From f4f2057a76507fb23717ceb5cede2f80b4dfc77d Mon Sep 17 00:00:00 2001 From: Malte Voos Date: Thu, 20 May 2021 19:34:20 +0200 Subject: [PATCH 01/11] nixos/soju: add module --- nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/soju.nix | 113 +++++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 nixos/modules/services/networking/soju.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 71a1118fd38e..ce948bac4282 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -833,6 +833,7 @@ ./services/networking/smokeping.nix ./services/networking/softether.nix ./services/networking/solanum.nix + ./services/networking/soju.nix ./services/networking/spacecookie.nix ./services/networking/spiped.nix ./services/networking/squid.nix diff --git a/nixos/modules/services/networking/soju.nix b/nixos/modules/services/networking/soju.nix new file mode 100644 index 000000000000..68a33e9dccba --- /dev/null +++ b/nixos/modules/services/networking/soju.nix @@ -0,0 +1,113 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.soju; + stateDir = "/var/lib/soju"; + listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") cfg.listen; + tlsCfg = optionalString (cfg.tlsCertificate != null) + "tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}"; + logCfg = optionalString cfg.enableMessageLogging + "log fs ${stateDir}/logs"; + + configFile = pkgs.writeText "soju.conf" '' + ${listenCfg} + hostname ${cfg.hostName} + ${tlsCfg} + db sqlite3 ${stateDir}/soju.db + ${logCfg} + http-origin ${concatStringsSep " " cfg.httpOrigins} + accept-proxy-ip ${concatStringsSep " " cfg.acceptProxyIP} + + ${cfg.extraConfig} + ''; +in +{ + ###### interface + + options.services.soju = { + enable = mkEnableOption "soju"; + + listen = mkOption { + type = types.listOf types.str; + default = [ ":6697" ]; + description = '' + Where soju should listen for incoming connections. See the + listen directive in + soju + 1. + ''; + }; + + hostName = mkOption { + type = types.str; + default = config.networking.hostName; + description = "Server hostname."; + }; + + tlsCertificate = mkOption { + type = types.nullOr types.path; + example = "/var/host.cert"; + description = "Path to server TLS certificate."; + }; + + tlsCertificateKey = mkOption { + type = types.nullOr types.path; + example = "/var/host.key"; + description = "Path to server TLS certificate key."; + }; + + enableMessageLogging = mkOption { + type = types.bool; + default = true; + description = "Whether to enable message logging."; + }; + + httpOrigins = mkOption { + type = types.listOf types.str; + default = []; + description = '' + List of allowed HTTP origins for WebSocket listeners. The parameters are + interpreted as shell patterns, see + glob + 7. + ''; + }; + + acceptProxyIP = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Allow the specified IPs to act as a proxy. Proxys have the ability to + overwrite the remote and local connection addresses (via the X-Forwarded-\* + HTTP header fields). The special name "localhost" accepts the loopback + addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected. + ''; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = "Lines added verbatim to the configuration file."; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + systemd.services.soju = { + description = "soju IRC bouncer"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + DynamicUser = true; + Restart = "always"; + ExecStart = "${pkgs.soju}/bin/soju -config ${configFile}"; + StateDirectory = "soju"; + }; + }; + }; + + meta.maintainers = with maintainers; [ malvo ]; +} From 9d822d20472fd53b3f521e2780322446055bf010 Mon Sep 17 00:00:00 2001 From: Malte Voos Date: Fri, 4 Jun 2021 16:30:27 +0200 Subject: [PATCH 02/11] nixos/soju: add 21.11 release notes entry --- nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | 7 +++++++ nixos/doc/manual/release-notes/rl-2111.section.md | 2 ++ 2 files changed, 9 insertions(+) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index b922f9f12082..e4c765361d72 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -207,6 +207,13 @@ postfixadmin. + + + soju, a + user-friendly IRC bouncer. Available as + services.soju. + +
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index c7e5afb7d0af..14c51d418e69 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -62,6 +62,8 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable - [postfixadmin](https://postfixadmin.sourceforge.io/), a web based virtual user administration interface for Postfix mail servers. Available as [postfixadmin](#opt-services.postfixadmin.enable). +- [soju](https://sr.ht/~emersion/soju), a user-friendly IRC bouncer. Available as [services.soju](options.html#opt-services.soju.enable). + ## Backward Incompatibilities {#sec-release-21.11-incompatibilities} From bbf089dfb7e5e99a571647bf29734f3f7babdec7 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Wed, 1 Sep 2021 21:44:21 +0200 Subject: [PATCH 03/11] wesnoth: 1.4.16 -> 1.4.17 --- pkgs/games/wesnoth/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/games/wesnoth/default.nix b/pkgs/games/wesnoth/default.nix index 6eedc446f53f..08346f440d0b 100644 --- a/pkgs/games/wesnoth/default.nix +++ b/pkgs/games/wesnoth/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "wesnoth"; - version = "1.14.16"; + version = "1.14.17"; src = fetchFromGitHub { rev = version; owner = "wesnoth"; repo = "wesnoth"; - sha256 = "sha256-QMz7atxol18r//UNb6+H6xAAEQdR4hAN8UW0KeGSH1g="; + sha256 = "RZ38MbUaUjfajo9wXSfDt8NHBySC+ODlgZAPf2NPblc="; }; nativeBuildInputs = [ cmake pkg-config ]; From 96f02afbe58d243835c9b7da811c6bab61690ed9 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Wed, 1 Sep 2021 21:49:06 +0200 Subject: [PATCH 04/11] wesnoth: fix license information source: https://github.com/wesnoth/wesnoth/blob/master/copyright --- pkgs/games/wesnoth/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/games/wesnoth/default.nix b/pkgs/games/wesnoth/default.nix index 08346f440d0b..ae23cc799ceb 100644 --- a/pkgs/games/wesnoth/default.nix +++ b/pkgs/games/wesnoth/default.nix @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { ''; homepage = "https://www.wesnoth.org/"; - license = licenses.gpl2; + license = licenses.gpl2Plus; maintainers = with maintainers; [ abbradar ]; platforms = platforms.unix; }; From 023a3fae1809788f7c2dc8fc0ccf6abbb19508dc Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 1 Sep 2021 21:20:43 +0000 Subject: [PATCH 05/11] python38Packages.pex: 2.1.46 -> 2.1.47 --- pkgs/development/python-modules/pex/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pex/default.nix b/pkgs/development/python-modules/pex/default.nix index 5145bec925a9..b4238e6594f0 100644 --- a/pkgs/development/python-modules/pex/default.nix +++ b/pkgs/development/python-modules/pex/default.nix @@ -6,11 +6,11 @@ buildPythonPackage rec { pname = "pex"; - version = "2.1.46"; + version = "2.1.47"; src = fetchPypi { inherit pname version; - sha256 = "28958292ab6a149ef7dd7998939a6e899b2f1ba811407ea1edac9d2d84417dfd"; + sha256 = "0928d0316caac840db528030fc741930e8be22a3fa6a8635308fb8443a0a0c6a"; }; nativeBuildInputs = [ setuptools ]; From ea4b37e6790b7d3e03ee29cb050e5c76f11245ac Mon Sep 17 00:00:00 2001 From: Matt Votava Date: Wed, 1 Sep 2021 18:37:54 -0700 Subject: [PATCH 06/11] buildFhsUserenv: inherit mounts from parent namespace --- pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c b/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c index 27e70e3fe5c4..324c9d24ba04 100644 --- a/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c +++ b/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c @@ -122,7 +122,7 @@ int main(gint argc, gchar **argv) { } // hide all mounts we do from the parent - fail_if(mount(0, "/", 0, MS_PRIVATE | MS_REC, 0)); + fail_if(mount(0, "/", 0, MS_SLAVE | MS_REC, 0)); if (uid != 0) { spit("/proc/self/setgroups", "deny"); From 070fa4cefc5b7bd0c8f95850adfcb4f0bf4bd09a Mon Sep 17 00:00:00 2001 From: happysalada Date: Tue, 31 Aug 2021 18:03:46 +0900 Subject: [PATCH 07/11] elixir_ls: add update script --- pkgs/development/beam-modules/default.nix | 2 +- .../{elixir_ls.nix => elixir-ls/default.nix} | 1 + .../beam-modules/elixir-ls/update.sh | 32 +++++++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) rename pkgs/development/beam-modules/{elixir_ls.nix => elixir-ls/default.nix} (98%) create mode 100755 pkgs/development/beam-modules/elixir-ls/update.sh diff --git a/pkgs/development/beam-modules/default.nix b/pkgs/development/beam-modules/default.nix index b6be8c3e7fbd..1c9d5099b44f 100644 --- a/pkgs/development/beam-modules/default.nix +++ b/pkgs/development/beam-modules/default.nix @@ -76,7 +76,7 @@ let debugInfo = true; }; - elixir_ls = callPackage ./elixir_ls.nix { inherit elixir fetchMixDeps mixRelease; }; + elixir_ls = callPackage ./elixir-ls { inherit elixir fetchMixDeps mixRelease; }; lfe = lfe_1_3; lfe_1_3 = lib'.callLFE ../interpreters/lfe/1.3.nix { inherit erlang buildRebar3 buildHex; }; diff --git a/pkgs/development/beam-modules/elixir_ls.nix b/pkgs/development/beam-modules/elixir-ls/default.nix similarity index 98% rename from pkgs/development/beam-modules/elixir_ls.nix rename to pkgs/development/beam-modules/elixir-ls/default.nix index 2b6cc4f56810..56aa47f59f9f 100644 --- a/pkgs/development/beam-modules/elixir_ls.nix +++ b/pkgs/development/beam-modules/elixir-ls/default.nix @@ -68,4 +68,5 @@ mixRelease rec { platforms = platforms.unix; maintainers = teams.beam.members; }; + passthru.updateScript = ./update.sh; } diff --git a/pkgs/development/beam-modules/elixir-ls/update.sh b/pkgs/development/beam-modules/elixir-ls/update.sh new file mode 100755 index 000000000000..8bc1c2b6e966 --- /dev/null +++ b/pkgs/development/beam-modules/elixir-ls/update.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i oil -p jq sd nix-prefetch-github ripgrep + +# TODO set to `verbose` or `extdebug` once implemented in oil +shopt --set xtrace + +var directory = $(dirname $0 | xargs realpath) +var owner = "elixir-lsp" +var repo = "elixir-ls" +var latest_rev = $(curl -q https://api.github.com/repos/${owner}/${repo}/releases/latest | \ + jq -r '.tag_name') +var latest_version = $(echo $latest_rev | sd 'v' '') +var current_version = $(nix-instantiate -A elixir_ls.version --eval --json | jq -r) +if ("$latest_version" == "$current_version") { + echo "elixir-ls is already up-to-date" + return 0 +} else { + var tarball_meta = $(nix-prefetch-github $owner $repo --rev "$latest_rev") + var tarball_hash = "sha256-$(echo $tarball_meta | jq -r '.sha256')" + var sha256s = $(rg '"sha256-.+"' $directory/default.nix | sd '.+"(.+)";' '$1' ) + echo $sha256s | read --line :github_sha256 + echo $sha256s | tail -n 1 | read --line :old_mix_sha256 + sd 'version = ".+"' "version = \"$latest_version\"" "$directory/default.nix" + sd "sha256 = \"$github_sha256\"" "sha256 = \"$tarball_hash\"" "$directory/default.nix" + sd "sha256 = \"$old_mix_sha256\"" "sha256 = \"\"" "$directory/default.nix" + + var new_mix_hash = $(nix-build -A elixir_ls.mixFodDeps 2>&1 | \ + tail -n 1 | \ + sd '\s+got:\s+' '') + + sd "sha256 = \"\"" "sha256 = \"$new_mix_hash\"" "$directory/default.nix" +} From 3b7fa8744ccb957ce20304f6b9ec68325671ae11 Mon Sep 17 00:00:00 2001 From: happysalada Date: Tue, 31 Aug 2021 10:30:17 +0900 Subject: [PATCH 08/11] elasticsearch7: wrap elasticcearch-keystore --- pkgs/servers/search/elasticsearch/7.x.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/servers/search/elasticsearch/7.x.nix b/pkgs/servers/search/elasticsearch/7.x.nix index b0114ad17055..de194bcc7d29 100644 --- a/pkgs/servers/search/elasticsearch/7.x.nix +++ b/pkgs/servers/search/elasticsearch/7.x.nix @@ -59,6 +59,9 @@ stdenv.mkDerivation (rec { chmod +x $out/bin/* + substituteInPlace $out/bin/elasticsearch \ + --replace 'bin/elasticsearch-keystore' "$out/bin/elasticsearch-keystore" + wrapProgram $out/bin/elasticsearch \ --prefix PATH : "${makeBinPath [ util-linux coreutils gnugrep ]}" \ --set JAVA_HOME "${jre_headless}" From e13906fff009043e8982567ca6bc1a031b62f388 Mon Sep 17 00:00:00 2001 From: happysalada Date: Wed, 1 Sep 2021 15:51:33 +0900 Subject: [PATCH 09/11] elasticsearch: nixpkgs-fmt --- nixos/modules/services/search/elasticsearch.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix index 91d8f544e16b..e78ed7e40d49 100644 --- a/nixos/modules/services/search/elasticsearch.nix +++ b/nixos/modules/services/search/elasticsearch.nix @@ -36,7 +36,8 @@ let postBuild = "${pkgs.coreutils}/bin/mkdir -p $out/plugins"; }; -in { +in +{ ###### interface @@ -116,20 +117,20 @@ in { extraCmdLineOptions = mkOption { description = "Extra command line options for the elasticsearch launcher."; - default = []; + default = [ ]; type = types.listOf types.str; }; extraJavaOptions = mkOption { description = "Extra command line options for Java."; - default = []; + default = [ ]; type = types.listOf types.str; example = [ "-Djava.net.preferIPv4Stack=true" ]; }; plugins = mkOption { description = "Extra elasticsearch plugins"; - default = []; + default = [ ]; type = types.listOf types.package; example = lib.literalExample "[ pkgs.elasticsearchPlugins.discovery-ec2 ]"; }; @@ -146,8 +147,8 @@ in { path = [ pkgs.inetutils ]; environment = { ES_HOME = cfg.dataDir; - ES_JAVA_OPTS = toString ( optional (!es6) [ "-Des.path.conf=${configDir}" ] - ++ cfg.extraJavaOptions); + ES_JAVA_OPTS = toString (optional (!es6) [ "-Des.path.conf=${configDir}" ] + ++ cfg.extraJavaOptions); } // optionalAttrs es6 { ES_PATH_CONF = configDir; }; From d58fa9e445d171ba8a735165dc60706d54e9cc4f Mon Sep 17 00:00:00 2001 From: happysalada Date: Wed, 1 Sep 2021 15:52:31 +0900 Subject: [PATCH 10/11] elasticsearch: fix jvm gc log path --- nixos/modules/services/search/elasticsearch.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix index e78ed7e40d49..ed566d978399 100644 --- a/nixos/modules/services/search/elasticsearch.nix +++ b/nixos/modules/services/search/elasticsearch.nix @@ -189,6 +189,9 @@ in cp ${loggingConfigFile} ${configDir}/${loggingConfigFilename} mkdir -p ${configDir}/scripts ${optionalString es6 "cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options"} + # redirect jvm logs to the data directory + mkdir -m 0700 -p ${cfg.dataDir}/logs + ${pkgs.sd}/bin/sd 'logs/gc.log' '${cfg.dataDir}/logs/gc.log' ${configDir}/jvm.options \ if [ "$(id -u)" = 0 ]; then chown -R elasticsearch:elasticsearch ${cfg.dataDir}; fi ''; From 4ddc5c6b2addbf03ee21fa5b51de15b2cded11c8 Mon Sep 17 00:00:00 2001 From: happysalada Date: Tue, 31 Aug 2021 12:43:28 +0900 Subject: [PATCH 11/11] elasticsearch: remove logic for version less than 6 --- nixos/modules/services/search/elasticsearch.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix index ed566d978399..440f34b3dc5c 100644 --- a/nixos/modules/services/search/elasticsearch.nix +++ b/nixos/modules/services/search/elasticsearch.nix @@ -5,8 +5,6 @@ with lib; let cfg = config.services.elasticsearch; - es6 = builtins.compareVersions cfg.package.version "6" >= 0; - esConfig = '' network.host: ${cfg.listenAddress} cluster.name: ${cfg.cluster_name} @@ -147,9 +145,7 @@ in path = [ pkgs.inetutils ]; environment = { ES_HOME = cfg.dataDir; - ES_JAVA_OPTS = toString (optional (!es6) [ "-Des.path.conf=${configDir}" ] - ++ cfg.extraJavaOptions); - } // optionalAttrs es6 { + ES_JAVA_OPTS = toString cfg.extraJavaOptions; ES_PATH_CONF = configDir; }; serviceConfig = { @@ -188,7 +184,7 @@ in rm -f "${configDir}/logging.yml" cp ${loggingConfigFile} ${configDir}/${loggingConfigFilename} mkdir -p ${configDir}/scripts - ${optionalString es6 "cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options"} + cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options # redirect jvm logs to the data directory mkdir -m 0700 -p ${cfg.dataDir}/logs ${pkgs.sd}/bin/sd 'logs/gc.log' '${cfg.dataDir}/logs/gc.log' ${configDir}/jvm.options \