

       283
       292
        
                       check=True,

     

       284
       293
        
                       **(DEFAULT_RUN_KWARGS | {"env": {"NIXOS_INSTALL_BOOTLOADER": "0"}}),

     

       285
       294
        
                   ),

     
···

       442
       451
        
               ]

     

       443
       452
        
           )

     

       444
       453
        
       

     

       445
       445
       -
           assert mock_run.call_count == 3

     

       454
       454
       +
           assert mock_run.call_count == 4

     

       446
       455
        
           mock_run.assert_has_calls(

     

       447
       456
        
               [

     

       448
       457
        
                   call(

     
···

       476
       485
        
                       **DEFAULT_RUN_KWARGS,

     

       477
       486
        
                   ),

     

       478
       487
        
                   call(

     

       479
       479
       -
                       ["sudo", config_path / "bin/switch-to-configuration", "switch"],

     

       488
       488
       +
                       ["test", "-d", "/run/systemd/system"],

     

       489
       489
       +
                       check=False,

     

       490
       490
       +
                       **DEFAULT_RUN_KWARGS,

     

       491
       491
       +
                   ),

     

       492
       492
       +
                   call(

     

       493
       493
       +
                       [

     

       494
       494
       +
                           "sudo",

     

       495
       495
       +
                           *nr.nix.SWITCH_TO_CONFIGURATION_CMD_PREFIX,

     

       496
       496
       +
                           config_path / "bin/switch-to-configuration",

     

       497
       497
       +
                           "switch",

     

       498
       498
       +
                       ],

     

       480
       499
        
                       check=True,

     

       481
       500
        
                       **(DEFAULT_RUN_KWARGS | {"env": {"NIXOS_INSTALL_BOOTLOADER": "1"}}),

     

       482
       501
        
                   ),

     
···

       535
       554
        
               ]

     

       536
       555
        
           )

     

       537
       556
        
       

     

       538
       538
       -
           assert mock_run.call_count == 10

     

       557
       557
       +
           assert mock_run.call_count == 11

     

       539
       558
        
           mock_run.assert_has_calls(

     

       540
       559
        
               [

     

       541
       560
        
                   call(

     
···

       667
       686
        
                           *nr.process.SSH_DEFAULT_OPTS,

     

       668
       687
        
                           "user@target-host",

     

       669
       688
        
                           "--",

     

       689
       689
       +
                           "test",

     

       690
       690
       +
                           "-d",

     

       691
       691
       +
                           "/run/systemd/system",

     

       692
       692
       +
                       ],

     

       693
       693
       +
                       check=False,

     

       694
       694
       +
                       **DEFAULT_RUN_KWARGS,

     

       695
       695
       +
                   ),

     

       696
       696
       +
                   call(

     

       697
       697
       +
                       [

     

       698
       698
       +
                           "ssh",

     

       699
       699
       +
                           *nr.process.SSH_DEFAULT_OPTS,

     

       700
       700
       +
                           "user@target-host",

     

       701
       701
       +
                           "--",

     

       670
       702
        
                           "sudo",

     

       671
       703
        
                           "env",

     

       672
       704
        
                           "NIXOS_INSTALL_BOOTLOADER=0",

     

       705
       705
       +
                           *nr.nix.SWITCH_TO_CONFIGURATION_CMD_PREFIX,

     

       673
       706
        
                           str(config_path / "bin/switch-to-configuration"),

     

       674
       707
        
                           "switch",

     

       675
       708
        
                       ],

     
···

       712
       745
        
               ]

     

       713
       746
        
           )

     

       714
       747
        
       

     

       715
       715
       -
           assert mock_run.call_count == 4

     

       748
       748
       +
           assert mock_run.call_count == 5

     

       716
       749
        
           mock_run.assert_has_calls(

     

       717
       750
        
               [

     

       718
       751
        
                   call(

     
···

       756
       789
        
                           *nr.process.SSH_DEFAULT_OPTS,

     

       757
       790
        
                           "user@localhost",

     

       758
       791
        
                           "--",

     

       792
       792
       +
                           "test",

     

       793
       793
       +
                           "-d",

     

       794
       794
       +
                           "/run/systemd/system",

     

       795
       795
       +
                       ],

     

       796
       796
       +
                       check=False,

     

       797
       797
       +
                       **DEFAULT_RUN_KWARGS,

     

       798
       798
       +
                   ),

     

       799
       799
       +
                   call(

     

       800
       800
       +
                       [

     

       801
       801
       +
                           "ssh",

     

       802
       802
       +
                           *nr.process.SSH_DEFAULT_OPTS,

     

       803
       803
       +
                           "user@localhost",

     

       804
       804
       +
                           "--",

     

       759
       805
        
                           "sudo",

     

       760
       806
        
                           "env",

     

       761
       807
        
                           "NIXOS_INSTALL_BOOTLOADER=0",

     

       808
       808
       +
                           *nr.nix.SWITCH_TO_CONFIGURATION_CMD_PREFIX,

     

       762
       809
        
                           str(config_path / "bin/switch-to-configuration"),

     

       763
       810
        
                           "switch",

     

       764
       811
        
                       ],

     
···

       802
       849
        
               ]

     

       803
       850
        
           )

     

       804
       851
        
       

     

       805
       805
       -
           assert mock_run.call_count == 6

     

       852
       852
       +
           assert mock_run.call_count == 7

     

       806
       853
        
           mock_run.assert_has_calls(

     

       807
       854
        
               [

     

       808
       855
        
                   call(

     
···

       863
       910
        
                       **DEFAULT_RUN_KWARGS,

     

       864
       911
        
                   ),

     

       865
       912
        
                   call(

     

       866
       866
       -
                       [config_path / "bin/switch-to-configuration", "switch"],

     

       913
       913
       +
                       ["test", "-d", "/run/systemd/system"],

     

       914
       914
       +
                       check=False,

     

       915
       915
       +
                       **DEFAULT_RUN_KWARGS,

     

       916
       916
       +
                   ),

     

       917
       917
       +
                   call(

     

       918
       918
       +
                       [

     

       919
       919
       +
                           *nr.nix.SWITCH_TO_CONFIGURATION_CMD_PREFIX,

     

       920
       920
       +
                           config_path / "bin/switch-to-configuration",

     

       921
       921
       +
                           "switch",

     

       922
       922
       +
                       ],

     

       867
       923
        
                       check=True,

     

       868
       924
        
                       **DEFAULT_RUN_KWARGS,

     

       869
       925
        
                   ),

     
···

       881
       937
        
                   return CompletedProcess([], 0, str(nixpkgs_path))

     

       882
       938
        
               elif args[0] == "git":

     

       883
       939
        
                   return CompletedProcess([], 0, "")

     

       940
       940
       +
               elif args[0] == "test":

     

       941
       941
       +
                   return CompletedProcess([], 1)

     

       884
       942
        
               else:

     

       885
       943
        
                   return CompletedProcess([], 0)

     

       886
       944
        
       

     
···

       897
       955
        
               ]

     

       898
       956
        
           )

     

       899
       957
        
       

     

       900
       900
       -
           assert mock_run.call_count == 4

     

       958
       958
       +
           assert mock_run.call_count == 5

     

       901
       959
        
           mock_run.assert_has_calls(

     

       902
       960
        
               [

     

       903
       961
        
                   call(

     
···

       927
       985
        
                           Path("/nix/var/nix/profiles/system"),

     

       928
       986
        
                       ],

     

       929
       987
        
                       check=True,

     

       988
       988
       +
                       **DEFAULT_RUN_KWARGS,

     

       989
       989
       +
                   ),

     

       990
       990
       +
                   call(

     

       991
       991
       +
                       ["test", "-d", "/run/systemd/system"],

     

       992
       992
       +
                       check=False,

     

       930
       993
        
                       **DEFAULT_RUN_KWARGS,

     

       931
       994
        
                   ),

     

       932
       995
        
                   call(

     
···

       978
       1041
        
           def run_side_effect(args: list[str], **kwargs: Any) -> CompletedProcess[str]:

     

       979
       1042
        
               if args[0] == "nix":

     

       980
       1043
        
                   return CompletedProcess([], 0, str(config_path))

     

       1044
       1044
       +
               elif args[0] == "test":

     

       1045
       1045
       +
                   return CompletedProcess([], 1)

     

       981
       1046
        
               else:

     

       982
       1047
        
                   return CompletedProcess([], 0)

     

       983
       1048
        
       

     
···

       987
       1052
        
               ["nixos-rebuild", "test", "--flake", "github:user/repo#hostname", "--no-reexec"]

     

       988
       1053
        
           )

     

       989
       1054
        
       

     

       990
       990
       -
           assert mock_run.call_count == 2

     

       1055
       1055
       +
           assert mock_run.call_count == 3

     

       991
       1056
        
           mock_run.assert_has_calls(

     

       992
       1057
        
               [

     

       993
       1058
        
                   call(

     
···

       1004
       1069
        
                       **DEFAULT_RUN_KWARGS,

     

       1005
       1070
        
                   ),

     

       1006
       1071
        
                   call(

     

       1072
       1072
       +
                       ["test", "-d", "/run/systemd/system"],

     

       1073
       1073
       +
                       check=False,

     

       1074
       1074
       +
                       **DEFAULT_RUN_KWARGS,

     

       1075
       1075
       +
                   ),

     

       1076
       1076
       +
                   call(

     

       1007
       1077
        
                       [config_path / "bin/switch-to-configuration", "test"],

     

       1008
       1078
        
                       check=True,

     

       1009
       1079
        
                       **DEFAULT_RUN_KWARGS,

     
···

       1031
       1101
        
                       2084   2024-11-07 23:54:17   (current)

     

       1032
       1102
        
                       """),

     

       1033
       1103
        
                   )

     

       1104
       1104
       +
               elif args[0] == "test":

     

       1105
       1105
       +
                   return CompletedProcess([], 1)

     

       1034
       1106
        
               else:

     

       1035
       1107
        
                   return CompletedProcess([], 0)

     

       1036
       1108
        
       

     
···

       1040
       1112
        
               ["nixos-rebuild", "test", "--rollback", "--profile-name", "foo", "--no-reexec"]

     

       1041
       1113
        
           )

     

       1042
       1114
        
       

     

       1043
       1043
       -
           assert mock_run.call_count == 2

     

       1115
       1115
       +
           assert mock_run.call_count == 3

     

       1044
       1116
        
           mock_run.assert_has_calls(

     

       1045
       1117
        
               [

     

       1046
       1118
        
                   call(

     
···

       1052
       1124
        
                       ],

     

       1053
       1125
        
                       check=True,

     

       1054
       1126
        
                       stdout=PIPE,

     

       1127
       1127
       +
                       **DEFAULT_RUN_KWARGS,

     

       1128
       1128
       +
                   ),

     

       1129
       1129
       +
                   call(

     

       1130
       1130
       +
                       ["test", "-d", "/run/systemd/system"],

     

       1131
       1131
       +
                       check=False,

     

       1055
       1132
        
                       **DEFAULT_RUN_KWARGS,

     

       1056
       1133
        
                   ),

     

       1057
       1134
        
                   call(

+60 -1

pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py

···

       689
       689
        
       

     

       690
       690
        
       

     

       691
       691
        
       @patch(get_qualified_name(n.run_wrapper, n), autospec=True)

     

       692
       692
       -
       def test_switch_to_configuration(mock_run: Mock, monkeypatch: MonkeyPatch) -> None:

     

       692
       692
       +
       def test_switch_to_configuration_without_systemd_run(

     

       693
       693
       +
           mock_run: Any, monkeypatch: MonkeyPatch

     

       694
       694
       +
       ) -> None:

     

       693
       695
        
           profile_path = Path("/path/to/profile")

     

       694
       696
        
           config_path = Path("/path/to/config")

     

       697
       697
       +
           mock_run.return_value = CompletedProcess([], 1)

     

       695
       698
        
       

     

       696
       699
        
           with monkeypatch.context() as mp:

     

       697
       700
        
               mp.setenv("LOCALE_ARCHIVE", "")

     
···

       740
       743
        
               )

     

       741
       744
        
           mock_run.assert_called_with(

     

       742
       745
        
               [

     

       746
       746
       +
                   config_path / "specialisation/special/bin/switch-to-configuration",

     

       747
       747
       +
                   "test",

     

       748
       748
       +
               ],

     

       749
       749
       +
               extra_env={"NIXOS_INSTALL_BOOTLOADER": "1"},

     

       750
       750
       +
               sudo=True,

     

       751
       751
       +
               remote=target_host,

     

       752
       752
       +
           )

     

       753
       753
       +
       

     

       754
       754
       +
       

     

       755
       755
       +
       @patch(get_qualified_name(n.run_wrapper, n), autospec=True)

     

       756
       756
       +
       def test_switch_to_configuration_with_systemd_run(

     

       757
       757
       +
           mock_run: Mock, monkeypatch: MonkeyPatch

     

       758
       758
       +
       ) -> None:

     

       759
       759
       +
           profile_path = Path("/path/to/profile")

     

       760
       760
       +
           config_path = Path("/path/to/config")

     

       761
       761
       +
           mock_run.return_value = CompletedProcess([], 0)

     

       762
       762
       +
       

     

       763
       763
       +
           with monkeypatch.context() as mp:

     

       764
       764
       +
               mp.setenv("LOCALE_ARCHIVE", "")

     

       765
       765
       +
       

     

       766
       766
       +
               n.switch_to_configuration(

     

       767
       767
       +
                   profile_path,

     

       768
       768
       +
                   m.Action.SWITCH,

     

       769
       769
       +
                   sudo=False,

     

       770
       770
       +
                   target_host=None,

     

       771
       771
       +
                   specialisation=None,

     

       772
       772
       +
                   install_bootloader=False,

     

       773
       773
       +
               )

     

       774
       774
       +
           mock_run.assert_called_with(

     

       775
       775
       +
               [

     

       776
       776
       +
                   *n.SWITCH_TO_CONFIGURATION_CMD_PREFIX,

     

       777
       777
       +
                   profile_path / "bin/switch-to-configuration",

     

       778
       778
       +
                   "switch",

     

       779
       779
       +
               ],

     

       780
       780
       +
               extra_env={"NIXOS_INSTALL_BOOTLOADER": "0"},

     

       781
       781
       +
               sudo=False,

     

       782
       782
       +
               remote=None,

     

       783
       783
       +
           )

     

       784
       784
       +
       

     

       785
       785
       +
           target_host = m.Remote("user@localhost", [], None)

     

       786
       786
       +
           with monkeypatch.context() as mp:

     

       787
       787
       +
               mp.setenv("LOCALE_ARCHIVE", "/path/to/locale")

     

       788
       788
       +
               mp.setenv("PATH", "/path/to/bin")

     

       789
       789
       +
               mp.setattr(Path, Path.exists.__name__, lambda self: True)

     

       790
       790
       +
       

     

       791
       791
       +
               n.switch_to_configuration(

     

       792
       792
       +
                   Path("/path/to/config"),

     

       793
       793
       +
                   m.Action.TEST,

     

       794
       794
       +
                   sudo=True,

     

       795
       795
       +
                   target_host=target_host,

     

       796
       796
       +
                   install_bootloader=True,

     

       797
       797
       +
                   specialisation="special",

     

       798
       798
       +
               )

     

       799
       799
       +
           mock_run.assert_called_with(

     

       800
       800
       +
               [

     

       801
       801
       +
                   *n.SWITCH_TO_CONFIGURATION_CMD_PREFIX,

     

       743
       802
        
                   config_path / "specialisation/special/bin/switch-to-configuration",

     

       744
       803
        
                   "test",

     

       745
       804
        
               ],

+2 -2

pkgs/by-name/op/open-web-calendar/package.nix

···

       12
       12
        
       in

     

       13
       13
        
       python.pkgs.buildPythonApplication rec {

     

       14
       14
        
         pname = "open-web-calendar";

     

       15
       15
       -
         version = "1.48";

     

       15
       15
       +
         version = "1.49";

     

       16
       16
        
         pyproject = true;

     

       17
       17
        
       

     

       18
       18
        
         disabled = python.pythonOlder "3.9";

     
···

       20
       20
        
         src = fetchPypi {

     

       21
       21
        
           inherit version;

     

       22
       22
        
           pname = "open_web_calendar";

     

       23
       23
       -
           hash = "sha256-SSe5vkrfTpUFdSLglBxo5//VZfuXYnWs5sUKJL2zWOw=";

     

       23
       23
       +
           hash = "sha256-vtmIqiF85zn8CiMUWsCKJUzfiiK/j+xlZIyuIMGxR4I=";

     

       24
       24
        
         };

     

       25
       25
        
       

     

       26
       26
        
         # The Pypi tarball doesn't contain open_web_calendars/features

pkgs/by-name/pa/parca/package.nix

···

       68
       68
        
           cp -r ${ui}/share/parca/ui/* ui/packages/app/web/build

     

       69
       69
        
         '';

     

       70
       70
        
       

     

       71
       71
       +
         passthru = {

     

       72
       72
       +
           inherit ui;

     

       73
       73
       +
           updateScript = ./update.sh;

     

       74
       74
       +
         };

     

       75
       75
       +
       

     

       71
       76
        
         meta = {

     

       72
       77
        
           mainProgram = "parca";

     

       73
       78
        
           description = "Continuous profiling for analysis of CPU and memory usage";

+53

pkgs/by-name/pa/parca/update.sh

···

       1
       1
       +
       #!/usr/bin/env nix-shell

     

       2
       2
       +
       #!nix-shell -I nixpkgs=./. -i bash -p curl jq git pnpm_9

     

       3
       3
       +
       # shellcheck shell=bash

     

       4
       4
       +
       set -euo pipefail

     

       5
       5
       +
       nixpkgs="$(pwd)"

     

       6
       6
       +
       cd $(readlink -e $(dirname "${BASH_SOURCE[0]}"))

     

       7
       7
       +
       

     

       8
       8
       +
       # Update the hash of the parca source code in the Nix expression.

     

       9
       9
       +
       update_parca_source() {

     

       10
       10
       +
           local version; version="$1"

     

       11
       11
       +
           echo "Updating parca source"

     

       12
       12
       +
       

     

       13
       13
       +
           old_version="$(nix eval --json --impure --expr "(import $nixpkgs/default.nix {}).parca.version" | jq -r)"

     

       14
       14
       +
           sed -i "s|${old_version}|${version}|g" package.nix

     

       15
       15
       +
       

     

       16
       16
       +
           old_hash="$(nix eval --json --impure --expr "(import $nixpkgs/default.nix {}).parca.src.outputHash" | jq -r)"

     

       17
       17
       +
           new_hash="$(nix-build --impure --expr "let src = (import $nixpkgs/default.nix {}).parca.src; in (src.overrideAttrs or (f: src // f src)) (_: { outputHash = \"\"; outputHashAlgo = \"sha256\"; })" 2>&1 | tr -s ' ' | grep -Po "got: \K.+$")" || true

     

       18
       18
       +
       

     

       19
       19
       +
           sed -i "s|${old_hash}|${new_hash}|g" package.nix

     

       20
       20
       +
       }

     

       21
       21
       +
       

     

       22
       22
       +
       # Update the hash of the parca ui pnpm dependencies in the Nix expression.

     

       23
       23
       +
       update_pnpm_deps_hash() {

     

       24
       24
       +
           echo "Updating parca ui pnpm deps hash"

     

       25
       25
       +
       

     

       26
       26
       +
           old_hash="$(nix eval --json --impure --expr "(import $nixpkgs/default.nix {}).parca.ui.pnpmDeps.outputHash" | jq -r)"

     

       27
       27
       +
           new_hash="$(nix-build --impure --expr "let src = (import $nixpkgs/default.nix {}).parca.ui.pnpmDeps; in (src.overrideAttrs or (f: src // f src)) (_: { outputHash = \"\"; outputHashAlgo = \"sha256\"; })" 2>&1 | tr -s ' ' | grep -Po "got: \K.+$")" || true

     

       28
       28
       +
       

     

       29
       29
       +
           sed -i "s|${old_hash}|${new_hash}|g" package.nix

     

       30
       30
       +
       }

     

       31
       31
       +
       

     

       32
       32
       +
       # Update the hash of the parca go dependencies in the Nix expression.

     

       33
       33
       +
       update_go_deps_hash() {

     

       34
       34
       +
           echo "Updating parca go deps hash"

     

       35
       35
       +
       

     

       36
       36
       +
           old_hash="$(nix eval --json --impure --expr "(import $nixpkgs/default.nix {}).parca.vendorHash" | jq -r)"

     

       37
       37
       +
           new_hash="$(nix-build --impure --expr "let src = (import $nixpkgs/default.nix {}).parca; in (src.overrideAttrs { vendorHash = \"\"; })" 2>&1 | tr -s ' ' | grep -Po "got: \K.+$")" || true

     

       38
       38
       +
       

     

       39
       39
       +
           sed -i "s|${old_hash}|${new_hash}|g" package.nix

     

       40
       40
       +
       }

     

       41
       41
       +
       

     

       42
       42
       +
       LATEST_TAG="$(curl -s ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} https://api.github.com/repos/parca-dev/parca/releases/latest | jq -r '.tag_name')"

     

       43
       43
       +
       LATEST_VERSION="$(expr "$LATEST_TAG" : 'v\(.*\)')"

     

       44
       44
       +
       CURRENT_VERSION="$(nix eval --json --impure --expr "(import $nixpkgs/default.nix {}).parca.version" | jq -r)"

     

       45
       45
       +
       

     

       46
       46
       +
       if [[ "$CURRENT_VERSION" == "$LATEST_VERSION" ]]; then

     

       47
       47
       +
           echo "parca is up to date: ${CURRENT_VERSION}"

     

       48
       48
       +
           exit 0

     

       49
       49
       +
       fi

     

       50
       50
       +
       

     

       51
       51
       +
       update_parca_source "$LATEST_VERSION"

     

       52
       52
       +
       update_pnpm_deps_hash

     

       53
       53
       +
       update_go_deps_hash

+63

pkgs/by-name/ra/rav1d/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         rustPlatform,

     

       4
       4
       +
         fetchFromGitHub,

     

       5
       5
       +
         nasm,

     

       6
       6
       +
         meson,

     

       7
       7
       +
         ninja,

     

       8
       8
       +
         pkg-config,

     

       9
       9
       +
       

     

       10
       10
       +
         nix-update-script,

     

       11
       11
       +
       }:

     

       12
       12
       +
       

     

       13
       13
       +
       rustPlatform.buildRustPackage (finalAttrs: {

     

       14
       14
       +
         pname = "rav1d";

     

       15
       15
       +
         version = "1.0.0";

     

       16
       16
       +
       

     

       17
       17
       +
         src = fetchFromGitHub {

     

       18
       18
       +
           owner = "memorysafety";

     

       19
       19
       +
           repo = "rav1d";

     

       20
       20
       +
           tag = "v${finalAttrs.version}";

     

       21
       21
       +
           hash = "sha256-8Moj3v7cxPluzNPmOmGhYuz/Qh48BnBjN7Vt4f8aY2o=";

     

       22
       22
       +
         };

     

       23
       23
       +
       

     

       24
       24
       +
         cargoHash = "sha256-M0j0zgDqElhG3Jgetjx2sL3rxLrShK0zTMmOXwNxBEI=";

     

       25
       25
       +
       

     

       26
       26
       +
         nativeBuildInputs = [

     

       27
       27
       +
           nasm

     

       28
       28
       +
         ];

     

       29
       29
       +
       

     

       30
       30
       +
         # Tests are using meson

     

       31
       31
       +
         # https://github.com/memorysafety/rav1d/tree/v1.0.0?tab=readme-ov-file#running-tests

     

       32
       32
       +
         nativeCheckInputs = [

     

       33
       33
       +
           meson

     

       34
       34
       +
           ninja

     

       35
       35
       +
           pkg-config

     

       36
       36
       +
         ];

     

       37
       37
       +
       

     

       38
       38
       +
         checkPhase =

     

       39
       39
       +
           let

     

       40
       40
       +
             cargoTarget = rustPlatform.cargoInstallHook.targetSubdirectory;

     

       41
       41
       +
           in

     

       42
       42
       +
           ''

     

       43
       43
       +
             runHook preCheck

     

       44
       44
       +
       

     

       45
       45
       +
             patchShebangs .github/workflows/test.sh

     

       46
       46
       +
             .github/workflows/test.sh -r target/${cargoTarget}/release/dav1d

     

       47
       47
       +
       

     

       48
       48
       +
             runHook postCheck

     

       49
       49
       +
           '';

     

       50
       50
       +
       

     

       51
       51
       +
         passthru = {

     

       52
       52
       +
           updateScript = nix-update-script { };

     

       53
       53
       +
         };

     

       54
       54
       +
       

     

       55
       55
       +
         meta = {

     

       56
       56
       +
           description = "AV1 cross-platform decoder, Rust port of dav1d";

     

       57
       57
       +
           homepage = "https://github.com/memorysafety/rav1d";

     

       58
       58
       +
           changelog = "https://github.com/memorysafety/rav1d/releases/tag/v${finalAttrs.version}";

     

       59
       59
       +
           license = lib.licenses.bsd2;

     

       60
       60
       +
           maintainers = with lib.maintainers; [ liberodark ];

     

       61
       61
       +
           mainProgram = "dav1d";

     

       62
       62
       +
         };

     

       63
       63
       +
       })

+12 -7

pkgs/by-name/ro/rockcraft/package.nix

···

       7
       7
        
         testers,

     

       8
       8
        
         rockcraft,

     

       9
       9
        
         cacert,

     

       10
       10
       +
         writableTmpDirAsHomeHook,

     

       10
       11
        
       }:

     

       11
       12
        
       

     

       12
       13
        
       python3Packages.buildPythonApplication rec {

     

       13
       14
        
         pname = "rockcraft";

     

       14
       14
       -
         version = "1.9.0";

     

       15
       15
       +
         version = "1.10.0";

     

       15
       16
        
       

     

       16
       17
        
         src = fetchFromGitHub {

     

       17
       18
        
           owner = "canonical";

     

       18
       19
        
           repo = "rockcraft";

     

       19
       20
        
           rev = version;

     

       20
       20
       -
           hash = "sha256-cgNKMxQrD9/OfmY5YEnpbNDstDdXqc/wdfCb4HvsgNM=";

     

       21
       21
       +
           hash = "sha256-LrUs6/YRQYU0o1kmNdBhafvDIyw91FnW8+9i0Jj5f+Y=";

     

       21
       22
        
         };

     

       22
       23
        
       

     

       23
       24
        
         pyproject = true;

     
···

       39
       40
        
             pytest-mock

     

       40
       41
        
             pytest-subprocess

     

       41
       42
        
             pytestCheckHook

     

       43
       43
       +
             writableTmpDirAsHomeHook

     

       42
       44
        
           ]

     

       43
       45
        
           ++ [ dpkg ];

     

       44
       46
        
       

     

       45
       45
       -
         preCheck = ''

     

       46
       46
       -
           mkdir -p check-phase

     

       47
       47
       -
           export HOME="$(pwd)/check-phase"

     

       48
       48
       -
         '';

     

       49
       49
       -
       

     

       50
       47
        
         disabledTests = [

     

       51
       48
        
           "test_project_all_platforms_invalid"

     

       52
       49
        
           "test_run_init_flask"

     

       53
       50
        
           "test_run_init_django"

     

       51
       51
       +
         ];

     

       52
       52
       +
       

     

       53
       53
       +
         disabledTestPaths = [

     

       54
       54
       +
           # Relies upon info in the .git directory which is stripped by fetchFromGitHub,

     

       55
       55
       +
           # and the version is overridden anyway.

     

       56
       56
       +
           "tests/integration/test_version.py"

     

       57
       57
       +
           # Tests non-Nix native packaging

     

       58
       58
       +
           "tests/integration/test_setuptools.py"

     

       54
       59
        
         ];

     

       55
       60
        
       

     

       56
       61
        
         passthru = {

+4 -4

pkgs/by-name/sn/snapcraft/lxd-socket-path.patch

···

       1
       1
       -
       diff --git a/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py b/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py

     

       2
       2
       -
       index 5fa4f898..41264ebb 100644

     

       3
       3
       -
       --- a/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py

     

       4
       4
       -
       +++ b/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py

     

       1
       1
       +
       diff --git i/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py w/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py

     

       2
       2
       +
       index 5fa4f898b..41264ebb0 100644

     

       3
       3
       +
       --- i/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py

     

       4
       4
       +
       +++ w/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py

     

       5
       5
        
       @@ -142,7 +142,7 @@ class LXD(Provider):

     

       6
       6
        
                    build_provider_flags=build_provider_flags,

     

       7
       7
        
                )

+2 -2

pkgs/by-name/sn/snapcraft/package.nix

···

       13
       13
        
       

     

       14
       14
        
       python3Packages.buildPythonApplication rec {

     

       15
       15
        
         pname = "snapcraft";

     

       16
       16
       -
         version = "8.7.3";

     

       16
       16
       +
         version = "8.8.0";

     

       17
       17
        
       

     

       18
       18
        
         pyproject = true;

     

       19
       19
        
       

     
···

       21
       21
        
           owner = "canonical";

     

       22
       22
        
           repo = "snapcraft";

     

       23
       23
        
           tag = version;

     

       24
       24
       -
           hash = "sha256-T39hhosZTttX8jMlF5ul9oBcsh+FKusepj0k2NMZHNU=";

     

       24
       24
       +
           hash = "sha256-54UOXEH3DxT1P/CRi09gEoq9si+x/1GHFuWRIyEvz3E=";

     

       25
       25
        
         };

     

       26
       26
        
       

     

       27
       27
        
         patches = [

+6 -13

pkgs/by-name/sn/snapcraft/set-channel-for-nix.patch

···

       1
       1
       -
       diff --git a/snapcraft/providers.py b/snapcraft/providers.py

     

       2
       2
       -
       index a999537a..dcd290a7 100644

     

       3
       3
       -
       --- a/snapcraft/providers.py

     

       4
       4
       -
       +++ b/snapcraft/providers.py

     

       5
       5
       -
       @@ -21,6 +21,7 @@ import sys

     

       6
       6
       -
        from pathlib import Path

     

       7
       7
       -
        from textwrap import dedent

     

       8
       8
       -
        from typing import Dict, Optional

     

       9
       9
       -
       +import platform

     

       10
       10
       -
        

     

       11
       11
       -
        from craft_cli import emit

     

       12
       12
       -
        from craft_providers import Provider, ProviderError, bases, executor

     

       13
       13
       -
       @@ -178,14 +179,14 @@ def get_base_configuration(

     

       1
       1
       +
       diff --git i/snapcraft/providers.py w/snapcraft/providers.py

     

       2
       2
       +
       index 41ab6e8f1..ceaf7539b 100644

     

       3
       3
       +
       --- i/snapcraft/providers.py

     

       4
       4
       +
       +++ w/snapcraft/providers.py

     

       5
       5
       +
       @@ -177,14 +177,15 @@ def get_base_configuration(

     

       14
       6
        
            # injecting a snap on a non-linux system is not supported, so default to

     

       15
       7
        
            # install snapcraft from the store's stable channel

     

       16
       8
        
            snap_channel = get_managed_environment_snap_channel()

     

       17
       9
        
       -    if sys.platform != "linux" and not snap_channel:

     

       10
       10
       +
       +    import platform

     

       18
       11
        
       +    if snap_channel is None and (sys.platform != "linux" or "NixOS" in platform.version()):

     

       19
       12
        
                emit.progress(

     

       20
       13
        
       -            "Using snapcraft from snap store channel 'latest/stable' in instance "

+3 -3

pkgs/by-name/st/steel/package.nix

···

       20
       20
        
       }:

     

       21
       21
        
       rustPlatform.buildRustPackage {

     

       22
       22
        
         pname = "steel";

     

       23
       23
       -
         version = "0.6.0-unstable-2025-03-28";

     

       23
       23
       +
         version = "0.6.0-unstable-2025-04-08";

     

       24
       24
        
       

     

       25
       25
        
         src = fetchFromGitHub {

     

       26
       26
        
           owner = "mattwparas";

     

       27
       27
        
           repo = "steel";

     

       28
       28
       -
           rev = "2f0fba8b16a3fbab083cedcf09974514b3a29d25";

     

       29
       29
       -
           hash = "sha256-i/bmZFoC3fRocO1KeCPGB9K/0yEAcKlLh56N+r1V7CI=";

     

       28
       28
       +
           rev = "764cc318dd427f7502f0c7f2a3bb9f1ba4705cd7";

     

       29
       29
       +
           hash = "sha256-Uxqy8vzRgQ3B/aAUV04OQumWrD9l4RNx1BX20R6lfAE=";

     

       30
       30
        
         };

     

       31
       31
        
       

     

       32
       32
        
         useFetchCargoVendor = true;

+3 -3

pkgs/by-name/su/supermariowar/package.nix

···

       16
       16
        
       

     

       17
       17
        
       stdenv.mkDerivation (finalAttrs: {

     

       18
       18
        
         pname = "supermariowar";

     

       19
       19
       -
         version = "2024-unstable-2025-01-30";

     

       19
       19
       +
         version = "2024-unstable-2025-04-03";

     

       20
       20
        
       

     

       21
       21
        
         src = fetchFromGitHub {

     

       22
       22
        
           owner = "mmatyas";

     

       23
       23
        
           repo = "supermariowar";

     

       24
       24
       -
           rev = "8192bbda2eca807cfe1e2793018bd55ecdaac50a";

     

       25
       25
       -
           hash = "sha256-i/UdKXIOUViv+FJFyss3Xa4Z8+OwW2CQjJ3hROZVaRA=";

     

       24
       24
       +
           rev = "c0ed774a2415ad45e72bd6086add2a5cbfc88898";

     

       25
       25
       +
           hash = "sha256-vh8SSMxAOG8f9nyJmKUlA8yb+G61Bfc62dhB2eLdo20=";

     

       26
       26
        
           fetchSubmodules = true;

     

       27
       27
        
         };

     

       28
       28

+2 -2

pkgs/by-name/ta/tana/package.nix

···

       62
       62
        
           stdenv.cc.cc

     

       63
       63
        
           stdenv.cc.libc

     

       64
       64
        
         ];

     

       65
       65
       -
         version = "1.0.24";

     

       65
       65
       +
         version = "1.0.25";

     

       66
       66
        
       in

     

       67
       67
        
       stdenv.mkDerivation {

     

       68
       68
        
         pname = "tana";

     
···

       70
       70
        
       

     

       71
       71
        
         src = fetchurl {

     

       72
       72
        
           url = "https://github.com/tanainc/tana-desktop-releases/releases/download/v${version}/tana_${version}_amd64.deb";

     

       73
       73
       -
           hash = "sha256-K3hJD42CWD+yQwbbzysMg2QD9RCw52h1mOV5lTO9CLc=";

     

       73
       73
       +
           hash = "sha256-2At28FVZEtn2RDoHpt+CeUizlBb1JCH6jXxcYoZcvYk=";

     

       74
       74
        
         };

     

       75
       75
        
       

     

       76
       76
        
         nativeBuildInputs = [

+4 -2

pkgs/development/python-modules/craft-cli/default.nix

···

       11
       11
        
         pytest-check,

     

       12
       12
        
         pytest-mock,

     

       13
       13
        
         pytestCheckHook,

     

       14
       14
       +
         writableTmpDirAsHomeHook,

     

       14
       15
        
       }:

     

       15
       16
        
       

     

       16
       17
        
       buildPythonPackage rec {

     

       17
       18
        
         pname = "craft-cli";

     

       18
       18
       -
         version = "2.15.0";

     

       19
       19
       +
         version = "3.0.0";

     

       19
       20
        
       

     

       20
       21
        
         pyproject = true;

     

       21
       22
        
       

     
···

       23
       24
        
           owner = "canonical";

     

       24
       25
        
           repo = "craft-cli";

     

       25
       26
        
           tag = version;

     

       26
       26
       -
           hash = "sha256-L8hOQJhjVAMo/WxEHHEk2QorlSdDFMGdcL/Q3Pv6mT4=";

     

       27
       27
       +
           hash = "sha256-RAnvx5519iXZnJm8jtY635e0DEL7jnIgZtTCindqMTY=";

     

       27
       28
        
         };

     

       28
       29
        
       

     

       29
       30
        
         postPatch = ''

     
···

       46
       47
        
           pytest-check

     

       47
       48
        
           pytest-mock

     

       48
       49
        
           pytestCheckHook

     

       50
       50
       +
           writableTmpDirAsHomeHook

     

       49
       51
        
         ];

     

       50
       52
        
       

     

       51
       53
        
         pytestFlagsArray = [ "tests/unit" ];

+2 -2

pkgs/development/python-modules/craft-platforms/default.nix

···

       14
       14
        
       

     

       15
       15
        
       buildPythonPackage rec {

     

       16
       16
        
         pname = "craft-platforms";

     

       17
       17
       -
         version = "0.6.0";

     

       17
       17
       +
         version = "0.7.0";

     

       18
       18
        
         pyproject = true;

     

       19
       19
        
       

     

       20
       20
        
         disabled = pythonOlder "3.10";

     
···

       23
       23
        
           owner = "canonical";

     

       24
       24
        
           repo = "craft-platforms";

     

       25
       25
        
           tag = version;

     

       26
       26
       -
           hash = "sha256-/mnRFw79YMG34/0aQMi237KMNxWanyJixkEKq+zaSuE=";

     

       26
       26
       +
           hash = "sha256-BFs+LqcJWqKMgEr7IzyP5qME+zaV6EFc79ustOB1Cno=";

     

       27
       27
        
         };

     

       28
       28
        
       

     

       29
       29
        
         postPatch = ''

+8 -1

pkgs/development/python-modules/debugpy/default.nix

···

       11
       11
        
         pytestCheckHook,

     

       12
       12
        
         pytest-xdist,

     

       13
       13
        
         pytest-timeout,

     

       14
       14
       +
         pytest-retry,

     

       14
       15
        
         importlib-metadata,

     

       15
       16
        
         psutil,

     

       16
       17
        
         untangle,

     
···

       98
       99
        
           pytestCheckHook

     

       99
       100
        
           pytest-xdist

     

       100
       101
        
           pytest-timeout

     

       102
       102
       +
           pytest-retry

     

       101
       103
        
       

     

       102
       104
        
           ## Used by test helpers:

     

       103
       105
        
           importlib-metadata

     
···

       128
       130
        
         '';

     

       129
       131
        
       

     

       130
       132
        
         # Override default arguments in pytest.ini

     

       131
       131
       -
         pytestFlagsArray = [ "--timeout=0" ];

     

       133
       133
       +
         pytestFlags = [ "--timeout=0" ];

     

       134
       134
       +
       

     

       135
       135
       +
         disabledTests = [

     

       136
       136
       +
           # hanging test (flaky)

     

       137
       137
       +
           "test_systemexit"

     

       138
       138
       +
         ];

     

       132
       139
        
       

     

       133
       140
        
         # Fixes hanging tests on Darwin

     

       134
       141
        
         __darwinAllowLocalNetworking = true;

+40

pkgs/development/python-modules/pytest-retry/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         buildPythonPackage,

     

       4
       4
       +
         fetchFromGitHub,

     

       5
       5
       +
         pytest,

     

       6
       6
       +
         pytestCheckHook,

     

       7
       7
       +
         setuptools,

     

       8
       8
       +
       }:

     

       9
       9
       +
       

     

       10
       10
       +
       buildPythonPackage rec {

     

       11
       11
       +
         pname = "pytest-retry";

     

       12
       12
       +
         version = "1.7.0";

     

       13
       13
       +
         pyproject = true;

     

       14
       14
       +
       

     

       15
       15
       +
         src = fetchFromGitHub {

     

       16
       16
       +
           owner = "str0zzapreti";

     

       17
       17
       +
           repo = "pytest-retry";

     

       18
       18
       +
           tag = version;

     

       19
       19
       +
           hash = "sha256-Gf+L7zvC1FGAm0Wd6E6fV3KynassoGyHSD0CPgEJ02k=";

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         build-system = [ setuptools ];

     

       23
       23
       +
       

     

       24
       24
       +
         dependencies = [ pytest ];

     

       25
       25
       +
       

     

       26
       26
       +
         nativeCheckInputs = [ pytestCheckHook ];

     

       27
       27
       +
       

     

       28
       28
       +
         pythonImportsCheck = [ "pytest_retry" ];

     

       29
       29
       +
       

     

       30
       30
       +
         meta = {

     

       31
       31
       +
           description = "Plugin for retrying flaky tests in CI environments";

     

       32
       32
       +
           longDescription = ''

     

       33
       33
       +
             This plugin adds a decorator to mark tests as flaky: `@pytest.mark.flaky(retries=3, delay=1)`.

     

       34
       34
       +
           '';

     

       35
       35
       +
           homepage = "https://github.com/str0zzapreti/pytest-retry";

     

       36
       36
       +
           changelog = "https://github.com/str0zzapreti/pytest-retry/releases/tag/${src.tag}";

     

       37
       37
       +
           license = lib.licenses.mit;

     

       38
       38
       +
           maintainers = with lib.maintainers; [ fliegendewurst ];

     

       39
       39
       +
         };

     

       40
       40
       +
       }

+4 -4

pkgs/os-specific/linux/kernel/zen-kernels.nix

···

       16
       16
        
         variants = {

     

       17
       17
        
           # ./update-zen.py zen

     

       18
       18
        
           zen = {

     

       19
       19
       -
             version = "6.14"; # zen

     

       19
       19
       +
             version = "6.14.1"; # zen

     

       20
       20
        
             suffix = "zen1"; # zen

     

       21
       21
       -
             sha256 = "1lgzmjqybf4k7npwg2jkwmyxh0zfzhvbdpw3ajlr84i4sny2i6cy"; # zen

     

       21
       21
       +
             sha256 = "07fif9yj33lidp7dp8r66bsqyyh6fckjb3nhxynaikgb17hx9w5b"; # zen

     

       22
       22
        
             isLqx = false;

     

       23
       23
        
           };

     

       24
       24
        
           # ./update-zen.py lqx

     

       25
       25
        
           lqx = {

     

       26
       26
       -
             version = "6.14.0"; # lqx

     

       26
       26
       +
             version = "6.14.1"; # lqx

     

       27
       27
        
             suffix = "lqx1"; # lqx

     

       28
       28
       -
             sha256 = "1py2zg8wr5azr88ixm04v3nvlfihk7iimzc7sdjgz2mb0ji5kxjc"; # lqx

     

       28
       28
       +
             sha256 = "0gga9xrdp9q5jdzl3mjbx140wnwxibavvvdgxvqz9f2g3f20d69y"; # lqx

     

       29
       29
        
             isLqx = true;

     

       30
       30
        
           };

     

       31
       31
        
         };

pkgs/top-level/python-packages.nix

···

       13671
       13671
        
       

     

       13672
       13672
        
         pytest-responses = callPackage ../development/python-modules/pytest-responses { };

     

       13673
       13673
        
       

     

       13674
       13674
       +
         pytest-retry = callPackage ../development/python-modules/pytest-retry { };

     

       13675
       13675
       +
       

     

       13674
       13676
        
         pytest-reverse = callPackage ../development/python-modules/pytest-reverse { };

     

       13675
       13677
        
       

     

       13676
       13678
        
         pytest-run-parallel = callPackage ../development/python-modules/pytest-run-parallel { };