Merge 538087c016 into haskell-updates

This commit is contained in:
nixpkgs-ci[bot] 2026-06-27 00:52:07 +00:00 committed by GitHub
commit 4d0ae93287
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
425 changed files with 39316 additions and 7712 deletions

View file

@ -123,10 +123,6 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @Artturin @Ericson2314 @lo
/doc/redirects.json @GetPsyched
/nixos/doc/manual/redirects.json @GetPsyched
# NixOS integration test driver
/nixos/lib/test-driver @tfc
/nixos/lib/testing @tfc
# NixOS QEMU virtualisation
/nixos/modules/virtualisation/qemu-vm.nix @raitobezarius
/nixos/modules/services/backup/libvirtd-autosnapshot.nix @6543
@ -520,3 +516,9 @@ pkgs/by-name/wa/warp-terminal/ @emilytrau @imadnyc @FlameFlag @johnrtitor
# Zellij plugins
/pkgs/by-name/ze/zellij/plugins/ @PerchunPak
# Test-driver
/nixos/lib/test-driver @NixOS/test-driver
/nixos/lib/testing @NixOS/test-driver
/nixos/tests/nixos-test-driver @NixOS/test-driver
/nixos/modules/virtualisation/nspawn-container/run-nspawn @NixOS/test-driver

View file

@ -1,85 +0,0 @@
# This expression will, as efficiently as possible, dump a
# *superset* of all attrpaths of derivations which might be
# part of a release on *any* platform.
#
# This expression runs single-threaded under all current Nix
# implementations, but much faster and with much less memory
# used than ./outpaths.nix itself.
#
# Once you have the list of attrnames you can split it up into
# $NUM_CORES batches and evaluate the outpaths separately for each
# batch, in parallel.
#
# To dump the attrnames:
#
# nix-instantiate --eval --strict --json ci/eval/attrpaths.nix -A names
#
{
lib ? import (path + "/lib"),
trace ? false,
path ? ./../..,
extraNixpkgsConfigJson ? "{}",
}:
let
# TODO: Use mapAttrsToListRecursiveCond when this PR lands:
# https://github.com/NixOS/nixpkgs/pull/395160
justAttrNames =
path: value:
let
result =
if path == [ "AAAAAASomeThingsFailToEvaluate" ] || !(lib.isAttrs value) then
[ ]
else if lib.isDerivation value then
[ path ]
else
lib.pipe value [
(lib.mapAttrsToList (
name: value:
lib.addErrorContext "while evaluating package set attribute path '${
lib.showAttrPath (path ++ [ name ])
}'" (justAttrNames (path ++ [ name ]) value)
))
lib.concatLists
];
in
lib.traceIf trace "** ${lib.showAttrPath path}" result;
outpaths = import ./outpaths.nix {
inherit path;
extraNixpkgsConfig = builtins.fromJSON extraNixpkgsConfigJson;
attrNamesOnly = true;
};
paths = [
# Some of the following are based on variants, which are disabled with `attrNamesOnly = true`.
# Until these have been removed from release.nix / hydra, we manually add them to the list.
[
"pkgsLLVM"
"stdenv"
]
[
"pkgsArocc"
"stdenv"
]
[
"pkgsZig"
"stdenv"
]
[
"pkgsStatic"
"stdenv"
]
[
"pkgsMusl"
"stdenv"
]
]
++ justAttrNames [ ] outpaths;
names = map lib.showAttrPath paths;
in
{
inherit paths names;
}

View file

@ -2,8 +2,8 @@
{
lib ? import ../../lib,
path ? ../..,
# The file containing all available attribute paths, which are split into chunks here
attrpathFile,
# The file containing the preEval result
preEvalFile,
chunkSize,
myChunk,
includeBroken,
@ -12,12 +12,13 @@
}:
let
attrpaths = lib.importJSON attrpathFile;
myAttrpaths = lib.sublist (chunkSize * myChunk) chunkSize attrpaths;
preEvalResult = lib.importJSON preEvalFile;
myAttrpaths = lib.sublist (chunkSize * myChunk) chunkSize preEvalResult.paths;
unfiltered = import ./outpaths.nix {
inherit path;
inherit includeBroken systems;
inherit (preEvalResult) attrPathsDisallowedForInternalUse;
extraNixpkgsConfig = builtins.fromJSON extraNixpkgsConfigJson;
};

View file

@ -38,7 +38,7 @@ let
fileset = unions (
map (lib.path.append ../..) [
".version"
"ci/eval/attrpaths.nix"
"ci/eval/pre-eval.nix"
"ci/eval/chunk.nix"
"ci/eval/outpaths.nix"
"default.nix"
@ -56,11 +56,11 @@ let
builtins.readFile ../../pkgs/top-level/release-supported-systems.json
);
attrpathsSuperset =
preEval =
{
evalSystem,
}:
runCommand "attrpaths-superset.json"
runCommand "pre-eval"
{
src = nixpkgs;
# Don't depend on -dev outputs to reduce closure size for CI.
@ -73,15 +73,15 @@ let
export NIX_STATE_DIR=$(mktemp -d)
mkdir $out
export GC_INITIAL_HEAP_SIZE=4g
command time -f "Attribute eval done [%MKB max resident, %Es elapsed] %C" \
command time -f "Pre-eval done [%MKB max resident, %Es elapsed] %C" \
nix-instantiate --eval --strict --json --show-trace \
"$src/ci/eval/attrpaths.nix" \
-A paths \
"$src/ci/eval/pre-eval.nix" \
-A result \
-I "$src" \
--argstr extraNixpkgsConfigJson ${lib.escapeShellArg (builtins.toJSON extraNixpkgsConfig)} \
--option restrict-eval true \
--option allow-import-from-derivation false \
--option eval-system "${evalSystem}" > $out/paths.json
--option eval-system "${evalSystem}" > $out/result.json
'';
singleSystem =
@ -90,8 +90,8 @@ let
# Note that this is intentionally not called `system`,
# because `--argstr system` would only be passed to the ci/default.nix file!
evalSystem ? builtins.currentSystem,
# The path to the `paths.json` file from `attrpathsSuperset`
attrpathFile ? "${attrpathsSuperset { inherit evalSystem; }}/paths.json",
# The path to the `result.json` file from `preEval`
preEvalFile ? "${preEval { inherit evalSystem; }}/result.json",
}:
let
singleChunk = writeShellScript "single-chunk" ''
@ -121,12 +121,12 @@ let
--show-trace \
--arg chunkSize "$chunkSize" \
--arg myChunk "$myChunk" \
--arg attrpathFile "${attrpathFile}" \
--arg preEvalFile "${preEvalFile}" \
--arg systems "[ \"$system\" ]" \
--arg includeBroken ${lib.boolToString includeBroken} \
--argstr extraNixpkgsConfigJson ${lib.escapeShellArg (builtins.toJSON extraNixpkgsConfig)} \
-I ${nixpkgs} \
-I ${attrpathFile} \
-I ${preEvalFile} \
> "$outputDir/result/$myChunk" \
2> "$outputDir/stderr/$myChunk"
exitCode=$?
@ -164,7 +164,7 @@ let
echo "System: $evalSystem"
cores=$NIX_BUILD_CORES
echo "Cores: $cores"
attrCount=$(jq length "${attrpathFile}")
attrCount=$(jq '.paths | length' "${preEvalFile}")
echo "Attribute count: $attrCount"
echo "Chunk size: $chunkSize"
# Same as `attrCount / chunkSize` but rounded up
@ -316,7 +316,7 @@ let
in
{
inherit
attrpathsSuperset
preEval
singleSystem
diff
combine

View file

@ -6,7 +6,7 @@
includeBroken ? true, # set this to false to exclude meta.broken packages from the output
path ? ./../..,
# used by ./attrpaths.nix
# used by ./pre-eval.nix
attrNamesOnly ? false,
# Set this to `null` to build for builtins.currentSystem only
@ -14,6 +14,8 @@
builtins.readFile (path + "/pkgs/top-level/release-supported-systems.json")
),
attrPathsDisallowedForInternalUse ? [ ],
# Customize the config used to evaluate nixpkgs
extraNixpkgsConfig ? { },
}:
@ -35,6 +37,22 @@ let
allowVariants = !attrNamesOnly;
checkMeta = true;
# We don't need to care about problems being caught using the
# standard mechanism, because any problems whose kind is not
# nixpkgsInternalUseAllowed cause the corresponding attributes to
# be disallowed entirely for internal use with
# attrPathsDisallowedForInternalUse, see also ./pre-eval.nix
problems.matchers = lib.mkForce [
# We only need to set the broken handler to error, so that CI
# doesn't evaluate those. No reason it couldn't evaluate them
# afaik, but this is how it's been before.
{
kind = "broken";
handler = "error";
}
];
inherit attrPathsDisallowedForInternalUse;
# Silence the `x86_64-darwin` deprecation warning.
allowDeprecatedx86_64Darwin = true;

128
ci/eval/pre-eval.nix Normal file
View file

@ -0,0 +1,128 @@
# This file does a fast pre-evaluation of Nixpkgs to determine:
# - paths: A *superset* of all attrpaths of derivations which might be part of a release on *any* platform.
# - attrPathsDisallowedForInternalUse: Attribute paths whose meta.problems has problems whose kinds should not be used internally in Nixpkgs
#
# This expression runs single-threaded under all current Nix
# implementations, but much faster and with much less memory
# used than ./outpaths.nix itself.
#
# Once you have the list of attrnames you can split it up into
# $NUM_CORES batches and evaluate the outpaths separately for each
# batch, in parallel.
#
# To dump the result:
#
# nix-instantiate --eval --strict --json ci/eval/pre-eval.nix -A result
#
{
lib ? import (path + "/lib"),
trace ? false,
path ? ./../..,
extraNixpkgsConfigJson ? "{}",
}:
let
# TODO: Use mapAttrsToListRecursiveCond when this PR lands:
# https://github.com/NixOS/nixpkgs/pull/395160
listAttrs =
path: value:
let
result =
if path == [ "AAAAAASomeThingsFailToEvaluate" ] || !(lib.isAttrs value) then
[ ]
else if lib.isDerivation value then
[
{
inherit path value;
}
]
else
lib.pipe value [
(lib.mapAttrsToList (
name: value:
lib.addErrorContext "while evaluating package set attribute path '${
lib.showAttrPath (path ++ [ name ])
}'" (listAttrs (path ++ [ name ]) value)
))
lib.concatLists
];
in
lib.traceIf trace "** ${lib.showAttrPath path}" result;
outpaths = import ./outpaths.nix {
inherit path;
extraNixpkgsConfig = builtins.fromJSON extraNixpkgsConfigJson;
attrNamesOnly = true;
};
list =
map
(path: {
inherit path;
# This looks a bit weird, but the only reason we care about this value
# is for the meta.problems check below, and stdenv's certainly don't
# have any problems, so this is fine :)
value = { };
})
[
# Some of the following are based on variants, which are disabled with `attrNamesOnly = true`.
# Until these have been removed from release.nix / hydra, we manually add them to the list.
[
"pkgsLLVM"
"stdenv"
]
[
"pkgsArocc"
"stdenv"
]
[
"pkgsZig"
"stdenv"
]
[
"pkgsStatic"
"stdenv"
]
[
"pkgsMusl"
"stdenv"
]
]
++ listAttrs [ ] outpaths;
paths = map (attrs: attrs.path) list;
names = map lib.showAttrPath paths;
inherit (import ../../pkgs/stdenv/generic/problems.nix { inherit lib; })
disallowNixpkgsInternalUseKinds
;
# Determine the list of attributes whose packages have any meta.problems
# with a kind that's disallowed from internal Nixpkgs use
attrPathsDisallowedForInternalUse = lib.pipe list [
(lib.map (
attrs:
attrs
// {
problematicProblems = builtins.tryEval (
lib.filterAttrs (name: problem: disallowNixpkgsInternalUseKinds ? ${problem.kind}) (
attrs.value.meta.problems or { }
)
);
}
))
(lib.filter (attrs: attrs.problematicProblems.success && attrs.problematicProblems.value != { }))
(lib.map (attrs: {
attrPath = attrs.path;
reason = "it has certain meta.problems whose kinds are disallowed: ${
lib.generators.toPretty { } attrs.problematicProblems.value
}";
}))
];
in
{
# TODO: Do we still need these? Probably not
inherit paths names;
result = {
inherit paths attrPathsDisallowedForInternalUse;
};
}

View file

@ -737,4 +737,102 @@ Notable attributes:
* `driverInteractive`: a script that launches an interactive Python session in the context of the `testScript`.
## `modularServiceCompliance` {#tester-modularServiceCompliance}
Compliance suite for [modular service](https://nixos.org/manual/nixos/unstable/#modular-services) integrations.
Tests that a service manager integration correctly handles the portable modular services contract: `process.argv`, sub-services, assertions, and warnings.
### Return value {#tester-modularServiceCompliance-return}
An attribute set of derivations which perform the tests during their build.
### Inputs {#tester-modularServiceCompliance-inputs}
`evalConfig` (function)
: `{ services } -> { config; checkDrv; }`.
Function to evaluate the given services in the integration's full context.
This function is called for evaluation checks on configurations that will not be run.
- Input `services` is an attrset of modular service configurations. These should be used verbatim.
- Output attribute `config` is the resulting evaluated services attrset (e.g., the value of the `system.services` option in NixOS).
This attribute must be available even if `checkDrv` would fail.
- Output attribute `checkDrv` is a representative derivation whose existence and buildability prove the eval is sound (e.g., `system.build.toplevel` in NixOS, but could perhaps be more specific in the case of another process manager integration).
`mkTest` (function)
: `{ name, services, testExe } -> derivation`.
- Input `name` is a test name, suitable for use as a derivation name.
- Input `services` is an attrset of modular service configurations, matching the structure of the integration's services option.
- Input `testExe` is a store path to an executable that verifies the services.
- Output: a derivation that runs the service manager with the provided configuration inputs and then calls `testExe` after starting the services. That executable must have access to `sharedDir`.
`sharedDir` (string)
: Path to a directory writable by service processes and readable by `testExe`.
The integration must ensure this directory is available when the services and `testExe` run.
:::{.example #ex-modularServiceCompliance-nixos}
# NixOS invocation of the compliance suite
```nix
# In nixos/tests/all-tests.nix:
# modularServiceCompliance =
recurseIntoAttrs (
pkgs.testers.modularServiceCompliance {
sharedDir = "/tmp/modular-service-compliance";
evalConfig =
{ services }:
let
machine = evalSystem (
{ ... }:
{
system.services = services;
system.stateVersion = "25.05";
fileSystems."/" = {
device = "/test/dummy";
fsType = "auto";
};
boot.loader.grub.enable = false;
}
);
in
{
config = machine.config.system.services;
checkDrv = machine.config.system.build.toplevel;
};
mkTest =
{
name,
services,
testExe,
}:
runTest {
_class = "nixosTest";
inherit name;
nodes.machine.system.services = services;
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.succeed("${testExe}")
'';
};
}
)
```
:::
### Manual compliance items {#tester-modularServiceCompliance-manual}
The following compliance items are not yet automated and must be verified manually when implementing a new modular service integration.
- **Failing assertions prevent deployment.**
A service with `assertions = [{ assertion = false; message = "..."; }]` must cause the deployment to fail.
The mechanism is integration-specific (e.g., NixOS checks assertions during `system.build.toplevel` evaluation).
- **Warnings are visible to the user.**
A service with `warnings = [ "..." ]` must surface the warning to the user.
On NixOS these are `builtins.warn` messages emitted during evaluation.
[file system object]: https://nix.dev/manual/nix/latest/store/file-system-object

View file

@ -248,6 +248,43 @@ You can install the standalone parsers and queries directly without installing `
})
```
### Treesitter setup using WASM parsers and queries {#neovim-plugin-treesitter-wasm}
Neovim can load WASM parsers when it is built with Wasmtime support.
In nixpkgs, WASM parser plugins are available from the `wasi32` cross package set:
```nix
(pkgs.wrapNeovim (pkgs.neovim-unwrapped.override { wasmSupport = true; }) {
configure = {
packages.myPlugins =
with pkgs.pkgsCross.wasi32.vimPlugins;
let
# Select the grammars you need
treesitter-grammars = with nvim-treesitter-parsers; [
nix
python
];
# Queries are needed for treesitter based syntax highlighting and folds.
treesitter-queries = map (p: p.associatedQuery) treesitter-grammars;
in
{
start = [
# regular plugins
]
++ treesitter-grammars
++ treesitter-queries;
};
};
})
```
Do not install both native and WASM parsers for the same language.
For example, installing both `pkgs.vimPlugins.nvim-treesitter-parsers.nix` and
`pkgs.pkgsCross.wasi32.vimPlugins.nvim-treesitter-parsers.nix` is invalid because Neovim
loads the first `parser/nix.*` found on `runtimepath`.
Use `:checkhealth vim.treesitter` to verify Nix-managed WASM parsers.
You can enable treesitter features for installed grammars in a `FileType` autocommand
or in an `ftplugin/<language>.lua` script, e.g.

View file

@ -105,6 +105,9 @@
"ex-build-helpers-extendMkDerivation": [
"index.html#ex-build-helpers-extendMkDerivation"
],
"ex-modularServiceCompliance-nixos": [
"index.html#ex-modularServiceCompliance-nixos"
],
"ex-pkgs-replace-vars": [
"index.html#ex-pkgs-replace-vars",
"index.html#ex-pkgs-substituteAll",
@ -221,6 +224,9 @@
"neovim-luarocks-based-plugins": [
"index.html#neovim-luarocks-based-plugins"
],
"neovim-plugin-treesitter-wasm": [
"index.html#neovim-plugin-treesitter-wasm"
],
"nixpkgs-manual": [
"index.html#nixpkgs-manual"
],
@ -902,6 +908,18 @@
"glibcxxassertions": [
"index.html#glibcxxassertions"
],
"tester-modularServiceCompliance": [
"index.html#tester-modularServiceCompliance"
],
"tester-modularServiceCompliance-inputs": [
"index.html#tester-modularServiceCompliance-inputs"
],
"tester-modularServiceCompliance-manual": [
"index.html#tester-modularServiceCompliance-manual"
],
"tester-modularServiceCompliance-return": [
"index.html#tester-modularServiceCompliance-return"
],
"tester-shfmt": [
"index.html#tester-shfmt"
],

View file

@ -2863,7 +2863,7 @@
azahi = {
name = "Azat Bahawi";
email = "azat@bahawi.net";
matrix = "@azahi:azahi.cc";
matrix = "@azahi:matrix.org";
github = "azahi";
githubId = 22211000;
keys = [ { fingerprint = "2688 0377 C31D 9E81 9BDF 83A8 C8C6 BDDB 3847 F72B"; } ];
@ -4396,6 +4396,13 @@
githubId = 48105979;
name = "Caitlin Davitt";
};
cakeforcat = {
email = "julia@cakeforcat.dev";
github = "cakeforcat";
githubId = 37912991;
name = "Julia Czarny";
matrix = "@cakeforcat:matrix.org";
};
calavera = {
email = "david.calavera@gmail.com";
github = "calavera";
@ -6651,6 +6658,12 @@
githubId = 8864716;
name = "Duarte David";
};
demic-dev = {
email = "git@demic.dev";
github = "demic-dev";
githubId = 59309595;
name = "Michele De Cillis";
};
demin-dmitriy = {
email = "demindf@gmail.com";
github = "demin-dmitriy";
@ -27420,6 +27433,11 @@
githubId = 3889585;
name = "Cheng Shao";
};
terrorw0lf = {
name = "duckling";
github = "TERRORW0LF";
githubId = 61637480;
};
terryg = {
name = "Terry Garcia";
email = "terry@terryg.org";

View file

@ -747,10 +747,8 @@ with lib.maintainers;
enableFeatureFreezePing = true;
};
tests = {
members = [ tfc ];
scope = "Maintain the NixOS VM test runner.";
shortName = "NixOS tests";
test-driver = {
github = "test-driver";
enableFeatureFreezePing = true;
};

View file

@ -22,10 +22,14 @@
- [Stump](https://www.stumpapp.dev/), a free and open source comics, manga and digital book server with OPDS support. Available as [services.stump](#opt-services.stump.enable).
- [Freescout](https://freescout.net/), a free, open source Helpdesk and shared mailbox. Available as [services.freescout](#opt-services.freescout.enable).
- [FlapAlerted](https://github.com/Kioubit/FlapAlerted), detects BGP flapping events and provides statistics based on BGP update messages. Available as [services.flap-alerted](#opt-services.flap-alerted.enable).
- [Unpackerr](https://unpackerr.zip), extracts downloads for Radarr, Sonarr, Lidarr, Readarr, and/or a Watch folder. Available as [services.unpackerr](#opt-services.unpackerr.enable).
- [Matrix Authentication Service](https://github.com/element-hq/matrix-authentication-service) is an OAuth2.0 and OpenID Connect provider for Matrix homeservers (such as Synapse). It replaces standard password authentication with modern OpenID Connect flows, and can delegate authentication to upstream OIDC providers. Available as [services.matrix-authentication-service](#opt-services.matrix-authentication-service.enable).
## Backward Incompatibilities {#sec-release-26.11-incompatibilities}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -67,10 +71,14 @@
- `security.run0.enableSudoAlias` now uses the `run0-sudo-shim` instead of a shell-script to improve compatibility.
- With `system.etc.overlay.mutable = false`, NixOS now ships an empty `/etc/machine-id` in the image. Previously the file was absent and systemd logged `System cannot boot: Missing /etc/machine-id and /etc/ is read-only` while `ConditionFirstBoot` fired on every boot. With this change, systemd now overlays a transient ID from `/run/machine-id` for the session, and `systemd-machine-id-commit.service` has `ConditionFirstBoot` so it writes the machine-id through to a persistent backing file when one is bind-mounted over `/etc/machine-id`. To persist the machine-id across reboots, bind-mount a writable file containing `uninitialized` over `/etc/machine-id` from the initrd, or set `systemd.machine_id=` on the kernel command line (use `systemd.machine_id=firmware` to derive a stable ID on hardware that supports it).
- `security.run0.persistentAuth` options have been added to support persistent Authentication of session. Timeout configurable via `security.polkit.settings.Polkitd.ExpirationSeconds`.
- `boot.loader.systemd-boot` gained support for [Automatic Boot Assessment](https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT/) via the new [`boot.loader.systemd-boot.bootCounting`](#opt-boot.loader.systemd-boot.bootCounting.enable) options, allowing automatic detection of and recovery from bad NixOS generations. As part of this change, boot loader entries on the ESP/XBOOTLDR partition are now named `nixos-<content-hash>.conf` instead of `nixos-generation-<n>.conf`; existing entries are migrated automatically on the next `nixos-rebuild boot`/`switch`.
- `services.nginx` gained a [`lua`](#opt-services.nginx.lua.enable) option to enable Lua scripting via OpenResty's lua-nginx-module on a stock nginx, configuring `lua_package_path`/`lua_package_cpath` from the packages listed in [`services.nginx.lua.extraPackages`](#opt-services.nginx.lua.extraPackages). Use this to add Lua to a regular nginx; for the full OpenResty platform (libraries that rely on its bundled lualib, such as `lua-resty-openidc`), set `services.nginx.package` to `pkgs.openresty` instead — the option configures the Lua search path for it too.
- `security.polkit.settings` added for RFC42 style configuration of the polkitd daemon.
- The `programs.fuse` module, which provides the `fusermount3` executable and the `/etc/fuse.conf` config file, is now opt-in. The obligation to enable it has been shifted to its various consumers (e.g. gvfs, flatpak, appimage, sshfs). This can break fuse consumers at runtime, that don't explicitly declare that dependency with a module, e.g the mounting functionality in various backup tools (borg, restic, rclone, ...).

View file

@ -106,6 +106,11 @@ let
description = "Path of the device or swap file.";
};
isDevice = mkOption {
default = lib.substring 0 5 config.device == "/dev/";
internal = true;
};
label = mkOption {
example = "swap";
type = types.str;
@ -329,6 +334,7 @@ in
)
} ${sw.device} ${sw.deviceName}
mkswap ${sw.realDevice}
${lib.optionalString sw.isDevice "udevadm trigger ${sw.realDevice}"}
''}
'';
enableStrictShellChecks = true;

View file

@ -810,6 +810,7 @@
./services/matrix/hookshot.nix
./services/matrix/lk-jwt-service.nix
./services/matrix/matrix-alertmanager.nix
./services/matrix/matrix-authentication-service.nix
./services/matrix/maubot.nix
./services/matrix/mautrix-discord.nix
./services/matrix/mautrix-meta.nix
@ -1663,6 +1664,7 @@
./services/web-apps/firefly-iii.nix
./services/web-apps/flarum.nix
./services/web-apps/fluidd.nix
./services/web-apps/freescout.nix
./services/web-apps/freshrss.nix
./services/web-apps/froide-govplan.nix
./services/web-apps/galene.nix
@ -1914,6 +1916,7 @@
./system/boot/clevis-luks-askpass.nix
./system/boot/clevis.nix
./system/boot/emergency-mode.nix
./system/boot/extra-initrd.nix
./system/boot/grow-partition.nix
./system/boot/initrd-network.nix
./system/boot/initrd-openvpn.nix

View file

@ -0,0 +1,445 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
concatMapStringsSep
filter
filterAttrs
getExe
isAttrs
isList
mapAttrs
mkDefault
mkEnableOption
mkIf
mkOption
mkPackageOption
optional
optionalAttrs
types
;
cfg = config.services.matrix-authentication-service;
format = pkgs.formats.yaml { };
filterRecursiveNull =
o:
if isAttrs o then
mapAttrs (_: v: filterRecursiveNull v) (filterAttrs (_: v: v != null) o)
else if isList o then
map filterRecursiveNull (filter (v: v != null) o)
else
o;
# remove null values from the final configuration
finalSettings =
let
pruned = filterRecursiveNull cfg.settings;
in
if pruned ? upstream_oauth2 && pruned.upstream_oauth2 == { } then
removeAttrs pruned [ "upstream_oauth2" ]
else
pruned;
configFile = format.generate "config.yaml" finalSettings;
in
{
meta.maintainers = with lib.maintainers; [
eymeric
flashonfire
mkoppmann
skowalak
];
meta.teams = [ lib.teams.matrix ];
options.services.matrix-authentication-service = {
enable = mkEnableOption "Matrix Authentication Service";
package = mkPackageOption pkgs "matrix-authentication-service" { };
settings = mkOption {
default = { };
description = ''
The primary mas configuration. See the
[configuration reference](https://element-hq.github.io/matrix-authentication-service/usage/configuration.html)
for possible values.
Secrets should be passed in by using the `extraConfigFiles` option.
'';
type = types.submodule {
freeformType = format.type;
options = {
http.public_base = mkOption {
type = types.str;
default = "http://[::]:8080/";
description = ''
Public URL base used when building absolute public URLs.
'';
};
http.trusted_proxies = mkOption {
type = types.listOf types.str;
default = [
"127.0.0.1/8"
"::1/128"
];
description = ''
MAS can infer the client IP address from the X-Forwarded-For header. It will trust the value for this header only if the request comes from a trusted reverse proxy listed here.
'';
};
http.listeners = mkOption {
type = types.listOf (
types.submodule {
freeformType = format.type;
options = {
name = mkOption {
type = types.str;
example = "web";
description = ''
The name of the listener, used in logs and metrics.
'';
};
proxy_protocol = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the PROXY protocol on the listener.
'';
};
resources = mkOption {
type = types.listOf (
types.submodule {
freeformType = format.type;
options = {
name = mkOption {
type = types.str;
description = ''
Serve the given resource.
'';
};
};
}
);
description = ''
List of resources to serve.
'';
};
binds = mkOption {
type = types.listOf (
types.submodule {
freeformType = format.type;
options = {
host = mkOption {
type = types.nullOr types.str;
description = ''
Listen on the given host.
'';
};
port = mkOption {
type = types.nullOr types.port;
description = ''
Listen on the given port.
'';
};
};
}
);
description = ''
List of addresses and ports to listen to.
'';
};
};
}
);
default = [
{
name = "web";
resources = [
{ name = "discovery"; }
{ name = "human"; }
{ name = "oauth"; }
{ name = "compat"; }
{ name = "graphql"; }
{ name = "assets"; }
];
binds = [
{
host = "0.0.0.0";
port = 8080;
}
];
proxy_protocol = false;
}
{
name = "internal";
resources = [
{ name = "health"; }
];
binds = [
{
host = "0.0.0.0";
port = 8081;
}
];
proxy_protocol = false;
}
];
description = ''
Each listener can serve multiple resources, and listen on multiple TCP ports or UNIX sockets.
'';
};
database.uri = mkOption {
type = types.str;
default = "postgresql:///matrix-authentication-service?host=/run/postgresql";
description = ''
The postgres connection string.
Refer to <https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING>.
If you need to put secrets in the uri, please use the `extraConfigFiles` option.
'';
};
database.max_connections = mkOption {
type = types.ints.unsigned;
default = 10;
description = ''
Maximum number of connections for the connection pool.
'';
};
database.min_connections = mkOption {
type = types.ints.unsigned;
default = 0;
description = ''
Minimum number of connections for the connection pool.
'';
};
database.connect_timeout = mkOption {
type = types.ints.unsigned;
default = 30;
description = ''
Connection timeout for the connection pool.
'';
};
database.idle_timeout = mkOption {
type = types.ints.unsigned;
default = 600;
description = ''
Idle timeout for the connection pool.
'';
};
database.max_lifetime = mkOption {
type = types.ints.unsigned;
default = 1800;
description = ''
Maximum lifetime for the connection pool.
'';
};
passwords.enabled = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable the password database. If disabled, users will only be able to log in using upstream OIDC providers.
'';
};
passwords.schemes = mkOption {
type = types.listOf (
types.submodule {
freeformType = format.type;
options = {
version = mkOption {
type = types.ints.unsigned;
description = ''
Password scheme version.
'';
};
algorithm = mkOption {
type = types.str;
description = ''
Password scheme algorithm.
'';
};
};
}
);
default = [
{
version = 1;
algorithm = "argon2id";
}
];
description = ''
List of password hashing schemes being used. Only change this if you know what you're doing.
'';
};
passwords.minimum_complexity = mkOption {
type = types.enum [
0
1
2
3
4
];
default = 3;
description = ''
Minimum complexity required for passwords, estimated by the zxcvbn algorithm.
Must be between 0 and 4, default is 3. See <https://github.com/dropbox/zxcvbn#usage> for more information.
'';
};
matrix.homeserver = mkOption {
type = types.str;
default = "";
description = ''
Corresponds to the server_name in the Synapse configuration file.
'';
};
matrix.endpoint = mkOption {
type = types.str;
default = "";
description = ''
The URL to which the homeserver is accessible from the service.
'';
};
upstream_oauth2.providers = mkOption {
default = null;
type = types.nullOr (
types.listOf (
types.submodule {
freeformType = format.type;
options = {
id = mkOption {
type = types.nullOr types.str;
example = "01H8PKNWKKRPCBW4YGH1RWV279";
default = null;
description = ''
Unique id for the provider, must be a ULID, and can be generated using online tools like <https://www.ulidtools.com>.
'';
};
};
}
)
);
description = ''
Configuration of upstream providers
'';
};
};
};
};
createDatabase = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable and configure `services.postgresql` to ensure that the database user `matrix-authentication-service`
and the database `matrix-authentication-service` exist.
'';
};
extraConfigFiles = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
Extra config files to include.
The configuration files will be included based on the command line
argument --config. This allows to configure secrets without
having to go through the Nix store, e.g. based on deployment keys if
NixOps is in use.
'';
};
serviceDependencies = mkOption {
type = types.listOf types.str;
default = optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit;
defaultText = lib.literalExpression ''
lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit
'';
description = ''
List of Systemd services to require and wait for when starting the application service,
such as the Matrix homeserver if it's running on the same host.
'';
};
};
config = mkIf cfg.enable {
services.postgresql = mkIf cfg.createDatabase {
enable = true;
ensureDatabases = [ "matrix-authentication-service" ];
ensureUsers = [
{
name = "matrix-authentication-service";
ensureDBOwnership = true;
}
];
};
systemd.services.matrix-authentication-service = rec {
after = optional cfg.createDatabase "postgresql.service" ++ cfg.serviceDependencies;
wants = after;
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
ExecStartPre = ''
${getExe cfg.package} config check \
${concatMapStringsSep " " (x: "--config ${x}") ([ configFile ] ++ cfg.extraConfigFiles)}
'';
ExecStart = ''
${getExe cfg.package} server \
${concatMapStringsSep " " (x: "--config ${x}") ([ configFile ] ++ cfg.extraConfigFiles)}
'';
Restart = "on-failure";
RestartSec = "1s";
# Security Hardening
CapabilityBoundingSet = "";
AmbientCapabilities = "";
LockPersonality = true;
NoNewPrivileges = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateMounts = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProcSubset = "pid";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [
"@system-service"
];
UMask = "0077";
# Working and state directories
StateDirectory = "matrix-authentication-service";
StateDirectoryMode = "0700";
WorkingDirectory = "/var/lib/matrix-authentication-service";
};
};
};
}

View file

@ -4,6 +4,7 @@
lib,
pkgs,
utils,
jdk25_headless,
...
}:
let
@ -29,21 +30,16 @@ let
);
in
{
options = {
services.unifi.enable = lib.mkEnableOption "UniFi controller service";
services.unifi.jrePackage = lib.mkOption {
type = lib.types.package;
default = cfg.unifiPackage.passthru.jrePackage or jdk25_headless;
defaultText = lib.literalExpression "unifiPackage.passthru.jrePackage";
services.unifi.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether or not to enable the unifi controller service.
'';
};
services.unifi.jrePackage = lib.mkPackageOption pkgs "jdk" {
default = "jdk25_headless";
extraDescription = ''
Check the UniFi controller release notes to ensure it is supported.
Which Java runtime to use.
'';
};
@ -56,6 +52,7 @@ in
services.unifi.openFirewall = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether or not to open the minimum required ports on the firewall.
@ -69,6 +66,7 @@ in
type = with lib.types; nullOr int;
default = null;
example = 1024;
description = ''
Set the initial heap size for the JVM in MB. If this option isn't set, the
JVM will decide this value at runtime.
@ -79,6 +77,7 @@ in
type = with lib.types; nullOr int;
default = null;
example = 4096;
description = ''
Set the maximum heap size for the JVM in MB. If this option isn't set, the
JVM will decide this value at runtime.
@ -89,15 +88,14 @@ in
type = with lib.types; listOf str;
default = [ ];
example = lib.literalExpression ''["-Xlog:gc"]'';
description = ''
Set extra options to pass to the JVM.
'';
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion =
@ -128,16 +126,18 @@ in
description = "UniFi controller daemon user";
home = "${stateDir}";
};
users.groups.unifi = { };
# https://help.ubnt.com/hc/en-us/articles/218506997
networking.firewall = lib.mkIf cfg.openFirewall {
# https://help.ubnt.com/hc/en-us/articles/218506997
allowedTCPPorts = [
8080 # Port for UAP to inform controller.
8880 # Port for HTTP portal redirect, if guest portal is enabled.
8843 # Port for HTTPS portal redirect, ditto.
6789 # Port for UniFi mobile speed test.
];
allowedUDPPorts = [
3478 # UDP port used for STUN.
10001 # UDP port used for device discovery.
@ -151,6 +151,7 @@ in
# This a HACK to fix missing dependencies of dynamic libs extracted from jars
environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc.lib}/lib";
# Make sure package upgrades trigger a service restart
restartTriggers = [
cfg.unifiPackage
@ -220,12 +221,13 @@ in
# Needs network access
PrivateNetwork = false;
# Cannot be true due to OpenJDK
MemoryDenyWriteExecute = false;
};
};
};
imports = [
(lib.mkRemovedOptionModule [
"services"

View file

@ -158,5 +158,5 @@ in
networking.firewall.allowedTCPPorts = with cfg; lib.optionals openFirewall [ port ];
};
meta.maintainers = with lib.maintainers; [ azahi ];
meta.maintainers = [ ];
}

View file

@ -0,0 +1,487 @@
{
lib,
config,
pkgs,
...
}:
let
# Simple alias variables
user = "freescout";
group = user;
cfg = config.services.freescout;
datadir = "/var/lib/freescout";
cachedir = "/var/cache/freescout";
fpmService = "phpfpm-${user}";
# Generated config and more complex templates / default variables
autoDb = if !cfg.databaseSetup.enable then false else cfg.databaseSetup.kind;
dbService = lib.optional (autoDb != false) (
if autoDb == "mysql" then "mysql.service" else "postgresql.service"
);
db_config = lib.optionalAttrs (autoDb != false) (
if autoDb == "mysql" then
{
DB_CONNECTION = "mysql";
DB_HOST = "";
DB_SOCKET = "/run/mysqld/mysqld.sock";
DB_USERNAME = user;
DB_DATABASE = user;
}
else
{
DB_CONNECTION = "pgsql";
DB_HOST = "/run/postgresql";
DB_DATABASE = user;
DB_USERNAME = user;
}
);
raw_config = {
APP_ENV = "production";
APP_FORCE_HTTPS = true;
APP_URL = "https://${cfg.domain}";
APP_TIMEZONE = config.time.timeZone;
APP_DISABLE_UPDATING = true;
}
// cfg.settings
// db_config;
app_config = dropNull raw_config;
baseService = {
path = [
pkgs.ps
artisanWrapped
];
requires = [
# Using requires (instead of wants) since a failing config
# is indeed critical and should not allow this service to continue
"freescout-setup.service"
]
++ dbService;
serviceConfig = {
User = user;
Group = group;
};
};
# Custom built packages / files / scripts
phpPackage = cfg.phpPackage.buildEnv {
# As of php8.5 opcache is required and automatically compiled in and thus is not available in
# all anymore. To keep compatibility with older versions, still add if available.
extensions =
{ all, enabled }: enabled ++ [ all.iconv ] ++ (lib.optional (all ? opcache) all.opcache);
# Don't log anything because we are not sure, if this may leak secrets
# Logging can be increased, if we have time to check the logging library
extraConfig = ''
error_reporting = 0
'';
};
package = cfg.package.overrideAttrs (prev: {
pname = "${prev.pname}-${cfg.domain}";
postInstall = prev.postInstall or "" + ''
ln -s ${datadir} $out/share/freescout/data
'';
});
artisanWrapped = pkgs.writeShellApplication {
name = "artisan-wrapped";
runtimeInputs = with pkgs; [
util-linux
];
text = ''
cd ${datadir}
_runuser='exec'
if [[ "$USER" != ${user} ]]; then
_runuser='exec runuser --user ${user}'
fi
''${_runuser} ${lib.getExe phpPackage} ${package}/share/freescout/artisan "$@"
'';
};
configFile = mkEnvFile "freescout.env" app_config;
allSecrets = lib.catAttrs "_secret" (lib.collect isSecret app_config);
configSetupScript = pkgs.writeShellScript "freescout-config-setup" ''
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
PATH=${lib.makeBinPath [ pkgs.replace-secret ]}:$PATH
cp ${configFile} "/tmp/raw.env";
${mkSecretsReplacement "/tmp/raw.env" allSecrets}
install -T --mode 400 -o ${user} -g ${group} "/tmp/raw.env" "${datadir}/.env"
rm "/tmp/raw.env"
'';
freescoutSetupScript =
let
rwPaths = [
"storage/app"
"storage/framework"
"storage/framework/sessions"
"storage/framework/views"
"storage/framework/cache/data"
"storage/logs"
"bootstrap/cache"
"public/css/builds"
"public/js/builds"
"Modules"
"public/modules"
];
in
''
set -x
umask 027
# Working arround https://github.com/freescout-helpdesk/freescout/issues/2547
# and having to manually clear cache when migrating from something around
# ~1.8.159 (╯°□°)╯︵ ┻━┻
# See: https://github.com/freescout-help-desk/freescout/issues/4366#issuecomment-2495993397
rm -f ${datadir}/bootstrap/cache.php ${datadir}/bootstrap/cache/{config,packages,services}.php
ln -sf "${artisanWrapped}/bin/artisan-wrapped" "${datadir}/artisan"
${lib.concatMapStringsSep "\n" (p: "mkdir -p ${datadir}/${p}") rwPaths}
# Migrate database and stuff
# This does migrate, cache:clear, queue:restart
${lib.getExe artisanWrapped} freescout:after-app-update
'';
# Helper functions
isSecret = v: lib.isAttrs v && v ? _secret && lib.strings.isConvertibleWithToString v._secret;
hashSecret = p: builtins.hashString "sha256" (toString p);
dropNull = lib.filterAttrsRecursive (
_: v:
!lib.elem v [
null
[ ]
{ }
]
);
mkEnvVars = lib.generators.toKeyValue {
mkKeyValue =
k: v:
let
value =
with builtins;
if isInt v then
toString v
else if isString v then
v
else if isBool v then
lib.boolToString v
else if isSecret v then
hashSecret v._secret
else
throw "freescout: ${k} has unsupported type ${typeOf v}: ${(lib.generators.toPretty { }) v}";
in
"${k}=${value}";
};
mkEnvFile = fname: values: pkgs.writeText fname (mkEnvVars values);
mkSecretsReplacement =
filePath:
lib.concatMapStringsSep "\n" (
sp:
"replace-secret ${
lib.escapeShellArgs [
(hashSecret sp)
sp
]
} ${filePath}"
);
in
{
options.services.freescout = with lib; {
enable = mkEnableOption "FreeScout helpdesk application";
package = mkPackageOption pkgs "freescout" { };
phpPackage = mkOption {
type = types.package;
default = pkgs.php;
description = "The php package to use";
defaultText = literalExpression "pkgs.php";
};
domain = mkOption {
type = types.str;
description = "Domain the freescout installation will run under";
example = "support.mydomain.net";
};
settings = mkOption {
type = with types; attrsOf anything;
apply = mapAttrs' (
k: v: {
name = toUpper k;
value = v;
}
);
default = { };
description = ''
Settings to be set in the `.env` file. See
<https://github.com/freescout-help-desk/freescout/blob/master/.env.example>
for reference on available environment variables.
Will be merged with the shown defaults.
'';
defaultText = lib.literalExpression ''
{
APP_ENV = "production";
APP_FORCE_HTTPS = true;
APP_URL = "https://''${config.services.freescout.domain}";
APP_TIMEZONE = config.time.timeZone;
APP_DISABLE_UPDATING = true;
}
'';
example = lib.literalExpression ''
{
# NOTE: MUST be 256 bits (32 bytes) in length, the form of base64:<base64 encoded key> is recommended.
# You can generate a valid one using `echo "base64:$(openssl rand -base64 32)"`
APP_KEY_FILE = "/run/secret/freescout/app_key";
DB_CONNECTION = "mysql";
DB_HOST = "localhost";
DB_PORT = 3306;
DB_DATABASE = "freescout";
DB_USERNAME = "freescout";
DB_PASSWORD._secret = "/run/secret/freescout/db_pass";
}
'';
};
poolConfig = mkOption {
type =
with types;
attrsOf (oneOf [
str
int
bool
]);
default = {
"pm" = "ondemand";
"pm.max_children" = 32;
"pm.process_idle_timeout" = "120s";
"pm.max_requests" = 500;
};
description = ''
Options for the freescout PHP pool. See the documentation on `php-fpm.conf`
for details on configuration directives.
'';
};
databaseSetup = {
enable = mkOption {
type = types.bool;
description = "Whether to enable automatic database setup and configuration";
default = true;
};
kind = mkOption {
type = types.enum [
"mysql"
"pgsql"
];
default = "pgsql";
example = "mysql";
description = "Type of database to automatically set up";
};
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = (app_config ? "APP_KEY" || app_config ? "APP_KEY_FILE");
message = "`services.freescout.settings.APP_KEY_FILE` is required!";
}
];
warnings =
lib.optional (app_config ? "APP_KEY" && lib.isString app_config.APP_KEY)
"`services.freescout.settings.APP_KEY` will be stored in the world readable nix store. Use `APP_KEY._secret` or `APP_KEY_FILE` instead!";
users.users.${user} = {
inherit group;
isSystemUser = true;
createHome = true;
home = datadir;
homeMode = "750";
};
users.users.${config.services.nginx.user}.extraGroups = [ group ];
users.groups.${group} = { };
services.postgresql = lib.mkIf (autoDb == "pgsql") {
enable = true;
ensureUsers = [
{
name = user;
ensureDBOwnership = true;
}
];
ensureDatabases = [
app_config.DB_DATABASE
];
};
services.mysql = lib.mkIf (autoDb == "mysql") {
enable = true;
package = lib.mkDefault pkgs.mariadb;
ensureUsers = [
{
name = user;
ensurePermissions = {
"${app_config.DB_DATABASE}.*" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [
app_config.DB_DATABASE
];
};
services.phpfpm.pools.${user} = {
inherit phpPackage user group;
phpOptions = ''
display_errors = On
display_startup_errors = On
'';
settings = {
"listen.owner" = user;
"listen.group" = config.services.nginx.group;
"catch_workers_output" = true;
}
// cfg.poolConfig;
};
systemd.services.${fpmService} = {
# Somehow the webinterface shows
inherit (baseService) path;
};
systemd.services.freescout-setup = lib.recursiveUpdate baseService {
description = "Preparational tasks for freescout";
requires = dbService;
wantedBy = [ "multi-user.target" ];
after = dbService;
script = freescoutSetupScript;
serviceConfig = {
PrivateTmp = true;
Type = "oneshot";
RemainAfterExit = true;
ExecStartPre = "+${configSetupScript}";
};
};
# This needs to be manually started again and again
# Freescout has its own scheduler built in to ensure tasks run at the desired frequency
# --no-interaction makes sure, that the queue worker is not executed.
# This is needed, because otherweise the queue worker process would continue running
# thus block further schedule invocations until the queue worker terminates.
# See https://github.com/freescout-help-desk/freescout/blob/74fa4b7d4f8288f8d3fb1d343308d3289c4d72e2/app/Console/Kernel.php#L195-L267
systemd.services."freescout-schedule-run" = baseService // {
startAt = "minutely";
script = "${lib.getExe artisanWrapped} schedule:run --no-interaction";
};
# This is both long-running but also stops quite frequently.
# Seeing job restart counts in the thousands here is normal.
systemd.services."freescout-queue" = lib.recursiveUpdate baseService {
# Copying the output to storage/logs because it makes
# debugging connection issues easier for the user.
script = ''
${lib.getExe artisanWrapped} \
queue:work \
--queue emails,default \
--sleep=5 \
-vv \
--tries=20 \
| tee -a ${datadir}/storage/logs/queue-jobs.log
'';
serviceConfig = {
RestartSec = "15s";
RuntimeMaxSec = "1h";
Restart = "always";
};
wantedBy = [ "multi-user.target" ];
after = [ "freescout-setup.service" ] ++ dbService;
};
services.nginx = {
enable = true;
virtualHosts.${cfg.domain} =
let
vhostCfg = config.services.nginx.virtualHosts.${cfg.domain};
optSsl = lib.optionalString (vhostCfg.forceSSL || vhostCfg.onlySSL) "fastcgi_param HTTPS on;";
in
{
root = lib.mkForce "${package}/share/freescout/public";
locations = {
"/" = {
index = "index.php";
tryFiles = "$uri $uri/ /index.php$is_args$args";
extraConfig = ''
# Defeats E-Mail open tracking or possibly "real" exploits
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'";
'';
};
"~ \\.php$" = {
tryFiles = "$uri $uri/ =404";
extraConfig = ''
fastcgi_index index.php;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools.${user}.socket};
${optSsl}
# Defeats E-Mail open tracking or possibly "real" exploits
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'";
'';
};
"~* ^/storage/attachment/" = {
tryFiles = "$uri $uri/ /index.php?$query_string";
extraConfig = ''
expires 1M;
access_log off;
'';
};
"~* ^/(?:css|js)/.*\\.(?:css|js)$".extraConfig = ''
expires 2d;
access_log off;
add_header Cache-Control "public, must-revalidate";
# Defeats E-Mail open tracking or possibly "real" exploits
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'";
'';
"~* ^/(?:css|fonts|img|installer|js|modules)$".extraConfig = ''
expires 1M;
access_log off;
add_header Cache-Control "public, must-revalidate";
'';
"~ /\\.".extraConfig = ''
deny all;
'';
"^~ /(css|js)/builds/".root = "${cachedir}/public/";
"^~ /storage/app/attachment/" = {
alias = "${datadir}/storage/app/attachment/";
extraConfig = ''
internal;
'';
};
};
};
};
};
}

View file

@ -126,6 +126,28 @@ let
'') (filterAttrs (name: conf: conf.enable) cfg.proxyCachePath)
);
# openresty bundles the lua module and resty.core; stock nginx needs them added.
packageBundlesLua = p: lib.getName p == "openresty";
luaEnv = pkgs.luajit_openresty.withPackages (
ps:
lib.optional (cfg.lua.enable && !packageBundlesLua cfg.package) ps.lua-resty-core
++ cfg.lua.extraPackages ps
);
luaVersion = pkgs.luajit_openresty.luaversion;
# Lua modules install under lib/lua or share/lua depending on the package; ;; keeps nginx's defaults.
luaConfig = ''
lua_package_path '${
lib.concatMapStringsSep ";" (s: "${luaEnv}/${s}") [
"lib/lua/${luaVersion}/?.lua"
"lib/lua/${luaVersion}/?/init.lua"
"share/lua/${luaVersion}/?.lua"
"share/lua/${luaVersion}/?/init.lua"
]
};;';
lua_package_cpath '${luaEnv}/lib/lua/${luaVersion}/?.so;;';
lua_ssl_trusted_certificate ${config.security.pki.caBundle};
'';
toUpstreamParameter =
key: value:
if builtins.isBool value then lib.optionalString value key else "${key}=${toString value}";
@ -295,6 +317,8 @@ let
server_tokens ${if cfg.serverTokens then "on" else "off"};
${optionalString cfg.lua.enable luaConfig}
${cfg.commonHttpConfig}
${proxyCachePathConfig}
@ -771,7 +795,11 @@ in
apply =
p:
p.override {
modules = lib.unique (p.modules ++ cfg.additionalModules);
modules = lib.unique (
p.modules
++ cfg.additionalModules
++ lib.optional (cfg.lua.enable && !packageBundlesLua p) pkgs.nginxModules.lua
);
};
description = ''
Nginx package to use. This defaults to the stable version. Note
@ -791,6 +819,36 @@ in
'';
};
lua = {
enable = mkEnableOption ''
Lua scripting in nginx via OpenResty's lua-nginx-module,
wiring up `lua_package_path`/`lua_package_cpath` for
{option}`services.nginx.lua.extraPackages`.
Use this to add Lua to a stock nginx. For the full OpenResty platform
required by libraries that depend on its bundled lualib (for example
`lua-resty-openidc`, which needs `resty.string` and friends) set
{option}`services.nginx.package` to `pkgs.openresty` instead; this option
then only sets up the search path and leaves OpenResty's built-in Lua
module in place
'';
extraPackages = mkOption {
type = types.functionTo (types.listOf types.package);
default = ps: [ ];
defaultText = literalExpression "ps: [ ]";
example = literalExpression ''
ps: with ps; [ lua-resty-openidc ]
'';
description = ''
Extra Lua packages to put on `lua_package_path` / `lua_package_cpath`,
for both stock nginx and `pkgs.openresty`. Packages are selected from
`pkgs.luajit_openresty.pkgs`. `lua-resty-core`, which the Lua module
requires to start, is added automatically.
'';
};
};
logError = mkOption {
default = "stderr";
type = types.str;

View file

@ -0,0 +1,21 @@
{ config, lib, ... }:
{
options.system.boot.extraInitrd = {
paths = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = ''
List of paths relative to the ESP that are combined with the NixOS
main initrd before being passed to the kernel.
'';
};
};
config = {
boot.bootspec.extensions = lib.mkIf (config.system.boot.extraInitrd.paths != [ ]) {
"org.nixos.extra-initrd.v1" = {
inherit (config.system.boot.extraInitrd) paths;
};
};
};
}

File diff suppressed because it is too large Load diff

View file

@ -205,6 +205,17 @@ in
'';
};
extraInstallCommands = lib.mkOption {
default = "";
type = lib.types.lines;
description = ''
Additional shell commands inserted in the bootloader installer
script after generating menu entries. It can be used to expand
on extra boot entries that cannot incorporate certain pieces of
information (such as the resulting `init=` kernel parameter).
'';
};
secureBoot = {
enable = lib.mkEnableOption null // {
description = ''
@ -443,14 +454,25 @@ in
system = {
boot.loader.id = "limine";
build.installBootLoader = pkgs.replaceVarsWith {
src = ./limine-install.py;
isExecutable = true;
replacements = {
python3 = pkgs.python3.withPackages (python-packages: [ python-packages.psutil ]);
configPath = limineInstallConfig;
};
};
build.installBootLoader =
let
install = pkgs.replaceVarsWith {
src = ./limine-install.py;
isExecutable = true;
replacements = {
python3 = pkgs.python3.withPackages (python-packages: [ python-packages.psutil ]);
configPath = limineInstallConfig;
};
};
final = pkgs.writeScript "limine-install.sh" ''
#!${pkgs.runtimeShell}
set -euo pipefail
${install} "$@"
${cfg.extraInstallCommands}
'';
in
final;
};
})
(lib.mkIf (cfg.enable && cfg.secureBoot.enable) {

View file

@ -45,6 +45,7 @@ BOOT_COUNTING = "@bootCounting@" == "True"
class BootSpec:
init: Path
initrd: Path
extraInitrdPaths: list[Path]
kernel: Path
kernelParams: list[str] # noqa: N815
label: str
@ -306,9 +307,7 @@ def get_bootspec(profile: str | None, generation: int) -> BootSpec | None:
try:
bootspec_json = json.load(f)
except ValueError as e:
print(
f"error: Malformed Json: {e}, in {boot_json_path}", file=sys.stderr
)
print(f"error: Malformed Json: {e}, in {boot_json_path}", file=sys.stderr)
sys.exit(1)
return bootspec_from_json(bootspec_json)
@ -320,6 +319,11 @@ def bootspec_from_json(bootspec_json: dict[str, Any]) -> BootSpec:
sortKey = systemdBootExtension.get("sortKey", "nixos")
devicetree = systemdBootExtension.get("devicetree")
extraInitrdExtension = bootspec_json.get("org.nixos.extra-initrd.v1", {})
extraInitrdPaths = list(
map(lambda path: Path(path), extraInitrdExtension.get("paths", []))
)
if devicetree:
devicetree = Path(devicetree)
@ -332,6 +336,7 @@ def bootspec_from_json(bootspec_json: dict[str, Any]) -> BootSpec:
specialisations=specialisations,
sortKey=sortKey,
devicetree=devicetree,
extraInitrdPaths=extraInitrdPaths,
)
@ -374,16 +379,21 @@ def boot_file(
specialisation=" (%s)" % specialisation if specialisation else "",
)
description = f"Generation {generation} {bootspec.label}, built on {build_date}"
boot_entry = [
f"title {title}",
f"version {description}",
f"linux /{str(kernel.path)}",
f"initrd /{str(initrd.path)}",
f"options {kernel_params}",
f"machine-id {machine_id}" if machine_id is not None else None,
f"devicetree /{str(devicetree.path)}" if devicetree is not None else None,
f"sort-key {bootspec.sortKey}",
]
boot_entry = (
[
f"title {title}",
f"version {description}",
f"linux /{str(kernel.path)}",
f"initrd /{str(initrd.path)}",
]
+ list(map(lambda initrd: f"initrd /{initrd}", bootspec.extraInitrdPaths))
+ [
f"options {kernel_params}",
f"machine-id {machine_id}" if machine_id is not None else None,
f"devicetree /{str(devicetree.path)}" if devicetree is not None else None,
f"sort-key {bootspec.sortKey}",
]
)
contents = "\n".join(filter(None, boot_entry))
entry, bootctl_id = BootFile.from_entry(contents.encode("utf-8"))
return (list(filter(None, [kernel, initrd, devicetree, entry])), bootctl_id)

View file

@ -182,16 +182,37 @@
})
(lib.mkIf (config.system.etc.overlay.enable && !config.system.etc.overlay.mutable) {
# Systemd requires /etc/machine-id exists or can be initialized on first
# boot. This file should not be part of an image or system config because
# it is unique to the machine, so it is initialized at first boot and
# persisted in the system state directory, /var/lib/nixos.
environment.etc."machine-id".source = lib.mkDefault "/var/lib/nixos/machine-id";
boot.initrd.systemd.tmpfiles.settings.machine-id."/sysroot/var/lib/nixos/machine-id".f =
lib.mkDefault
{
argument = "uninitialized";
};
# An empty regular file means systemd will bind mount /run/machine-id
# on top, and ConditionFirstBoot will be false (the file will never
# change, so this makes sense). See machine-id(5) "First Boot
# Semantics". It also serves as a target to bind mount an actually
# persistent machine-id onto. A symlink doesn't work here since
# systemd-machine-id-commit checks /etc/machine-id itself for being a
# mountpoint without following symlinks, so it would never commit
# through a symlink.
environment.etc.machine-id = lib.mkDefault {
text = "";
mode = "0444";
};
# The upstream unit has ConditionPathIsReadWrite=/etc, which is always
# false here. Replace it with ConditionFirstBoot: with the empty
# placeholder above first-boot is "no" and commit stays skipped, but
# when a persistence module bind-mounts a writable file containing
# "uninitialized" over /etc/machine-id, first-boot is "yes" once and
# commit writes the generated ID through the bind mount.
#
# An empty Condition*= assignment resets *all* condition types, and
# this attrset is serialised in key order, so the reset goes through
# ConditionFirstBoot (sorts first) and we re-add the upstream
# ConditionPathIsMountPoint afterwards.
systemd.services.systemd-machine-id-commit.unitConfig = {
ConditionFirstBoot = lib.mkDefault [
""
"true"
];
ConditionPathIsMountPoint = lib.mkDefault "/etc/machine-id";
};
})
];

View file

@ -76,6 +76,19 @@
with subtest("/etc is mounted as an overlay"):
machine.succeed("findmnt --kernel --type overlay /etc")
with subtest("machine-id is set up without first-boot looping"):
# The baked-in placeholder is an empty regular file; systemd overlays
# /run/machine-id on top so the session has a valid ID while the
# commit service is condition-skipped (no writable /etc to commit to).
machine.succeed("stat --format '%F' /etc/machine-id | tee /dev/stderr | grep -q 'regular'")
machine.succeed("grep -qE '^[0-9a-f]{32}$' /etc/machine-id")
machine.fail("journalctl -b | grep -F 'System cannot boot: Missing /etc/machine-id'")
machine.fail("journalctl -b | grep -F 'Detected first boot'")
machine.fail("systemctl is-failed --quiet systemd-machine-id-commit.service")
assert machine.succeed(
"systemctl show -P ConditionResult systemd-machine-id-commit.service"
).strip() == "no"
with subtest("modes work correctly"):
machine.succeed("stat --format '%F' /etc/modetest | tee /dev/stderr | grep -q 'regular file'")
machine.succeed("stat --format '%F' /etc/modetest2 | tee /dev/stderr | grep -q 'regular file'")

View file

@ -554,6 +554,9 @@ in
etebase-server = runTest ./etebase-server.nix;
etesync-dav = runTest ./etesync-dav.nix;
evcc = runTest ./evcc.nix;
extra-initrd = import ./extra-initrd.nix {
inherit runTest pkgs;
};
facter = runTest ./facter;
fail2ban = runTest ./fail2ban.nix;
fakeroute = runTest ./fakeroute.nix;
@ -627,6 +630,9 @@ in
forgejoPackage = pkgs.forgejo-lts;
};
freenet = runTest ./freenet.nix;
freescout = import ./freescout {
inherit runTest;
};
freeswitch = runTest ./freeswitch.nix;
freetube = discoverTests (import ./freetube.nix);
freshrss = import ./freshrss { inherit runTest; };
@ -980,6 +986,7 @@ in
matomo = runTest ./matomo.nix;
matrix-alertmanager = runTest ./matrix/matrix-alertmanager.nix;
matrix-appservice-irc = runTest ./matrix/appservice-irc.nix;
matrix-authentication-service = runTest ./matrix/matrix-authentication-service.nix;
matrix-conduit = runTest ./matrix/conduit.nix;
matrix-continuwuity = runTest ./matrix/continuwuity.nix;
matrix-synapse = runTest ./matrix/synapse.nix;
@ -1125,6 +1132,7 @@ in
nginx-etag-compression = runTest ./nginx-etag-compression.nix;
nginx-globalredirect = runTest ./nginx-globalredirect.nix;
nginx-http3 = import ./nginx-http3.nix { inherit pkgs runTest; };
nginx-lua = runTest ./nginx-lua.nix;
nginx-mime = runTest ./nginx-mime.nix;
nginx-modsecurity = runTest ./nginx-modsecurity.nix;
nginx-moreheaders = runTest ./nginx-moreheaders.nix;
@ -1612,6 +1620,16 @@ in
syncthing-relay = runTest ./syncthing/relay.nix;
sysfs = runTest ./sysfs.nix;
sysinit-reactivation = runTest ./sysinit-reactivation.nix;
system-services-compliance = recurseIntoAttrs (
import ./system-services-compliance.nix {
inherit
pkgs
evalSystem
runTest
callTest
;
}
);
systemd = runTest ./systemd.nix;
systemd-analyze = runTest ./systemd-analyze.nix;
systemd-binfmt = handleTestOn [ "x86_64-linux" ] ./systemd-binfmt.nix { };

View file

@ -1,7 +1,7 @@
{ lib, pkgs, ... }:
{
name = "endlessh-go";
meta.maintainers = with lib.maintainers; [ azahi ];
meta.maintainers = [ ];
nodes = {
server =

View file

@ -0,0 +1,96 @@
{
runTest,
...
}:
let
common =
{ config, pkgs, ... }:
{
virtualisation.useBootLoader = true;
virtualisation.useEFIBoot = true;
system.boot.extraInitrd.paths = [
extraInitrdPath
];
boot.loader.timeout = 2;
boot.initrd.systemd.mounts = [
{
what = "/canary.txt";
where = "/sysroot/run/canary.txt";
type = "none";
options = "bind";
unitConfig = {
DefaultDependencies = false;
};
requiredBy = [ "initrd-fs.target" ];
before = [ "initrd-fs.target" ];
}
];
};
extraInitrdPath = "custom.cpio";
canaryCpio =
pkgs:
pkgs.runCommand "canary.cpio"
{
nativeBuildInputs = [ pkgs.cpio ];
}
''
echo canary > canary.txt
find . -print0 | cpio --null -o --format=newc > $out
'';
testScript =
# python
''
machine.wait_for_unit("multi-user.target")
# Check that the extra cpio archive is on the ESP
machine.succeed("test -e /boot/custom.cpio")
# Check that the initrd that we booted with contained the file from
# the extra initrd and our initrd mount unit bound it into sysroot
assert machine.succeed("cat /run/canary.txt").strip() == "canary"
'';
in
{
systemd-boot = runTest (
{ pkgs, ... }: {
name = "systemd-boot-extra-initrd";
nodes.machine = { config, ... }: {
imports = [ common ];
boot.loader.systemd-boot = {
enable = true;
extraInstallCommands = ''
cp ${canaryCpio pkgs} ${config.boot.loader.efi.efiSysMountPoint}/${extraInitrdPath}
'';
};
};
inherit testScript;
}
);
limine = runTest {
name = "limine-extra-initrd";
nodes.machine = { pkgs, config, ... }: {
imports = [ common ];
boot.loader.limine = {
enable = true;
efiSupport = true;
enableEditor = true;
extraInstallCommands = ''
cp ${canaryCpio pkgs} ${config.boot.loader.efi.efiSysMountPoint}/${extraInitrdPath}
'';
};
};
inherit testScript;
};
}

View file

@ -6,20 +6,19 @@
jtojnar
];
nodes.machine =
containers.machine =
{ config, pkgs, ... }:
{
fonts.enableDefaultPackages = true; # Background fonts
fonts.packages = with pkgs; [
noto-fonts-color-emoji
cantarell-fonts
twitter-color-emoji
source-code-pro
gentium
];
fonts.fontconfig.defaultFonts = {
serif = [ "Gentium" ];
sansSerif = [ "Cantarell" ];
sansSerif = [ "DejaVu Sans" ];
monospace = [ "Source Code Pro" ];
emoji = [ "Twitter Color Emoji" ];
};
@ -27,7 +26,7 @@
testScript = ''
machine.succeed("fc-match serif | grep '\"Gentium\"'")
machine.succeed("fc-match sans-serif | grep '\"Cantarell\"'")
machine.succeed("fc-match sans-serif | grep '\"DejaVu Sans\"'")
machine.succeed("fc-match monospace | grep '\"Source Code Pro\"'")
machine.succeed("fc-match emoji | grep '\"Twitter Color Emoji\"'")
'';

View file

@ -0,0 +1,5 @@
{ runTest }:
{
integration = runTest ./integration.nix;
upgrade = runTest ./upgrade.nix;
}

View file

@ -0,0 +1,195 @@
# This tests runs freescout and performs the following tests:
# - Create amin user via the CLI
# - Create mailbox, configured for sending and receiving
# - Test if receiving, sending and notifications work
{ pkgs, lib, ... }:
let
mailDomain = "freemail.local";
freescoutDomain = "freescout.local";
sendInitial = pkgs.writeShellScriptBin "send-initial" ''
exec ${pkgs.dovecot}/libexec/dovecot/deliver -d freescout <<MAIL
From: root@localhost
To: freescout@localhost
Subject: Hello NixOS!
Message-ID: initialtestmail-$(date +%s)@localhost
I am just a test E-Mail to see if freescout is (somewhat) working.
MAIL
'';
keyFile = pkgs.writeText "freescout-app-key" "base64:J8ZgK5LZkhVKpmZvjjA700sNL7+Y6aQTus8ZnUNNAaE=";
baseTestNode =
{
config,
...
}:
{
virtualisation.memorySize = 1024;
environment.systemPackages = with pkgs; [
curl
sendInitial
jq
];
networking.firewall.allowedTCPPorts = [
80
8025
];
networking.extraHosts = ''
127.0.0.1 ${mailDomain} ${freescoutDomain}
'';
services.mailhog = {
enable = true;
setSendmail = false;
};
users.users.alice = {
isNormalUser = true;
description = "Alice Foobar";
password = "foobar";
uid = 1000;
};
users.users.bob = {
isNormalUser = true;
description = "Bob Foobar";
password = "foobar";
};
# Taken from from the parsedmarc.nix test
services.postfix.enable = true;
services.dovecot2 = {
enable = true;
settings = {
dovecot_config_version = "2.4.4";
dovecot_storage_version = "2.4.4";
mail_uid = "vmail";
mail_gid = "vmail";
protocols = [
"imap"
"lmtp"
];
mail_driver = "maildir";
mail_home = "${config.services.postfix.settings.main.mail_spool_directory}/{user}";
"passdb static" = {
fields = {
nopassword = true;
allow_nets = "local,0.0.0.0/0,::/0";
};
};
};
};
users.users.freescout = {
password = "foobar2342";
};
services.freescout = {
enable = true;
domain = freescoutDomain;
settings = {
APP_KEY._secret = toString keyFile;
APP_FORCE_HTTPS = false;
APP_URL = "http://${freescoutDomain}";
APP_REMOTE_HOST_WHITE_LIST = "localhost,127.0.0.1,::1";
APP_DEBUG = true;
};
};
};
mkNode =
dbType:
{ config, pkgs, ... }:
{
imports = [
baseTestNode
];
services.freescout.databaseSetup = {
enable = true;
kind = dbType;
};
};
in
{
name = "freescout-integration";
meta.maintainers = with lib.maintainers; [
e1mo
];
nodes = {
# This may lead to duplicate tests, but ensures that
# it's always tested on the current default version
# even if the tests are not updated
freescout_pgsql = mkNode "pgsql";
# Same as the freescout_pgsql_default node
freescout_mysql = mkNode "mysql";
};
testScript = ''
start_all()
for machine in [freescout_pgsql]:
machine.wait_for_unit("postgresql")
for machine in [freescout_mysql]:
machine.wait_for_unit("mysql")
all=[
freescout_pgsql,
freescout_mysql
]
for machine in all:
machine.wait_for_unit("nginx")
machine.wait_for_unit("dovecot")
machine.wait_for_unit("mailhog")
machine.wait_for_open_port(1025)
machine.wait_for_open_port(8025)
machine.wait_for_unit("freescout-setup")
with subtest("Login works"):
machine.succeed("/var/lib/freescout/artisan freescout:create-user --role=admin --firstName=Xenia --lastName=TheFox --email xenia@${freescoutDomain} --no-interaction --password=foo | grep 'User created with id'")
token=machine.succeed("curl -fsSL --cookie-jar cjar 'http://${freescoutDomain}/login' | grep -Po '(?<= name=\"_token\" value=\")(\\w+)(?=\")'").strip()
data=f"email=xenia%40${freescoutDomain}&password=foo&_token={token}&remember=on"
machine.succeed(f"curl -sSfX POST --cookie-jar cjar --cookie cjar --data-raw '{data}' 'http://${freescoutDomain}/login' | grep 'Redirecting to'")
machine.succeed("curl -fsSL --cookie-jar cjar --cookie cjar 'http://${freescoutDomain}' | grep 'Dashboard'")
# Enable all (most except following) notifications
to_enable=list(range(1, 9))
enable_data="&".join(map(lambda n: "subscriptions%5B1%5D%5B%5D=" + str(n), range(1,9)))
data=f"_token={token}&{enable_data}"
machine.succeed(f"curl -sSfX POST --cookie-jar cjar --cookie cjar --data-raw '{data}' 'http://${freescoutDomain}/users/notifications/1'")
with subtest("Create and edit Mailbox"):
data=f"email=freescout%40${mailDomain}&name=Test+Mailbox&_token={token}"
machine.succeed(f"curl -sSfX POST --cookie-jar cjar --cookie cjar --data-raw '{data}' 'http://${freescoutDomain}/mailbox/new'")
machine.succeed("curl -fsSL --cookie-jar cjar --cookie cjar 'http://${freescoutDomain}' | grep 'Test Mailbox'")
machine.succeed("curl -sSf --cookie-jar cjar --cookie cjar 'http://${freescoutDomain}/mailbox/1' | grep 'freescout@${mailDomain}'")
data=f"out_method=3&out_server=localhost&out_port=1025&out_username=&out_password=&out_encryption=1&_token={token}"
machine.succeed(f"curl -sSfX POST --cookie-jar cjar --cookie cjar --data-raw '{data}' 'http://${freescoutDomain}/mailbox/connection-settings/1/outgoing'")
data=f"&in_protocol=1&in_server=localhost&in_port=143&in_username=freescout&in_password=super_secret&in_encryption=1&in_imap_folders%5B%5D=INBOX&imap_sent_folder=&_token={token}"
machine.succeed(f"curl -fsSX POST --cookie-jar cjar --cookie cjar --data-raw '{data}' 'http://${freescoutDomain}/mailbox/connection-settings/1/incoming'")
data="&action=fetch_test&mailbox_id=1"
machine.succeed(f"test $(curl -sSfX POST --cookie-jar cjar --cookie cjar -H 'X-CSRF-TOKEN: {token}' --data-raw '{data}' 'http://${freescoutDomain}/mailbox/ajax' | jq -r '.status') = 'success'")
with subtest("Send E-Mails"):
machine.succeed("send-initial")
# Doing a second loop so that we won't have to wait that much
for machine in all:
with subtest("E-Mails ae received"):
machine.wait_until_succeeds("curl -sSf --cookie-jar cjar --cookie cjar 'http://${freescoutDomain}/mailbox/1' | grep 'Hello NixOS'", timeout=180)
# Notifactions to users are being sent
for machine in all:
with subtest("Notifications are sent"):
machine.wait_until_succeeds("test $(curl -sSf http://127.0.0.1:8025/api/v2/messages | jq '.total') -eq 1", timeout=180)
machine.succeed("curl -sSf http://127.0.0.1:8025/api/v2/messages | jq '.items[].Content.Headers[\"X-FreeScout-Mail-Type\"] | .[0]'")
with subtest("Ensure vars are being generated"):
machine.succeed("curl -sSf 'http://${freescoutDomain}/'")
machine.succeed("curl -sSf 'http://${freescoutDomain}/storage/js/vars.js'")
'';
}

View file

@ -0,0 +1,94 @@
# This tests checks, wether upgrading between versions works fine
# In the past, there have been releases that would require manual deletion of specific
# cache files, otherwise bricking the installation.
# This test should catch similar instances in the future.
# The oldFreescoutVersion may need a bump from time to time as there may be incompatibilities
# with up-to-date databases on older freescout versions.
{
pkgs,
lib,
...
}:
let
freescoutDomain = "freescout.local";
oldFreescoutVersion = pkgs.freescout.overrideAttrs (oa: rec {
version = "1.8.220";
src = pkgs.fetchFromGitHub {
owner = "freescout-help-desk";
repo = "freescout";
tag = version;
hash = "sha256-bOkazBcd9EKzQdZZA6YMn4+UNYhpDFV9hDMHR5kXke0=";
};
});
newFreescoutVersion = pkgs.freescout;
in
{
name = "freescout-upgrade";
meta.maintainers = with lib.maintainers; [
e1mo
];
nodes.machine =
{ config, lib, ... }:
{
networking.extraHosts = ''
127.0.0.1 ${freescoutDomain}
'';
virtualisation.memorySize = 1024;
environment.systemPackages = with pkgs; [
curl
jq
];
services.freescout = {
package = oldFreescoutVersion;
enable = true;
domain = freescoutDomain;
settings = {
APP_KEY = "base64:J8ZgK5LZkhVKpmZvjjA700sNL7+Y6aQTus8ZnUNNAaE=";
APP_FORCE_HTTPS = false;
APP_URL = "http://${freescoutDomain}:8888";
APP_DEBUG = true;
};
databaseSetup = {
enable = true;
kind = "pgsql";
};
};
specialisation.upgrade.configuration.services.freescout.package = lib.mkForce newFreescoutVersion;
};
testScript =
{ nodes, ... }:
let
oldVersion = nodes.machine.services.freescout.package.version;
newVersion = nodes.machine.specialisation.upgrade.configuration.services.freescout.package.version;
in
''
machine.start()
machine.wait_for_unit("nginx")
machine.wait_for_unit("postgresql")
machine.wait_for_unit("freescout-setup")
with subtest("Create user and log in"):
# Create uesr
machine.succeed("/var/lib/freescout/artisan freescout:create-user --role=admin --firstName=Xenia --lastName=TheFox --email xenia@${freescoutDomain} --no-interaction --password=foo | grep 'User created with id'")
# Obtain CSRF token
token=machine.succeed("curl -fsSL --cookie-jar cjar 'http://${freescoutDomain}/login' | grep -Po '(?<= name=\"_token\" value=\")(\w+)(?=\")'").strip()
# Actually log in
data=f"email=xenia%40${freescoutDomain}&password=foo&_token={token}&remember=on"
machine.succeed(f"curl -sSfX POST --cookie-jar cjar --cookie cjar --data-raw '{data}' 'http://${freescoutDomain}/login' | grep 'Redirecting to'")
with subtest("Check old API version"):
machine.succeed("curl -fsSL --cookie-jar cjar --cookie cjar 'http://${freescoutDomain}/system/status' | grep ${oldVersion}")
machine.execute("${nodes.machine.system.build.toplevel}/specialisation/upgrade/bin/switch-to-configuration test >&2")
machine.wait_for_unit("nginx")
machine.wait_for_unit("freescout-setup")
with subtest("Check new API version"):
machine.succeed("curl -fsSL --cookie-jar cjar --cookie cjar 'http://${freescoutDomain}/system/status' | grep ${newVersion}")
'';
}

View file

@ -0,0 +1,430 @@
{ pkgs, lib, ... }:
let
mailerCerts = import ../common/acme/server/snakeoil-certs.nix;
ca_key = mailerCerts.ca.key;
ca_pem = mailerCerts.ca.cert;
mkBundle =
domain:
pkgs.runCommand "bundle-${domain}"
{
nativeBuildInputs = [ pkgs.minica ];
}
''
minica -ca-cert ${ca_pem} -ca-key ${ca_key} \
-domains ${domain}
install -Dm444 -t $out ${domain}/{key,cert}.pem
'';
mkDexConfig =
domain: primaryIP:
let
bundle = mkBundle domain;
in
{
enable = true;
settings = {
issuer = "https://${dexDomain}:5556";
storage.type = "sqlite3";
web = {
https = "${primaryIP}:5556";
tlsCert = "${bundle}/cert.pem";
tlsKey = "${bundle}/key.pem";
};
oauth2.skipApprovalScreen = true;
connectors = [
{
type = "mockPassword";
id = "mock";
name = "Example";
config = {
username = "${testUser}";
password = "${testPassword}";
};
}
];
};
};
testUser = "alice";
testPassword = "AliceSuperSecretPassword123!";
matrixSecret = "test_matrix_shared_secret_0123456789abcdef";
synapseDomain = "hs1.test";
masDomain = "mas1.test";
masULID = "01KVT6DSNT2MWD7WYMT2FY4SH5";
dexDomain = "dex1.test";
oidcClientID = "matrix-authentication-service";
oidcClientSecret = "lalalalalala";
loginCodeVerifier = "5kaYTTNVVehUrtJ8xi72ogdfwX8vxHMb3jEUBjyWcXQ";
loginCodeChallenge = "FbNLCROaJHe4LJQ7FEm7XjqDoWazb3emTE89x6Nx0Ng";
in
{
name = "matrix-authentication-service-upstream";
meta = {
maintainers = pkgs.matrix-authentication-service.meta.maintainers ++ lib.teams.matrix.members;
};
nodes = {
hs1 =
{
lib,
config,
pkgs,
nodes,
...
}:
let
bundle = mkBundle synapseDomain;
in
{
networking = {
hostName = lib.head (lib.strings.splitString "." synapseDomain);
domain = lib.last (lib.strings.splitString "." synapseDomain);
firewall.allowedTCPPorts = [
80
443
8448
];
};
services.matrix-synapse = {
enable = true;
extras = [ "oidc" ];
settings = {
listeners = [
{
port = 8448;
bind_addresses = [
config.networking.primaryIPAddress
];
type = "http";
tls = true;
x_forwarded = false;
resources = [
{
names = [
"client"
];
compress = true;
}
{
names = [
"federation"
];
compress = false;
}
];
}
];
database = {
name = "psycopg2";
args.password = "synapse";
};
redis = {
enabled = true;
host = "localhost";
port = config.services.redis.servers.matrix-synapse.port;
};
tls_certificate_path = "${bundle}/cert.pem";
tls_private_key_path = "${bundle}/key.pem";
public_baseurl = "https://${synapseDomain}:8448";
# Delegate authentication to MAS
matrix_authentication_service = {
enabled = true;
endpoint = "https://${masDomain}:8080";
force_http2 = true;
secret = matrixSecret;
};
};
};
services.postgresql = {
enable = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
# The database name and user are configured by the following options:
# - services.matrix-synapse.database_name
# - services.matrix-synapse.database_user
#
# The values used here represent the default values of the module.
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
services.redis.servers.matrix-synapse = {
enable = true;
port = 6379;
};
security.pki.certificateFiles = [
ca_pem
];
networking.extraHosts = ''
${nodes.mas1.networking.primaryIPAddress} ${masDomain}
${nodes.dex1.networking.primaryIPAddress} ${dexDomain}
${nodes.hs1.networking.primaryIPAddress} ${synapseDomain}
'';
environment.systemPackages = [
pkgs.matrix-synapse
pkgs.matrix-authentication-service
];
};
mas1 =
{ nodes, ... }:
let
bundle = mkBundle masDomain;
in
{
services.matrix-authentication-service = {
enable = true;
createDatabase = true;
settings = {
http = {
public_base = "https://${masDomain}:8080/";
tls = {
certificate_file = "${bundle}/cert.pem";
key_file = "${bundle}/key.pem";
};
listeners = [
{
name = "web";
binds = [ { address = "0.0.0.0:8080"; } ];
resources = [
{ name = "discovery"; }
{ name = "human"; }
{ name = "oauth"; }
];
tls = {
certificate_file = "${bundle}/cert.pem";
key_file = "${bundle}/key.pem";
};
}
];
};
matrix = {
homeserver = "hs1";
endpoint = "https://${synapseDomain}:8448/";
secret_file = "/var/lib/matrix-authentication-service/matrix_secret";
};
database.uri = "postgresql:///matrix-authentication-service?host=/run/postgresql&user=matrix-authentication-service";
secrets = {
encryption_file = "/var/lib/matrix-authentication-service/encryption";
keys = [
{
kid = "rsa-4096";
key_file = "/var/lib/matrix-authentication-service/key_rsa_4096";
}
];
};
policy.data.client_registration.allow_insecure_uris = true;
upstream_oauth2.providers = [
{
id = masULID;
client_id = oidcClientID;
client_secret = oidcClientSecret;
issuer = "https://${dexDomain}:5556";
scope = "openid email profile";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
services.postgresql.authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
systemd.services.matrix-authentication-service.preStart = ''
echo -n '${matrixSecret}' > /var/lib/matrix-authentication-service/matrix_secret
echo -n '0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef' > /var/lib/matrix-authentication-service/encryption
${pkgs.openssl}/bin/openssl genrsa -out /var/lib/matrix-authentication-service/key_rsa_4096 4096
'';
security.pki.certificateFiles = [ ca_pem ];
networking.extraHosts = ''
${nodes.hs1.networking.primaryIPAddress} ${synapseDomain}
${nodes.dex1.networking.primaryIPAddress} ${dexDomain}
'';
networking.firewall.allowedTCPPorts = [
8080
8081
];
};
dex1 =
{
lib,
config,
nodes,
...
}:
{
services.dex = lib.mkMerge [
(mkDexConfig dexDomain config.networking.primaryIPAddress)
{
settings.staticClients = [
{
id = oidcClientID;
name = "Matrix";
redirectURIs = [ "https://${masDomain}:8080/upstream/callback/${masULID}" ];
secret = oidcClientSecret;
}
];
}
];
security.pki.certificateFiles = [ ca_pem ];
networking.extraHosts = ''
${nodes.hs1.networking.primaryIPAddress} ${synapseDomain}
${nodes.mas1.networking.primaryIPAddress} ${masDomain}
${nodes.dex1.networking.primaryIPAddress} ${dexDomain}
'';
networking.firewall.allowedTCPPorts = [ 5556 ];
};
};
testScript = ''
import json
import re
COOKIES = "-c /tmp/cookies.txt -b /tmp/cookies.txt"
def visit(url, *opts):
"""Follow the whole redirect chain from `url`; return `effective_url` and response body."""
out = dex1.succeed(
f"curl -sL {COOKIES} {' '.join(opts)} -w '\\n%{{url_effective}}' '{url.strip()}'"
)
body, _, effective = out.rpartition("\n")
return effective.strip(), body
def location(url, *opts):
"""Request `url` and return where it redirects, but don't follow it.
Used for the OAuth callback, which points at http://localhost:1234 where
nothing is listening, so `curl --location` would ultimately fail.
"""
return dex1.succeed(
f"curl -s {COOKIES} -w '%{{redirect_url}}' -o /dev/null "
f"{' '.join(opts)} '{url.strip()}'"
).strip()
def extract_csrf(html):
match = re.search(r'name="csrf" value="([^"]+)"', html)
assert match is not None, f"unable to find csrf token in {html}"
return match.group(1)
def authorize():
"""Start the OIDC flow and return the first redirect URL."""
return dex1.succeed(
"scope='openid urn:matrix:org.matrix.msc2967.client:api:*'; "
"curl -fs -G -w '%{redirect_url}' -o /dev/null https://${masDomain}:8080/authorize "
f"-d response_type=code -d client_id={client_id} "
"-d redirect_uri=http://localhost:1234/callback "
'--data-urlencode "scope=$scope" '
"-d state=somestate -d code_challenge=${loginCodeChallenge} "
"-d code_challenge_method=S256"
)
start_all()
# wait locally until units are ready
dex1.wait_for_unit("dex.service")
hs1.wait_for_unit("matrix-synapse.service")
mas1.wait_for_unit("matrix-authentication-service.service")
hs1.wait_until_succeeds("curl --fail -s --cacert ${ca_pem} https://${synapseDomain}:8448/")
hs1.wait_until_succeeds("journalctl -u matrix-synapse.service | grep -q 'Connected to redis'")
hs1.require_unit_state("postgresql.target")
mas1.wait_for_open_port(8080)
# cross-node reachability
mas1.wait_until_succeeds("curl --fail --silent --show-error --cacert ${ca_pem} https://${dexDomain}:5556/.well-known/openid-configuration")
mas1.wait_until_succeeds("curl --fail --silent --show-error --cacert ${ca_pem} https://${synapseDomain}:8448/")
hs1.wait_until_succeeds("curl --fail --silent --show-error https://${masDomain}:8080/.well-known/openid-configuration")
# Register a fresh OAuth client and grab its client_id
client_id_resp = json.loads(dex1.succeed(
"curl -s -X POST https://${masDomain}:8080/oauth2/registration "
"-H 'Content-Type: application/json' "
"-d '{ \"client_name\": \"test_client\", \"client_uri\": \"http://localhost:1234/\", \"redirect_uris\": [\"http://localhost:1234/callback\"], \"response_types\": [\"code\"], \"grant_types\": [ \"authorization_code\" ], \"token_endpoint_auth_method\": \"none\" }'"
))
t.assertIn("client_id", client_id_resp)
client_id = client_id_resp["client_id"]
with subtest("Register"):
location(authorize()) # follow /authorize to put the session cookie in the jar.
# To login with Upstream (Dex) the page returns a clickable link; we hardcode
# it here since we already know its shape.
upstream_url = f"https://${masDomain}:8080/upstream/authorize/${masULID}?id={client_id}&kind=continue_authorization_grant"
_, mock_body = visit(upstream_url)
_match = re.search(r'state=([^"&]+)', mock_body)
assert _match is not None, f"unable to find state in {mock_body}"
oidc_state = _match.group(1)
next_url, body = visit(
f"https://${dexDomain}:5556/auth/mock/login?back=&state={oidc_state}",
"-d 'login=${testUser}'",
"-d 'password=${testPassword}'",
)
next_url, body = visit(next_url, f"-d 'csrf={extract_csrf(body)}&action=register&username=${testUser}'")
visit(next_url, f"-d 'csrf={extract_csrf(body)}&action=set&display_name=Alice'")
with subtest("Login"):
consent_url, body = visit(authorize())
# Alice already has a session cookie, so /consent redirects straight to the callback.
callback_url = location(consent_url, f"-d 'csrf={extract_csrf(body)}&action=consent'")
_match = re.search(r'code=([^&]+)', callback_url)
assert _match is not None, f"unable to find code in {callback_url}"
code = _match.group(1)
access_token_resp = json.loads(dex1.succeed(
"curl -s -X POST https://${masDomain}:8080/oauth2/token "
"-d 'grant_type=authorization_code' "
f"-d 'client_id={client_id}' -d 'code={code}' "
"-d 'redirect_uri=http://localhost:1234/callback' "
"-d 'code_verifier=${loginCodeVerifier}'"
))
t.assertIn("access_token", access_token_resp)
access_token = access_token_resp["access_token"]
with subtest("Create Room"):
room_id_resp = json.loads(dex1.succeed(
"curl --fail -s -X POST https://${synapseDomain}:8448/_matrix/client/v3/createRoom "
"-H 'Content-Type: application/json' "
f"-H 'Authorization: Bearer {access_token}' "
"-d '{}'"
))
t.assertIn("room_id", room_id_resp)
room_id = room_id_resp["room_id"]
with subtest("Send Message"):
dex1.succeed(
"curl -fs -X POST "
f"https://${synapseDomain}:8448/_matrix/client/v3/rooms/{room_id}/send/m.room.message "
f"-H 'Authorization: Bearer {access_token}' "
"-H 'Content-Type: application/json' "
"-d '{\"msgtype\":\"m.text\",\"body\":\"hello from alice\"}' | grep event_id"
)
'';
}

37
nixos/tests/nginx-lua.nix Normal file
View file

@ -0,0 +1,37 @@
{ lib, ... }:
{
name = "nginx-lua";
meta.maintainers = [ lib.maintainers.kranzes ];
nodes.machine = {
services.nginx = {
enable = true;
lua = {
enable = true;
extraPackages = p: [
p.lua-resty-lrucache
p.lua-cjson
];
};
virtualHosts."localhost".locations."/" = {
extraConfig = ''
default_type text/plain;
content_by_lua_block {
local cache = require("resty.lrucache").new(8)
cache:set("greeting", require("cjson").decode('"Hello world!"'))
ngx.say((cache:get("greeting")))
}
'';
};
};
};
testScript = ''
machine.wait_for_unit("nginx")
machine.wait_for_open_port(80)
response = machine.wait_until_succeeds("curl -fsS http://127.0.0.1/").strip()
assert response == "Hello world!", f"Expected 'Hello world!', got '{response}'"
'';
}

View file

@ -1,12 +1,4 @@
{ pkgs, lib, ... }:
let
luaLibs = [
pkgs.lua.pkgs.markdown
];
getLuaPath = lib: "${lib}/share/lua/${pkgs.lua.luaversion}/?.lua";
luaPath = lib.concatStringsSep ";" (map getLuaPath luaLibs);
in
{ pkgs, ... }:
{
name = "openresty-lua";
meta = with pkgs.lib.maintainers; {
@ -15,7 +7,7 @@ in
nodes = {
webserver =
{ pkgs, lib, ... }:
{ pkgs, ... }:
{
networking = {
extraHosts = ''
@ -27,9 +19,10 @@ in
enable = true;
package = pkgs.openresty;
commonHttpConfig = ''
lua_package_path '${luaPath};;';
'';
lua = {
enable = true;
extraPackages = p: [ p.markdown ];
};
virtualHosts."default.test" = {
default = true;

View file

@ -0,0 +1,67 @@
{
pkgs,
evalSystem,
runTest,
callTest,
}:
let
sharedDir = "/tmp/modular-service-compliance";
in
let
suite = pkgs.testers.modularServiceCompliance {
inherit sharedDir;
namePrefix = "system-services-compliance";
evalConfig =
{ services }:
let
machine = evalSystem (
{ ... }:
{
system.services = services;
system.stateVersion = "25.05";
fileSystems."/" = {
device = "/test/dummy";
fsType = "auto";
};
boot.loader.grub.enable = false;
}
);
in
{
config = machine.config.system.services;
checkDrv = machine.config.system.build.toplevel;
};
mkTest =
{
name,
services,
testExe,
}:
runTest {
_class = "nixosTest";
inherit name;
nodes.machine.system.services = services;
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.succeed("${testExe}")
'';
meta.maintainers = with pkgs.lib.maintainers; [ roberth ];
};
};
in
# Please the callTest pattern.
#
# runTest results already go through findTests/callTest.
# For plain derivations like `eval`, we apply callTest directly.
pkgs.lib.mapAttrs (
_: v:
if v ? test then
v
else
callTest {
test = v;
driver = v;
}
) suite

View file

@ -9,10 +9,10 @@
elpaBuild {
pname = "a68-mode";
ename = "a68-mode";
version = "1.2";
version = "1.3";
src = fetchurl {
url = "https://elpa.gnu.org/packages/a68-mode-1.2.tar";
sha256 = "1x40j0w6kzjxxrj7qdvll1psackq526cfrihfmacmq97c9g8xwm6";
url = "https://elpa.gnu.org/packages/a68-mode-1.3.tar";
sha256 = "0x5jj95bk07wnl9aqf35hcm9ajdwbrg74xm90i5kfn6nrxmnjmyp";
};
packageRequires = [ ];
meta = {
@ -207,10 +207,10 @@
elpaBuild {
pname = "aggressive-completion";
ename = "aggressive-completion";
version = "1.7";
version = "1.8";
src = fetchurl {
url = "https://elpa.gnu.org/packages/aggressive-completion-1.7.tar";
sha256 = "0d388w0yjpjzhqlar9fjrxsjxma09j8as6758sswv01r084gpdbk";
url = "https://elpa.gnu.org/packages/aggressive-completion-1.8.tar";
sha256 = "07dqw6mvb1vp4fmii1y7wc074xxi9wfwalflszjpzcjbalklcqdq";
};
packageRequires = [ ];
meta = {
@ -527,10 +527,10 @@
elpaBuild {
pname = "auth-source-xoauth2-plugin";
ename = "auth-source-xoauth2-plugin";
version = "0.3.2";
version = "0.4.1";
src = fetchurl {
url = "https://elpa.gnu.org/packages/auth-source-xoauth2-plugin-0.3.2.tar";
sha256 = "1k48kg6n72vzxaiqidg4m0w69c2s6ynvgcr08p4i8x2fsgaigcp2";
url = "https://elpa.gnu.org/packages/auth-source-xoauth2-plugin-0.4.1.tar";
sha256 = "038wikkg4lmgjjnwkliwwx8iif55vlc6720qz55lkr7pkrzp5vas";
};
packageRequires = [ oauth2 ];
meta = {
@ -1085,10 +1085,10 @@
elpaBuild {
pname = "cape";
ename = "cape";
version = "2.6";
version = "2.7";
src = fetchurl {
url = "https://elpa.gnu.org/packages/cape-2.6.tar";
sha256 = "0n4j70w1q9ix9d8s276g4shkn1k7hv8d6wqpx65wchgilwbjx07z";
url = "https://elpa.gnu.org/packages/cape-2.7.tar";
sha256 = "0543x1j4pakdqm8vba0450yl9b30z527dx8x84mzjqkhksn40pzv";
};
packageRequires = [ compat ];
meta = {
@ -1245,6 +1245,28 @@
};
}
) { };
cm-mode = callPackage (
{
cl-lib ? null,
elpaBuild,
fetchurl,
lib,
}:
elpaBuild {
pname = "cm-mode";
ename = "cm-mode";
version = "1.10";
src = fetchurl {
url = "https://elpa.gnu.org/packages/cm-mode-1.10.tar";
sha256 = "1lg9rzv9hk89qi43msrbmi1hyy8zgr75740h7kj7rbl41v808bd7";
};
packageRequires = [ cl-lib ];
meta = {
homepage = "https://elpa.gnu.org/packages/cm-mode.html";
license = lib.licenses.free;
};
}
) { };
cobol-mode = callPackage (
{
cl-lib ? null,
@ -1458,17 +1480,16 @@
elpaBuild,
fetchurl,
lib,
seq,
}:
elpaBuild {
pname = "compat";
ename = "compat";
version = "30.1.0.1";
version = "31.0.0.1";
src = fetchurl {
url = "https://elpa.gnu.org/packages/compat-30.1.0.1.tar";
sha256 = "1rj5i709i0l7drr7f571gsk8d6b5slwrd2l9flayv63kwk1gizhn";
url = "https://elpa.gnu.org/packages/compat-31.0.0.1.tar";
sha256 = "1lraq5i8jk0wsrnkv66q6lxv314fm8c09hrfvm0gj2lpn8126f20";
};
packageRequires = [ seq ];
packageRequires = [ ];
meta = {
homepage = "https://elpa.gnu.org/packages/compat.html";
license = lib.licenses.free;
@ -1527,10 +1548,10 @@
elpaBuild {
pname = "consult";
ename = "consult";
version = "3.4";
version = "3.6";
src = fetchurl {
url = "https://elpa.gnu.org/packages/consult-3.4.tar";
sha256 = "1silvwrss87fa5lss19a08bv72fwvnblkic24qn53c3z6zcd22zd";
url = "https://elpa.gnu.org/packages/consult-3.6.tar";
sha256 = "0c8pp537qv2zxkzk0nlrvzbn1v72v9ddhwf1nks3hwvwrff58db8";
};
packageRequires = [ compat ];
meta = {
@ -1550,10 +1571,10 @@
elpaBuild {
pname = "consult-denote";
ename = "consult-denote";
version = "0.4.2";
version = "0.5.0";
src = fetchurl {
url = "https://elpa.gnu.org/packages/consult-denote-0.4.2.tar";
sha256 = "1vz96mcfw23y84dibnj6r3d7l0qj191fcnvx2piwhm26n0j43q8m";
url = "https://elpa.gnu.org/packages/consult-denote-0.5.0.tar";
sha256 = "1qmfwmm4hi0z2lqn6ryfwckrivrlvy16y42w729q6pk0nd21j48k";
};
packageRequires = [
consult
@ -1575,10 +1596,10 @@
elpaBuild {
pname = "consult-hoogle";
ename = "consult-hoogle";
version = "0.6.0";
version = "0.7.0";
src = fetchurl {
url = "https://elpa.gnu.org/packages/consult-hoogle-0.6.0.tar";
sha256 = "0iln71qlmcfmlys5z5bs4304av91ick0wq1ckhffh7d6xkxy0rv5";
url = "https://elpa.gnu.org/packages/consult-hoogle-0.7.0.tar";
sha256 = "17slksxs1vx19djf5q772hwq1fpaqsd0xpbh6zrrvvgv18h2ac8l";
};
packageRequires = [ consult ];
meta = {
@ -1640,10 +1661,10 @@
elpaBuild {
pname = "corfu";
ename = "corfu";
version = "2.9";
version = "2.10";
src = fetchurl {
url = "https://elpa.gnu.org/packages/corfu-2.9.tar";
sha256 = "0h5vz8jyy06380m802jla9312h2rbn2k8fdskjfwkqd1v6dc0c8n";
url = "https://elpa.gnu.org/packages/corfu-2.10.tar";
sha256 = "0wp9jr1l81si8p1rxa5dkkwbx6k77rs0629q2lxk1l8lnb0j7h6n";
};
packageRequires = [ compat ];
meta = {
@ -1900,10 +1921,10 @@
elpaBuild {
pname = "dape";
ename = "dape";
version = "0.26.0";
version = "0.27.1";
src = fetchurl {
url = "https://elpa.gnu.org/packages/dape-0.26.0.tar";
sha256 = "0arid8qwaf7ic76hsjzj7grn41krsphnzvihmjbgm4im6b7zzb37";
url = "https://elpa.gnu.org/packages/dape-0.27.1.tar";
sha256 = "1na3080gaygw4fsaymjjx9jgh9ai5k7gb0jmlrkbqnmdypag3mb7";
};
packageRequires = [ jsonrpc ];
meta = {
@ -2034,10 +2055,10 @@
elpaBuild {
pname = "denote";
ename = "denote";
version = "4.1.3";
version = "4.2.3";
src = fetchurl {
url = "https://elpa.gnu.org/packages/denote-4.1.3.tar";
sha256 = "197m0bx1gxrzbqlfr5h52il3ivbixzg1pkhkrf488kidww8qmpvf";
url = "https://elpa.gnu.org/packages/denote-4.2.3.tar";
sha256 = "0r5p2iy7wssm6hl4dal1sav5x4vvijq54lyzqabg49v6lsbszf74";
};
packageRequires = [ ];
meta = {
@ -2056,10 +2077,10 @@
elpaBuild {
pname = "denote-journal";
ename = "denote-journal";
version = "0.2.2";
version = "0.3.0";
src = fetchurl {
url = "https://elpa.gnu.org/packages/denote-journal-0.2.2.tar";
sha256 = "00rav8kachy85npcr96dwzb4kbgym0p2m5aw3v3pmg278nmc73v3";
url = "https://elpa.gnu.org/packages/denote-journal-0.3.0.tar";
sha256 = "1l2zrr5nczxyqsmr73m93jqphp6s79f55grpahig0xj2kji8d6gk";
};
packageRequires = [ denote ];
meta = {
@ -2078,10 +2099,10 @@
elpaBuild {
pname = "denote-markdown";
ename = "denote-markdown";
version = "0.2.2";
version = "0.3.0";
src = fetchurl {
url = "https://elpa.gnu.org/packages/denote-markdown-0.2.2.tar";
sha256 = "1nb5rcjgkhw3nl2jva6lyblmfsl24cdryx3c16w8ydbx6fswhjpj";
url = "https://elpa.gnu.org/packages/denote-markdown-0.3.0.tar";
sha256 = "0adg2nr8s8rjynrpj0b37ni4jcm1igvls3zyyr313xifnrbiznym";
};
packageRequires = [ denote ];
meta = {
@ -2122,10 +2143,10 @@
elpaBuild {
pname = "denote-org";
ename = "denote-org";
version = "0.2.1";
version = "0.3.0";
src = fetchurl {
url = "https://elpa.gnu.org/packages/denote-org-0.2.1.tar";
sha256 = "1cs1ml38xhj0c921qdsvqhqg42lm5r0qb7nf7sj1krvw1r9913bn";
url = "https://elpa.gnu.org/packages/denote-org-0.3.0.tar";
sha256 = "0r3idn17875hzmidi1xjb9hddifzby9i23j35ywzn88h9a33845k";
};
packageRequires = [ denote ];
meta = {
@ -2188,10 +2209,10 @@
elpaBuild {
pname = "denote-sequence";
ename = "denote-sequence";
version = "0.2.0";
version = "0.3.3";
src = fetchurl {
url = "https://elpa.gnu.org/packages/denote-sequence-0.2.0.tar";
sha256 = "0i0vm1n48aw7j4y6laa8fvs0av5smimdky980qgp69pha6hcvph5";
url = "https://elpa.gnu.org/packages/denote-sequence-0.3.3.tar";
sha256 = "017h9bwaqv9lxv8ibbl739a9vkcknsv8ch2sqrbaybhri74a3mqk";
};
packageRequires = [ denote ];
meta = {
@ -2210,10 +2231,10 @@
elpaBuild {
pname = "denote-silo";
ename = "denote-silo";
version = "0.2.0";
version = "0.3.0";
src = fetchurl {
url = "https://elpa.gnu.org/packages/denote-silo-0.2.0.tar";
sha256 = "10n4xv179dl6zz1k28lcbrgyqx8k3hfh3isd7q3qg1vcahlw04vl";
url = "https://elpa.gnu.org/packages/denote-silo-0.3.0.tar";
sha256 = "1pwhn1k8cdb4n6v1l6d6ld5zm4gfzb5vl9fp1myqlfkjx756lglj";
};
packageRequires = [ denote ];
meta = {
@ -2296,10 +2317,10 @@
elpaBuild {
pname = "dicom";
ename = "dicom";
version = "1.3";
version = "1.5";
src = fetchurl {
url = "https://elpa.gnu.org/packages/dicom-1.3.tar";
sha256 = "05n9azzj0wskzd0jzyqhfk3blss31wjzp8wkqam79hq0j6daf6g5";
url = "https://elpa.gnu.org/packages/dicom-1.5.tar";
sha256 = "02i90769952g80f8fjj9phwwm7ln8q6w65pc065r5vln1knjm7gd";
};
packageRequires = [ compat ];
meta = {
@ -2473,10 +2494,10 @@
elpaBuild {
pname = "dired-preview";
ename = "dired-preview";
version = "0.6.0";
version = "0.6.1";
src = fetchurl {
url = "https://elpa.gnu.org/packages/dired-preview-0.6.0.tar";
sha256 = "1nlibx8jwyvb5n58sx8bg6vcazhnlj5dydmf36v7hzy0h4i460i0";
url = "https://elpa.gnu.org/packages/dired-preview-0.6.1.tar";
sha256 = "115cassm68rga9q8z7qr1ghi4f9j0immc8ccqwa21vnyvjj02q7a";
};
packageRequires = [ ];
meta = {
@ -2558,10 +2579,10 @@
elpaBuild {
pname = "dmsg";
ename = "dmsg";
version = "0.2";
version = "0.3";
src = fetchurl {
url = "https://elpa.gnu.org/packages/dmsg-0.2.tar";
sha256 = "18wnbkd707n2qh9an72wizs0yp71hys6vg0y02iclqmj7igjg28k";
url = "https://elpa.gnu.org/packages/dmsg-0.3.tar";
sha256 = "18r81rdpw0jnhxca3fr7bxpalabicbj2y55z5gb2llqrh9plarq6";
};
packageRequires = [ ];
meta = {
@ -2887,10 +2908,10 @@
elpaBuild {
pname = "ef-themes";
ename = "ef-themes";
version = "2.1.0";
version = "2.2.0";
src = fetchurl {
url = "https://elpa.gnu.org/packages/ef-themes-2.1.0.tar";
sha256 = "09rb5pkqz63mc86f8n7969f8x27jdrhz51rh6vl0v3j4nvivv3dx";
url = "https://elpa.gnu.org/packages/ef-themes-2.2.0.tar";
sha256 = "0jm3hqg53cq0dfvmszmwzwrfi9n2mgdbz176qzxhjqm16rw2bwds";
};
packageRequires = [ modus-themes ];
meta = {
@ -3089,10 +3110,10 @@
elpaBuild {
pname = "ellama";
ename = "ellama";
version = "1.13.0";
version = "1.27.2";
src = fetchurl {
url = "https://elpa.gnu.org/packages/ellama-1.13.0.tar";
sha256 = "0i3lzb68bwyr974wc0i8dn1kiryjs49zg79hli21wycm0j7a3six";
url = "https://elpa.gnu.org/packages/ellama-1.27.2.tar";
sha256 = "09l22c29vv8bd70vq681ashvlyqcq3ajk37nmdkcj7j4ik53l4bh";
};
packageRequires = [
compat
@ -3183,10 +3204,10 @@
elpaBuild {
pname = "embark-consult";
ename = "embark-consult";
version = "1.1";
version = "1.2";
src = fetchurl {
url = "https://elpa.gnu.org/packages/embark-consult-1.1.tar";
sha256 = "06yh6w4zgvvkfllmcr0szsgjrfhh9rpjwgmcrf6h2gai2ps9xdqr";
url = "https://elpa.gnu.org/packages/embark-consult-1.2.tar";
sha256 = "1m6i8f49qmzfvqz0mq3ga0gcdi364pqsdph6arpwl4rr59r6sfwn";
};
packageRequires = [
compat
@ -3336,10 +3357,10 @@
elpaBuild {
pname = "erc";
ename = "erc";
version = "5.6.1";
version = "5.6.2";
src = fetchurl {
url = "https://elpa.gnu.org/packages/erc-5.6.1.tar";
sha256 = "13dzip6xhj0mf8hs8wk08pfxny5gwpbzfsqkmz146xvl2d8m621x";
url = "https://elpa.gnu.org/packages/erc-5.6.2.tar";
sha256 = "0rm7aw6p8736ssp4z7vmfmwff93h4dwcv9pz3b83f9060i2svvvn";
};
packageRequires = [ compat ];
meta = {
@ -3383,10 +3404,10 @@
elpaBuild {
pname = "ess";
ename = "ess";
version = "26.1.0";
version = "26.5.0";
src = fetchurl {
url = "https://elpa.gnu.org/packages/ess-26.1.0.tar";
sha256 = "1spyys37b2rzqzpa7y5ajrrjzckrsbp3hrhsvn28qav3g5d17463";
url = "https://elpa.gnu.org/packages/ess-26.5.0.tar";
sha256 = "07mfjhcnq3wn6q0dxc4yn5aqnvb9sfnwgi581b5283pfbszhxd29";
};
packageRequires = [ ];
meta = {
@ -3535,6 +3556,27 @@
};
}
) { };
ffs = callPackage (
{
elpaBuild,
fetchurl,
lib,
}:
elpaBuild {
pname = "ffs";
ename = "ffs";
version = "0.2.2";
src = fetchurl {
url = "https://elpa.gnu.org/packages/ffs-0.2.2.tar";
sha256 = "1mwjk877qfccdrp046j431pawr9g489gdz803wg55j0r12whh94a";
};
packageRequires = [ ];
meta = {
homepage = "https://elpa.gnu.org/packages/ffs.html";
license = lib.licenses.free;
};
}
) { };
filechooser = callPackage (
{
compat,
@ -3731,6 +3773,28 @@
};
}
) { };
forgejo = callPackage (
{
elpaBuild,
fetchurl,
keymap-popup,
lib,
}:
elpaBuild {
pname = "forgejo";
ename = "forgejo";
version = "0.2.3";
src = fetchurl {
url = "https://elpa.gnu.org/packages/forgejo-0.2.3.tar";
sha256 = "0q4y474acb759vx3d0xcqgikbq666nckka4hfashi1jwnas98qcg";
};
packageRequires = [ keymap-popup ];
meta = {
homepage = "https://elpa.gnu.org/packages/forgejo.html";
license = lib.licenses.free;
};
}
) { };
frame-tabs = callPackage (
{
elpaBuild,
@ -3830,10 +3894,10 @@
elpaBuild {
pname = "futur";
ename = "futur";
version = "1.4";
version = "1.7";
src = fetchurl {
url = "https://elpa.gnu.org/packages/futur-1.4.tar";
sha256 = "036b81cp5nbzhykfsj6rkhxb5b675k38njmb32bj20g9h7pkd1vl";
url = "https://elpa.gnu.org/packages/futur-1.7.tar";
sha256 = "1zb533jkhsi6p0ikx9jc7igz4yfq7b35apz9b8w7g0yrvq5jcl4i";
};
packageRequires = [ ];
meta = {
@ -4019,17 +4083,21 @@
compat,
elpaBuild,
fetchurl,
keymap-popup,
lib,
}:
elpaBuild {
pname = "gnosis";
ename = "gnosis";
version = "0.10.3";
version = "0.10.6";
src = fetchurl {
url = "https://elpa.gnu.org/packages/gnosis-0.10.3.tar";
sha256 = "0642xdgpljfmzi27gfbzhngpyc82blpyyvkvqqbm6khiqac9wdxz";
url = "https://elpa.gnu.org/packages/gnosis-0.10.6.tar";
sha256 = "1g8zbvid2l7wfyagqynjd1jcjnd0m3zkh9ww0dadppj24n37k57n";
};
packageRequires = [ compat ];
packageRequires = [
compat
keymap-popup
];
meta = {
homepage = "https://elpa.gnu.org/packages/gnosis.html";
license = lib.licenses.free;
@ -4232,10 +4300,10 @@
elpaBuild {
pname = "greader";
ename = "greader";
version = "0.17.0";
version = "0.19.4";
src = fetchurl {
url = "https://elpa.gnu.org/packages/greader-0.17.0.tar";
sha256 = "0kz9qvwkxfl3p4fwl235vxdv19iqrz2jrp9hk06z8bmwmdvj7nxd";
url = "https://elpa.gnu.org/packages/greader-0.19.4.tar";
sha256 = "1wg25481rdzfjshsjhaf2747hsy964gn1zc5gbmqak8y1vmsjb6h";
};
packageRequires = [
compat
@ -4852,10 +4920,10 @@
elpaBuild {
pname = "javaimp";
ename = "javaimp";
version = "0.9.1";
version = "0.9.2";
src = fetchurl {
url = "https://elpa.gnu.org/packages/javaimp-0.9.1.tar";
sha256 = "1gy7qys9mzpgbqm5798fncmblmi32b350q51ccsyydq67yh69s3z";
url = "https://elpa.gnu.org/packages/javaimp-0.9.2.tar";
sha256 = "0y756psqlb2rn0bbrdndddsy6d22arv5f4qzaxgzp5p323vzjp7w";
};
packageRequires = [ ];
meta = {
@ -4896,10 +4964,10 @@
elpaBuild {
pname = "jinx";
ename = "jinx";
version = "2.7";
version = "2.8";
src = fetchurl {
url = "https://elpa.gnu.org/packages/jinx-2.7.tar";
sha256 = "0ikyr5spj7vk0xycgmywr2sqn9gy1khg6h7kdlzjgy0mrjpxl32w";
url = "https://elpa.gnu.org/packages/jinx-2.8.tar";
sha256 = "0cxgj390zylr4lqjmfd7f8898z4zsjy1ln783fcjlhcpf94jjjmx";
};
packageRequires = [ compat ];
meta = {
@ -5110,10 +5178,10 @@
elpaBuild {
pname = "kubed";
ename = "kubed";
version = "0.6.1";
version = "0.7.1";
src = fetchurl {
url = "https://elpa.gnu.org/packages/kubed-0.6.1.tar";
sha256 = "1filhadwzdkrw2dsma28b10nx62qnhxkp8g483r0il986ipnnshp";
url = "https://elpa.gnu.org/packages/kubed-0.7.1.tar";
sha256 = "1c8jr0wi52waa1yrz1y16gpyqabpqpyymmdf8c4apsja0i6345fk";
};
packageRequires = [ ];
meta = {
@ -5154,10 +5222,10 @@
elpaBuild {
pname = "latex-table-wizard";
ename = "latex-table-wizard";
version = "1.5.5";
version = "1.6.0";
src = fetchurl {
url = "https://elpa.gnu.org/packages/latex-table-wizard-1.5.5.tar";
sha256 = "1fffbaqiz3f1f2ki26b8x0cmisqhaijpw5vrh73k769wqdv09g43";
url = "https://elpa.gnu.org/packages/latex-table-wizard-1.6.0.tar";
sha256 = "1zpf3x62ldqy12npypjk1x8dw7adfmqqhqj30cl2s659vq7gs4nb";
};
packageRequires = [
auctex
@ -5272,10 +5340,10 @@
elpaBuild {
pname = "lex";
ename = "lex";
version = "1.2";
version = "1.3";
src = fetchurl {
url = "https://elpa.gnu.org/packages/lex-1.2.tar";
sha256 = "1pqjrlw558l4z4k40jmli8lmcqlzddhkr0mfm38rbycp7ghdr4zx";
url = "https://elpa.gnu.org/packages/lex-1.3.tar";
sha256 = "162y483d1gczjfcbds50y7iqbxmx7sfxi5mbdxyrhc2my6nq40lx";
};
packageRequires = [ ];
meta = {
@ -5369,10 +5437,10 @@
elpaBuild {
pname = "llm";
ename = "llm";
version = "0.30.1";
version = "0.31.1";
src = fetchurl {
url = "https://elpa.gnu.org/packages/llm-0.30.1.tar";
sha256 = "11mmaw24dg9iwml8kx09xv8h9iyz9i9jw4m1kghq192fp9wy668i";
url = "https://elpa.gnu.org/packages/llm-0.31.1.tar";
sha256 = "1395rh5jk3c0hfszzvn9xp3qyyi48nvz1x1v3vljgx4qzzcakgh3";
};
packageRequires = [
compat
@ -5607,10 +5675,10 @@
elpaBuild {
pname = "marginalia";
ename = "marginalia";
version = "2.10";
version = "2.11";
src = fetchurl {
url = "https://elpa.gnu.org/packages/marginalia-2.10.tar";
sha256 = "12did4rn4dp7km6shq7jvab2xbr0wxks4h1by19qz10rm5b0jl71";
url = "https://elpa.gnu.org/packages/marginalia-2.11.tar";
sha256 = "0h7jqgx95f5km90qc4g06ib3mi4acwggvx9yiwwirxj2mqwivifk";
};
packageRequires = [ compat ];
meta = {
@ -5876,6 +5944,7 @@
) { };
minimail = callPackage (
{
compat,
elpaBuild,
fetchurl,
lib,
@ -5884,12 +5953,15 @@
elpaBuild {
pname = "minimail";
ename = "minimail";
version = "0.4.2";
version = "0.5";
src = fetchurl {
url = "https://elpa.gnu.org/packages/minimail-0.4.2.tar";
sha256 = "1ri424g6v55405d4zr4qhnvdswd5hc9n4hs2xds40ps0h6qp05hm";
url = "https://elpa.gnu.org/packages/minimail-0.5.tar";
sha256 = "1m1yn8f9mn3zqf7zc0691qaya5l504ry3afz2nmjycavzh8hzk5h";
};
packageRequires = [ transient ];
packageRequires = [
compat
transient
];
meta = {
homepage = "https://elpa.gnu.org/packages/minimail.html";
license = lib.licenses.free;
@ -5928,10 +6000,10 @@
elpaBuild {
pname = "minuet";
ename = "minuet";
version = "0.7.1";
version = "0.8.0";
src = fetchurl {
url = "https://elpa.gnu.org/packages/minuet-0.7.1.tar";
sha256 = "0g18hfpjryg2kjj5gqr4jf1vgfjglaczd4w19g76233m31kd8f0n";
url = "https://elpa.gnu.org/packages/minuet-0.8.0.tar";
sha256 = "0vk118qd7g2b7vsaygj0lwnzj818p5nlsm36s1c7cm5inz1h6mfc";
};
packageRequires = [
dash
@ -5974,10 +6046,10 @@
elpaBuild {
pname = "modus-themes";
ename = "modus-themes";
version = "5.2.0";
version = "5.3.0";
src = fetchurl {
url = "https://elpa.gnu.org/packages/modus-themes-5.2.0.tar";
sha256 = "1715x863mbvcc2lqf61lll5j50zhpc0jysdgd7v0ajznx40kqmxv";
url = "https://elpa.gnu.org/packages/modus-themes-5.3.0.tar";
sha256 = "04561ndfxq2y17drklkb3wl9kl6hdc05d4b6rrlqs3fdxcs6q6mx";
};
packageRequires = [ ];
meta = {
@ -6376,10 +6448,10 @@
elpaBuild {
pname = "oauth2";
ename = "oauth2";
version = "0.18.4";
version = "0.19";
src = fetchurl {
url = "https://elpa.gnu.org/packages/oauth2-0.18.4.tar";
sha256 = "1hhfk7glp3m9f4aqf1dvqs5f7qp4s2gvbxamyxjalw3sj6pbv92n";
url = "https://elpa.gnu.org/packages/oauth2-0.19.tar";
sha256 = "0fjs2wk2ayhzh9ba8fa8pki4c5cyavcw0vqsscj93894s7xv9xgz";
};
packageRequires = [ ];
meta = {
@ -6505,10 +6577,10 @@
elpaBuild {
pname = "orderless";
ename = "orderless";
version = "1.6";
version = "1.7";
src = fetchurl {
url = "https://elpa.gnu.org/packages/orderless-1.6.tar";
sha256 = "15gif01ivwg03h45azrj3kw2lgj7xnkr6p9r95m36fmfbg31csdh";
url = "https://elpa.gnu.org/packages/orderless-1.7.tar";
sha256 = "0g1klijlvv44fd7xjvlh6v97zjvca37710bxlgk629v6k4kl2rbz";
};
packageRequires = [ compat ];
meta = {
@ -6526,10 +6598,10 @@
elpaBuild {
pname = "org";
ename = "org";
version = "9.8.3";
version = "9.8.6";
src = fetchurl {
url = "https://elpa.gnu.org/packages/org-9.8.3.tar";
sha256 = "0csfrn0k1fysjfwf8xmdnmizfjz62scr3kjawpafwv58gvizk32z";
url = "https://elpa.gnu.org/packages/org-9.8.6.tar";
sha256 = "0qc9c49k8fcaa8c947wb7knn5lbm2bigvzxkbx8cdbyrj15pra4j";
};
packageRequires = [ ];
meta = {
@ -6673,10 +6745,10 @@
elpaBuild {
pname = "org-modern";
ename = "org-modern";
version = "1.13";
version = "1.14";
src = fetchurl {
url = "https://elpa.gnu.org/packages/org-modern-1.13.tar";
sha256 = "0cl6dqk8zq213j9ph07689dbzh1q1xr96kf512vvmgkln0himfqj";
url = "https://elpa.gnu.org/packages/org-modern-1.14.tar";
sha256 = "08rvxrr67ypvncrg7znl3in8c314l7x1a18m6hr458wqc1xb57zx";
};
packageRequires = [
compat
@ -6853,10 +6925,10 @@
elpaBuild {
pname = "osm";
ename = "osm";
version = "2.2";
version = "2.3";
src = fetchurl {
url = "https://elpa.gnu.org/packages/osm-2.2.tar";
sha256 = "0xq5gzhgxgv52kxprik15b5ijrdw7c5262ifzdcjg3vv3qv0hwy8";
url = "https://elpa.gnu.org/packages/osm-2.3.tar";
sha256 = "0x08qbdk7y05cm8kc35f2i6k5xnd9iyyhr0f0fyi489kbvd3n1nh";
};
packageRequires = [ compat ];
meta = {
@ -7087,10 +7159,10 @@
elpaBuild {
pname = "php-fill";
ename = "php-fill";
version = "1.1.1";
version = "1.1.2";
src = fetchurl {
url = "https://elpa.gnu.org/packages/php-fill-1.1.1.tar";
sha256 = "130q6nyx5837wvhvis0nlzsqky7hic00z1jakik66asqpyrl7ncj";
url = "https://elpa.gnu.org/packages/php-fill-1.1.2.tar";
sha256 = "0r1zmin3wv8sqzgw6zbvbb7wix7d6h6s798f9r05w6g9m1vf0r5r";
};
packageRequires = [ ];
meta = {
@ -7364,10 +7436,10 @@
elpaBuild {
pname = "posframe";
ename = "posframe";
version = "1.5.1";
version = "1.5.2";
src = fetchurl {
url = "https://elpa.gnu.org/packages/posframe-1.5.1.tar";
sha256 = "1g1pcf83w4fv299ykvx7b93kxkc58fkr6yk39sxny5g16d4gl80g";
url = "https://elpa.gnu.org/packages/posframe-1.5.2.tar";
sha256 = "0ywbcwm3sh01vc4nc2ra3b09gri2lgz838gjxgsflv9g3si1918x";
};
packageRequires = [ ];
meta = {
@ -8102,10 +8174,10 @@
elpaBuild {
pname = "rnc-mode";
ename = "rnc-mode";
version = "0.3";
version = "0.4";
src = fetchurl {
url = "https://elpa.gnu.org/packages/rnc-mode-0.3.tar";
sha256 = "1p03g451888v86k9z6g8gj375p1pcdvikgk1phxkhipwi5hbf5g8";
url = "https://elpa.gnu.org/packages/rnc-mode-0.4.tar";
sha256 = "1igg829mm6n35mpfp254276ib3x7x7wxdg9zm38yf5n3bmjq7cxf";
};
packageRequires = [ ];
meta = {
@ -8375,6 +8447,27 @@
};
}
) { };
shift-number = callPackage (
{
elpaBuild,
fetchurl,
lib,
}:
elpaBuild {
pname = "shift-number";
ename = "shift-number";
version = "0.3";
src = fetchurl {
url = "https://elpa.gnu.org/packages/shift-number-0.3.tar";
sha256 = "0vqwy0ai4f1ga4j2inl2s1ly0v9i3fmqyd0p28fgyx3f23c83jqn";
};
packageRequires = [ ];
meta = {
homepage = "https://elpa.gnu.org/packages/shift-number.html";
license = lib.licenses.free;
};
}
) { };
show-font = callPackage (
{
elpaBuild,
@ -9185,10 +9278,10 @@
elpaBuild {
pname = "tempel";
ename = "tempel";
version = "1.12";
version = "1.13";
src = fetchurl {
url = "https://elpa.gnu.org/packages/tempel-1.12.tar";
sha256 = "1ghlnf7533i6iarzmsgyc0d366bzc3jbyvn6bq650c10ci4wjzsm";
url = "https://elpa.gnu.org/packages/tempel-1.13.tar";
sha256 = "1sxyxz799nw56wqrm7hsr0dq2yaxckr9a1rynw2jsrfhbzcxpbfp";
};
packageRequires = [ compat ];
meta = {
@ -9206,10 +9299,10 @@
elpaBuild {
pname = "termint";
ename = "termint";
version = "0.2.2";
version = "0.2.3";
src = fetchurl {
url = "https://elpa.gnu.org/packages/termint-0.2.2.tar";
sha256 = "0iavnximqsx6vl6yx36n829h67x4pyfmm8xcp5fzjwphdmgfdann";
url = "https://elpa.gnu.org/packages/termint-0.2.3.tar";
sha256 = "1yir074lihlr2y78a58jm233a6s807j8d8fvlvv6b62wm0036frk";
};
packageRequires = [ ];
meta = {
@ -9312,10 +9405,10 @@
elpaBuild {
pname = "timeout";
ename = "timeout";
version = "2.1";
version = "2.1.6";
src = fetchurl {
url = "https://elpa.gnu.org/packages/timeout-2.1.tar";
sha256 = "1mm4yp1spw512dnav1p3wnxqrsyls918i14azg03by4v32r9945p";
url = "https://elpa.gnu.org/packages/timeout-2.1.6.tar";
sha256 = "08lijbbbx2wx64jn6l5820phkmi6cagym1239zj1hx25h28b2h0r";
};
packageRequires = [ ];
meta = {
@ -9465,10 +9558,10 @@
elpaBuild {
pname = "tramp";
ename = "tramp";
version = "2.8.1.3";
version = "2.8.1.5";
src = fetchurl {
url = "https://elpa.gnu.org/packages/tramp-2.8.1.3.tar";
sha256 = "1jjbgg48q6dlfp9rpn0pla4mlclw60079d51bgnb84q3pv3zdqwj";
url = "https://elpa.gnu.org/packages/tramp-2.8.1.5.tar";
sha256 = "04rhm5ijx3qs386ffxvp2117a4xn7zw6z5cqci77f6q07i5921zw";
};
packageRequires = [ ];
meta = {
@ -9574,10 +9667,10 @@
elpaBuild {
pname = "transient";
ename = "transient";
version = "0.13.0";
version = "0.13.4";
src = fetchurl {
url = "https://elpa.gnu.org/packages/transient-0.13.0.tar";
sha256 = "0rwb7l823d4nkk7zmnyi5j7id7kswxrc0h9crqyd63n14w78bksi";
url = "https://elpa.gnu.org/packages/transient-0.13.4.tar";
sha256 = "02142xcxv50bycshbl6qj47q6s9gi6sbagrnyjqi5ma74509zq6h";
};
packageRequires = [
compat
@ -9703,6 +9796,27 @@
};
}
) { };
trust-manager = callPackage (
{
elpaBuild,
fetchurl,
lib,
}:
elpaBuild {
pname = "trust-manager";
ename = "trust-manager";
version = "0.4.1";
src = fetchurl {
url = "https://elpa.gnu.org/packages/trust-manager-0.4.1.tar";
sha256 = "1azp3kzkw76xbwsn6j94liy33d3swajc1v2h8ghczvxv8sw8khgj";
};
packageRequires = [ ];
meta = {
homepage = "https://elpa.gnu.org/packages/trust-manager.html";
license = lib.licenses.free;
};
}
) { };
ulisp-repl = callPackage (
{
elpaBuild,
@ -10132,10 +10246,10 @@
elpaBuild {
pname = "verilog-mode";
ename = "verilog-mode";
version = "2026.1.18.88738971";
version = "2026.4.14.10117132";
src = fetchurl {
url = "https://elpa.gnu.org/packages/verilog-mode-2026.1.18.88738971.tar";
sha256 = "1m215m38mia2wiq1zzyy85k268pch10yzf3p4i0nk5s7ijxl6ls4";
url = "https://elpa.gnu.org/packages/verilog-mode-2026.4.14.10117132.tar";
sha256 = "0n699kpqhh1b023wswm938f7kxc983faw0bv4x70kq12y7h3slj1";
};
packageRequires = [ ];
meta = {
@ -10154,10 +10268,10 @@
elpaBuild {
pname = "vertico";
ename = "vertico";
version = "2.8";
version = "2.10";
src = fetchurl {
url = "https://elpa.gnu.org/packages/vertico-2.8.tar";
sha256 = "0v19z3sh4npjmvii03r5v9mbmg8g3bp1ay82ydalw864hlcwgb71";
url = "https://elpa.gnu.org/packages/vertico-2.10.tar";
sha256 = "1kwmlpfxjnjkv05hfqhxmxw5d1vlhqvdmyc3p34qhp3bj2xafwm0";
};
packageRequires = [ compat ];
meta = {
@ -10306,10 +10420,10 @@
elpaBuild {
pname = "wcheck-mode";
ename = "wcheck-mode";
version = "2026";
version = "2026.5";
src = fetchurl {
url = "https://elpa.gnu.org/packages/wcheck-mode-2026.tar";
sha256 = "019lsaihpl9w17qfhn8c5j8rp8nrvlmb16w6r8sb1iril31997sz";
url = "https://elpa.gnu.org/packages/wcheck-mode-2026.5.tar";
sha256 = "0yxg6s4s5103zfa8m82gaxc46d9gjpiknmvgm2lcb21dckdsay13";
};
packageRequires = [ ];
meta = {
@ -10761,10 +10875,10 @@
elpaBuild {
pname = "yaml";
ename = "yaml";
version = "1.2.3";
version = "1.2.4";
src = fetchurl {
url = "https://elpa.gnu.org/packages/yaml-1.2.3.tar";
sha256 = "0wyvhh4ij22wdd3g5jkg2mnyglbk2k7mf2jv48jkpb5jc4kf6jvr";
url = "https://elpa.gnu.org/packages/yaml-1.2.4.tar";
sha256 = "12ji680hjm1isc5k3yapvnp2m7pk23syfxwhi95bizhka02n0qly";
};
packageRequires = [ ];
meta = {

View file

@ -1536,6 +1536,8 @@ let
org-change = ignoreCompilationError super.org-change; # elisp error
org-cite-overlay = ignoreCompilationError super.org-cite-overlay; # native-ice
org-edit-latex = mkHome super.org-edit-latex;
# https://github.com/GuiltyDolphin/org-evil/issues/24

View file

@ -9,10 +9,10 @@
elpaBuild {
pname = "adoc-mode";
ename = "adoc-mode";
version = "0.8.0";
version = "0.9.0";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/adoc-mode-0.8.0.tar";
sha256 = "16459ial82gybqjm8ib0cxry6daipak4baxiz2wnldgy5vpgjnrd";
url = "https://elpa.nongnu.org/nongnu/adoc-mode-0.9.0.tar";
sha256 = "11anl5b9ka9aww2w2jv0clrvq98f2vsa9ri3n1xxdll5z77rvw56";
};
packageRequires = [ ];
meta = {
@ -75,10 +75,10 @@
elpaBuild {
pname = "aidermacs";
ename = "aidermacs";
version = "1.6";
version = "1.7";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/aidermacs-1.6.tar";
sha256 = "07ql2kv7naza7jigmsw9x1k3md0hz2c302qrc0cy1a1h07567nli";
url = "https://elpa.nongnu.org/nongnu/aidermacs-1.7.tar";
sha256 = "17l7dlg218j63zwzi51wdczamvxlv54l0ivkip3h3kll386lkcm6";
};
packageRequires = [
compat
@ -142,10 +142,10 @@
elpaBuild {
pname = "annotate";
ename = "annotate";
version = "2.4.5";
version = "2.5.0";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/annotate-2.4.5.tar";
sha256 = "0pdhwlz792sf5zipv8s449bah7xm9klbpicx9203fhsc0ad82d0j";
url = "https://elpa.nongnu.org/nongnu/annotate-2.5.0.tar";
sha256 = "0nydnnjx1p4fkiix70zg0apxxd0sprlzxk111lvgnamp3c4hxf93";
};
packageRequires = [ ];
meta = {
@ -566,10 +566,10 @@
elpaBuild {
pname = "casual";
ename = "casual";
version = "2.16.0";
version = "2.16.2";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/casual-2.16.0.tar";
sha256 = "1s0d5c3aacyh1n5qy7ka4xwnmdbx3qrh0z0z41bc958zmay6mgpa";
url = "https://elpa.nongnu.org/nongnu/casual-2.16.2.tar";
sha256 = "0aqkxxds4paicn1r4hy13f71cl4qllf9dfijpl4mp5zizyx8a8a2";
};
packageRequires = [
csv-mode
@ -605,6 +605,7 @@
cider = callPackage (
{
clojure-mode,
compat,
elpaBuild,
fetchurl,
lib,
@ -618,13 +619,14 @@
elpaBuild {
pname = "cider";
ename = "cider";
version = "1.21.0";
version = "1.22.2";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/cider-1.21.0.tar";
sha256 = "0rfjq6fqvam9v7mcx1459p377ryzi9wf7p2dn68nd51f324hx0gj";
url = "https://elpa.nongnu.org/nongnu/cider-1.22.2.tar";
sha256 = "0a7mcg1lazn1xyl3sxy0qpwd4qipf0ix56891ydjcv7i9yhggnpc";
};
packageRequires = [
clojure-mode
compat
parseedn
queue
seq
@ -733,10 +735,10 @@
elpaBuild {
pname = "cond-let";
ename = "cond-let";
version = "0.2.2";
version = "1.1.2";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/cond-let-0.2.2.tar";
sha256 = "0ip5k8jhdgq1zkc6cj4ax8rv4236cxla2dapj83y526ra321gkzy";
url = "https://elpa.nongnu.org/nongnu/cond-let-1.1.2.tar";
sha256 = "04p2jf8nm1q00439r26vvg9549hld4spcabghwsgmf89gqjiv8mm";
};
packageRequires = [ ];
meta = {
@ -756,10 +758,10 @@
elpaBuild {
pname = "consult-flycheck";
ename = "consult-flycheck";
version = "1.1";
version = "1.2";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/consult-flycheck-1.1.tar";
sha256 = "0nanxx0fbj6w9sxzz4ys8nxpv63al3m4lliy30y4ydiaig2a0abc";
url = "https://elpa.nongnu.org/nongnu/consult-flycheck-1.2.tar";
sha256 = "0g5lb3p4g91ax0c4zkkyvi2l4hkq5b9r2bciddgg1h4bsmrs6vhx";
};
packageRequires = [
consult
@ -828,10 +830,10 @@
elpaBuild {
pname = "csv2ledger";
ename = "csv2ledger";
version = "1.5.4";
version = "1.5.5";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/csv2ledger-1.5.4.tar";
sha256 = "1h935g97fjrs1q0yz0q071zp91bhsb3yg13zqpp8il5gif20qqls";
url = "https://elpa.nongnu.org/nongnu/csv2ledger-1.5.5.tar";
sha256 = "09k7q33jxwrcf52csgf25kd9wqcs9bicl8azmkbrmm8d9jqgg3md";
};
packageRequires = [ csv-mode ];
meta = {
@ -1278,10 +1280,10 @@
elpaBuild {
pname = "eldoc-mouse";
ename = "eldoc-mouse";
version = "3.0.7";
version = "3.0.8";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/eldoc-mouse-3.0.7.tar";
sha256 = "17s3iqkdswjfcdiyaa732v27pcpmxa96i17mwpzi34vw53a1r3wl";
url = "https://elpa.nongnu.org/nongnu/eldoc-mouse-3.0.8.tar";
sha256 = "1snacbxjqp8ykic5z1nzhg0fnd5fnafsgwxmfd9vy4rsm0ag9mrl";
};
packageRequires = [
eglot
@ -1319,6 +1321,56 @@
};
}
) { };
elfeed = callPackage (
{
compat,
elpaBuild,
fetchurl,
lib,
}:
elpaBuild {
pname = "elfeed";
ename = "elfeed";
version = "4.0.1";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/elfeed-4.0.1.tar";
sha256 = "1az6lj58j1kkxzpa7ik8irl3z2b9f7yxsm92pfqlcwplsnm2q8q2";
};
packageRequires = [ compat ];
meta = {
homepage = "https://elpa.nongnu.org/nongnu/elfeed.html";
license = lib.licenses.free;
};
}
) { };
elfeed-web = callPackage (
{
compat,
elfeed,
elpaBuild,
fetchurl,
lib,
simple-httpd,
}:
elpaBuild {
pname = "elfeed-web";
ename = "elfeed-web";
version = "4.0.0";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/elfeed-web-4.0.0.tar";
sha256 = "0ah6zjcihxfra34zglqrj6pnxqnakgc58dlkgjzgrxdamx4dxfwg";
};
packageRequires = [
compat
elfeed
simple-httpd
];
meta = {
homepage = "https://elpa.nongnu.org/nongnu/elfeed-web.html";
license = lib.licenses.free;
};
}
) { };
elixir-mode = callPackage (
{
elpaBuild,
@ -1370,10 +1422,10 @@
elpaBuild {
pname = "emacsql";
ename = "emacsql";
version = "4.3.6";
version = "4.4.1";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/emacsql-4.3.6.tar";
sha256 = "1zj04kqq3c5915n9pj5qx63rw8hnnpag2y5qca4d4y9h1lqnj2pp";
url = "https://elpa.nongnu.org/nongnu/emacsql-4.4.1.tar";
sha256 = "1gja15jyalzrlcs85ng98p6g7b0id4rayj4shwf7x1ic30sv12p3";
};
packageRequires = [ ];
meta = {
@ -1404,6 +1456,27 @@
};
}
) { };
eprolog = callPackage (
{
elpaBuild,
fetchurl,
lib,
}:
elpaBuild {
pname = "eprolog";
ename = "eprolog";
version = "0.3.2";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/eprolog-0.3.2.tar";
sha256 = "1vbnbdpmxvqgay5m01bcm1wlsyz16nn4fydv7ipd8kzr4lw59qyg";
};
packageRequires = [ ];
meta = {
homepage = "https://elpa.nongnu.org/nongnu/eprolog.html";
license = lib.licenses.free;
};
}
) { };
esxml = callPackage (
{
cl-lib ? null,
@ -1719,16 +1792,20 @@
evil,
fetchurl,
lib,
shift-number,
}:
elpaBuild {
pname = "evil-numbers";
ename = "evil-numbers";
version = "0.7";
version = "0.8";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/evil-numbers-0.7.tar";
sha256 = "1k5vrh8bj9kldqq8kxn1qi3k82i7k4v4h6nkk9hng8p90zhac02i";
url = "https://elpa.nongnu.org/nongnu/evil-numbers-0.8.tar";
sha256 = "0l1ik0fz1bzpxnz9rnn0817j8ghpwhf3qv3lidzb3vpbynkas5a1";
};
packageRequires = [ evil ];
packageRequires = [
evil
shift-number
];
meta = {
homepage = "https://elpa.nongnu.org/nongnu/evil-numbers.html";
license = lib.licenses.free;
@ -1857,10 +1934,10 @@
elpaBuild {
pname = "fedi";
ename = "fedi";
version = "0.3";
version = "0.4";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/fedi-0.3.tar";
sha256 = "1s1dn7n860b18cwyahc20lbl1bhv4y5h8jijs4iqbbgbk8w7hsjg";
url = "https://elpa.nongnu.org/nongnu/fedi-0.4.tar";
sha256 = "0zh2rkkj1wyj7csg72gg54mxlrd5kav54z3qhk6lp6j8h3zxkdvd";
};
packageRequires = [ markdown-mode ];
meta = {
@ -1882,10 +1959,10 @@
elpaBuild {
pname = "fj";
ename = "fj";
version = "0.34";
version = "0.37";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/fj-0.34.tar";
sha256 = "0aqfipcpbsxp2pm05p44fdybhldpbvii2x2m0az9s3gkm7dvwg87";
url = "https://elpa.nongnu.org/nongnu/fj-0.37.tar";
sha256 = "1kya5xif5ffiqv9fk4mxwx6x6gqshkpji21z0q84q438hfbxpwl9";
};
packageRequires = [
fedi
@ -1899,6 +1976,27 @@
};
}
) { };
flamegraph = callPackage (
{
elpaBuild,
fetchurl,
lib,
}:
elpaBuild {
pname = "flamegraph";
ename = "flamegraph";
version = "0.2";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/flamegraph-0.2.tar";
sha256 = "0zlji7iq7zrxix4mzw6z25rqgrmlnxnrc7skflkj0nv90z5w3fsh";
};
packageRequires = [ ];
meta = {
homepage = "https://elpa.nongnu.org/nongnu/flamegraph.html";
license = lib.licenses.free;
};
}
) { };
flx = callPackage (
{
cl-lib ? null,
@ -2158,10 +2256,10 @@
elpaBuild {
pname = "geiser";
ename = "geiser";
version = "0.32";
version = "0.33.1";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/geiser-0.32.tar";
sha256 = "1mija2lp2fqhzi9bifl0ipkjhj3gx89qz41mk0phb5y5cws6nar1";
url = "https://elpa.nongnu.org/nongnu/geiser-0.33.1.tar";
sha256 = "0mh701hp587ahiqf0znnc4jm46i49z85nwac4bxn7sxxjid3xffl";
};
packageRequires = [ project ];
meta = {
@ -2291,10 +2389,10 @@
elpaBuild {
pname = "geiser-guile";
ename = "geiser-guile";
version = "0.28.3";
version = "0.28.5";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/geiser-guile-0.28.3.tar";
sha256 = "163p8ll68qdgpz6l1ixwcmffcsv1kas095davgwgq001hfx9db5x";
url = "https://elpa.nongnu.org/nongnu/geiser-guile-0.28.5.tar";
sha256 = "078hmmqg6m428bg2sf640bwylrh4y64qanbz00prvjhgkrp1awnn";
};
packageRequires = [
geiser
@ -2434,10 +2532,10 @@
elpaBuild {
pname = "git-modes";
ename = "git-modes";
version = "1.4.8";
version = "1.5.0";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/git-modes-1.4.8.tar";
sha256 = "08bgjpns90c36cdb6qbc24d41z1jg94mwsc91irpsmsvivxw1ksr";
url = "https://elpa.nongnu.org/nongnu/git-modes-1.5.0.tar";
sha256 = "0fxvv451pf8izn5q16ly21dxjax43l2p7qav11hi7qmygrrhxsc6";
};
packageRequires = [ compat ];
meta = {
@ -2528,10 +2626,10 @@
elpaBuild {
pname = "gnuplot";
ename = "gnuplot";
version = "0.11";
version = "0.12";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/gnuplot-0.11.tar";
sha256 = "10zjkf0ba7jaqx41csa815apx58s0b87svvmzzld3i3xf91sash7";
url = "https://elpa.nongnu.org/nongnu/gnuplot-0.12.tar";
sha256 = "13pbnlwg9z7yc8s1hr1fq031cl9swld2jgxdd74jra49vvh6a3ar";
};
packageRequires = [ compat ];
meta = {
@ -2635,10 +2733,10 @@
elpaBuild {
pname = "gptel";
ename = "gptel";
version = "0.9.9.4";
version = "0.9.9.5";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/gptel-0.9.9.4.tar";
sha256 = "0j410b0bynq91dxwakrrzp92m3p2lznzvmyq41viscjm0gjng4kn";
url = "https://elpa.nongnu.org/nongnu/gptel-0.9.9.5.tar";
sha256 = "1x1sd8g5fbgidj40ri9xg0rvyxdyjpxxnr45i0dj8d333nvssdq0";
};
packageRequires = [
compat
@ -2831,10 +2929,10 @@
elpaBuild {
pname = "helm";
ename = "helm";
version = "4.0.6";
version = "4.0.7";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/helm-4.0.6.tar";
sha256 = "1nnkhffns1yj24slfln5rywqdw514jfklys3g5kmrl90i9apd5cp";
url = "https://elpa.nongnu.org/nongnu/helm-4.0.7.tar";
sha256 = "1x1wg3z6y5rb4r17ifwvz79pa3m6w9kkvxlfivznqh4ajgafrnn5";
};
packageRequires = [
helm-core
@ -2856,10 +2954,10 @@
elpaBuild {
pname = "helm-core";
ename = "helm-core";
version = "4.0.6";
version = "4.0.7";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/helm-core-4.0.6.tar";
sha256 = "0b39k4wwl3sjw5c19g36a0lsxiascrqw23cf3hgksrpzp3amipbz";
url = "https://elpa.nongnu.org/nongnu/helm-core-4.0.7.tar";
sha256 = "1d7a61rbc7rlr144v9qm6c89dnchn7xwcv05gl6kdapb7gir9l8f";
};
packageRequires = [ async ];
meta = {
@ -3176,10 +3274,10 @@
elpaBuild {
pname = "isl";
ename = "isl";
version = "1.6";
version = "1.7";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/isl-1.6.tar";
sha256 = "1bsqq3i7flpbihvcmvcwb1s3gabq6wslwpamcqhcf15j30znwhb1";
url = "https://elpa.nongnu.org/nongnu/isl-1.7.tar";
sha256 = "1nksczxv2bq6l8wg855a0ahzp1w3dhai4vwni8hyrp5fk2z0gcan";
};
packageRequires = [ ];
meta = {
@ -3348,6 +3446,7 @@
keycast = callPackage (
{
compat,
cond-let,
elpaBuild,
fetchurl,
lib,
@ -3355,12 +3454,15 @@
elpaBuild {
pname = "keycast";
ename = "keycast";
version = "1.4.7";
version = "1.4.8";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/keycast-1.4.7.tar";
sha256 = "0ipjn0b9jr6m7a88f76mz6j5na20hix94h8c5ghv705izjlqla0w";
url = "https://elpa.nongnu.org/nongnu/keycast-1.4.8.tar";
sha256 = "0rgaqc2d7n8a498n8jb14890gp6z49nqnpzk1h0xw03hnh8smz90";
};
packageRequires = [ compat ];
packageRequires = [
compat
cond-let
];
meta = {
homepage = "https://elpa.nongnu.org/nongnu/keycast.html";
license = lib.licenses.free;
@ -3399,10 +3501,10 @@
elpaBuild {
pname = "lem";
ename = "lem";
version = "0.24";
version = "0.25";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/lem-0.24.tar";
sha256 = "1ykyahpd7y43lf3vk3a0w9rjim4lsm35mlw1qqljbixci2izk797";
url = "https://elpa.nongnu.org/nongnu/lem-0.25.tar";
sha256 = "1hrnq46bmz10a3w89flhw85rqs58wpnywslx3p8g16196ln348sd";
};
packageRequires = [
fedi
@ -3424,10 +3526,10 @@
elpaBuild {
pname = "llama";
ename = "llama";
version = "1.0.4";
version = "1.0.5";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/llama-1.0.4.tar";
sha256 = "0kxrbsck78f4r4npssywai2paf9mlyx59zpnfvmkgv50gphrwx7h";
url = "https://elpa.nongnu.org/nongnu/llama-1.0.5.tar";
sha256 = "10ysi2a7aifp9ixrhygfcas7zn9dfqy1zpiycwz3gamlzkvjzw2l";
};
packageRequires = [ compat ];
meta = {
@ -3477,10 +3579,10 @@
elpaBuild {
pname = "loopy";
ename = "loopy";
version = "0.15.0";
version = "0.16.0";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/loopy-0.15.0.tar";
sha256 = "18l1bml8xiji0mgmm6fb669iwyidg7pay231kv14kbv1agiwfkbp";
url = "https://elpa.nongnu.org/nongnu/loopy-0.16.0.tar";
sha256 = "0bav318gimpv42y0ww9c0gm90pkma3ri0xp9mfimz9yriw2bjzyv";
};
packageRequires = [
compat
@ -3686,10 +3788,10 @@
elpaBuild {
pname = "mastodon";
ename = "mastodon";
version = "2.0.16";
version = "2.0.17";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/mastodon-2.0.16.tar";
sha256 = "0zyqqfxg7b22pj8y181x30rhy81ijbm21ai70l7cq79dr2a3yr96";
url = "https://elpa.nongnu.org/nongnu/mastodon-2.0.17.tar";
sha256 = "1yg1fylz1dp7my8zfnscnvd1sdhjhi45xw10sqn3rmqmmrwd87d9";
};
packageRequires = [
persist
@ -4237,10 +4339,10 @@
elpaBuild {
pname = "orgit";
ename = "orgit";
version = "2.1.2";
version = "2.1.3";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/orgit-2.1.2.tar";
sha256 = "10cc70538mq89ypwcb22x4797qa38z60mw0h67xdf2zisdiw5c6z";
url = "https://elpa.nongnu.org/nongnu/orgit-2.1.3.tar";
sha256 = "1brwy6jx7jxb8jlkr8jq8hsdzmizqs41hkb3p14rmqqd0m5ddapl";
};
packageRequires = [
compat
@ -4486,10 +4588,10 @@
elpaBuild {
pname = "pg";
ename = "pg";
version = "0.65";
version = "0.67";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/pg-0.65.tar";
sha256 = "1gf93xsldhx105r5m03hiq3lzlzb3r5pjd3j99jl0gs3z8pmn8ic";
url = "https://elpa.nongnu.org/nongnu/pg-0.67.tar";
sha256 = "01q06yk011pn9pg9srilwy0k9nn8x5pl32k1mn9i54mbikf7ac5b";
};
packageRequires = [ peg ];
meta = {
@ -4910,10 +5012,10 @@
elpaBuild {
pname = "scad-mode";
ename = "scad-mode";
version = "98.0";
version = "99.0";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/scad-mode-98.0.tar";
sha256 = "0ksiz8rxxykm2lnc2lil1qndpl0lxcw8fa9nlh420xva9m3s9sda";
url = "https://elpa.nongnu.org/nongnu/scad-mode-99.0.tar";
sha256 = "1wdb7ri2716r4m22asj370c3mnjchcsnxjwbw3m13rgvkj2ax6j4";
};
packageRequires = [ compat ];
meta = {
@ -5048,6 +5150,28 @@
};
}
) { };
simple-httpd = callPackage (
{
compat,
elpaBuild,
fetchurl,
lib,
}:
elpaBuild {
pname = "simple-httpd";
ename = "simple-httpd";
version = "1.6";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/simple-httpd-1.6.tar";
sha256 = "08rkqid2c11dl0sm8795jzkiilj02kbq6xy56b3bh83pc09wfmay";
};
packageRequires = [ compat ];
meta = {
homepage = "https://elpa.nongnu.org/nongnu/simple-httpd.html";
license = lib.licenses.free;
};
}
) { };
slime = callPackage (
{
elpaBuild,
@ -5269,10 +5393,10 @@
elpaBuild {
pname = "subed";
ename = "subed";
version = "1.4.2";
version = "1.5.1";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/subed-1.4.2.tar";
sha256 = "0crpgxqk164z602iajhx7b0zxdjs5f9g8hv0q6n1vjrsby87pl1x";
url = "https://elpa.nongnu.org/nongnu/subed-1.5.1.tar";
sha256 = "0gk9r2dvmrxpz4gpypnnzjgph6xasn5f9i51cx1hnd9r5zim2qy3";
};
packageRequires = [ ];
meta = {
@ -5308,17 +5432,16 @@
elpaBuild,
fetchurl,
lib,
seq,
}:
elpaBuild {
pname = "swift-mode";
ename = "swift-mode";
version = "9.4.0";
version = "10.0.0";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/swift-mode-9.4.0.tar";
sha256 = "0zfwzz5n98svv1if9wwj37hraiw2in06ks7n3mnk1jjik54kmpxd";
url = "https://elpa.nongnu.org/nongnu/swift-mode-10.0.0.tar";
sha256 = "07wydsy8ihfmr1i4hya270f9v5dy9mfn6kzbmyj3kf9kx5grhybl";
};
packageRequires = [ seq ];
packageRequires = [ ];
meta = {
homepage = "https://elpa.nongnu.org/nongnu/swift-mode.html";
license = lib.licenses.free;
@ -5576,10 +5699,10 @@
elpaBuild {
pname = "tp";
ename = "tp";
version = "0.8";
version = "0.9";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/tp-0.8.tar";
sha256 = "1psa4sdia1vx3l2v1lklc8wy8nqbq6g83fyj46xii20rfm4db9hk";
url = "https://elpa.nongnu.org/nongnu/tp-0.9.tar";
sha256 = "0xaqynvw65l5dm3hxba6v8jrh2pvn6b2q0npsf9sdwryjg2zlk41";
};
packageRequires = [ transient ];
meta = {
@ -5872,10 +5995,10 @@
elpaBuild {
pname = "web-mode";
ename = "web-mode";
version = "17.3.23";
version = "17.3.24";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/web-mode-17.3.23.tar";
sha256 = "17l0lda5p8nf239b0x43w8fx9a87rmk9rk282983nqi4f57iyzb2";
url = "https://elpa.nongnu.org/nongnu/web-mode-17.3.24.tar";
sha256 = "129hz6h2ygmqhn3bbjxx2gpdnvh0gifc4xaipsjz0716rj1s0k81";
};
packageRequires = [ ];
meta = {
@ -5976,6 +6099,7 @@
with-editor = callPackage (
{
compat,
cond-let,
elpaBuild,
fetchurl,
lib,
@ -5983,12 +6107,15 @@
elpaBuild {
pname = "with-editor";
ename = "with-editor";
version = "3.4.9";
version = "3.5.1";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/with-editor-3.4.9.tar";
sha256 = "0bzwxy67x8yvs1qv2m5mzkcssk9r3dm1zvq2map6kpscqgc15gq8";
url = "https://elpa.nongnu.org/nongnu/with-editor-3.5.1.tar";
sha256 = "0p19n8kx9gkj87pr8rlac8b9vlrb57w7k5b62fx9dwx2m54dixh9";
};
packageRequires = [ compat ];
packageRequires = [
compat
cond-let
];
meta = {
homepage = "https://elpa.nongnu.org/nongnu/with-editor.html";
license = lib.licenses.free;
@ -6200,10 +6327,10 @@
elpaBuild {
pname = "zenburn-theme";
ename = "zenburn-theme";
version = "2.9.0";
version = "2.10.0";
src = fetchurl {
url = "https://elpa.nongnu.org/nongnu/zenburn-theme-2.9.0.tar";
sha256 = "0nldp5id0lkajnqpzw8agmpdjm0jfb70ma2wip06nh5zqcrrpg6s";
url = "https://elpa.nongnu.org/nongnu/zenburn-theme-2.10.0.tar";
sha256 = "0h1qd1xay2ci51y3vdq480afbx6hq40ywplsh76m85mr199pf751";
};
packageRequires = [ ];
meta = {

View file

@ -18,20 +18,20 @@ let
# update-script-start: urls
urls = {
x86_64-linux = {
url = "https://download.jetbrains.com/rustrover/RustRover-2026.1.2.tar.gz";
hash = "sha256-INIz7nGar/oHh+CHfz4jm5t9/ARPcMfpnOl99Z3kg3I=";
url = "https://download.jetbrains.com/rustrover/RustRover-2026.1.3.tar.gz";
hash = "sha256-0+v05zxvFqXV13c8oV9dTTwtO+shgywD75cwUiZAab0=";
};
aarch64-linux = {
url = "https://download.jetbrains.com/rustrover/RustRover-2026.1.2-aarch64.tar.gz";
hash = "sha256-PmCDYM8nqySQm6cpUJQ9PyzSkKOR6V3LuXnYpE0i7fU=";
url = "https://download.jetbrains.com/rustrover/RustRover-2026.1.3-aarch64.tar.gz";
hash = "sha256-SZ4OkWgAGeSafFo1ml5dv5tN5su+HgzbEhQ5GzPqGdo=";
};
x86_64-darwin = {
url = "https://download.jetbrains.com/rustrover/RustRover-2026.1.2.dmg";
hash = "sha256-HI2qt6wTddANqdRuKQ4X7mXQyBA4dJYz9ewfI2iAYfw=";
url = "https://download.jetbrains.com/rustrover/RustRover-2026.1.3.dmg";
hash = "sha256-JA++mbKvRTvjHEblbgmjBzbWbxcV7ss3+W9M6i6ePu0=";
};
aarch64-darwin = {
url = "https://download.jetbrains.com/rustrover/RustRover-2026.1.2-aarch64.dmg";
hash = "sha256-JMg/vs3aVeHmr6tiZZTggRGpH9O6lKlyeP8Ot4mm24w=";
url = "https://download.jetbrains.com/rustrover/RustRover-2026.1.3-aarch64.dmg";
hash = "sha256-ndipMTztrYeUdo4MfOHjJHk3liHutWmMj+J6G8xjtWA=";
};
};
# update-script-end: urls
@ -45,8 +45,8 @@ in
product = "RustRover";
# update-script-start: version
version = "2026.1.2";
buildNumber = "261.24374.182";
version = "2026.1.3";
buildNumber = "261.25134.134";
# update-script-end: version
src = fetchurl (urls.${system} or (throw "Unsupported system: ${system}"));

View file

@ -4,7 +4,11 @@ toNvimTreesitterGrammar() {
echo "Executing toNvimTreesitterGrammar"
mkdir -p "$out/parser"
ln -s "$origGrammar/parser" "$out/parser/$grammarName.so"
if [ -e "$origGrammar/parser.wasm" ]; then
ln -s "$origGrammar/parser.wasm" "$out/parser/$grammarName.wasm"
else
ln -s "$origGrammar/parser" "$out/parser/$grammarName.so"
fi
if [ "$installQueries" != 1 ]; then
echo "Installing queries is disabled: installQueries=$installQueries"

View file

@ -230,13 +230,11 @@ stdenv.mkDerivation (finalAttrs: {
"aarch64-linux"
"x86_64-linux"
];
# FIXME: gated behind allowAliases to workaround https://github.com/NixOS/nixpkgs/issues/523712
problems =
lib.optionalAttrs config.allowAliases {
removal.message = "We have removed Python 3.3 package support ahead of upstream schedule but if you do not use any old packages, this should just work.";
}
// lib.optionalAttrs (lib.versionOlder buildVersion "4205") {
broken.message = "Packages, including core ones, do not run without plug-in host depending on insecure OpenSSL.";
};
problems = {
removal.message = "We have removed Python 3.3 package support ahead of upstream schedule but if you do not use any old packages, this should just work.";
}
// lib.optionalAttrs (lib.versionOlder buildVersion "4205") {
broken.message = "Packages, including core ones, do not run without plug-in host depending on insecure OpenSSL.";
};
};
})

View file

@ -9,15 +9,15 @@
vimPlugins,
vimUtils,
makeWrapper,
pkgs,
perl,
}:
let
version = "0.0.27-unstable-2026-03-11";
version = "release-v0.1";
src = fetchFromGitHub {
owner = "yetone";
repo = "avante.nvim";
rev = "9a7793461549939f1d52b2b309a1aa44680170c8";
hash = "sha256-EEkAoufj29P46RIUrRNG0xJL9Wu4X7LZCS1fer4/nZQ=";
rev = "2033b42ab72fb9f27b35769f9cb7a9f4f1993db4";
hash = "sha256-Ql/17DSHpBVbihUHssyZe3MGC5fgasbjgxdABp8xk24=";
};
avante-nvim-lib = rustPlatform.buildRustPackage {
pname = "avante-nvim-lib";
@ -28,7 +28,7 @@ let
nativeBuildInputs = [
pkg-config
makeWrapper
pkgs.perl
perl
];
buildInputs = [
@ -66,15 +66,12 @@ vimUtils.buildVimPlugin {
ext = stdenv.hostPlatform.extensions.sharedLibrary;
in
''
mkdir -p $out/build
cp ${avante-nvim-lib}/lib/libavante_repo_map${ext} $out/build/avante_repo_map${ext}
cp ${avante-nvim-lib}/lib/libavante_templates${ext} $out/build/avante_templates${ext}
cp ${avante-nvim-lib}/lib/libavante_tokenizers${ext} $out/build/avante_tokenizers${ext}
cp ${avante-nvim-lib}/lib/libavante_html2md${ext} $out/build/avante_html2md${ext}
# Fixes PKCE auth flows not finding libcrypto
substituteInPlace "$out/lua/avante/auth/pkce.lua" \
--replace-fail 'pcall(ffi.load, "crypto")' 'pcall(ffi.load, "${lib.getLib openssl}/lib/libcrypto${ext}")'
# place dynamic shared libraries directly into lua/ for native C-module discovery
mkdir -p $out/lua
cp ${avante-nvim-lib}/lib/libavante_repo_map${ext} $out/lua/avante_repo_map${ext}
cp ${avante-nvim-lib}/lib/libavante_templates${ext} $out/lua/avante_templates${ext}
cp ${avante-nvim-lib}/lib/libavante_tokenizers${ext} $out/lua/avante_tokenizers${ext}
cp ${avante-nvim-lib}/lib/libavante_html2md${ext} $out/lua/avante_html2md${ext}
'';
passthru = {

View file

@ -21,26 +21,26 @@ vscode-utils.buildVscodeMarketplaceExtension (finalAttrs: {
sources = {
"x86_64-linux" = {
arch = "linux-x64";
hash = "sha256-bsb0OLDPKWnNnZ4tFedYFiFKmTih81oZnaV/BH4p6o4=";
hash = "sha256-t5vsIeDjsChMxZVUjjn01J0YDxSzpSAafhZa1JssE70=";
};
"aarch64-linux" = {
arch = "linux-arm64";
hash = "sha256-PZBjzxg/kQbCiosd79YFDor1MvBHAdk167PmNIA8ANw=";
hash = "sha256-gEe6jf9EgLnN+L6dzu/g9TarOnYZL20CeuBcJjDtcpI=";
};
"x86_64-darwin" = {
arch = "darwin-x64";
hash = "sha256-z4OekFyKQsbva5mlBPR6z8g6Is0fwL+xZg/fjKf42cI=";
hash = "sha256-Tq2RGqcziPwHV/kRyz+KSbMgKHyUNWky605QkbdwRn4=";
};
"aarch64-darwin" = {
arch = "darwin-arm64";
hash = "sha256-gLFoIhxXKunB6ftLEq5p+rfjs8QM5PTOXElu3OtbeIo=";
hash = "sha256-NSbcgKiIhFxozKIDy/rWXLgCk35w52LdH96UDSdyzck=";
};
};
in
{
name = "claude-code";
publisher = "anthropic";
version = "2.1.191";
version = "2.1.193";
}
// sources.${stdenvNoCC.hostPlatform.system}
or (throw "Unsupported system ${stdenvNoCC.hostPlatform.system}");

View file

@ -12,26 +12,26 @@ vscode-utils.buildVscodeMarketplaceExtension {
sources = {
"x86_64-linux" = {
arch = "linux-x64";
hash = "sha256-qXGdFXx8Vr9oVStBjaeWEsQjhQUbp9MnLUfJtyhgwkA=";
hash = "sha256-lhDt8XEF90y4pj8RLUZgfZNmHkV1XlmHsYuT6sGJMRc=";
};
"x86_64-darwin" = {
arch = "darwin-x64";
hash = "sha256-Bd3ool5Ep8I5iiTMUHF48r/sf3F1dROx6Umns0pDGzE=";
hash = "sha256-SqFRn5FVQ+LcpmYT7/AIdIKTOxbapaKvPi+I360dVW8=";
};
"aarch64-linux" = {
arch = "linux-arm64";
hash = "sha256-Jv2lrdvY0tthJM2fifUlCW/QBzEZAa8QDHj4o+a4KxY=";
hash = "sha256-iuYVCG4YWPFI8o4GmuNjkbXvzJsAre0gSSEWq6CUk2E=";
};
"aarch64-darwin" = {
arch = "darwin-arm64";
hash = "sha256-VooAoTyysIFH1AaidcoRs7fJpID0LbmWnLdivGZfdrM=";
hash = "sha256-wEp7kaEnkdBl44WjKuDBjR5SEjYNdgIX7DdJWKvv6I4=";
};
};
in
{
name = "ruff";
publisher = "charliermarsh";
version = "2026.48.0";
version = "2026.54.0";
}
// sources.${stdenvNoCC.hostPlatform.system}
or (throw "Unsupported system ${stdenvNoCC.hostPlatform.system}");

View file

@ -497,8 +497,8 @@ let
mktplcRef = {
publisher = "banacorn";
name = "agda-mode";
version = "0.8.0";
hash = "sha256-2xYC+tStBXTL4koqUOcyxQUTDTipeUMTFLbrwqA6p7Q=";
version = "0.10.0";
hash = "sha256-rz3Ehq/2AewE5ADYHVk8pHICSWO58i8v+nBwzkFkGCY=";
};
meta = {
changelog = "https://marketplace.visualstudio.com/items/banacorn.agda-mode/changelog";
@ -727,8 +727,8 @@ let
mktplcRef = {
name = "vscode-intelephense-client";
publisher = "bmewburn";
version = "1.18.4";
hash = "sha256-fGvQq8pGpDQc9q+uhouXNaWAHDGTl0cFla0qivhNaFQ=";
version = "1.18.5";
hash = "sha256-yLp7lBWjdH+KtBUlkjLWz5OmAvEQWJFIVCVsBt9BTeE=";
};
meta = {
description = "PHP code intelligence for Visual Studio Code";
@ -2031,8 +2031,8 @@ let
mktplcRef = {
name = "gleam";
publisher = "gleam";
version = "2.12.2";
hash = "sha256-41HgkDcgyStJtyeE0x1H9rFOZ18imcKF7XQixDOmurE=";
version = "2.13.0";
hash = "sha256-eCiBbdKMeXcRS4kyI2rH1iAT0CmQmo2SybeW+Y7FRio=";
};
meta = {
description = "Support for the Gleam programming language";

View file

@ -7,19 +7,19 @@
let
supported = {
x86_64-linux = {
hash = "sha256-8KZE2+kpzU7fRRBsroZtCnJyPyUHPuysZrggZojpG98=";
hash = "sha256-YLic8tKnb6WSx4rdwTu8B2ybfjoSbXc+QfEZ0Vc4umo=";
arch = "linux-x64";
};
x86_64-darwin = {
hash = "sha256-Zf/O2KRDlzCi4qWnmT5CctagjJoLiNgZfnh5+gQWRAA=";
hash = "sha256-nbftXgjEAxGfT4sfTjd+bp+Ti/rWJGHLkaSXQWlRGBM=";
arch = "darwin-x64";
};
aarch64-linux = {
hash = "sha256-zN49L+gLrLNL7XM3+POgBgSX64IMUYtNZ54+i8lpLqE=";
hash = "sha256-FG6OIoeeDenMbgwM/ZE8YyTySt/XcoFJj1RxvlrPsXc=";
arch = "linux-arm64";
};
aarch64-darwin = {
hash = "sha256-vTf86rNeS/97//1D2e1h5DpnAFb1cceIuF5XyCCq520=";
hash = "sha256-FW+pmz8YTw6pYxx1x3UsT3Dtp00GT804MJX4HBarMZo=";
arch = "darwin-arm64";
};
};
@ -34,7 +34,7 @@ vscode-utils.buildVscodeMarketplaceExtension {
mktplcRef = base // {
name = "tombi";
publisher = "tombi-toml";
version = "1.1.3";
version = "1.1.5";
};
meta = {
description = "TOML Language Server";

View file

@ -11,13 +11,13 @@
}:
mkLibretroCore {
core = "pcsx2";
version = "0-unstable-2026-06-01";
version = "0-unstable-2026-06-24";
src = fetchFromGitHub {
owner = "libretro";
repo = "ps2";
rev = "65e8afb9e9ca0a3f3af32d9b35d7d8537cd3cbc1";
hash = "sha256-H6lZLLO1+ir+vPchq3XGHKsepmYLbohQFvoA0+yiQo0=";
rev = "6d11ca54728b0c9e0a4bf3da743d56c7d29abb4e";
hash = "sha256-JE2EU/ugtXwEqYIzd0JSWXUy29X44hYHiC/LfaaOjkw=";
fetchSubmodules = true;
};

View file

@ -14,13 +14,13 @@
}:
mkLibretroCore {
core = "play";
version = "0-unstable-2026-06-06";
version = "0-unstable-2026-06-22";
src = fetchFromGitHub {
owner = "jpd002";
repo = "Play-";
rev = "ee1334610cb2181bd9a84e837ba3ea667ebdb16a";
hash = "sha256-oriF08elBRg8jTlPz1Qoc6SmKQPknkegJlOtcOV4RX8=";
rev = "1e4f393f3c52581cdec7867ddadc47f6b4d20cec";
hash = "sha256-a02AsJg7mm/fUBN/5IC2Q6NexLYsBYp74bfqfJosaxc=";
fetchSubmodules = true;
};

View file

@ -1,10 +1,10 @@
{
"chromium": {
"version": "149.0.7827.196",
"version": "149.0.7827.200",
"chromedriver": {
"version": "149.0.7827.197",
"hash_darwin": "sha256-tN7s6s/pbfAGRCMcoT3QWYHD8QRq2gcHfFSXoSG9V5Y=",
"hash_darwin_aarch64": "sha256-DZ8CZ4Obp67Zo2m4iyqUnShyhTK8+/75cJ/WmZZqQhE="
"version": "149.0.7827.201",
"hash_darwin": "sha256-MHCcid+7wdYm8uIdrUIlXrk8ADHNUUXzPyMPFGP98WY=",
"hash_darwin_aarch64": "sha256-Gwmdo9qNyV/BnCj18f0BFpNgDf28e8vjNF98e5/vVjQ="
},
"deps": {
"depot_tools": {
@ -21,8 +21,8 @@
"DEPS": {
"src": {
"url": "https://chromium.googlesource.com/chromium/src.git",
"rev": "43eb30368c6ca3d14d540487954abb2780aeae3a",
"hash": "sha256-pwSfASgR4SiQTJBERhOVyR8mANYJk67f+u2pmCCW6ko=",
"rev": "c35c164b1b6d1adca9eddf914ed6d0d0743dba6a",
"hash": "sha256-b2gBRUzRjqVZEb/tWUL1JF6Afq5gHJ3aOM02My1FyYU=",
"recompress": true
},
"src/third_party/clang-format/script": {
@ -823,7 +823,7 @@
}
},
"ungoogled-chromium": {
"version": "149.0.7827.196",
"version": "149.0.7827.200",
"deps": {
"depot_tools": {
"rev": "45dedc4c3b87c982fd846b3dc599b233ed3aff90",
@ -835,16 +835,16 @@
"hash": "sha256-oFs7fZAZEs/gQ7X1A4uigo9+Y+iEN9sMMQYwAjEuD04="
},
"ungoogled-patches": {
"rev": "149.0.7827.196-1",
"hash": "sha256-nRcMTP+su+mFP/JkyLBIDrG+dKYhvPANFw0Y8qVWzrA="
"rev": "149.0.7827.200-1",
"hash": "sha256-D7c1ToAoUzAMpXoe60YPimRqe6/LRe0T95TduXUeTFo="
},
"npmHash": "sha256-pF0JtwFpPC4/fodbhSJnQKkczA9WlDg4VqEAy9aDVLg="
},
"DEPS": {
"src": {
"url": "https://chromium.googlesource.com/chromium/src.git",
"rev": "43eb30368c6ca3d14d540487954abb2780aeae3a",
"hash": "sha256-pwSfASgR4SiQTJBERhOVyR8mANYJk67f+u2pmCCW6ko=",
"rev": "c35c164b1b6d1adca9eddf914ed6d0d0743dba6a",
"hash": "sha256-b2gBRUzRjqVZEb/tWUL1JF6Afq5gHJ3aOM02My1FyYU=",
"recompress": true
},
"src/third_party/clang-format/script": {

View file

@ -9,10 +9,10 @@
buildMozillaMach rec {
pname = "firefox";
version = "152.0.2";
version = "152.0.3";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "e4e54cffffcfd5751eac5817a7b74b0ef0aa43fc00ef29397cc9df9aa52572b2272b96e60373a70d712be4dc849170d8d5c1b449f3ea978b4ab28dee19056b03";
sha512 = "f0b63f4a0d4bb0080761f1a7ecb949696b4f805a33fef322ceef3b59a492e1403ea4b8cfbc7f5d4b70cf5b3c5a66ddcc988654fa77fd3021b65f452ca190bf63";
};
meta = {

View file

@ -54,13 +54,13 @@
"vendorHash": "sha256-sESuNlWNyjjGYb7z+tQF7RGBgicnPISuwXRzB+QJ7E4="
},
"aminueza_minio": {
"hash": "sha256-TLwOp7dSMjwOjlxEzYbFgw/S+Zkv+tCdknSjonmsRJo=",
"hash": "sha256-DfpZjIkjo5bEZ2BtHJoBLtjEDAD6ZiqpoCOMbmd1Jvo=",
"homepage": "https://registry.terraform.io/providers/aminueza/minio",
"owner": "aminueza",
"repo": "terraform-provider-minio",
"rev": "v3.38.0",
"rev": "v3.38.1",
"spdx": "AGPL-3.0",
"vendorHash": "sha256-BShrfr4EUvcpn0cLaohm1r5XqER4ba7bokHKuHxcW+g="
"vendorHash": "sha256-OLabFXYTe+Yhlf0Ja63tCcrc5mvPeXfN7yLoRZCkdvg="
},
"argoproj-labs_argocd": {
"hash": "sha256-c6+WY4oXL8evvPk/RzVrwtgq4XLB/LzAH5tpjErbE60=",
@ -200,13 +200,13 @@
"vendorHash": "sha256-b27UcoNuaX3PxNlJLdU9njCl5JymBQhxD6rq8yT3gi4="
},
"cloudamqp_cloudamqp": {
"hash": "sha256-LAQ5MVZe4OSIJb7X6gdx1lPmgAEKZIm/7lL/93NTP6I=",
"hash": "sha256-n78nZ01ley9ueYBZ7+bi0BLJ/RIc66HHjcmhFwDem3E=",
"homepage": "https://registry.terraform.io/providers/cloudamqp/cloudamqp",
"owner": "cloudamqp",
"repo": "terraform-provider-cloudamqp",
"rev": "v1.45.3",
"rev": "v1.46.0",
"spdx": "MPL-2.0",
"vendorHash": "sha256-59bhibkok4w7dLTf96jZGk2di6TpR6IAqp0i3xmtlyI="
"vendorHash": "sha256-rCWeetM6nhNb1I1PmB66E5K1ku9ODRqN87MU9y6W/dc="
},
"cloudflare_cloudflare": {
"hash": "sha256-y3GAU5wLLETSrmYqGZs2I0qg8jnGcu32Xt/UHGS1NTA=",
@ -373,11 +373,11 @@
"vendorHash": "sha256-RtS88NqkO1nG/8znM0sQqsAIfDc+sOMy8N4T4hmvaVA="
},
"e-breuninger_netbox": {
"hash": "sha256-e9244MaxEcmtYHT9zN4Nct2xpgBv8JOMe1VOW5y/2OQ=",
"hash": "sha256-rCDopABF6BDJo4sdwfy+GrU9EPAIldjddj+j7opf8FA=",
"homepage": "https://registry.terraform.io/providers/e-breuninger/netbox",
"owner": "e-breuninger",
"repo": "terraform-provider-netbox",
"rev": "v5.6.1",
"rev": "v5.6.2",
"spdx": "MPL-2.0",
"vendorHash": "sha256-WaeRXTqXakFTYMHio+VLIKS4kS5wHQdY5zdJYwrlVjE="
},
@ -508,13 +508,13 @@
"vendorHash": "sha256-ikBqIxD5aTOcwNHCMN6EaOwSHCAP5n/SULuqQXPLpOc="
},
"hashicorp_aws": {
"hash": "sha256-kWA/cpYQ8MynW/vxnj7Yys6lsFdRAmfC8N6bmEIOW70=",
"hash": "sha256-710i6mRyieTzltcaC23OXZm8mtqjyOc5Fk9fmcqkXY4=",
"homepage": "https://registry.terraform.io/providers/hashicorp/aws",
"owner": "hashicorp",
"repo": "terraform-provider-aws",
"rev": "v6.50.0",
"rev": "v6.52.0",
"spdx": "MPL-2.0",
"vendorHash": "sha256-Msl/Mn0GK3D+QyLnSFU3m9ux/ThkwDCDh85b0Yzpnjo="
"vendorHash": "sha256-COWHnLR6aRwcGJVo6IFvqQLwAYxFpqUGQbZVvEo/b/I="
},
"hashicorp_awscc": {
"hash": "sha256-ZQaBYZTsF68IjbRYa3Z7VRqKfaHCvOtMkJHsybJn+ec=",
@ -715,13 +715,13 @@
"vendorHash": null
},
"hetznercloud_hcloud": {
"hash": "sha256-yIzI1p4U8klNqqFqiMuKhVb8njoslJ+vDXFOv+9EmFw=",
"hash": "sha256-Clbg0LS5SYpaEyevbZ+oDG3xFXEWjV376JvStPi3MnU=",
"homepage": "https://registry.terraform.io/providers/hetznercloud/hcloud",
"owner": "hetznercloud",
"repo": "terraform-provider-hcloud",
"rev": "v1.64.0",
"rev": "v1.66.0",
"spdx": "MPL-2.0",
"vendorHash": "sha256-f49amYWzWSG9tzY6wvpxtTFiyJ8zC/Lc1hIQtzdgJRs="
"vendorHash": "sha256-6knIcS3hkzt3R1IC1hA6EKOceJl51/pJXpftEaZjgtY="
},
"huaweicloud_huaweicloud": {
"hash": "sha256-Ao3CkaQBe172Ookcgl+ugeHH5ClbyOsSpLb4+j9DAZQ=",
@ -1067,11 +1067,11 @@
"vendorHash": null
},
"ovh_ovh": {
"hash": "sha256-rNJ6ibD8VbvUopKYc6Ao6I7lJqTw6gw8A71YzW8OYJE=",
"hash": "sha256-JaZdCten+5mV8aKCRhkoifqP4EwNrytK25TLJl1eQjQ=",
"homepage": "https://registry.terraform.io/providers/ovh/ovh",
"owner": "ovh",
"repo": "terraform-provider-ovh",
"rev": "v2.14.0",
"rev": "v2.15.0",
"spdx": "MPL-2.0",
"vendorHash": null
},
@ -1319,11 +1319,11 @@
"vendorHash": "sha256-7ZoJg1HEVj5Nygr46lmBZeJDfZuU4F90yntrgkBVgGg="
},
"tencentcloudstack_tencentcloud": {
"hash": "sha256-nv+X3mptE51m7WwYzRqyvvrVR5tUikOYM06axtZIznk=",
"hash": "sha256-p8AW+AzezOP6N3wzlLZOMoTbSwb/cil7cmXkdwheXtE=",
"homepage": "https://registry.terraform.io/providers/tencentcloudstack/tencentcloud",
"owner": "tencentcloudstack",
"repo": "terraform-provider-tencentcloud",
"rev": "v1.83.2",
"rev": "v1.83.6",
"spdx": "MPL-2.0",
"vendorHash": null
},

View file

@ -108,6 +108,8 @@
obs-vnc = callPackage ./obs-vnc.nix { };
obs-wayland-hotkeys = qt6Packages.callPackage ./obs-wayland-hotkeys { };
obs-websocket = qt6Packages.callPackage ./obs-websocket.nix { }; # Websocket 4.x compatibility for OBS Studio 28+
pixel-art = callPackage ./pixel-art.nix { };

View file

@ -0,0 +1,41 @@
{
stdenv,
lib,
fetchFromGitHub,
cmake,
obs-studio,
pkg-config,
qtbase,
}:
stdenv.mkDerivation (finalAttr: {
pname = "obs-wayland-hotkeys";
version = "1.1.0";
src = fetchFromGitHub {
owner = "leia-uwu";
repo = "obs-wayland-hotkeys";
tag = "v${finalAttr.version}";
hash = "sha256-vOQfOEAnxn5vCaWpwDED1C107BB/d7T10kmKTXJ4k8k=";
};
nativeBuildInputs = [
cmake
pkg-config
];
buildInputs = [
obs-studio
qtbase
];
dontWrapQtApps = true;
meta = {
description = "OBS Studio plugin to integrate OBS hotkeys with the Wayland global shortcuts portal";
homepage = "https://github.com/leia-uwu/obs-wayland-hotkeys";
maintainers = with lib.maintainers; [ terrorw0lf ];
license = lib.licenses.gpl2;
platforms = lib.platforms.linux;
};
})

View file

@ -7,13 +7,13 @@
mkHyprlandPlugin (finalAttrs: {
pluginName = "hypr-darkwindow";
version = "0.55.2";
version = "0.55.4";
src = fetchFromGitHub {
owner = "micha4w";
repo = "Hypr-DarkWindow";
tag = "v${finalAttrs.version}";
hash = "sha256-8Ht9yhlwOtDWFvL6VYlryNxyRethFqc0iWtBetP0xws=";
hash = "sha256-By/4CmpJvVvcBoyTtelH7MSLCKRaoXLCpiSfrbZIePc=";
};
installPhase = ''

View file

@ -209,10 +209,7 @@ in
passthru = args.passthru or { } // {
inherit fetcherVersion;
serve = callPackage ./serve.nix {
inherit pnpm; # from args
pnpmDeps = finalAttrs.finalPackage;
};
serve = throw "fetchPnpmDeps: `serve` has been deprecated as it was removed in pnpm 11 and only had a niche use case."; # Added 2026-06-04
};
dontConfigure = true;

View file

@ -1,43 +0,0 @@
{
writeShellApplication,
pnpm,
pnpmDeps,
zstd,
lib,
}:
writeShellApplication {
name = "serve-pnpm-store";
runtimeInputs = [
pnpm
zstd
];
text = ''
storePath=$(mktemp -d)
clean() {
echo "Cleaning up temporary store at '$storePath'..."
rm -rf "$storePath"
}
echo "Copying pnpm store '${pnpmDeps}' to temporary store..."
tar --zstd -xf "${pnpmDeps}/pnpm-store.tar.zst" -C "$storePath"
chmod -R +w "$storePath"
echo "Run 'pnpm install --store-dir \"$storePath\"' to install packages from this store."
trap clean EXIT
pnpm server start \
--store-dir "$storePath"
'';
meta = {
broken = lib.versionAtLeast pnpm.version "11";
};
}

View file

@ -260,4 +260,6 @@
shellcheck = callPackage ./shellcheck/tester.nix { };
shfmt = callPackage ./shfmt { };
modularServiceCompliance = callPackage ./modular-service-compliance.nix { };
}

View file

@ -0,0 +1,251 @@
{
lib,
coreutils,
gnugrep,
writeShellScript,
writeShellApplication,
stdenvNoCC,
}:
/**
See https://nixos.org/manual/nixpkgs/unstable/#tester-modularServiceCompliance
or doc/build-helpers/testers.chapter.md
*/
{
evalConfig,
mkTest,
sharedDir,
namePrefix ? "modular-service-compliance",
}:
let
/**
A successful evaluation to be probed by evalTestDefs
*/
# Try use only few evalConfig calls for performance.
evalResult = evalConfig {
services = {
svc = {
process.argv = [ "${coreutils}/bin/true" ];
assertions = [
{
assertion = true;
message = "compliance test assertion";
}
];
warnings = [ "compliance test warning" ];
services.child = {
process.argv = [ "${coreutils}/bin/true" ];
assertions = [
{
assertion = true;
message = "compliance child assertion";
}
];
warnings = [ "compliance child warning" ];
};
};
};
};
evalTestDefs =
let
c = evalResult.config.svc;
in
{
testProcessArgv = {
expr = c.process.argv;
expected = [ "${coreutils}/bin/true" ];
};
testSubServiceArgv = {
expr = c.services.child.process.argv;
expected = [ "${coreutils}/bin/true" ];
};
testAssertions = {
expr = builtins.elem {
assertion = true;
message = "compliance test assertion";
} c.assertions;
expected = true;
};
testWarnings = {
expr = builtins.elem "compliance test warning" c.warnings;
expected = true;
};
testSubServiceAssertions = {
expr = builtins.elem {
assertion = true;
message = "compliance child assertion";
} c.services.child.assertions;
expected = true;
};
testSubServiceWarnings = {
expr = builtins.elem "compliance child warning" c.services.child.warnings;
expected = true;
};
# Separate eval for a failing assertion — checkDrv would fail here,
# so we only access config.
testFailingAssertionValue = {
expr = builtins.elem {
assertion = false;
message = "compliance failing assertion";
} failingEval.config.failing.assertions;
expected = true;
};
};
failingEval = evalConfig {
services = {
failing = {
process.argv = [ "${coreutils}/bin/true" ];
assertions = [
{
assertion = false;
message = "compliance failing assertion";
}
];
};
};
};
/**
A service script that records its received arguments, then sleeps forever.
The first argument is a service identifier used to namespace its comms
subdirectory; the remaining arguments are recorded as the service's args.
*/
svc = writeShellScript "${namePrefix}-svc" ''
id="$1"; shift
dir="${sharedDir}/$id"
mkdir -p "$dir"
echo "$$" > "$dir/pid"
printf '%s\n' "$@" > "$dir/args"
exec "${coreutils}/bin/sleep" infinity
'';
mkArgv =
id: extraArgs:
[
svc
id
]
++ extraArgs;
/**
Shell snippet: wait for a service to write its pid file, verify the
process is still alive, then check that each expected argument appears
in the recorded args file.
*/
waitAndCheck =
id: expectedArgs:
''
echo "waiting for ${id}..."
timeout=30; elapsed=0
while [ ! -f "${sharedDir}/${id}/pid" ] && [ "$elapsed" -lt "$timeout" ]; do
sleep 1; elapsed=$((elapsed + 1))
done
test -f "${sharedDir}/${id}/pid" || { echo "${id}: no pid file after ''${timeout}s"; exit 1; }
pid=$(cat "${sharedDir}/${id}/pid")
kill -0 "$pid" || { echo "${id}: pid $pid is not running"; exit 1; }
echo "${id}: started (pid $pid)"
''
+ lib.concatMapStrings (arg: ''
grep -qxF -- ${lib.escapeShellArg arg} "${sharedDir}/${id}/args" \
|| { echo "${id}: expected arg ${lib.escapeShellArg arg} not found"; cat "${sharedDir}/${id}/args"; exit 1; }
'') expectedArgs;
mkTestScript =
name: text:
lib.getExe (writeShellApplication {
name = "${namePrefix}-${name}";
runtimeInputs = [
coreutils
gnugrep
];
inherit text;
});
in
{
# Eval-level tests: config structure, evaluated in the integration's
# full context (one whole-system eval).
# TODO: generalize with
# - pkgs/test/buildenv.nix
# - pkgs/test/overriding.nix
eval = stdenvNoCC.mkDerivation (finalAttrs: {
__structuredAttrs = true;
name = "${namePrefix}-eval-report";
# Depend on the integration's representative derivation to prove that
# the system builds with these services.
representative = evalResult.checkDrv;
passthru = {
tests = evalTestDefs;
failures = lib.runTests finalAttrs.passthru.tests;
};
testResults = lib.mapAttrs (_: test: test.expr == test.expected) finalAttrs.passthru.tests;
buildCommand = ''
touch $out
for testName in "''${!testResults[@]}"; do
if [[ -n "''${testResults[$testName]}" ]]; then
echo "PASS $testName"
else
echo "FAIL $testName"
fi
done
''
+ lib.optionalString (lib.any (v: !v) (lib.attrValues finalAttrs.testResults)) ''
{
echo ""
echo "Eval-level compliance failures:"
for testName in "''${!testResults[@]}"; do
if [[ -z "''${testResults[$testName]}" ]]; then
echo "- $testName"
fi
done
echo ""
echo 'Inspect with: nix eval .#<path>.tests.''${testName}'
} >&2
exit 1
'';
});
# Integration tests: verify that services actually run.
basic-argv = mkTest {
name = "${namePrefix}-basic-argv";
services.test.process.argv = mkArgv "test" [
"--greeting"
"hello"
];
testExe = mkTestScript "basic-argv" (
waitAndCheck "test" [
"--greeting"
"hello"
]
);
};
sub-services = mkTest {
name = "${namePrefix}-sub-services";
services.a = {
process.argv = mkArgv "a" [ "--depth=0" ];
services.b = {
process.argv = mkArgv "b" [ "--depth=1" ];
services.c.process.argv = mkArgv "c" [ "--depth=2" ];
};
};
testExe = mkTestScript "sub-services" ''
${waitAndCheck "a" [ "--depth=0" ]}
${waitAndCheck "b" [ "--depth=1" ]}
${waitAndCheck "c" [ "--depth=2" ]}
'';
};
# See also the manual compliance items in doc/build-helpers/testers.chapter.md.
}

View file

@ -8,16 +8,16 @@
rustPlatform.buildRustPackage (finalAttrs: {
pname = "ab-av1";
version = "0.11.3";
version = "0.11.4";
src = fetchFromGitHub {
owner = "alexheretic";
repo = "ab-av1";
tag = "v${finalAttrs.version}";
hash = "sha256-lLZAECwF8V19Qx/FugbjLeVns7lhVlwWDTK9cdYb0xo=";
hash = "sha256-830STu0YfEhsYr4EU3ATF6kgH5J/tUEhm4b47VOwMEQ=";
};
cargoHash = "sha256-AONJz1BoDi6weHT7W9DmzwoPW5khfgYjDqLNl7OM5bY=";
cargoHash = "sha256-mKtP+QoG0MjbBB4kMLlioyxshlgVyhqLH4C5GKx9Hes=";
nativeBuildInputs = [ installShellFiles ];

View file

@ -6,13 +6,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "abcmidi";
version = "2026.06.06";
version = "2026.06.16";
src = fetchFromGitHub {
owner = "sshlien";
repo = "abcmidi";
tag = finalAttrs.version;
hash = "sha256-2XPtLjvj+gyXTOOvUWzAO0magnjF3CWC7ZDCCuYN6vE=";
hash = "sha256-GkCvIZSspqwV3Q0+GZh08pQt5RFgPTdJ4fS9OaV+jXs=";
};
# TODO: remove once https://github.com/sshlien/abcmidi/pull/15 merged

View file

@ -44,7 +44,7 @@ python3Packages.buildPythonApplication (finalAttrs: {
dependencies = with python3Packages; [
configobj
gpgme
gpg
notmuch2
python-magic
standard-mailcap

View file

@ -9,14 +9,14 @@
python3Packages.buildPythonApplication (finalAttrs: {
pname = "ansible-doctor";
version = "8.3.2";
version = "8.3.3";
pyproject = true;
src = fetchFromGitHub {
owner = "thegeeklab";
repo = "ansible-doctor";
tag = "v${finalAttrs.version}";
hash = "sha256-Asp26tGyzFPOCLESXe2Je4i+0u8OGX2GSaGy/cQC3AI=";
hash = "sha256-3xdMTuy6Rtb2VwfzN6SV73UZmp+9fmU9SfPySHCayJg=";
};
build-system = with python3Packages; [

View file

@ -4,8 +4,8 @@
fetchurl,
makeWrapper,
makeDesktopItem,
genericUpdater,
writeShellScript,
jq,
atk,
cairo,
gdk-pixbuf,
@ -164,24 +164,7 @@ stdenv.mkDerivation (finalAttrs: {
'';
passthru = {
updateScript = genericUpdater {
versionLister =
let
arch =
if system == "x86_64-linux" then
"amd64"
else if system == "aarch64-linux" then
"arm64"
else
throw "cannot update AnyDesk on ${system}";
in
writeShellScript "anydesk-versionLister" ''
curl -s https://anydesk.com/en/downloads/linux \
| grep "https://[a-z0-9._/-]*-${arch}.tar.gz" -o \
| uniq \
| sed 's,.*/anydesk-\(.*\)-${arch}.tar.gz,\1,g'
'';
};
updateScript = ./update.sh;
};
meta = {

View file

@ -1,5 +1,5 @@
{
"version": "8.0.2",
"x86_64-linux": "sha256-6noMPfe0x6kx/whyd66qcmk7WhEivx3xK5q58Se9Ij0=",
"aarch64-linux": "sha256-wfY+OCx9OyLCmiA29RjnYzcg/pApMIXWT5UrcdcyRYM="
"version": "8.0.3",
"x86_64-linux": "sha256-Mjl17hh5A/pwRAi7giL1SJYlQ61O0SXX+KeH8STZ4bs=",
"aarch64-linux": "sha256-MhAj5cy81uBMoNeFPvOyhBOlJzBgNRHXyCXrpdvF8nE="
}

View file

@ -0,0 +1,39 @@
#!/usr/bin/env -S nix shell nixpkgs#curl nixpkgs#jq nixpkgs#nix --command bash
set -euo pipefail
directory="$(dirname $0 | xargs realpath)"
new_version=$(
curl -s https://rpm.anydesk.com/rhel/x86_64/Packages/ \
| grep -oP 'anydesk_\K[0-9]+\.[0-9]+\.[0-9]+(?=-[0-9]+_x86_64\.rpm)' \
| sort -V \
| tail -1
)
old_version=$(jq -r '.version' "$directory/pin.json")
if [[ "$new_version" == "$old_version" ]]; then
echo "anydesk is already up to date ($old_version)"
exit 0
fi
echo "Updating anydesk: $old_version -> $new_version"
hash_amd64=$(nix hash to-sri --type sha256 \
"$(nix-prefetch-url --type sha256 \
"https://download.anydesk.com/linux/anydesk-${new_version}-amd64.tar.gz")")
hash_arm64=$(nix hash to-sri --type sha256 \
"$(nix-prefetch-url --type sha256 \
"https://download.anydesk.com/rpi/anydesk-${new_version}-arm64.tar.gz")")
cat > "$directory/pin.json" << EOF
{
"version": "$new_version",
"x86_64-linux": "$hash_amd64",
"aarch64-linux": "$hash_arm64"
}
EOF
cat "$directory/pin.json"

View file

@ -11,13 +11,13 @@
buildGoModule (finalAttrs: {
pname = "apko";
version = "1.2.17";
version = "1.2.19";
src = fetchFromGitHub {
owner = "chainguard-dev";
repo = "apko";
tag = "v${finalAttrs.version}";
hash = "sha256-6Z+1LpgvdRpcy2PmgSFeKHuMLh3jeA03KhfS2j2AhKQ=";
hash = "sha256-Iia0U/oibPuUYC3adeXvL5m4nhEPHqBvHw7J7Uxn88s=";
# populate values that require us to use git. By doing this in postFetch we
# can delete .git afterwards and maintain better reproducibility of the src.
leaveDotGit = true;
@ -29,7 +29,7 @@ buildGoModule (finalAttrs: {
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
};
vendorHash = "sha256-K2fqDAzex0EgrGPK5I4Bp5oqmIOnnuI1sztlySrX1Pc=";
vendorHash = "sha256-vYUxwtqGUDbJhbhlajPtlUZKD4TKreHEGR1dCSuSiA4=";
excludedPackages = [
"internal/gen-jsonschema"

View file

@ -14,16 +14,16 @@
buildGoModule (finalAttrs: {
pname = "aptly";
version = "1.6.2";
version = "1.6.3";
src = fetchFromGitHub {
owner = "aptly-dev";
repo = "aptly";
tag = "v${finalAttrs.version}";
hash = "sha256-Jkljg05C4GJ4F9l6mKAU4JCH8I0/bjzfb74X714z4UI=";
hash = "sha256-fjNN8EffY9G8YX/uME5ehs2zZj/YRA62y/muqigWSnE=";
};
vendorHash = "sha256-3pFVAVvIpJut2YYxvnCQbBpdwwmUbZIyrx0WoQrU+nQ=";
vendorHash = "sha256-QPYKdiEiV1iS3xJ3A66ILUXAlj0TGXuGf11wzdX3Z7Y=";
nativeBuildInputs = [
installShellFiles

View file

@ -7,14 +7,14 @@
python3Packages.buildPythonApplication (finalAttrs: {
pname = "asciimol";
version = "1.2.5";
version = "1.2.7";
pyproject = true;
__structuredAttrs = true;
src = fetchPypi {
inherit (finalAttrs) pname version;
hash = "sha256-sB8hHtjfCv5jFHXEoUG7zNn3d3QKihPLbgnR+Jyz4GQ=";
hash = "sha256-SqwViOnVx1TcpY8Kd5VQCg1A8KQnBhL8aq9Gsrwer3k=";
};
build-system = with python3Packages; [ setuptools ];

View file

@ -7,13 +7,13 @@
buildGoModule (finalAttrs: {
pname = "atlantis";
version = "0.44.0";
version = "0.44.1";
src = fetchFromGitHub {
owner = "runatlantis";
repo = "atlantis";
tag = "v${finalAttrs.version}";
hash = "sha256-ZHd/RSzFXbcZ7324Bbgtx681zwdHi5xYgqVlTR4glHY=";
hash = "sha256-CMMsW0VFUi5c2AsuvH5uxggzJ3wD1k24Zrk4tjlBczo=";
};
ldflags = [

View file

@ -9,13 +9,13 @@
buildGoModule (finalAttrs: {
pname = "atlas";
version = "1.2.2";
version = "1.2.3";
src = fetchFromGitHub {
owner = "ariga";
repo = "atlas";
tag = "v${finalAttrs.version}";
hash = "sha256-2wmmvNezi/AJ86r5m0rZOskqxfaT49870Pe615QycHg=";
hash = "sha256-Ox/EgTSz0ONEJqLyiJsvpgUNfHyV2rQYXrIAImDwrLo=";
};
modRoot = "cmd/atlas";

View file

@ -62,4 +62,8 @@ stdenv.mkDerivation (finalAttrs: {
runHook postInstall
'';
# (node:24500) Warning: File descriptor 19 closed but not opened in unmanaged mode
# (node:24500) Warning: File descriptor 19 opened in unmanaged mode twice
meta.broken = stdenv.hostPlatform.isDarwin;
})

View file

@ -7,16 +7,16 @@
}:
rustPlatform.buildRustPackage (finalAttrs: {
pname = "basalt";
version = "0.12.4";
version = "0.12.6";
src = fetchFromGitHub {
owner = "erikjuhani";
repo = "basalt";
tag = "basalt/v${finalAttrs.version}";
hash = "sha256-fijpPGPeF3f81WMWj1tIc0ht8hUIubAe19ja3iBNOh0=";
hash = "sha256-MlKrVxNU9PNakIA9hiv5ll7ImkPDekQnassWFO/smkE=";
};
cargoHash = "sha256-jY3EDM+jYwCsMpd5cA5WKzmhdS4rVCLz3h5gfshzhOQ=";
cargoHash = "sha256-sTU0AUwR5xdnqLvrRycxuMk+KNcsEcYU3XvyODKT1Ns=";
nativeInstallCheckInputs = [ versionCheckHook ];
doInstallCheck = true;

View file

@ -49,6 +49,8 @@ buildNpmPackage rec {
mv "$out/bin/pyright-langserver" "$out/bin/basedpyright-langserver"
# Remove dangling symlinks created during installation (remove -delete to just see the files, or -print '%l\n' to see the target
find -L $out -type l -print -delete
# Remove native module build artifacts that reference nodejs source
rm -rf "$out/lib/node_modules/pyright-root/node_modules/keytar/build"
'';
nativeInstallCheckInputs = [ versionCheckHook ];

View file

@ -14,31 +14,24 @@
buildNpmPackage (finalAttrs: {
pname = "bitwarden-cli";
version = "2026.5.0";
version = "2026.6.0";
src = fetchFromGitHub {
owner = "bitwarden";
repo = "clients";
tag = "cli-v${finalAttrs.version}";
hash = "sha256-R00wt5W4kKmFIODEaGoUqDwfGyHH/2PpiRaC8Gq3d88=";
hash = "sha256-JIIis3wW0cU33ovRQfJi3HlB2YdLZ5IPvueq1dGFbas=";
};
postPatch = ''
# remove code under unfree license
rm -r bitwarden_license
# Upstream cli-v2026.4.1 bumps @napi-rs/cli to 3.5.1 in the desktop workspace,
# but the root lockfile still points that entry at 3.2.0.
substituteInPlace package-lock.json \
--replace-fail \
$' "apps/desktop/node_modules/@napi-rs/cli": {\n "version": "3.2.0",\n "resolved": "https://registry.npmjs.org/@napi-rs/cli/-/cli-3.2.0.tgz",\n "integrity": "sha512-heyXt/9OBPv/WrTFW2+PxIMzH6MCeqP9ZsvOg0LN6pLngBnszcxFsdhCAh5I6sddzQsvru53zj59GUzvmpWk8Q==",' \
$' "apps/desktop/node_modules/@napi-rs/cli": {\n "version": "3.5.1",\n "resolved": "https://registry.npmjs.org/@napi-rs/cli/-/cli-3.5.1.tgz",\n "integrity": "sha512-XBfLQRDcB3qhu6bazdMJsecWW55kR85l5/k0af9BIBELXQSsCFU0fzug7PX8eQp6vVdm7W/U3z6uP5WmITB2Gw==",'
'';
nodejs = nodejs_22;
npmDepsFetcherVersion = 2;
npmDepsHash = "sha256-SU4HjfNshjRwa8mXPnmG2xVIwYkbQ7g8j3NZ43Ap76k=";
npmDepsHash = "sha256-sXFSjQw9iM5Ye03BX+ZzpDfeAyLTJoG/k46NiI3O8+A=";
nativeBuildInputs = lib.optionals stdenv.hostPlatform.isDarwin [
perl

View file

@ -10,16 +10,16 @@
buildGoModule (finalAttrs: {
pname = "buf";
version = "1.70.0";
version = "1.71.0";
src = fetchFromGitHub {
owner = "bufbuild";
repo = "buf";
tag = "v${finalAttrs.version}";
hash = "sha256-C06/5a4icjgI35ADQKvlZ6JmCCyW/9e0aF9VIpLCqn0=";
hash = "sha256-GrGtJzZoyyEoIyqc8iItH7/LhXNEuTKbDl+gdB/5bHw=";
};
vendorHash = "sha256-Vveg7rBno66IPinVs9RJtzVJdtAJE55QZfWA3WIXGDQ=";
vendorHash = "sha256-8FJtJ/mHldia6t5yIPUfCvOlsKJSzT/vVcF+WxRO1Mo=";
patches = [
# Skip a test that requires networking to be available to work.

View file

@ -7,13 +7,13 @@
buildGoModule (finalAttrs: {
pname = "buildkit";
version = "0.31.0";
version = "0.31.1";
src = fetchFromGitHub {
owner = "moby";
repo = "buildkit";
rev = "v${finalAttrs.version}";
hash = "sha256-mTYNyz2H980l7/Vcyf9wnEgmi2j6S63C9ZcwOaK/+YY=";
hash = "sha256-lpcbCPsnvwMULeZgo1eQ0AqlfsyOMO/7b3ZOCoVTDKk=";
};
vendorHash = null;

View file

@ -47,7 +47,7 @@ python3.pkgs.buildPythonApplication (finalAttrs: {
propagatedBuildInputs = with python3.pkgs; [
anytree
fuzzyfinder
gpgme
gpg
pygobject3
];

View file

@ -7,14 +7,14 @@
rustPlatform.buildRustPackage (finalAttrs: {
pname = "cargo-hack";
version = "0.6.44";
version = "0.6.45";
src = fetchCrate {
inherit (finalAttrs) pname version;
hash = "sha256-f45zkLoj4gZ7U+2B560lLEpYYrGyXjiaMd6XMEzF2NE=";
hash = "sha256-WehLSSE1g6mu8GNJQzyVeu80pqswE+SModgwOAP//bE=";
};
cargoHash = "sha256-dG5MTWPcBGnOBthF1V8jbcOLXSb/O34N8slpIXR+2c8=";
cargoHash = "sha256-YlM89NaI+9iDb4KiTYAhCJtN3G+j6q44xo79ZcyKr6M=";
# some necessary files are absent in the crate version
doCheck = false;

View file

@ -30,6 +30,7 @@ buildGoModule (finalAttrs: {
meta = {
description = "Skip YouTube sponsorships (and sometimes ads) on all local Google Cast devices";
homepage = "https://github.com/gabe565/CastSponsorSkip";
mainProgram = "castsponsorskip";
changelog = "https://github.com/gabe565/CastSponsorSkip/releases";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [

View file

@ -0,0 +1,107 @@
{
lib,
stdenv,
rustPlatform,
fetchFromGitHub,
fetchurl,
pkg-config,
apple-sdk_15,
libiconv,
versionCheckHook,
nix-update-script,
runCommand,
jq,
}:
let
# ccusage embeds the LiteLLM model-pricing table at build time. Its build
# script otherwise downloads this file from the network, which fails in the
# sandbox. Upstream pins the data via a flake input and points
# CCUSAGE_PRICING_JSON_PATH at it; mirror that exact revision here so the
# build is offline and reproducible (see package.nix + flake.lock in the
# upstream repo at tag v20.0.6). Bump this revision together with the package
# version; nix-update only refreshes the src and cargo hashes.
litellmPricing = fetchurl {
url = "https://raw.githubusercontent.com/BerriAI/litellm/f27df8d516802ce4c1b32973992154fe83b851cf/model_prices_and_context_window.json";
hash = "sha256-zJa6H2EwP9s+hMVs78Y+hwo4UX1dHRtvX5J3MdGh5aI=";
};
in
rustPlatform.buildRustPackage (finalAttrs: {
pname = "ccusage";
version = "20.0.6";
src = fetchFromGitHub {
owner = "ryoppippi";
repo = "ccusage";
tag = "v${finalAttrs.version}";
hash = "sha256-uf/FlPprxx4jh74YwjmYMtoIHpTkKrWTLetbNoYiFv4=";
};
# The Cargo workspace lives in rust/, not at the repo root.
cargoRoot = "rust";
buildAndTestSubdir = "rust";
cargoHash = "sha256-izA2Gs5nPmt0zn6/e1xM80vyyQHYKGEUDpUFRpyFiB8=";
__structuredAttrs = true;
strictDeps = true;
nativeBuildInputs = [ pkg-config ];
buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [
apple-sdk_15
libiconv
];
env.CCUSAGE_PRICING_JSON_PATH = "${litellmPricing}";
# Build only the ccusage binary out of the multi-crate workspace.
cargoBuildFlags = [
"-p"
"ccusage"
"--bin"
"ccusage"
];
# Upstream disables the test suite in its own Nix build; parts of it rely on
# network access and live pricing data. versionCheckHook still exercises the
# built binary below.
doCheck = false;
nativeInstallCheckInputs = [ versionCheckHook ];
doInstallCheck = true;
passthru = {
updateScript = nix-update-script { };
tests = {
# With no agent data on disk, ccusage must still emit a valid, empty JSON
# report. --offline keeps it from reaching the network, exercising the
# pricing table baked in at build time. This guards the data discovery,
# JSON serialization, and offline-pricing paths without needing fixtures.
smoke =
runCommand "ccusage-smoke-test"
{
nativeBuildInputs = [
finalAttrs.finalPackage
jq
];
}
''
export HOME="$(mktemp -d)"
ccusage daily --json --offline > report.json
jq -e '.daily == [] and .totals.totalTokens == 0' report.json
touch "$out"
'';
};
};
meta = {
description = "Analyze coding agent CLI token usage and costs from local data";
homepage = "https://github.com/ryoppippi/ccusage";
changelog = "https://github.com/ryoppippi/ccusage/releases/tag/v${finalAttrs.version}";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ thrix ];
mainProgram = "ccusage";
};
})

View file

@ -11,13 +11,13 @@
buildGoModule (finalAttrs: {
pname = "cilium-cli";
version = "0.19.4";
version = "0.19.5";
src = fetchFromGitHub {
owner = "cilium";
repo = "cilium-cli";
tag = "v${finalAttrs.version}";
hash = "sha256-DDNs9cJrurTA2yNrm0AJTfl7m6tiWwERmdgKzceiK9I=";
hash = "sha256-2MxIqKuuzSEzmhdmWqYxinHKzlP7io7Tw6Ini2Sl3wQ=";
};
nativeBuildInputs = [ installShellFiles ];

View file

@ -1,47 +1,47 @@
{
"version": "2.1.191",
"commit": "397db5e73d569118815b8037ca9ff2483a06bbfe",
"buildDate": "2026-06-24T11:32:23Z",
"version": "2.1.193",
"commit": "a1938d2a07a2e4fecbef4eeac813221929e97d22",
"buildDate": "2026-06-25T18:25:46Z",
"platforms": {
"darwin-arm64": {
"binary": "claude",
"checksum": "99fdfb552a5260e649aedd06c024d0a4105b09cefec0bf67d558e017ee66c400",
"size": 219856224
"checksum": "f7513a30385ad9019c237226fd6ec46508b3062ebefca8aedbe397d111a818ff",
"size": 222248240
},
"darwin-x64": {
"binary": "claude",
"checksum": "6e83aad5fc4fd459fd74539cda06d2279105eac2befc603d2fba6494974cb2a4",
"size": 229178416
"checksum": "cba5c3bdca8ab5f8e7590406702d418f6114d9b39f48f16876680e881abf1ee8",
"size": 230317808
},
"linux-arm64": {
"binary": "claude",
"checksum": "1a31a7cbcfd784f8c073bfc8a0a1583fb6e93e60ef70b76d7fcf663ffed8949b",
"size": 236305136
"checksum": "39454ce62e795eeb4871a81f6453cda96e926e2db9a4dd41d0ec1b60b0153448",
"size": 237419248
},
"linux-x64": {
"binary": "claude",
"checksum": "1038dba88bdf1b80941dc3e383e93b088325b00497329ac50da460c8786d5bee",
"size": 239438648
"checksum": "c9f04d929f18bd9a101f3897f27de4e1e0f15ebe8400d4aaf02983d73dd66b1d",
"size": 240556856
},
"linux-arm64-musl": {
"binary": "claude",
"checksum": "7e5d3ac86e28dbd224f84d9349372b74bed39ad6392408df63356fd8a810c96e",
"size": 229553336
"checksum": "658bbae05441c2d3792f9870a5001a1dfa7a62956abffc151aed7cae0adf9f7d",
"size": 230667448
},
"linux-x64-musl": {
"binary": "claude",
"checksum": "b80e0066fb208cbd50fe539ed9c03dadd24fcc058bb67774fd36a316bca396ad",
"size": 234123648
"checksum": "b37861314ace243d8425ebce503c657c5d9f76af361f9bd8ca3bd34b2e71474a",
"size": 235258240
},
"win32-x64": {
"binary": "claude.exe",
"checksum": "83397a6a029c7da663fb1ce27211e05174a3546d8b151e42451bf4590b8343d7",
"size": 230281888
"checksum": "ffea22269bf66ce778ce845ea0c15cb5b21d39be82601a065c3eca6f7368da3e",
"size": 231359136
},
"win32-arm64": {
"binary": "claude.exe",
"checksum": "ec8c342e835ee8891ef2c6d0eb9ac460f2d5e6a668788c8a03faa3451748c275",
"size": 224756384
"checksum": "0bea15edaf5791220c646f9066bda84397a73053d88f225c7622c7a2ab45ff59",
"size": 225839264
}
}
}

View file

@ -9,14 +9,14 @@
stdenv.mkDerivation (finalAttrs: {
pname = "clpeak";
version = "2.0.0";
version = "2.0.13";
src = fetchFromGitHub {
owner = "krrishnarraj";
repo = "clpeak";
tag = finalAttrs.version;
fetchSubmodules = true;
hash = "sha256-e6r9kGjSWnhgODKtIIjXBA63L9JGQFHIsacfH0IJAGo=";
hash = "sha256-tybt85jxoaWLUuZNFAla+2t0rLSanapc9w3lgez9uPI=";
};
nativeBuildInputs = [ cmake ];

View file

@ -6,18 +6,18 @@
buildGoModule (finalAttrs: {
pname = "cnspec";
version = "13.23.0";
version = "13.24.2";
src = fetchFromGitHub {
owner = "mondoohq";
repo = "cnspec";
tag = "v${finalAttrs.version}";
hash = "sha256-HXTbvd7VC9osmh2NREpdKpMZV2M5WOdc9uRTeDljzzQ=";
hash = "sha256-+po6fgqtNRKozQ/nampYOpLdzU+0Cz5b93kDzofLnHw=";
};
proxyVendor = true;
vendorHash = "sha256-QoiE4dvEB+eX8SrneRzQ3kFq6JBMzlpV2OVCkolZzIs=";
vendorHash = "sha256-AIhjFjXBEtukTaOnIATEzT3HrXTio3ayc/YovoRU7j8=";
subPackages = [ "apps/cnspec" ];

View file

@ -1,22 +1,22 @@
{
"version": "3.7.42",
"version": "3.9.8",
"vscodeVersion": "1.105.1",
"sources": {
"x86_64-linux": {
"url": "https://downloads.cursor.com/production/5702c9cfca656d8710fad58402fe37f14345e3ac/linux/x64/Cursor-3.7.42-x86_64.AppImage",
"hash": "sha256-o7c220esGj2qrLDt88zQ+XpAMbhJGoky5iNFB/qhvtU="
"url": "https://downloads.cursor.com/production/4aa8ff1b7877ed7bd01bcba308698f71a6735380/linux/x64/Cursor-3.9.8-x86_64.AppImage",
"hash": "sha256-xcyFowrW5yzIDCwbFGmpDRSNa3OUXsHwpLkbyNcSzqM="
},
"aarch64-linux": {
"url": "https://downloads.cursor.com/production/5702c9cfca656d8710fad58402fe37f14345e3ac/linux/arm64/Cursor-3.7.42-aarch64.AppImage",
"hash": "sha256-PjVgVemRY66zY/gXcgYCVzSwkC5aCJeMsNreceQzWI4="
"url": "https://downloads.cursor.com/production/4aa8ff1b7877ed7bd01bcba308698f71a6735380/linux/arm64/Cursor-3.9.8-aarch64.AppImage",
"hash": "sha256-ZhRMvfJkt8NZT45tYxfO2gBFaVw6hR2nVeRzmrxQfeE="
},
"x86_64-darwin": {
"url": "https://downloads.cursor.com/production/5702c9cfca656d8710fad58402fe37f14345e3ac/darwin/x64/Cursor-darwin-x64.dmg",
"hash": "sha256-AiS0Iswdp8DAZV6cFA7uIYSE24ystuqJRz0YGJkkmDE="
"url": "https://downloads.cursor.com/production/4aa8ff1b7877ed7bd01bcba308698f71a6735380/darwin/x64/Cursor-darwin-x64.dmg",
"hash": "sha256-IOQsZQAncDgZGEnCZWg/LQqD/PquFifBmuk2hnJ1L/s="
},
"aarch64-darwin": {
"url": "https://downloads.cursor.com/production/5702c9cfca656d8710fad58402fe37f14345e3ac/darwin/arm64/Cursor-darwin-arm64.dmg",
"hash": "sha256-e6VrLs/tj+FkEbUJN4RpQKNAbWCS/mEo1drVQFErXU0="
"url": "https://downloads.cursor.com/production/4aa8ff1b7877ed7bd01bcba308698f71a6735380/darwin/arm64/Cursor-darwin-arm64.dmg",
"hash": "sha256-GxpBKyx0Yo3e8AUS9Oxei/hHm1m3JdxMKjX7qAxUGm4="
}
}
}

View file

@ -0,0 +1,41 @@
{
lib,
stdenv,
fetchFromGitHub,
gnumake,
zlib,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "codebase-memory-mcp";
version = "0.8.1";
src = fetchFromGitHub {
owner = "DeusData";
repo = "codebase-memory-mcp";
rev = "v${finalAttrs.version}";
hash = "sha256-H0l8H2JhPT1Rs0p+CJC1a1qYtnZNgLGe6n7PmM+WvE4=";
};
nativeBuildInputs = [ gnumake ];
buildInputs = [ zlib ];
strictDeps = true;
__structuredAttrs = true;
# scripts/build.sh verifies CC via `file`, which fails on Nix's compiler wrapper.
# Call make directly — mirrors upstream flake.nix.
buildPhase = ''
runHook preBuild
make -j$NIX_BUILD_CORES -f Makefile.cbm cbm CFLAGS_EXTRA='-DCBM_VERSION=\"${finalAttrs.version}\"'
runHook postBuild
'';
installPhase = ''
runHook preInstall
install -Dm755 build/c/codebase-memory-mcp $out/bin/codebase-memory-mcp
runHook postInstall
'';
meta = {
homepage = "https://github.com/DeusData/codebase-memory-mcp";
description = "High-performance C11 MCP server that indexes codebases into a persistent knowledge graph";
mainProgram = "codebase-memory-mcp";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ gdifolco ];
platforms = lib.platforms.linux ++ lib.platforms.darwin;
};
})

View file

@ -15,21 +15,21 @@ let
channels = {
stable = {
version = "2.28.6";
version = "2.33.9";
hash = {
x86_64-linux = "sha256-OBnEOR6uNCzfsnWIQupSN9JMykNbrojrkb5lcPXL1W8=";
x86_64-darwin = "sha256-ixI5BPxq7spPk1Un6eYVke+IkhqoIxTqDTXo5FehaEk=";
aarch64-linux = "sha256-w+5PMff13nUp7jAYGSQlozShWqjsF+NLKQiquxD07wc=";
aarch64-darwin = "sha256-nrx0Z1NdzkeQbeWzwOhpATIYnCCucG5lKRoUaRVjiQE=";
x86_64-linux = "sha256-/X1/1xlPV/86MyAXv7MJU8YtEemRNYdasBP6lH586DM=";
x86_64-darwin = "sha256-9ns+EzDMgyo+zgfQ3867AhTQ1qENPjtHXCYWtmP00mU=";
aarch64-linux = "sha256-4hrV9va+c3VvQXIQ2j6CGZ19ZFCFDEsHhfZu/kQfhwA=";
aarch64-darwin = "sha256-5k15Rf09/n/eKvVD0VxDWWWgJK7U0DDNAf0p923BGLs=";
};
};
mainline = {
version = "2.29.1";
version = "2.34.3";
hash = {
x86_64-linux = "sha256-LxYADRdkiIsvHBaMy+MtJuUo8p5MLDKDL6pMtHaqokw=";
x86_64-darwin = "sha256-OwZpCTjEVzTu4M9jf0vOuTuiyn66qRc/pEO/DLD8pvg=";
aarch64-linux = "sha256-hNPimwzopC2Hj8i0I6KJAtvKXANACpmcN+onGvAaMvc=";
aarch64-darwin = "sha256-AuNFtvnG40Toll/hmEXeGuV6ZcxfuVuUTFqdtTLXRn8=";
x86_64-linux = "sha256-j7r5qupAsjkA11KJpdTIVtogWvSxz59nMKtTS92NMDk=";
x86_64-darwin = "sha256-MJJK0NeXHfd/ipmPUrdhrcCOArafYH3sq+MW7GiLVnY=";
aarch64-linux = "sha256-avDUA/3RLcoyt6QZ3CllvjNp8O65g+0CkAJjMOOVKLg=";
aarch64-darwin = "sha256-qCHsK0zOqJO/ECb9afaEwNia9R/AJMgtRpIFUfZeY1Y=";
};
};
};

View file

@ -100,7 +100,7 @@ maven.buildMavenPackage {
homepage = "https://github.com/Athou/commafeed";
license = lib.licenses.asl20;
mainProgram = "commafeed";
maintainers = [ ];
maintainers = with lib.maintainers; [ svrana ];
broken = stdenv.hostPlatform.isDarwin || stdenv.hostPlatform.isAarch64;
};
}

View file

@ -10,16 +10,16 @@
}:
rustPlatform.buildRustPackage (finalAttrs: {
pname = "concord-tui";
version = "2.2.2";
version = "2.2.7";
src = fetchFromGitHub {
owner = "chojs23";
repo = "concord";
tag = "v${finalAttrs.version}";
hash = "sha256-oKaP5ff19RYg73LsilD1Hxaz7nSr8QK/08jM1TylbWU=";
hash = "sha256-WSZsN1+ZhFWTHl9BvKERrr0lQj06N392Jo2nYjNm5QY=";
};
cargoHash = "sha256-jJkAXzmZAUHLIO2uVeR3KNTBYAnp31m49mk66/lKHHY=";
cargoHash = "sha256-LJnwO9507nLptKARCih58+wKrHzLGu+qQ/guf1oezX8=";
buildInputs = [
opus

View file

@ -1,17 +1,30 @@
From 0cfacb99db5940dabc385e7bc4534dfefa60fcfd Mon Sep 17 00:00:00 2001
From: fliiiix <hi@l33t.name>
Date: Thu, 25 Jun 2026 10:46:35 +0200
Subject: [PATCH] cpm
---
CMakeLists.txt | 4 ----
tests/CMakeLists.txt | 11 +----------
2 files changed, 1 insertion(+), 14 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7dbc2c3..cfdd98d 100644
index 51fade9b4..1b93bffd2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -11,7 +11,6 @@ project(Crow
@@ -60,10 +60,6 @@ option(CROW_ENABLE_SSL "Enable Crow's SSL feature for supporting https" OFF)
option(CROW_ENABLE_COMPRESSION "Enable Crow's Compression feature for supporting compressed http content" OFF)
option(CROW_ENABLE_TSAN "Enable ThreadSanitizer" OFF)
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
-include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/CPM.cmake)
# Make sure Findasio.cmake module is found
list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
-if(CROW_GENERATE_SBOM OR CROW_BUILD_TESTS)
- include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/CPM.cmake)
-endif ()
-
if(CROW_GENERATE_SBOM)
CPMAddPackage(
NAME cmake-sbom
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 67c458c..2873530 100644
index 80f6dd364..e01adeb2f 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -5,18 +5,9 @@ set(CMAKE_POLICY_DEFAULT_CMP0077 new)
@ -23,7 +36,7 @@ index 67c458c..2873530 100644
+find_package(Catch2 REQUIRED)
-CPMAddPackage(Catch2
- VERSION 3.10.0
- VERSION 3.12.0
- GITHUB_REPOSITORY catchorg/Catch2
- OPTIONS
- "CATCH_INSTALL_DOCS Off"
@ -34,3 +47,6 @@ index 67c458c..2873530 100644
enable_testing()
# list the test sources
--
2.43.0

View file

@ -10,13 +10,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "crow";
version = "1.3.0.0";
version = "1.3.2";
src = fetchFromGitHub {
owner = "CrowCpp";
repo = "Crow";
tag = "v${finalAttrs.version}";
hash = "sha256-QLYQ0RouqDDvhnBF79O/9M7IwlF0eQ3HTqR6bXWm574=";
hash = "sha256-MN2x1hgJ9TziZFPSZn6RuAEfl4mZv3ijU9LqQJkw6UM=";
};
patches = [

View file

@ -7,13 +7,13 @@
buildGoModule (finalAttrs: {
pname = "cruise";
version = "1.1.0";
version = "2.2.2";
src = fetchFromGitHub {
owner = "NucleoFusion";
repo = "cruise";
tag = "v${finalAttrs.version}";
hash = "sha256-0xIugbLlKlMODbMvsFzQXjKNNGY61tF4P/0loPlfs6o=";
hash = "sha256-AhLSzynNvtHK3URTd1034/2ToGcJUDp7rGMtr3kyees=";
};
vendorHash = "sha256-Zx1rZl5ljlsBNV1eQKPtQ+SgJV9l5rS8hwBe8nX9dYQ=";
@ -23,7 +23,7 @@ buildGoModule (finalAttrs: {
meta = {
description = "TUI for managing Docker containers, images, volumes, networks, and more";
homepage = "https://github.com/NucleoFusion/cruise";
license = lib.licenses.mit;
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ greatnatedev ];
mainProgram = "cruise";
platforms = lib.platforms.linux;

View file

@ -11,16 +11,16 @@
buildGo126Module (finalAttrs: {
pname = "crush";
version = "0.74.1";
version = "0.80.0";
src = fetchFromGitHub {
owner = "charmbracelet";
repo = "crush";
tag = "v${finalAttrs.version}";
hash = "sha256-JnELv8Q2GlOKhYbBRUDY8m8XuyyoD71Tw5qbnpbNxVY=";
hash = "sha256-joSzU5+gufb9cEsIOVVSnEO9+Xoy1g+gqzvmpbkIky8=";
};
vendorHash = "sha256-D2GJ3ORyJy5Dn0MZJWgB3Wv1FyDoAWqLI3W0yU1q5Lw=";
vendorHash = "sha256-cA39djwy7NOBeJELvrPSW2mRcyDEhsghPOzzQ9O180c=";
ldflags = [
"-s"

View file

@ -35,6 +35,13 @@ rustPlatform.buildRustPackage (finalAttrs: {
pname = "deno";
version = "2.8.3";
__structuredAttrs = true;
outputs = [
"out"
"denort"
];
src = fetchFromGitHub {
owner = "denoland";
repo = "deno";
@ -225,7 +232,9 @@ rustPlatform.buildRustPackage (finalAttrs: {
'';
postInstall = ''
# Remove non-essential binaries like denort and test_server
moveToOutput "bin/denort" "$denort"
# Remove non-essential binaries like test_server
find $out/bin/* -not -name "deno" -delete
# Do what `deno x --install-alias` would do (it doesn't work with Nix-packaged Deno)
@ -279,6 +288,7 @@ rustPlatform.buildRustPackage (finalAttrs: {
jk
ofalvai
mynacol
anish
];
maxSilent = 14400; # 4h, double the default of 7200s; sometimes needed for x86_64-darwin on hydra
platforms = [

View file

@ -7,13 +7,13 @@
}:
buildGoModule (finalAttrs: {
pname = "devbox";
version = "0.17.3";
version = "0.17.5";
src = fetchFromGitHub {
owner = "jetify-com";
repo = "devbox";
tag = finalAttrs.version;
hash = "sha256-nG/6qRhoCYUCxNXYHj7zyeOSaQBqguaIjEip9HVZbp8=";
hash = "sha256-m7FMUjKZZsmnjtnjPyyq0YUIjDQiyb5zBbpGiH4cdyw=";
};
ldflags = [

Some files were not shown because too many files have changed in this diff Show more