Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3ab846e34aa5
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5e329ff83c86
Choose a head ref
  • 20 commits
  • 16 files changed
  • 9 contributors

Commits on Jan 30, 2020

  1. knot-resolver: enable checks on aarch64 

    The cqueues fix is in nixpkgs already, so it works now.
    @vcunat
    vcunat committed Jan 30, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e980e7a View commit details

Commits on Jan 31, 2020

  1. knot-resolver: remove older lua path workarounds 

    Part of this is approximate revert of commit f0d2da4.
    @vcunat
    vcunat committed Jan 31, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    93ad21d View commit details

  2. nixos/kresd: fix a recent error in description

    @vcunat
    vcunat committed Jan 31, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    0a8fb01 View commit details

  3. (nixos/)knot-resolver: 4.3.0 -> 5.0.0 

    Minor incompatibilities due to moving to upstream defaults:
  - capabilities are used instead of systemd.socket units
  - the control socket moved:
    /run/kresd/control -> /run/knot-resolver/control/1
  - cacheDir moved and isn't configurable anymore
  - different user+group names, without static IDs

Thanks Mic92 for multiple ideas.
    @vcunat
    vcunat committed Jan 31, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    ae74a0e View commit details

  4. nixos/kresd: add .instances option

    @vcunat
    vcunat committed Jan 31, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    02bf055 View commit details

Commits on Feb 4, 2020

  1. SPAdes: 3.13.1 -> 3.14.0

    @r-ryantm
    r-ryantm committed Feb 4, 2020
    Copy the full SHA
    3c54ae5 View commit details

Commits on Feb 5, 2020

  1. sudo: 1.8.30 -> 1.8.31

    @tilpner
    tilpner committed Feb 5, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    tilpner Till Höppner
    GPG key ID: E9192E216175A76D
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f58c90f View commit details

  2. linux: 4.4.212 -> 4.4.213

    @NeQuissimus
    NeQuissimus committed Feb 5, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    NeQuissimus Tim Steinbach
    GPG key ID: 6538CB9266B06F31
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    5b5f9d2 View commit details

  3. linux: 4.9.212 -> 4.9.213

    @NeQuissimus
    NeQuissimus committed Feb 5, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    NeQuissimus Tim Steinbach
    GPG key ID: 6538CB9266B06F31
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    447c14e View commit details

  4. linux: 5.5.1 -> 5.5.2

    @NeQuissimus
    NeQuissimus committed Feb 5, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    NeQuissimus Tim Steinbach
    GPG key ID: 6538CB9266B06F31
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    ab0e690 View commit details

  5. oh-my-zsh: 2020-02-04 -> 2020-02-04

    @NeQuissimus
    NeQuissimus committed Feb 5, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    NeQuissimus Tim Steinbach
    GPG key ID: 6538CB9266B06F31
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e9a21da View commit details

  6. Merge pull request #79262 from tilpner/sudo-update 

    sudo: 1.8.30 -> 1.8.31
    @grahamc
    grahamc authored Feb 5, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    943516a View commit details

  7. Merge pull request #79231 from r-ryantm/auto-update/SPAdes 

    SPAdes: 3.13.1 -> 3.14.0
    @ryantm
    ryantm authored Feb 5, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    67143ec View commit details

  8. electron*: refactor 4+ to common expression, add 7, updates 

    * print-hashes.nix uses upstream-provided SHA256SUMS file
* electron_4: 4.2.8 -> 4.2.12
* electron_5: 5.0.8 -> 5.0.13
* electron_6: 6.0.1 -> 6.1.7
* electron_7:: init at 7.1.10

FWIW:
electron_4 previously did not include at-spi2-core, only at-spi2-atk.
Both are now included, matching other versions for a slightly simpler
expression.
    @dtzWill @worldofpeace
    dtzWill authored and worldofpeace committed Feb 5, 2020
    Copy the full SHA
    8e8285d View commit details

  9. electron_8: init at 8.0.0

    @dtzWill @worldofpeace
    dtzWill authored and worldofpeace committed Feb 5, 2020
    Copy the full SHA
    ed8c639 View commit details

  10. documize-community: 3.6.0 -> 3.7.0 

    https://github.com/documize/community/releases/tag/v3.7.0
    @Ma27
    Ma27 committed Feb 5, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    Ma27 Maximilian Bosch
    GPG key ID: 091DBF4D1FC46B8E
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    696829f View commit details

  11. linuxPackages.wireguard: 0.0.20200128 -> 0.0.20200205 

    https://lists.zx2c4.com/pipermail/wireguard/2020-February/004962.html
    @Ma27
    Ma27 committed Feb 5, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    Ma27 Maximilian Bosch
    GPG key ID: 091DBF4D1FC46B8E
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f8a0576 View commit details

  12. knot-resolver: 5.0.0 -> 5.0.1 

    https://gitlab.labs.nic.cz/knot/knot-resolver/tags/v5.0.1
    @vcunat
    vcunat committed Feb 5, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e3edb00 View commit details

  13. Merge #78628: knot-resolver: 4.3.0 -> 5.0.1 

    The service needed lots of changes. A few smaller changes
are added into the PR, e.g. replacement for PR #72014.
See the commit messages for details.
    @vcunat
    vcunat committed Feb 5, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    baeed03 View commit details

  14. Merge pull request #79192 from dtzWill/feature/electron-refactor-and-7 

    electron*: refactor 4+ to common expression, add 7 and 8, updates
    @worldofpeace
    worldofpeace authored Feb 5, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    5e329ff View commit details
4 changes: 2 additions & 2 deletions nixos/modules/misc/ids.nix
View file
Original file line number Diff line number Diff line change
@@ -299,7 +299,7 @@ in
couchpotato = 267;
gogs = 268;
pdns-recursor = 269;
kresd = 270;
#kresd = 270; # switched to "knot-resolver" with dynamic ID
rpc = 271;
geoip = 272;
fcron = 273;
@@ -600,7 +600,7 @@ in
headphones = 266;
couchpotato = 267;
gogs = 268;
kresd = 270;
#kresd = 270; # switched to "knot-resolver" with dynamic ID
#rpc = 271; # unused
#geoip = 272; # unused
fcron = 273;
146 changes: 63 additions & 83 deletions nixos/modules/services/networking/kresd.nix
View file
Original file line number Diff line number Diff line change
@@ -3,12 +3,34 @@
with lib;

let

cfg = config.services.kresd;
configFile = pkgs.writeText "kresd.conf" ''
${optionalString (cfg.listenDoH != []) "modules.load('http')"}
${cfg.extraConfig};
'';

# Convert systemd-style address specification to kresd config line(s).
# On Nix level we don't attempt to precisely validate the address specifications.
mkListen = kind: addr: let
al_v4 = builtins.match "([0-9.]\+):([0-9]\+)" addr;
al_v6 = builtins.match "\\[(.\+)]:([0-9]\+)" addr;
al_portOnly = builtins.match "()([0-9]\+)" addr;
al = findFirst (a: a != null)
(throw "services.kresd.*: incorrect address specification '${addr}'")
[ al_v4 al_v6 al_portOnly ];
port = last al;
addrSpec = if al_portOnly == null then "'${head al}'" else "{'::', '127.0.0.1'}";
in # freebind is set for compatibility with earlier kresd services;
# it could be configurable, for example.
''
net.listen(${addrSpec}, ${port}, { kind = '${kind}', freebind = true })
'';

configFile = pkgs.writeText "kresd.conf" (
optionalString (cfg.listenDoH != []) ''
modules.load('http')
''
+ concatMapStrings (mkListen "dns") cfg.listenPlain
+ concatMapStrings (mkListen "tls") cfg.listenTLS
+ concatMapStrings (mkListen "doh") cfg.listenDoH
+ cfg.extraConfig
);

package = pkgs.knot-resolver.override {
extraFeatures = cfg.listenDoH != [];
@@ -25,6 +47,7 @@ in {
value
)
)
(mkRemovedOptionModule [ "services" "kresd" "cacheDir" ] "Please use (bind-)mounting instead.")
];

###### interface
@@ -35,8 +58,8 @@ in {
description = ''
Whether to enable knot-resolver domain name server.
DNSSEC validation is turned on by default.
You can run <literal>sudo nc -U /run/kresd/control</literal>
and give commands interactively to kresd.
You can run <literal>sudo nc -U /run/knot-resolver/control/1</literal>
and give commands interactively to kresd@1.service.
'';
};
extraConfig = mkOption {
@@ -46,16 +69,10 @@ in {
Extra lines to be added verbatim to the generated configuration file.
'';
};
cacheDir = mkOption {
type = types.path;
default = "/var/cache/kresd";
description = ''
Directory for caches. They are intended to survive reboots.
'';
};
listenPlain = mkOption {
type = with types; listOf str;
default = [ "[::1]:53" "127.0.0.1:53" ];
example = [ "53" ];
description = ''
What addresses and ports the server should listen on.
For detailed syntax see ListenStream in man systemd.socket.
@@ -75,91 +92,54 @@ in {
default = [];
example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ];
description = ''
Addresses and ports on which kresd should provide DNS over HTTPS (see RFC 7858).
Addresses and ports on which kresd should provide DNS over HTTPS (see RFC 8484).
For detailed syntax see ListenStream in man systemd.socket.
'';
};
instances = mkOption {
type = types.ints.unsigned;
default = 1;
description = ''
The number of instances to start. They will be called kresd@{1,2,...}.service.
Knot Resolver uses no threads, so this is the way to scale.
You can dynamically start/stop them at will, so this is just system default.
'';
};
# TODO: perhaps options for more common stuff like cache size or forwarding
};

###### implementation
config = mkIf cfg.enable {
environment.etc."kresd.conf".source = configFile; # not required
environment.etc."knot-resolver/kresd.conf".source = configFile; # not required

users.users.kresd =
{ uid = config.ids.uids.kresd;
group = "kresd";
users.users.knot-resolver =
{ isSystemUser = true;
group = "knot-resolver";
description = "Knot-resolver daemon user";
};
users.groups.kresd.gid = config.ids.gids.kresd;

systemd.sockets.kresd = rec {
wantedBy = [ "sockets.target" ];
before = wantedBy;
listenStreams = cfg.listenPlain;
socketConfig = {
ListenDatagram = listenStreams;
FreeBind = true;
FileDescriptorName = "dns";
};
};
users.groups.knot-resolver.gid = null;

systemd.sockets.kresd-tls = mkIf (cfg.listenTLS != []) rec {
wantedBy = [ "sockets.target" ];
before = wantedBy;
partOf = [ "kresd.socket" ];
listenStreams = cfg.listenTLS;
socketConfig = {
FileDescriptorName = "tls";
FreeBind = true;
Service = "kresd.service";
};
};
systemd.packages = [ package ]; # the units are patched inside the package a bit

systemd.sockets.kresd-doh = mkIf (cfg.listenDoH != []) rec {
wantedBy = [ "sockets.target" ];
before = wantedBy;
partOf = [ "kresd.socket" ];
listenStreams = cfg.listenDoH;
socketConfig = {
FileDescriptorName = "doh";
FreeBind = true;
Service = "kresd.service";
};
systemd.targets.kresd = { # configure units started by default
wantedBy = [ "multi-user.target" ];
wants = [ "kres-cache-gc.service" ]
++ map (i: "kresd@${toString i}.service") (range 1 cfg.instances);
};

systemd.sockets.kresd-control = rec {
wantedBy = [ "sockets.target" ];
before = wantedBy;
partOf = [ "kresd.socket" ];
listenStreams = [ "/run/kresd/control" ];
socketConfig = {
FileDescriptorName = "control";
Service = "kresd.service";
SocketMode = "0660"; # only root user/group may connect and control kresd
};
systemd.services."kresd@".serviceConfig = {
ExecStart = "${package}/bin/kresd --noninteractive "
+ "-c ${package}/lib/knot-resolver/distro-preconfig.lua -c ${configFile}";
# Ensure correct ownership in case UID or GID changes.
CacheDirectory = "knot-resolver";
CacheDirectoryMode = "0750";
};

systemd.tmpfiles.rules = [ "d '${cfg.cacheDir}' 0770 kresd kresd - -" ];
environment.etc."tmpfiles.d/knot-resolver.conf".source =
"${package}/lib/tmpfiles.d/knot-resolver.conf";

systemd.services.kresd = {
description = "Knot-resolver daemon";

serviceConfig = {
User = "kresd";
Type = "notify";
WorkingDirectory = cfg.cacheDir;
Restart = "on-failure";
Sockets = [ "kresd.socket" "kresd-control.socket" ]
++ optional (cfg.listenTLS != []) "kresd-tls.socket";
};

# Trust anchor goes from dns-root-data by default.
script = ''
exec '${package}/bin/kresd' --config '${configFile}' --forks=1
'';

requires = [ "kresd.socket" ];
};
# Try cleaning up the previously default location of cache file.
# Note that /var/cache/* should always be safe to remove.
# TODO: remove later, probably between 20.09 and 21.03
systemd.tmpfiles.rules = [ "R /var/cache/kresd" ];
};
}
4 changes: 2 additions & 2 deletions pkgs/applications/science/biology/spades/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,11 +2,11 @@

stdenv.mkDerivation rec {
pname = "SPAdes";
version = "3.13.1";
version = "3.14.0";

src = fetchurl {
url = "http://cab.spbu.ru/files/release${version}/${pname}-${version}.tar.gz";
sha256 = "0giayz197lmq2108filkn9izma3i803sb3iskv9hs5snzdr9p8ld";
sha256 = "1ffxswd2ngkpy1d6l3lb6a9cmyy1fglbdsws00b3m1k22zaqv60q";
};

nativeBuildInputs = [ cmake ];
86 changes: 0 additions & 86 deletions pkgs/development/tools/electron/5.x.nix
View file

This file was deleted.

Loading