pyrox.dev
+5
maintainers/maintainer-list.nix
+5
maintainers/maintainer-list.nix
+79
-90
nixos/modules/security/acme/default.nix
+79
-90
nixos/modules/security/acme/default.nix
···mkAccountHash = acmeServer: data: mkHash "${toString acmeServer} ${data.keyType} ${data.email}";# Assign elements of `baseList` to each element of `needAssignmentList`, until the latter is exhausted.·········-after = [ "acme-selfsigned-ca.service" "acme-fixperms.service" ] ++ lib.optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";-requires = [ "acme-selfsigned-ca.service" "acme-fixperms.service" ] ++ lib.optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";···-after = [ "network.target" "network-online.target" "acme-fixperms.service" "nss-lookup.target" ] ++ selfsignedDeps ++ lib.optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";-wants = [ "network-online.target" "acme-fixperms.service" ] ++ selfsignedDeps ++ lib.optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";+after = [ "network.target" "network-online.target" "acme-setup.service" "nss-lookup.target" ] ++ selfsignedDeps;············renewServiceFunctions = lib.mapAttrs' (cert: conf: lib.nameValuePair "acme-${cert}" conf.renewService) certConfigs;···-// (lib.optionalAttrs (cfg.maxConcurrentRenewals > 0) {"acme-lockfiles" = lockfilePrepareService; })systemd.timers = lib.mapAttrs' (cert: conf: lib.nameValuePair "acme-${cert}" conf.renewTimer) certConfigs;
+46
nixos/modules/services/web-servers/h2o/common.nix
+46
nixos/modules/services/web-servers/h2o/common.nix
···
+111
-28
nixos/modules/services/web-servers/h2o/default.nix
+111
-28
nixos/modules/services/web-servers/h2o/default.nix
·········+"https://raw.githubusercontent.com/mozilla/ssl-config-generator/refs/tags/${git_tag}/src/static/guidelines/${version}.json"···+tlsRecommendations = lib.attrByPath [ "tls" "recommendations" ] cfg.defaultTLSRecommendations value;+hsts = "Strict-Transport-Security: max-age=${builtins.toString recs.hsts_min_age}; includeSubDomains; preload";·········
+9
-1
nixos/modules/services/web-servers/h2o/vhost-options.nix
+9
-1
nixos/modules/services/web-servers/h2o/vhost-options.nix
············
+2
-1
nixos/release-combined.nix
+2
-1
nixos/release-combined.nix
···
+8
-2
nixos/release-small.nix
+8
-2
nixos/release-small.nix
······
-788
nixos/tests/acme.nix
-788
nixos/tests/acme.nix
···-${pkgs.curl}/bin/curl --data '{"host": "'"$2"'", "value": "'"$3"'"}' http://${dnsAddress}:8055/set-txt-# Test that server reloads when an alias is removed (and subsequently test removal works in acme)-ExecStart = "${pkgs.pebble}/bin/pebble-challtestsrv -dns01 ':53' -defaultIPv6 '' -defaultIPv4 '${nodes.webserver.networking.primaryIPAddress}'";-# Note, wait_for_unit does not work for oneshot services that do not have RemainAfterExit=true,-'curl --data \'{"host": "${caDomain}", "addresses": ["${nodes.acme.networking.primaryIPAddress}"]}\' http://${dnsServerIP nodes}:8055/add-a'-f"test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test/*.pem | tee /dev/stderr | grep '640 acme {group}' | wc -l) -eq 5"-f"test $(stat -L -c '%a %U %G' /var/lib/acme/.lego/a.example.test/**/a.example.test* | tee /dev/stderr | grep '600 acme {group}' | wc -l) -eq 4"-f"test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test | tee /dev/stderr | grep '750 acme {group}' | wc -l) -eq 1"-f"test $(find /var/lib/acme/accounts -type f -exec stat -L -c '%a %U %G' {{}} \\; | tee /dev/stderr | grep -v '600 acme {group}' | wc -l) -eq 0"-# Selfsigned certs tests happen late so we aren't fighting the system init triggering cert renewal-f"test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test/*.pem | tee /dev/stderr | grep '640 acme {group}' | wc -l) -eq 5"
+120
nixos/tests/acme/caddy.nix
+120
nixos/tests/acme/caddy.nix
···
+56
nixos/tests/acme/default.nix
+56
nixos/tests/acme/default.nix
···
+118
nixos/tests/acme/dns01.nix
+118
nixos/tests/acme/dns01.nix
···+ExecStart = "${pkgs.pebble}/bin/pebble-challtestsrv -dns01 ':53' -defaultIPv6 '' -defaultIPv4 '${nodes.client.networking.primaryIPAddress}'";
+215
nixos/tests/acme/http01-builtin.nix
+215
nixos/tests/acme/http01-builtin.nix
···
+166
nixos/tests/acme/python-utils.py
+166
nixos/tests/acme/python-utils.py
···
+4
nixos/tests/acme/utils.nix
+4
nixos/tests/acme/utils.nix
+185
nixos/tests/acme/webserver.nix
+185
nixos/tests/acme/webserver.nix
···
+1
-1
nixos/tests/all-tests.nix
+1
-1
nixos/tests/all-tests.nix
···
+46
-65
nixos/tests/common/acme/server/default.nix
+46
-65
nixos/tests/common/acme/server/default.nix
············
-184
nixos/tests/common/resolver.nix
-184
nixos/tests/common/resolver.nix
···-getZones = cfg: mkNsdZoneNames cfg.services.nsd.zones ++ mkBindZoneNames cfg.services.bind.zones;
+1
nixos/tests/web-servers/h2o/default.nix
+1
nixos/tests/web-servers/h2o/default.nix
+115
nixos/tests/web-servers/h2o/tls-recommendations.nix
+115
nixos/tests/web-servers/h2o/tls-recommendations.nix
···+curl_max_tls1_2_intermediate_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' 'https://${domain}:${portStr}/'"+curl_max_tls1_2_old_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256' 'https://${domain}:${portStr}/'"
+3
-3
pkgs/applications/blockchains/polkadot/default.nix
+3
-3
pkgs/applications/blockchains/polkadot/default.nix
······
+18
-16
pkgs/applications/misc/qelectrotech/default.nix
+18
-16
pkgs/applications/misc/qelectrotech/default.nix
···---replace 'GIT_COMMIT_SHA="\\\"$(shell git -C \""$$_PRO_FILE_PWD_"\" rev-parse --verify HEAD)\\\""' \+--replace-fail 'GIT_COMMIT_SHA="\\\"$(shell git -C \""$$_PRO_FILE_PWD_"\" rev-parse --verify HEAD)\\\""' \·········
+2
-2
pkgs/applications/networking/browsers/firefox/wrapper.nix
+2
-2
pkgs/applications/networking/browsers/firefox/wrapper.nix
······
+5
-2
pkgs/applications/science/math/glsurf/default.nix
+5
-2
pkgs/applications/science/math/glsurf/default.nix
···
+9
-10
pkgs/applications/video/obs-studio/plugins/obs-source-switcher.nix
+9
-10
pkgs/applications/video/obs-studio/plugins/obs-source-switcher.nix
···
+3
-3
pkgs/by-name/ai/aiken/package.nix
+3
-3
pkgs/by-name/ai/aiken/package.nix
···
+3
-3
pkgs/by-name/an/ankama-launcher/package.nix
+3
-3
pkgs/by-name/an/ankama-launcher/package.nix
···# https://launcher.cdn.ankama.com/installers/production/Ankama%20Launcher-Setup-x86_64.AppImage# As it does not encode the version, we use the wayback machine (web.archive.org) to get a fixed URL.# To update the client, head to web.archive.org and create a new snapshot of the download page.-url = "https://web.archive.org/web/20250203095353/https://launcher.cdn.ankama.com/installers/production/Ankama%20Launcher-Setup-x86_64.AppImage";+url = "https://web.archive.org/web/20250217184754/https://launcher.cdn.ankama.com/installers/production/Ankama%20Launcher-Setup-x86_64.AppImage";
+3
-3
pkgs/by-name/ba/balena-cli/package.nix
+3
-3
pkgs/by-name/ba/balena-cli/package.nix
···
+1
pkgs/by-name/ca/caddy/package.nix
+1
pkgs/by-name/ca/caddy/package.nix
+7
-4
pkgs/by-name/cl/claude-code/package-lock.json
+7
-4
pkgs/by-name/cl/claude-code/package-lock.json
···-"integrity": "sha512-UGSEQbgDvhlEXC8rf5ASDXRSaq6Nfd4owY7k9bDdRhX9N5q8cMN+5vfTN1ezZhBcRFMOnpEK4eRSEgXW3eDeOQ==",+"integrity": "sha512-p729wIUq9/K/TecpE64nzWKEZJ1qddn20eQg1nUoMdEQtwWjwWYiecwJ6lDxCmNRWr0ukC7ovu0Kgtmh+uOPYg==",
+3
-3
pkgs/by-name/cl/claude-code/package.nix
+3
-3
pkgs/by-name/cl/claude-code/package.nix
···
+24
-23
pkgs/by-name/co/cosmic-applibrary/package.nix
+24
-23
pkgs/by-name/co/cosmic-applibrary/package.nix
······
+2
-2
pkgs/by-name/ex/exiv2/package.nix
+2
-2
pkgs/by-name/ex/exiv2/package.nix
······
+108
-378
pkgs/by-name/fs/fsautocomplete/deps.json
+108
-378
pkgs/by-name/fs/fsautocomplete/deps.json
······································································································
+13
-5
pkgs/by-name/fs/fsautocomplete/package.nix
+13
-5
pkgs/by-name/fs/fsautocomplete/package.nix
······
+11
-9
pkgs/by-name/gi/git-big-picture/package.nix
+11
-9
pkgs/by-name/gi/git-big-picture/package.nix
···
+5
-5
pkgs/by-name/go/google-chrome/package.nix
+5
-5
pkgs/by-name/go/google-chrome/package.nix
···url = "https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${finalAttrs.version}-1_amd64.deb";···-url = "http://dl.google.com/release2/chrome/ac4k2kxfjhk4ggh2tvxk4t47hl7q_133.0.6943.127/GoogleChrome-133.0.6943.127.dmg";+url = "http://dl.google.com/release2/chrome/ejubi5y7bpapjhrevtxffszuji_133.0.6943.142/GoogleChrome-133.0.6943.142.dmg";
+4
-4
pkgs/by-name/ho/hoppscotch/package.nix
+4
-4
pkgs/by-name/ho/hoppscotch/package.nix
···url = "https://github.com/hoppscotch/releases/releases/download/v${version}/Hoppscotch_mac_aarch64.dmg";url = "https://github.com/hoppscotch/releases/releases/download/v${version}/Hoppscotch_mac_x64.dmg";url = "https://github.com/hoppscotch/releases/releases/download/v${version}/Hoppscotch_linux_x64.AppImage";
+2
-2
pkgs/by-name/ku/kubo/package.nix
+2
-2
pkgs/by-name/ku/kubo/package.nix
···-version = "0.33.1"; # When updating, also check if the repo version changed and adjust repoVersion below+version = "0.33.2"; # When updating, also check if the repo version changed and adjust repoVersion below···
+4
-1
pkgs/by-name/le/lego/package.nix
+4
-1
pkgs/by-name/le/lego/package.nix
+81
pkgs/by-name/op/open-adventure/package.nix
+81
pkgs/by-name/op/open-adventure/package.nix
···+mkdir -vp "$out/bin" "$out/share/man/man6" "$out/share/applications/" "$out/share/icons/hicolor/scalable/apps"
+2
-1
pkgs/by-name/pe/pebble/package.nix
+2
-1
pkgs/by-name/pe/pebble/package.nix
+11
-10
pkgs/by-name/ra/radsecproxy/package.nix
+11
-10
pkgs/by-name/ra/radsecproxy/package.nix
···description = "Generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports";
+7
-2
pkgs/by-name/sn/snyk/package.nix
+7
-2
pkgs/by-name/sn/snyk/package.nix
·········+# Remove dangling symlinks created during installation (remove -delete to just see the files, or -print '%l\n' to see the target
+3
-3
pkgs/by-name/sy/symfony-cli/package.nix
+3
-3
pkgs/by-name/sy/symfony-cli/package.nix
···
+3
-3
pkgs/by-name/up/upx/package.nix
+3
-3
pkgs/by-name/up/upx/package.nix
···
+8
-3
pkgs/by-name/vt/vtsls/package.nix
+8
-3
pkgs/by-name/vt/vtsls/package.nix
·········
+38
pkgs/by-name/wa/wasm-language-tools/package.nix
+38
pkgs/by-name/wa/wasm-language-tools/package.nix
···+changelog = "https://github.com/g-plane/wasm-language-tools/releases/tag/v${version}/CHANGELOG.md";
+2
-2
pkgs/development/libraries/python-qt/default.nix
+2
-2
pkgs/development/libraries/python-qt/default.nix
···
+6
-32
pkgs/development/ocaml-modules/camlimages/camlimages.patch
+6
-32
pkgs/development/ocaml-modules/camlimages/camlimages.patch
······- let res = match Caml.Sys.command & !% "ocamlfind ocamlc -package %s -o %s -linkpkg" n dest with···
+3
-3
pkgs/development/ocaml-modules/camlimages/default.nix
+3
-3
pkgs/development/ocaml-modules/camlimages/default.nix
······
+28
pkgs/development/ocaml-modules/mirage-ptime/default.nix
+28
pkgs/development/ocaml-modules/mirage-ptime/default.nix
···+url = "https://github.com/mirage/mirage-ptime/releases/download/v${version}/mirage-ptime-${version}.tbz";+changelog = "https://raw.githubusercontent.com/mirage/mirage-ptime/refs/tags/v${version}/CHANGES.md";
+3
-3
pkgs/development/ocaml-modules/tls/async.nix
+3
-3
pkgs/development/ocaml-modules/tls/async.nix
······
+2
-2
pkgs/development/ocaml-modules/tls/default.nix
+2
-2
pkgs/development/ocaml-modules/tls/default.nix
···url = "https://github.com/mirleft/ocaml-tls/releases/download/v${version}/tls-${version}.tbz";
+4
-5
pkgs/development/ocaml-modules/tls/eio.nix
+4
-5
pkgs/development/ocaml-modules/tls/eio.nix
······
+3
-3
pkgs/development/ocaml-modules/tls/lwt.nix
+3
-3
pkgs/development/ocaml-modules/tls/lwt.nix
······
+2
-2
pkgs/development/ocaml-modules/tls/mirage.nix
+2
-2
pkgs/development/ocaml-modules/tls/mirage.nix
······
+2
-2
pkgs/development/php-packages/memprof/default.nix
+2
-2
pkgs/development/php-packages/memprof/default.nix
······
+2
-2
pkgs/development/python-modules/craft-archives/default.nix
+2
-2
pkgs/development/python-modules/craft-archives/default.nix
······
+2
-2
pkgs/development/python-modules/graph-tool/default.nix
+2
-2
pkgs/development/python-modules/graph-tool/default.nix
···
+98
-10
pkgs/development/python-modules/gym/default.nix
+98
-10
pkgs/development/python-modules/gym/default.nix
···
+3
-3
pkgs/development/python-modules/pylance/default.nix
+3
-3
pkgs/development/python-modules/pylance/default.nix
······
+3
-3
pkgs/kde/generated/sources/plasma.json
+3
-3
pkgs/kde/generated/sources/plasma.json
···
+1
-1
pkgs/servers/http/apache-httpd/2.4.nix
+1
-1
pkgs/servers/http/apache-httpd/2.4.nix
···
+1
-1
pkgs/servers/http/nginx/generic.nix
+1
-1
pkgs/servers/http/nginx/generic.nix
+2
-2
pkgs/servers/x11/xorg/xwayland.nix
+2
-2
pkgs/servers/x11/xorg/xwayland.nix
···
+3
pkgs/tools/audio/liquidsoap/full.nix
+3
pkgs/tools/audio/liquidsoap/full.nix
···
+9
-7
pkgs/tools/inputmethods/ibus-engines/ibus-libpinyin/default.nix
+9
-7
pkgs/tools/inputmethods/ibus-engines/ibus-libpinyin/default.nix
······
+11
-13
pkgs/tools/misc/qt6ct/default.nix
+11
-13
pkgs/tools/misc/qt6ct/default.nix
······
+13
pkgs/tools/misc/screen/buffer-overflow-SendCmdMessage.patch
+13
pkgs/tools/misc/screen/buffer-overflow-SendCmdMessage.patch
···
+7
pkgs/tools/misc/screen/default.nix
+7
pkgs/tools/misc/screen/default.nix
···# We need _GNU_SOURCE so that mallocmock_reset() is defined: https://savannah.gnu.org/bugs/?66416NIX_CFLAGS_COMPILE = lib.optionalString (stdenv.cc.isGNU) "-D_GNU_SOURCE=1 -Wno-int-conversion -Wno-incompatible-pointer-types";
+2
pkgs/top-level/ocaml-packages.nix
+2
pkgs/top-level/ocaml-packages.nix
···