Merge master into staging-next

2024-11-16 14:54:29 +01:00 · 2021-09-02 06:01:01 +00:00 · 2021-09-02 06:01:01 +00:00 · ba543de038
commit ba543de038
parent acf0098bb0 7776dbd8d9
12 changed files with 176 additions and 17 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@ -207,6 +207,13 @@
          <link linkend="opt-services.postfixadmin.enable">postfixadmin</link>.
        </para>
      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://sr.ht/~emersion/soju">soju</link>, a
+          user-friendly IRC bouncer. Available as
+          <link xlink:href="options.html#opt-services.soju.enable">services.soju</link>.
+        </para>
+      </listitem>
    </itemizedlist>
  </section>
  <section xml:id="sec-release-21.11-incompatibilities">
--- a/nixos/doc/manual/release-notes/rl-2111.section.md
+++ b/nixos/doc/manual/release-notes/rl-2111.section.md
@ -63,6 +63,8 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable

 - [postfixadmin](https://postfixadmin.sourceforge.io/), a web based virtual user administration interface for Postfix mail servers. Available as [postfixadmin](#opt-services.postfixadmin.enable).

+- [soju](https://sr.ht/~emersion/soju), a user-friendly IRC bouncer. Available as [services.soju](options.html#opt-services.soju.enable).
+
 ## Backward Incompatibilities {#sec-release-21.11-incompatibilities}


--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -833,6 +833,7 @@
  ./services/networking/smokeping.nix
  ./services/networking/softether.nix
  ./services/networking/solanum.nix
+  ./services/networking/soju.nix
  ./services/networking/spacecookie.nix
  ./services/networking/spiped.nix
  ./services/networking/squid.nix
--- a/nixos/modules/services/networking/soju.nix
+++ b/nixos/modules/services/networking/soju.nix
@ -0,0 +1,113 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.soju;
+  stateDir = "/var/lib/soju";
+  listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") cfg.listen;
+  tlsCfg = optionalString (cfg.tlsCertificate != null)
+    "tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}";
+  logCfg = optionalString cfg.enableMessageLogging
+    "log fs ${stateDir}/logs";
+
+  configFile = pkgs.writeText "soju.conf" ''
+    ${listenCfg}
+    hostname ${cfg.hostName}
+    ${tlsCfg}
+    db sqlite3 ${stateDir}/soju.db
+    ${logCfg}
+    http-origin ${concatStringsSep " " cfg.httpOrigins}
+    accept-proxy-ip ${concatStringsSep " " cfg.acceptProxyIP}
+
+    ${cfg.extraConfig}
+  '';
+in
+{
+  ###### interface
+
+  options.services.soju = {
+    enable = mkEnableOption "soju";
+
+    listen = mkOption {
+      type = types.listOf types.str;
+      default = [ ":6697" ];
+      description = ''
+        Where soju should listen for incoming connections. See the
+        <literal>listen</literal> directive in
+        <citerefentry><refentrytitle>soju</refentrytitle>
+        <manvolnum>1</manvolnum></citerefentry>.
+      '';
+    };
+
+    hostName = mkOption {
+      type = types.str;
+      default = config.networking.hostName;
+      description = "Server hostname.";
+    };
+
+    tlsCertificate = mkOption {
+      type = types.nullOr types.path;
+      example = "/var/host.cert";
+      description = "Path to server TLS certificate.";
+    };
+
+    tlsCertificateKey = mkOption {
+      type = types.nullOr types.path;
+      example = "/var/host.key";
+      description = "Path to server TLS certificate key.";
+    };
+
+    enableMessageLogging = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Whether to enable message logging.";
+    };
+
+    httpOrigins = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = ''
+        List of allowed HTTP origins for WebSocket listeners. The parameters are
+        interpreted as shell patterns, see
+        <citerefentry><refentrytitle>glob</refentrytitle>
+        <manvolnum>7</manvolnum></citerefentry>.
+      '';
+    };
+
+    acceptProxyIP = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = ''
+        Allow the specified IPs to act as a proxy. Proxys have the ability to
+        overwrite the remote and local connection addresses (via the X-Forwarded-\*
+        HTTP header fields). The special name "localhost" accepts the loopback
+        addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected.
+      '';
+    };
+
+    extraConfig = mkOption {
+      type = types.lines;
+      default = "";
+      description = "Lines added verbatim to the configuration file.";
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    systemd.services.soju = {
+      description = "soju IRC bouncer";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" ];
+      serviceConfig = {
+        DynamicUser = true;
+        Restart = "always";
+        ExecStart = "${pkgs.soju}/bin/soju -config ${configFile}";
+        StateDirectory = "soju";
+      };
+    };
+  };
+
+  meta.maintainers = with maintainers; [ malvo ];
+}
--- a/nixos/modules/services/search/elasticsearch.nix
+++ b/nixos/modules/services/search/elasticsearch.nix
@ -5,8 +5,6 @@ with lib;
 let
  cfg = config.services.elasticsearch;

-  es6 = builtins.compareVersions cfg.package.version "6" >= 0;
-
  esConfig = ''
    network.host: ${cfg.listenAddress}
    cluster.name: ${cfg.cluster_name}
@ -36,7 +34,8 @@ let
    postBuild = "${pkgs.coreutils}/bin/mkdir -p $out/plugins";
  };

-in {
+in
+{

  ###### interface

@ -116,20 +115,20 @@ in {

    extraCmdLineOptions = mkOption {
      description = "Extra command line options for the elasticsearch launcher.";
-      default = [];
+      default = [ ];
      type = types.listOf types.str;
    };

    extraJavaOptions = mkOption {
      description = "Extra command line options for Java.";
-      default = [];
+      default = [ ];
      type = types.listOf types.str;
      example = [ "-Djava.net.preferIPv4Stack=true" ];
    };

    plugins = mkOption {
      description = "Extra elasticsearch plugins";
-      default = [];
+      default = [ ];
      type = types.listOf types.package;
      example = lib.literalExample "[ pkgs.elasticsearchPlugins.discovery-ec2 ]";
    };
@ -146,9 +145,7 @@ in {
      path = [ pkgs.inetutils ];
      environment = {
        ES_HOME = cfg.dataDir;
-        ES_JAVA_OPTS = toString ( optional (!es6) [ "-Des.path.conf=${configDir}" ]
-                                  ++ cfg.extraJavaOptions);
-      } // optionalAttrs es6 {
+        ES_JAVA_OPTS = toString cfg.extraJavaOptions;
        ES_PATH_CONF = configDir;
      };
      serviceConfig = {
@ -187,7 +184,10 @@ in {
        rm -f "${configDir}/logging.yml"
        cp ${loggingConfigFile} ${configDir}/${loggingConfigFilename}
        mkdir -p ${configDir}/scripts
-        ${optionalString es6 "cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options"}
+        cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options
+        # redirect jvm logs to the data directory
+        mkdir -m 0700 -p ${cfg.dataDir}/logs
+        ${pkgs.sd}/bin/sd 'logs/gc.log' '${cfg.dataDir}/logs/gc.log' ${configDir}/jvm.options \

        if [ "$(id -u)" = 0 ]; then chown -R elasticsearch:elasticsearch ${cfg.dataDir}; fi
      '';
--- a/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
+++ b/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
@ -122,7 +122,7 @@ int main(gint argc, gchar **argv) {
    }

    // hide all mounts we do from the parent
-    fail_if(mount(0, "/", 0, MS_PRIVATE | MS_REC, 0));
+    fail_if(mount(0, "/", 0, MS_SLAVE | MS_REC, 0));

    if (uid != 0) {
      spit("/proc/self/setgroups", "deny");
--- a/pkgs/development/beam-modules/default.nix
+++ b/pkgs/development/beam-modules/default.nix
@ -76,7 +76,7 @@ let
        debugInfo = true;
      };

-      elixir_ls = callPackage ./elixir_ls.nix { inherit elixir fetchMixDeps mixRelease; };
+      elixir_ls = callPackage ./elixir-ls { inherit elixir fetchMixDeps mixRelease; };

      lfe = lfe_1_3;
      lfe_1_3 = lib'.callLFE ../interpreters/lfe/1.3.nix { inherit erlang buildRebar3 buildHex; };
--- a/pkgs/development/beam-modules/elixir-ls/default.nix
+++ b/pkgs/development/beam-modules/elixir-ls/default.nix
@ -68,4 +68,5 @@ mixRelease rec {
    platforms = platforms.unix;
    maintainers = teams.beam.members;
  };
+  passthru.updateScript = ./update.sh;
 }
--- a/pkgs/development/beam-modules/elixir-ls/update.sh
+++ b/pkgs/development/beam-modules/elixir-ls/update.sh
@ -0,0 +1,32 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -i oil -p jq sd nix-prefetch-github ripgrep
+
+# TODO set to `verbose` or `extdebug` once implemented in oil
+shopt --set xtrace
+
+var directory = $(dirname $0 | xargs realpath)
+var owner = "elixir-lsp"
+var repo = "elixir-ls"
+var latest_rev = $(curl -q https://api.github.com/repos/${owner}/${repo}/releases/latest | \
+  jq -r '.tag_name')
+var latest_version = $(echo $latest_rev | sd 'v' '')
+var current_version = $(nix-instantiate -A elixir_ls.version --eval --json | jq -r)
+if ("$latest_version" == "$current_version") {
+  echo "elixir-ls is already up-to-date"
+  return 0
+} else {
+  var tarball_meta = $(nix-prefetch-github $owner $repo --rev "$latest_rev")
+  var tarball_hash = "sha256-$(echo $tarball_meta | jq -r '.sha256')"
+  var sha256s = $(rg '"sha256-.+"' $directory/default.nix | sd '.+"(.+)";' '$1' )
+  echo $sha256s | read --line :github_sha256
+  echo $sha256s | tail -n 1 | read --line :old_mix_sha256
+  sd 'version = ".+"' "version = \"$latest_version\"" "$directory/default.nix"
+  sd "sha256 = \"$github_sha256\"" "sha256 = \"$tarball_hash\"" "$directory/default.nix"
+  sd "sha256 = \"$old_mix_sha256\"" "sha256 = \"\"" "$directory/default.nix"
+
+  var new_mix_hash = $(nix-build -A elixir_ls.mixFodDeps 2>&1 | \
+    tail -n 1 | \
+    sd '\s+got:\s+' '')
+
+  sd "sha256 = \"\"" "sha256 = \"$new_mix_hash\"" "$directory/default.nix"
+}
--- a/pkgs/development/python-modules/pex/default.nix
+++ b/pkgs/development/python-modules/pex/default.nix
@ -6,11 +6,11 @@

 buildPythonPackage rec {
  pname = "pex";
-  version = "2.1.46";
+  version = "2.1.47";

  src = fetchPypi {
    inherit pname version;
-    sha256 = "28958292ab6a149ef7dd7998939a6e899b2f1ba811407ea1edac9d2d84417dfd";
+    sha256 = "0928d0316caac840db528030fc741930e8be22a3fa6a8635308fb8443a0a0c6a";
  };

  nativeBuildInputs = [ setuptools ];
--- a/pkgs/games/wesnoth/default.nix
+++ b/pkgs/games/wesnoth/default.nix
@ -6,13 +6,13 @@

 stdenv.mkDerivation rec {
  pname = "wesnoth";
-  version = "1.14.16";
+  version = "1.14.17";

  src = fetchFromGitHub {
    rev = version;
    owner = "wesnoth";
    repo = "wesnoth";
-    sha256 = "sha256-QMz7atxol18r//UNb6+H6xAAEQdR4hAN8UW0KeGSH1g=";
+    sha256 = "RZ38MbUaUjfajo9wXSfDt8NHBySC+ODlgZAPf2NPblc=";
  };

  nativeBuildInputs = [ cmake pkg-config ];
@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
    '';

    homepage = "https://www.wesnoth.org/";
-    license = licenses.gpl2;
+    license = licenses.gpl2Plus;
    maintainers = with maintainers; [ abbradar ];
    platforms = platforms.unix;
  };
--- a/pkgs/servers/search/elasticsearch/7.x.nix
+++ b/pkgs/servers/search/elasticsearch/7.x.nix
@ -59,6 +59,9 @@ stdenv.mkDerivation (rec {

    chmod +x $out/bin/*

+    substituteInPlace $out/bin/elasticsearch \
+      --replace 'bin/elasticsearch-keystore' "$out/bin/elasticsearch-keystore"
+
    wrapProgram $out/bin/elasticsearch \
      --prefix PATH : "${makeBinPath [ util-linux coreutils gnugrep ]}" \
      --set JAVA_HOME "${jre_headless}"