Merge master into staging-next

maintainers/maintainer-list.nix

@@ -10814,6 +10814,12 @@
     githubId = 1181362;
     name = "Stefan Junker";
   };
+  stevenroose = {
+    email = "github@stevenroose.org";
+    github = "stevenroose";
+    githubId = 853468;
+    name = "Steven Roose";
+  };
   stianlagstad = {
     email = "stianlagstad@gmail.com";
     github = "stianlagstad";

nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

@@ -150,6 +150,14 @@
           <link xlink:href="options.html#opt-services.owncast">services.owncast</link>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://joinpeertube.org/">PeerTube</link>,
+          developed by Framasoft, is the free and decentralized
+          alternative to video platforms. Available at
+          <link xlink:href="options.html#opt-services.peertube">services.peertube</link>.
+        </para>
+      </listitem>
       <listitem>
         <para>
           <link xlink:href="https://sr.ht">sourcehut</link>, a

nixos/doc/manual/release-notes/rl-2111.section.md

@@ -49,6 +49,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - [owncast](https://owncast.online/), self-hosted video live streaming solution. Available at [services.owncast](options.html#opt-services.owncast).
 
+- [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube).
+
 - [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable).
 
 - [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable).

nixos/modules/module-list.nix

@@ -999,6 +999,7 @@
   ./services/web-apps/nexus.nix
   ./services/web-apps/node-red.nix
   ./services/web-apps/pict-rs.nix
+  ./services/web-apps/peertube.nix
   ./services/web-apps/plantuml-server.nix
   ./services/web-apps/plausible.nix
   ./services/web-apps/pgpkeyserver-lite.nix

nixos/modules/services/web-apps/peertube.nix

@@ -0,0 +1,447 @@
+{ lib, pkgs, config, ... }:
+
+let
+  cfg = config.services.peertube;
+
+  settingsFormat = pkgs.formats.json {};
+  configFile = settingsFormat.generate "production.json" cfg.settings;
+
+  env = {
+    NODE_CONFIG_DIR = "/var/lib/peertube/config";
+    NODE_ENV = "production";
+    NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt";
+    NPM_CONFIG_PREFIX = cfg.package;
+    HOME = cfg.package;
+  };
+
+  systemCallsList = [ "@cpu-emulation" "@debug" "@keyring" "@ipc" "@memlock" "@mount" "@obsolete" "@privileged" "@setuid" ];
+
+  cfgService = {
+    # Proc filesystem
+    ProcSubset = "pid";
+    ProtectProc = "invisible";
+    # Access write directories
+    UMask = "0027";
+    # Capabilities
+    CapabilityBoundingSet = "";
+    # Security
+    NoNewPrivileges = true;
+    # Sandboxing
+    ProtectSystem = "strict";
+    ProtectHome = true;
+    PrivateTmp = true;
+    PrivateDevices = true;
+    PrivateUsers = true;
+    ProtectClock = true;
+    ProtectHostname = true;
+    ProtectKernelLogs = true;
+    ProtectKernelModules = true;
+    ProtectKernelTunables = true;
+    ProtectControlGroups = true;
+    RestrictNamespaces = true;
+    LockPersonality = true;
+    RestrictRealtime = true;
+    RestrictSUIDSGID = true;
+    RemoveIPC = true;
+    PrivateMounts = true;
+    # System Call Filtering
+    SystemCallArchitectures = "native";
+  };
+
+  envFile = pkgs.writeText "peertube.env" (lib.concatMapStrings (s: s + "\n") (
+    (lib.concatLists (lib.mapAttrsToList (name: value:
+      if value != null then [
+        "${name}=\"${toString value}\""
+      ] else []
+    ) env))));
+
+  peertubeEnv = pkgs.writeShellScriptBin "peertube-env" ''
+    set -a
+    source "${envFile}"
+    eval -- "\$@"
+  '';
+
+  peertubeCli = pkgs.writeShellScriptBin "peertube" ''
+    node ~/dist/server/tools/peertube.js $@
+  '';
+
+in {
+  options.services.peertube = {
+    enable = lib.mkEnableOption "Enable Peertube’s service";
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "peertube";
+      description = "User account under which Peertube runs.";
+    };
+
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = "peertube";
+      description = "Group under which Peertube runs.";
+    };
+
+    localDomain = lib.mkOption {
+      type = lib.types.str;
+      example = "peertube.example.com";
+      description = "The domain serving your PeerTube instance.";
+    };
+
+    listenHttp = lib.mkOption {
+      type = lib.types.int;
+      default = 9000;
+      description = "listen port for HTTP server.";
+    };
+
+    listenWeb = lib.mkOption {
+      type = lib.types.int;
+      default = 9000;
+      description = "listen port for WEB server.";
+    };
+
+    enableWebHttps = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable or disable HTTPS protocol.";
+    };
+
+    dataDirs = lib.mkOption {
+      type = lib.types.listOf lib.types.path;
+      default = [ ];
+      example = [ "/opt/peertube/storage" "/var/cache/peertube" ];
+      description = "Allow access to custom data locations.";
+    };
+
+    serviceEnvironmentFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      example = "/run/keys/peertube/password-init-root";
+      description = ''
+        Set environment variables for the service. Mainly useful for setting the initial root password.
+        For example write to file:
+        PT_INITIAL_ROOT_PASSWORD=changeme
+      '';
+    };
+
+    settings = lib.mkOption {
+      type = settingsFormat.type;
+      example = lib.literalExpression ''
+        {
+          listen = {
+            hostname = "0.0.0.0";
+          };
+          log = {
+            level = "debug";
+          };
+          storage = {
+            tmp = "/opt/data/peertube/storage/tmp/";
+            logs = "/opt/data/peertube/storage/logs/";
+            cache = "/opt/data/peertube/storage/cache/";
+          };
+        }
+      '';
+      description = "Configuration for peertube.";
+    };
+
+    database = {
+      createLocally = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Configure local PostgreSQL database server for PeerTube.";
+      };
+
+      host = lib.mkOption {
+        type = lib.types.str;
+        default = if cfg.database.createLocally then "/run/postgresql" else null;
+        example = "192.168.15.47";
+        description = "Database host address or unix socket.";
+      };
+
+      port = lib.mkOption {
+        type = lib.types.int;
+        default = 5432;
+        description = "Database host port.";
+      };
+
+      name = lib.mkOption {
+        type = lib.types.str;
+        default = "peertube";
+        description = "Database name.";
+      };
+
+      user = lib.mkOption {
+        type = lib.types.str;
+        default = "peertube";
+        description = "Database user.";
+      };
+
+      passwordFile = lib.mkOption {
+        type = lib.types.nullOr lib.types.path;
+        default = null;
+        example = "/run/keys/peertube/password-posgressql-db";
+        description = "Password for PostgreSQL database.";
+      };
+    };
+
+    redis = {
+      createLocally = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Configure local Redis server for PeerTube.";
+      };
+
+      host = lib.mkOption {
+        type = lib.types.nullOr lib.types.str;
+        default = if cfg.redis.createLocally && !cfg.redis.enableUnixSocket then "127.0.0.1" else null;
+        description = "Redis host.";
+      };
+
+      port = lib.mkOption {
+        type = lib.types.nullOr lib.types.port;
+        default = if cfg.redis.createLocally && cfg.redis.enableUnixSocket then null else 6379;
+        description = "Redis port.";
+      };
+
+      passwordFile = lib.mkOption {
+        type = lib.types.nullOr lib.types.path;
+        default = null;
+        example = "/run/keys/peertube/password-redis-db";
+        description = "Password for redis database.";
+      };
+
+      enableUnixSocket = lib.mkOption {
+        type = lib.types.bool;
+        default = cfg.redis.createLocally;
+        description = "Use Unix socket.";
+      };
+    };
+
+    smtp = {
+      createLocally = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Configure local Postfix SMTP server for PeerTube.";
+      };
+
+      passwordFile = lib.mkOption {
+        type = lib.types.nullOr lib.types.path;
+        default = null;
+        example = "/run/keys/peertube/password-smtp";
+        description = "Password for smtp server.";
+      };
+    };
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.peertube;
+      description = "Peertube package to use.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      { assertion = cfg.serviceEnvironmentFile == null || !lib.hasPrefix builtins.storeDir cfg.serviceEnvironmentFile;
+          message = ''
+            <option>services.peertube.serviceEnvironmentFile</option> points to
+            a file in the Nix store. You should use a quoted absolute path to
+            prevent this.
+          '';
+      }
+      { assertion = !(cfg.redis.enableUnixSocket && (cfg.redis.host != null || cfg.redis.port != null));
+          message = ''
+            <option>services.peertube.redis.createLocally</option> and redis network connection (<option>services.peertube.redis.host</option> or <option>services.peertube.redis.port</option>) enabled. Disable either of them.
+        '';
+      }
+      { assertion = cfg.redis.enableUnixSocket || (cfg.redis.host != null && cfg.redis.port != null);
+          message = ''
+            <option>services.peertube.redis.host</option> and <option>services.peertube.redis.port</option> needs to be set if <option>services.peertube.redis.enableUnixSocket</option> is not enabled.
+        '';
+      }
+      { assertion = cfg.redis.passwordFile == null || !lib.hasPrefix builtins.storeDir cfg.redis.passwordFile;
+          message = ''
+            <option>services.peertube.redis.passwordFile</option> points to
+            a file in the Nix store. You should use a quoted absolute path to
+            prevent this.
+          '';
+      }
+      { assertion = cfg.database.passwordFile == null || !lib.hasPrefix builtins.storeDir cfg.database.passwordFile;
+          message = ''
+            <option>services.peertube.database.passwordFile</option> points to
+            a file in the Nix store. You should use a quoted absolute path to
+            prevent this.
+          '';
+      }
+      { assertion = cfg.smtp.passwordFile == null || !lib.hasPrefix builtins.storeDir cfg.smtp.passwordFile;
+          message = ''
+            <option>services.peertube.smtp.passwordFile</option> points to
+            a file in the Nix store. You should use a quoted absolute path to
+            prevent this.
+          '';
+      }
+    ];
+
+    services.peertube.settings = lib.mkMerge [
+      {
+        listen = {
+          port = cfg.listenHttp;
+        };
+        webserver = {
+          https = (if cfg.enableWebHttps then true else false);
+          hostname = "${cfg.localDomain}";
+          port = cfg.listenWeb;
+        };
+        database = {
+          hostname = "${cfg.database.host}";
+          port = cfg.database.port;
+          name = "${cfg.database.name}";
+          username = "${cfg.database.user}";
+        };
+        redis = {
+          hostname = "${toString cfg.redis.host}";
+          port = (if cfg.redis.port == null then "" else cfg.redis.port);
+        };
+        storage = {
+          tmp = lib.mkDefault "/var/lib/peertube/storage/tmp/";
+          avatars = lib.mkDefault "/var/lib/peertube/storage/avatars/";
+          videos = lib.mkDefault "/var/lib/peertube/storage/videos/";
+          streaming_playlists = lib.mkDefault "/var/lib/peertube/storage/streaming-playlists/";
+          redundancy = lib.mkDefault "/var/lib/peertube/storage/redundancy/";
+          logs = lib.mkDefault "/var/lib/peertube/storage/logs/";
+          previews = lib.mkDefault "/var/lib/peertube/storage/previews/";
+          thumbnails = lib.mkDefault "/var/lib/peertube/storage/thumbnails/";
+          torrents = lib.mkDefault "/var/lib/peertube/storage/torrents/";
+          captions = lib.mkDefault "/var/lib/peertube/storage/captions/";
+          cache = lib.mkDefault "/var/lib/peertube/storage/cache/";
+          plugins = lib.mkDefault "/var/lib/peertube/storage/plugins/";
+          client_overrides = lib.mkDefault "/var/lib/peertube/storage/client-overrides/";
+        };
+      }
+      (lib.mkIf cfg.redis.enableUnixSocket { redis = { socket = "/run/redis/redis.sock"; }; })
+    ];
+
+    systemd.tmpfiles.rules = [
+      "d '/var/lib/peertube/config' 0700 ${cfg.user} ${cfg.group} - -"
+      "z '/var/lib/peertube/config' 0700 ${cfg.user} ${cfg.group} - -"
+    ];
+
+    systemd.services.peertube-init-db = lib.mkIf cfg.database.createLocally {
+      description = "Initialization database for PeerTube daemon";
+      after = [ "network.target" "postgresql.service" ];
+      wantedBy = [ "multi-user.target" ];
+
+      script = let
+        psqlSetupCommands = pkgs.writeText "peertube-init.sql" ''
+          SELECT 'CREATE USER "${cfg.database.user}"' WHERE NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${cfg.database.user}')\gexec
+          SELECT 'CREATE DATABASE "${cfg.database.name}" OWNER "${cfg.database.user}" TEMPLATE template0 ENCODING UTF8' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${cfg.database.name}')\gexec
+          \c '${cfg.database.name}'
+          CREATE EXTENSION IF NOT EXISTS pg_trgm;
+          CREATE EXTENSION IF NOT EXISTS unaccent;
+        '';
+      in "${config.services.postgresql.package}/bin/psql -f ${psqlSetupCommands}";
+
+      serviceConfig = {
+        Type = "oneshot";
+        WorkingDirectory = cfg.package;
+        # User and group
+        User = "postgres";
+        Group = "postgres";
+        # Sandboxing
+        RestrictAddressFamilies = [ "AF_UNIX" ];
+        MemoryDenyWriteExecute = true;
+        # System Call Filtering
+        SystemCallFilter = "~" + lib.concatStringsSep " " (systemCallsList ++ [ "@resources" ]);
+      } // cfgService;
+    };
+
+    systemd.services.peertube = {
+      description = "PeerTube daemon";
+      after = [ "network.target" ]
+        ++ lib.optionals cfg.redis.createLocally [ "redis.service" ]
+        ++ lib.optionals cfg.database.createLocally [ "postgresql.service" "peertube-init-db.service" ];
+      wantedBy = [ "multi-user.target" ];
+
+      environment = env;
+
+      path = with pkgs; [ bashInteractive ffmpeg nodejs-16_x openssl yarn youtube-dl ];
+
+      script = ''
+        #!/bin/sh
+        umask 077
+        cat > /var/lib/peertube/config/local.yaml <<EOF
+        ${lib.optionalString ((!cfg.database.createLocally) && (cfg.database.passwordFile != null)) ''
+        database:
+          password: '$(cat ${cfg.database.passwordFile})'
+        ''}
+        ${lib.optionalString (cfg.redis.passwordFile != null) ''
+        redis:
+          auth: '$(cat ${cfg.redis.passwordFile})'
+        ''}
+        ${lib.optionalString (cfg.smtp.passwordFile != null) ''
+        smtp:
+          password: '$(cat ${cfg.smtp.passwordFile})'
+        ''}
+        EOF
+        ln -sf ${cfg.package}/config/default.yaml /var/lib/peertube/config/default.yaml
+        ln -sf ${configFile} /var/lib/peertube/config/production.json
+        npm start
+      '';
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+        RestartSec = 20;
+        TimeoutSec = 60;
+        WorkingDirectory = cfg.package;
+        # User and group
+        User = cfg.user;
+        Group = cfg.group;
+        # State directory and mode
+        StateDirectory = "peertube";
+        StateDirectoryMode = "0750";
+        # Access write directories
+        ReadWritePaths = cfg.dataDirs;
+        # Environment
+        EnvironmentFile = cfg.serviceEnvironmentFile;
+        # Sandboxing
+        RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ];
+        MemoryDenyWriteExecute = false;
+        # System Call Filtering
+        SystemCallFilter = [ ("~" + lib.concatStringsSep " " systemCallsList) "pipe" "pipe2" ];
+      } // cfgService;
+    };
+
+    services.postgresql = lib.mkIf cfg.database.createLocally {
+      enable = true;
+    };
+
+    services.redis = lib.mkMerge [
+      (lib.mkIf cfg.redis.createLocally {
+        enable = true;
+      })
+      (lib.mkIf (cfg.redis.createLocally && cfg.redis.enableUnixSocket) {
+        unixSocket = "/run/redis/redis.sock";
+        unixSocketPerm = 770;
+      })
+    ];
+
+    services.postfix = lib.mkIf cfg.smtp.createLocally {
+      enable = true;
+      hostname = lib.mkDefault "${cfg.localDomain}";
+    };
+
+    users.users = lib.mkMerge [
+      (lib.mkIf (cfg.user == "peertube") {
+        peertube = {
+          isSystemUser = true;
+          group = cfg.group;
+          home = cfg.package;
+        };
+      })
+      (lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package peertubeEnv peertubeCli pkgs.ffmpeg pkgs.nodejs-16_x pkgs.yarn ])
+      (lib.mkIf cfg.redis.enableUnixSocket {${config.services.peertube.user}.extraGroups = [ "redis" ];})
+    ];
+
+    users.groups = lib.optionalAttrs (cfg.group == "peertube") {
+      peertube = { };
+    };
+  };
+}

nixos/tests/all-tests.nix

@@ -344,6 +344,7 @@ in
   parsedmarc = handleTest ./parsedmarc {};
   pdns-recursor = handleTest ./pdns-recursor.nix {};
   peerflix = handleTest ./peerflix.nix {};
+  peertube = handleTestOn ["x86_64-linux"] ./web-apps/peertube.nix {};
   pgjwt = handleTest ./pgjwt.nix {};
   pgmanage = handleTest ./pgmanage.nix {};
   php = handleTest ./php {};

nixos/tests/web-apps/peertube.nix

@@ -0,0 +1,127 @@
+import ../make-test-python.nix ({pkgs, ...}:
+{
+  name = "peertube";
+  meta.maintainers = with pkgs.lib.maintainers; [ izorkin ];
+
+  nodes = {
+    database = {
+      networking = {
+       interfaces.eth1 = {
+          ipv4.addresses = [
+            { address = "192.168.2.10"; prefixLength = 24; }
+          ];
+        };
+        firewall.allowedTCPPorts = [ 5432 6379 ];
+      };
+
+      services.postgresql = {
+        enable = true;
+        enableTCPIP = true;
+        authentication = ''
+          hostnossl peertube_local peertube_test 192.168.2.11/32 md5
+        '';
+        initialScript = pkgs.writeText "postgresql_init.sql" ''
+          CREATE ROLE peertube_test LOGIN PASSWORD '0gUN0C1mgST6czvjZ8T9';
+          CREATE DATABASE peertube_local TEMPLATE template0 ENCODING UTF8;
+          GRANT ALL PRIVILEGES ON DATABASE peertube_local TO peertube_test;
+          \connect peertube_local
+          CREATE EXTENSION IF NOT EXISTS pg_trgm;
+          CREATE EXTENSION IF NOT EXISTS unaccent;
+        '';
+      };
+
+      services.redis = {
+        enable = true;
+        bind = "0.0.0.0";
+        requirePass = "turrQfaQwnanGbcsdhxy";
+      };
+    };
+
+    server = { pkgs, ... }: {
+      environment = {
+        etc = {
+          "peertube/password-posgressql-db".text = ''
+            0gUN0C1mgST6czvjZ8T9
+          '';
+          "peertube/password-redis-db".text = ''
+            turrQfaQwnanGbcsdhxy
+          '';
+        };
+      };
+
+      networking = {
+        interfaces.eth1 = {
+          ipv4.addresses = [
+            { address = "192.168.2.11"; prefixLength = 24; }
+          ];
+        };
+        extraHosts = ''
+          192.168.2.11 peertube.local
+        '';
+        firewall.allowedTCPPorts = [ 9000 ];
+      };
+
+      services.peertube = {
+        enable = true;
+        localDomain = "peertube.local";
+        enableWebHttps = false;
+
+        database = {
+          host = "192.168.2.10";
+          name = "peertube_local";
+          user = "peertube_test";
+          passwordFile = "/etc/peertube/password-posgressql-db";
+        };
+
+        redis = {
+          host = "192.168.2.10";
+          passwordFile = "/etc/peertube/password-redis-db";
+        };
+
+        settings = {
+          listen = {
+            hostname = "0.0.0.0";
+          };
+          instance = {
+            name = "PeerTube Test Server";
+          };
+        };
+      };
+    };
+
+    client = {
+      environment.systemPackages = [ pkgs.jq ];
+      networking = {
+       interfaces.eth1 = {
+          ipv4.addresses = [
+            { address = "192.168.2.12"; prefixLength = 24; }
+          ];
+        };
+        extraHosts = ''
+          192.168.2.11 peertube.local
+        '';
+      };
+    };
+
+  };
+
+  testScript = ''
+    start_all()
+
+    database.wait_for_unit("postgresql.service")
+    database.wait_for_unit("redis.service")
+
+    database.wait_for_open_port(5432)
+    database.wait_for_open_port(6379)
+
+    server.wait_for_unit("peertube.service")
+    server.wait_for_open_port(9000)
+
+    # Check if PeerTube is running
+    client.succeed("curl --fail http://peertube.local:9000/api/v1/config/about | jq -r '.instance.name' | grep 'PeerTube\ Test\ Server'")
+
+    client.shutdown()
+    server.shutdown()
+    database.shutdown()
+  '';
+})

pkgs/applications/networking/p2p/storrent/default.nix

@@ -0,0 +1,22 @@
+{ lib, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+  pname = "storrent-unstable";
+  version = "2021-10-10";
+
+  src = fetchFromGitHub {
+    owner = "jech";
+    repo = "storrent";
+    rev = "681733cf74de08bea251ada672ea8c666eb1b679";
+    sha256 = "0grrqgawswb44fahf40060jl691rlyccwlqkljvgy8mzzw1kjzj4";
+  };
+
+  vendorSha256 = "0sz2fz7bqgwd5i7sacyxs7bmb8ly6xrxrakqi9c446vzlkh898hj";
+
+  meta = with lib; {
+    homepage = "https://github.com/jech/storrent";
+    description = "An implementation of the BitTorrent protocol that is optimised for streaming media";
+    license = licenses.mit;
+    maintainers = [ maintainers.marsam ];
+  };
+}

pkgs/applications/version-management/gitkraken/default.nix

@@ -13,11 +13,11 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "gitkraken";
-  version = "8.0.1";
+  version = "8.1.0";
 
   src = fetchzip {
     url = "https://release.axocdn.com/linux/GitKraken-v${version}.tar.gz";
-    sha256 = "1n88m41424qwsfp2hy58piqpv2dk6i74hcj184aq6njllvnsznnq";
+    sha256 = "1115616d642chnisil7gv6fxw699sryphrfrp92cq3vi6lcwqbn8";
   };
 
   dontBuild = true;

pkgs/applications/video/kodi-packages/steam-library/default.nix

@@ -3,13 +3,13 @@
 buildKodiAddon rec {
   pname = "steam-library";
   namespace = "plugin.program.steam.library";
-  version = "0.8.0";
+  version = "0.8.1";
 
   src = fetchFromGitHub {
     owner = "aanderse";
     repo = namespace;
     rev = "v${version}";
-    sha256 = "1d8n8zkprjql0nw5ff752yr994hw2ikd0ny3m9hjr90s4kdykjzr";
+    sha256 = "1ai8k55bamzkx7awk3dl8ksw93pan3h9b1xlylcldy7a0ddldzdg";
   };
 
   propagatedBuildInputs = [

pkgs/development/libraries/oniguruma/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "onig";
-  version = "6.9.6";
+  version = "6.9.7.1";
 
   src = fetchFromGitHub {
     owner = "kkos";
     repo = "oniguruma";
     rev = "v${version}";
-    sha256 = "0y0dv6axvjjzi9367xc4q2nvvx58919iyzy25d5022lpz9z569kj";
+    sha256 = "sha256-IBWxmzmVdKTkHbfy7V8ejpeIdfOU/adGwpUTCMdLU3w=";
   };
 
   nativeBuildInputs = [ autoreconfHook ];

pkgs/development/ocaml-modules/ocaml-text/default.nix

@@ -1,25 +0,0 @@
-{ stdenv, lib, fetchzip, libiconv, ocaml, findlib, ocamlbuild, ncurses }:
-
-stdenv.mkDerivation rec {
-  pname = "ocaml-text";
-  version = "0.8";
-
-  src = fetchzip {
-    url = "https://github.com/vbmithr/ocaml-text/archive/${version}.tar.gz";
-    sha256 = "11jamdfn5s19a0yvl012q1xvdk1grkp4rkrn819imqrvdplqkn1y";
-  };
-
-  buildInputs = [ ocaml findlib ocamlbuild ncurses libiconv ];
-
-  configurePhase = "iconv_prefix=${libiconv} ocaml setup.ml -configure";
-
-  createFindlibDestdir = true;
-
-
-  meta = {
-    homepage = "http://ocaml-text.forge.ocamlcore.org/";
-    description = "A library for convenient text manipulation";
-    license = lib.licenses.bsd3;
-    platforms = ocaml.meta.platforms or [];
-  };
-}

pkgs/development/python-modules/uproot/default.nix

@@ -12,14 +12,14 @@
 
 buildPythonPackage rec {
   pname = "uproot";
-  version = "4.1.1";
+  version = "4.1.5";
 
   # fetch from github for tests
   src = fetchFromGitHub {
     owner = "scikit-hep";
     repo = "uproot4";
     rev = version;
-    sha256 = "sha256-qh/rtZDE6L1IQJjzE+ns0eSG1BKbES7s3A/35hc+tXg=";
+    sha256 = "sha256-zsmAdqoWvFhRRRw4fdbRhhKkDV5oP/eYsfpA0AVqAnI=";
   };
 
   propagatedBuildInputs = [

pkgs/servers/peertube/default.nix

@@ -0,0 +1,157 @@
+{ lib, stdenv, callPackage, fetchurl, fetchFromGitHub, buildGoModule, fetchYarnDeps, nixosTests
+, esbuild, fixup_yarn_lock, jq, nodejs, yarn
+, nodePackages, youtube-dl
+}:
+let
+  arch =
+    if stdenv.hostPlatform.system == "x86_64-linux" then "linux-x64"
+    else throw "Unsupported architecture: ${stdenv.hostPlatform.system}";
+
+  version = "3.4.1";
+
+  source = fetchFromGitHub {
+    owner = "Chocobozzz";
+    repo = "PeerTube";
+    rev = "v${version}";
+    sha256 = "0l1ibqmliy4aq60a16v383v4ijv1c9sf2a35k9q365mkl42jbzx1";
+  };
+
+  yarnOfflineCacheServer = fetchYarnDeps {
+    yarnLock = "${source}/yarn.lock";
+    sha256 = "0zyxf1km79w6329jay4bcpw5bgvhnvmvl11r9hka5c6s46d3ms7n";
+  };
+
+  yarnOfflineCacheTools = fetchYarnDeps {
+    yarnLock = "${source}/server/tools/yarn.lock";
+    sha256 = "12xmwc8lnalcpx3nww457avn5zw04ly4pp4kjxkvhsqs69arfl2m";
+  };
+
+  yarnOfflineCacheClient = fetchYarnDeps {
+    yarnLock = "${source}/client/yarn.lock";
+    sha256 = "1glnip6mpizif36vil61sw8i8lnn0jg5hrqgqw6k4cc7hkd2qkpc";
+  };
+
+  bcrypt_version = "5.0.1";
+  bcrypt_lib = fetchurl {
+    url = "https://github.com/kelektiv/node.bcrypt.js/releases/download/v${bcrypt_version}/bcrypt_lib-v${bcrypt_version}-napi-v3-${arch}-glibc.tar.gz";
+    sha256 = "3R3dBZyPansTuM77Nmm3f7BbTDkDdiT2HQIrti2Ottc=";
+  };
+
+  wrtc_version = "0.4.7";
+  wrtc_lib = fetchurl {
+    url = "https://node-webrtc.s3.amazonaws.com/wrtc/v${wrtc_version}/Release/${arch}.tar.gz";
+    sha256 = "1zd3jlwq3lc2vhmr3bs1h6mrzyswdp3y20vb4d9s67ir9q7jn1zf";
+  };
+
+  esbuild_locked = buildGoModule rec {
+    pname = "esbuild";
+    version = "0.12.17";
+
+    src = fetchFromGitHub {
+      owner = "evanw";
+      repo = "esbuild";
+      rev = "v${version}";
+      sha256 = "16xxscha2y69mgm20rpjdxykyqiy0qy8gayh8046q6m0sf6834y1";
+    };
+    vendorSha256 = "1n5538yik72x94vzfq31qaqrkpxds5xys1wlibw2gn2am0z5c06q";
+  };
+
+in stdenv.mkDerivation rec {
+  inherit version;
+  pname = "peertube";
+  src = source;
+
+  nativeBuildInputs = [ esbuild fixup_yarn_lock jq nodejs yarn ];
+
+  buildInputs = [ nodePackages.node-gyp-build youtube-dl ];
+
+  buildPhase = ''
+    # Build node modules
+    export HOME=$PWD
+    fixup_yarn_lock ~/yarn.lock
+    fixup_yarn_lock ~/server/tools/yarn.lock
+    fixup_yarn_lock ~/client/yarn.lock
+    yarn config --offline set yarn-offline-mirror ${yarnOfflineCacheServer}
+    yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress
+    cd ~/server/tools
+    yarn config --offline set yarn-offline-mirror ${yarnOfflineCacheTools}
+    yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress
+    cd ~/client
+    yarn config --offline set yarn-offline-mirror ${yarnOfflineCacheClient}
+    yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress
+
+    patchShebangs ~/node_modules
+    patchShebangs ~/server/tools/node_modules
+    patchShebangs ~/client/node_modules
+    patchShebangs ~/scripts
+
+    # Fix bcrypt node module
+    cd ~/node_modules/bcrypt
+    if [ "${bcrypt_version}" != "$(cat package.json | jq -r .version)" ]; then
+      echo "Mismatching version please update bcrypt in derivation"
+      exit
+    fi
+    mkdir -p ./lib/binding && tar -C ./lib/binding -xf ${bcrypt_lib}
+
+    # Fix youtube-dl node module
+    cd ~/node_modules/youtube-dl
+    mkdir ./bin
+    ln -s ${youtube-dl}/bin/youtube-dl ./bin/youtube-dl
+    cat > ./bin/details <<EOF
+    {"version":"${youtube-dl.version}","path":null,"exec":"youtube-dl"}
+    EOF
+
+    # Fix wrtc node module
+    cd ~/server/tools/node_modules/wrtc
+    if [ "${wrtc_version}" != "$(cat package.json | jq -r .version)" ]; then
+      echo "Mismatching version please update wrtc in derivation"
+      exit
+    fi
+    mkdir -p ./build && tar -C ./build -xf ${wrtc_lib}
+
+    # Build PeerTube server
+    cd ~
+    npm run build:server
+
+    # Build PeerTube tools
+    npm run tsc -- --build ./server/tools/tsconfig.json
+
+    # Build PeerTube client
+    export ESBUILD_BINARY_PATH="${esbuild_locked}/bin/esbuild"
+    npm run build:client
+  '';
+
+  installPhase = ''
+    mkdir -p $out/dist
+    mv ~/dist $out
+    mv ~/node_modules $out/node_modules
+    mv ~/server/tools/node_modules $out/dist/server/tools/node_modules
+    mkdir $out/client
+    mv ~/client/{dist,node_modules,package.json,yarn.lock} $out/client
+    mv ~/{config,scripts,support,CREDITS.md,FAQ.md,LICENSE,README.md,package.json,tsconfig.json,yarn.lock} $out
+  '';
+
+  passthru.tests.peertube = nixosTests.peertube;
+
+  meta = with lib; {
+    description = "A free software to take back control of your videos";
+    longDescription = ''
+      PeerTube aspires to be a decentralized and free/libre alternative to video
+      broadcasting services.
+      PeerTube is not meant to become a huge platform that would centralize
+      videos from all around the world. Rather, it is a network of
+      inter-connected small videos hosters.
+      Anyone with a modicum of technical skills can host a PeerTube server, aka
+      an instance. Each instance hosts its users and their videos. In this way,
+      every instance is created, moderated and maintained independently by
+      various administrators.
+      You can still watch from your account videos hosted by other instances
+      though if the administrator of your instance had previously connected it
+      with other instances.
+    '';
+    license = licenses.agpl3Plus;
+    homepage = "https://joinpeertube.org/";
+    platforms = [ "x86_64-linux" ];
+    maintainers = with maintainers; [ immae izorkin matthiasbeyer mohe2015 stevenroose ];
+  };
+}

pkgs/servers/search/meilisearch/crate-hashes.json

@@ -1,13 +0,0 @@
-{
-  "actix-cors 0.6.0-beta.1 (git+https://github.com/MarinPostma/actix-extras.git?rev=2dac1a4#2dac1a421619bf7b386dea63d3ae25a3bc4abc43)": "0ny03ibf8vvdvcmcvzlvngx80rvmh47bx517iqc5wh74yzdmdlsn",
-  "actix-web-static-files 3.0.5 (git+https://github.com/MarinPostma/actix-web-static-files.git?rev=6db8c3e#6db8c3e2940d61659581492b5e9c9b9062567613)": "1q00s1w2ry6kl7j4bn4q1xqpdn90sc3icjm2wml8fn4rszamhnqy",
-  "assert-json-diff 1.0.1 (git+https://github.com/qdequele/assert-json-diff?branch=master#9012a0c8866d0f2db0ef9a6242e4a19d1e8c67e4)": "1inv5y75acrw0vhpsc32rh5h0701vnm7c4lcsqcdzd8sdy76cisl",
-  "grenad 0.1.0 (git+https://github.com/Kerollmops/grenad.git?rev=3adcb26#3adcb267dcbc590c7da10eb5f887a254865b3dbe)": "03zzi59yk2rgasdzsf7rgz26vpk5060vlfskls9cb556wiizh6cl",
-  "heed 0.12.0 (git+https://github.com/Kerollmops/heed?tag=v0.12.1#8e5dc6d71c8166a8d7d0db059e6e51478942b551)": "09h9i693jiy3ybvc5acj8giszsv3kchpaxs4ld2ha81zxcmmfkrw",
-  "heed-traits 0.7.0 (git+https://github.com/Kerollmops/heed?tag=v0.12.1#8e5dc6d71c8166a8d7d0db059e6e51478942b551)": "09h9i693jiy3ybvc5acj8giszsv3kchpaxs4ld2ha81zxcmmfkrw",
-  "heed-types 0.7.2 (git+https://github.com/Kerollmops/heed?tag=v0.12.1#8e5dc6d71c8166a8d7d0db059e6e51478942b551)": "09h9i693jiy3ybvc5acj8giszsv3kchpaxs4ld2ha81zxcmmfkrw",
-  "lmdb-rkv-sys 0.15.0 (git+https://github.com/meilisearch/lmdb-rs#d0b50d02938ee84e4e4372697ea991fe2a4cae3b)": "0pqar429y4qzxmyr6daw32syvggm4dk7cs7g01lp6f8a6cvbbwkc",
-  "meilisearch-tokenizer 0.2.5 (git+https://github.com/meilisearch/tokenizer.git?tag=v0.2.5#c0b5cf741ed9485147f2cbe523f2214d4fa4c395)": "0hvf92z24adqwhh81r9arirhrvgyp1wva9g2wsrir4xqvaqdzdr5",
-  "milli 0.10.2 (git+https://github.com/meilisearch/milli.git?tag=v0.10.2#879d5e8799836d93f8995810965b6797be4f69d1)": "09gdf4mwrn3ka1iqh3h33b86p68c8ichkkkd4231igl11wxj91d1",
-  "pest 2.1.3 (git+https://github.com/pest-parser/pest.git?rev=51fd1d49f1041f7839975664ef71fe15c7dcaf67#51fd1d49f1041f7839975664ef71fe15c7dcaf67)": "1l2ixz723f58ksdm0j12z9zw5cnap0fhcd5kbhbz5ndazy8sn5rf"
-}

pkgs/servers/search/meilisearch/default.nix

@@ -1,51 +1,30 @@
-{ pkgs
+{ stdenv
 , lib
-, stdenv
-, buildRustCrate
-, defaultCrateOverrides
+, rustPlatform
 , fetchFromGitHub
 , Security
-, features ? [ ]
+, DiskArbitration
+, Foundation
 }:
 
-let
-  version = "0.21.1";
+let version = "0.23.1";
+in
+rustPlatform.buildRustPackage {
+  pname = "meilisearch";
+  inherit version;
   src = fetchFromGitHub {
     owner = "meilisearch";
     repo = "MeiliSearch";
     rev = "v${version}";
-    sha256 = "sha256-wyyhTNhVw8EJhahstLK+QuEhufQC68rMpw/ngK8FL8Y=";
+    sha256 = "sha256-4F7noByC9ZgqYwPfkm8VE15QU2jbBvUAH4Idxa+J+Aw=";
   };
-  customBuildRustCrateForPkgs = pkgs: buildRustCrate.override {
-    defaultCrateOverrides = defaultCrateOverrides // {
-      meilisearch-http = attrs: {
-        src = "${src}/meilisearch-http";
-        buildInputs = lib.optionals stdenv.isDarwin [ Security ];
-      };
-      meilisearch-error = attrs: {
-        src = "${src}/meilisearch-error";
-      };
-    };
-  };
-  cargo_nix = import ./Cargo.nix {
-    inherit pkgs;
-    buildRustCrateForPkgs = customBuildRustCrateForPkgs;
-  };
-  meilisearch-http = cargo_nix.workspaceMembers."meilisearch-http".build.override {
-    inherit features;
-  };
-in
-stdenv.mkDerivation {
-  pname = "meilisearch";
-  inherit version src;
-  dontUnpack = true;
-  dontBuild = true;
-  installPhase = ''
-    mkdir -p $out/bin
-    cp ${meilisearch-http}/bin/meilisearch $out/bin/meilisearch
-  '';
-  dontCheck = true;
-  dontFixup = true;
+  cargoPatches = [
+    # feature mini-dashboard tries to download a file from the internet
+    # feature analitycs should be opt-in
+    ./remove-default-feature.patch
+  ];
+  cargoSha256 = "sha256-dz+1IQZRSeMEagI2dnOtR3A8prg4UZ2Om0pd1BUhuhE=";
+  buildInputs = lib.optionals stdenv.isDarwin [ Security DiskArbitration Foundation ];
   meta = with lib; {
     description = "Powerful, fast, and an easy to use search engine ";
     homepage = https://docs.meilisearch.com/;

pkgs/servers/search/meilisearch/remove-default-feature.patch

@@ -0,0 +1,13 @@
+diff --git a/meilisearch-http/Cargo.toml b/meilisearch-http/Cargo.toml
+index de418cd4..ecc78d6f 100644
+--- a/meilisearch-http/Cargo.toml
++++ b/meilisearch-http/Cargo.toml
+@@ -92,7 +92,7 @@ mini-dashboard = [
+     "zip",
+ ]
+ analytics = ["whoami", "reqwest"]
+-default = ["analytics", "mini-dashboard"]
++default = []
+ 
+ [target.'cfg(target_os = "linux")'.dependencies]
+ tikv-jemallocator = "0.4.1"

pkgs/servers/search/meilisearch/unify-pest-dependency-version.patch

@@ -1,74 +0,0 @@
-diff --git a/Cargo.lock b/Cargo.lock
-index e92c0ed0..63bb0996 100644
---- a/Cargo.lock
-+++ b/Cargo.lock
-@@ -1700,7 +1700,7 @@ dependencies = [
-  "obkv",
-  "once_cell",
-  "ordered-float",
-- "pest 2.1.3 (git+https://github.com/pest-parser/pest.git?rev=51fd1d49f1041f7839975664ef71fe15c7dcaf67)",
-+ "pest",
-  "pest_derive",
-  "rayon",
-  "roaring",
-@@ -1939,15 +1939,6 @@ version = "2.1.0"
- source = "registry+https://github.com/rust-lang/crates.io-index"
- checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e"
- 
--[[package]]
--name = "pest"
--version = "2.1.3"
--source = "registry+https://github.com/rust-lang/crates.io-index"
--checksum = "10f4872ae94d7b90ae48754df22fd42ad52ce740b8f370b03da4835417403e53"
--dependencies = [
-- "ucd-trie",
--]
--
- [[package]]
- name = "pest"
- version = "2.1.3"
-@@ -1962,7 +1953,7 @@ version = "2.1.0"
- source = "registry+https://github.com/rust-lang/crates.io-index"
- checksum = "833d1ae558dc601e9a60366421196a8d94bc0ac980476d0b67e1d0988d72b2d0"
- dependencies = [
-- "pest 2.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
-+ "pest",
-  "pest_generator",
- ]
- 
-@@ -1972,7 +1963,7 @@ version = "2.1.3"
- source = "registry+https://github.com/rust-lang/crates.io-index"
- checksum = "99b8db626e31e5b81787b9783425769681b347011cc59471e33ea46d2ea0cf55"
- dependencies = [
-- "pest 2.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
-+ "pest",
-  "pest_meta",
-  "proc-macro2 1.0.27",
-  "quote 1.0.9",
-@@ -1986,7 +1977,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
- checksum = "54be6e404f5317079812fc8f9f5279de376d8856929e21c184ecf6bbd692a11d"
- dependencies = [
-  "maplit",
-- "pest 2.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
-+ "pest",
-  "sha-1 0.8.2",
- ]
- 
-diff --git a/Cargo.toml b/Cargo.toml
-index a1dca038..405f210a 100644
---- a/Cargo.toml
-+++ b/Cargo.toml
-@@ -1,8 +1,9 @@
- [workspace]
--members = [
--    "meilisearch-http",
--    "meilisearch-error",
--]
-+members = ["meilisearch-http", "meilisearch-error"]
-+resolver = "2"
- 
- [profile.release]
- debug = true
-+
-+[patch.crates-io]
-+pest = { git = "https://github.com/pest-parser/pest.git", rev = "51fd1d49f1041f7839975664ef71fe15c7dcaf67" }

pkgs/tools/misc/vector/default.nix

@@ -26,18 +26,21 @@
     ++ (lib.optional stdenv.targetPlatform.isUnix "unix"))
 }:
 
-rustPlatform.buildRustPackage rec {
+let
   pname = "vector";
-  version = "0.16.1";
+  version = "0.17.3";
+in
+rustPlatform.buildRustPackage {
+  inherit pname version;
 
   src = fetchFromGitHub {
     owner = "timberio";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-10e0cWt6XW8msNR/RXbaOpdwTAlRLm6jVvDed905rho=";
+    sha256 = "sha256-1Z2GtzWkS7cxzCs+RBKMtWbzIIt4aeS1Iy9kMBEeDMw=";
   };
 
-  cargoSha256 = "sha256-ezQ/tX/uKzJprLQt2xIUZwGuUOmuRmTO+gPsf3MLEv8=";
+  cargoSha256 = "sha256-UEGdvyRPPh5Kb9+0qFyv8UBFslOKn5/R/ineawFA91w=";
   nativeBuildInputs = [ pkg-config ];
   buildInputs = [ oniguruma openssl protobuf rdkafka zstd ]
     ++ lib.optionals stdenv.isDarwin [ Security libiconv coreutils CoreServices ];
@@ -63,7 +66,8 @@ rustPlatform.buildRustPackage rec {
       -- --test-threads 1 \
       --skip=sinks::loki::tests::healthcheck_grafana_cloud \
       --skip=kubernetes::api_watcher::tests::test_stream_errors \
-      --skip=sources::socket::test::tcp_with_tls_intermediate_ca
+      --skip=sources::socket::test::tcp_with_tls_intermediate_ca \
+      --skip=sources::host_metrics::cgroups::tests::generates_cgroups_metrics
   '';
 
   # recent overhauls of DNS support in 0.9 mean that we try to resolve

pkgs/top-level/all-packages.nix

@@ -6918,8 +6918,7 @@ with pkgs;
   };
 
   meilisearch = callPackage ../servers/search/meilisearch {
-    inherit (darwin.apple_sdk.frameworks) Security;
-    inherit pkgs;
+    inherit (darwin.apple_sdk.frameworks) Security DiskArbitration Foundation;
   };
 
   memtester = callPackage ../tools/system/memtester { };
@@ -26843,6 +26842,8 @@ with pkgs;
 
   songrec = callPackage ../applications/audio/songrec {};
 
+  storrent = callPackage ../applications/networking/p2p/storrent { };
+
   spacegun = callPackage ../applications/networking/cluster/spacegun {};
 
   stride = callPackage ../applications/networking/instant-messengers/stride { };
@@ -27189,6 +27190,10 @@ with pkgs;
 
   peek = callPackage ../applications/video/peek { };
 
+  peertube = callPackage ../servers/peertube {
+    nodejs = nodejs-16_x;
+  };
+
   pflask = callPackage ../os-specific/linux/pflask {};
 
   pfsshell = callPackage ../tools/misc/pfsshell { };

pkgs/top-level/ocaml-packages.nix

@@ -928,8 +928,6 @@ let
 
     syslog-message = callPackage ../development/ocaml-modules/syslog-message { };
 
-    ocaml_text = callPackage ../development/ocaml-modules/ocaml-text { };
-
     ocaml-version = callPackage ../development/ocaml-modules/ocaml-version { };
 
     ocf = callPackage ../development/ocaml-modules/ocf { };