Skip to content

Commit

Permalink
Merge branch 'master' into staging
Browse files Browse the repository at this point in the history 
* master: (48 commits)
  Mathematica: 11.0.1 -> 11.2.0
  kbfs: 20170922.f76290 -> 20171004.40555d
  packer: 1.0.3 -> 1.1.0
  libxdg-basedir: 1.0.2 -> 1.2.0
  fscrypt: 0.2.1 -> 0.2.2
  devtodo: init at 0.1.20
  keybase: 1.0.30 -> 1.0.33
  elixir: Fix locale problem on NixOS
  keybase-gui: 1.0.25 -> 1.0.33
  terraform: 0.10.2 -> 0.10.7  (#30055)
  emby: 3.2.32.0 -> 3.2.33.0
  sbcl: 1.3.21 -> 1.4.0
  ardour: 5.11 -> 5.12
  axoloti: fix evaluation
  axoloti: init at 1.0.12-1
  melpa-packages: Add new lean packages
  fastlane: init at 2.60.1
  nixos/traefik: guard example path
  go-ethereum: 1.7.0 -> 1.7.1
  xzgv: 0.9.1 -> 0.9.2
  ...
  • Loading branch information
@orivej
orivej committed Oct 5, 2017
2 parents 514593e + b14db2c commit 66d4941
Show file tree
Hide file tree
Showing 55 changed files with 1,502 additions and 296 deletions.
3 changes: 3 additions & 0 deletions lib/maintainers.nix
View file
Expand Up @@ -136,6 +136,7 @@
dancek = "Hannu Hartikainen <hannu.hartikainen@gmail.com>";
danielfullmer = "Daniel Fullmer <danielrf12@gmail.com>";
dasuxullebt = "Christoph-Simon Senjak <christoph.senjak@googlemail.com>";
david50407 = "David Kuo <me@davy.tw>";
davidak = "David Kleuker <post@davidak.de>";
davidrusu = "David Rusu <davidrusu.me@gmail.com>";
davorb = "Davor Babic <davor@davor.se>";
Expand Down Expand Up @@ -457,6 +458,7 @@
periklis = "theopompos@gmail.com";
pesterhazy = "Paulus Esterhazy <pesterhazy@gmail.com>";
peterhoeg = "Peter Hoeg <peter@hoeg.com>";
peterromfeldhk = "Peter Romfeld <peter.romfeld.hk@gmail.com>";
peti = "Peter Simons <simons@cryp.to>";
philandstuff = "Philip Potter <philip.g.potter@gmail.com>";
phile314 = "Philipp Hausmann <nix@314.ch>";
Expand Down Expand Up @@ -589,6 +591,7 @@
taku0 = "Takuo Yonezawa <mxxouy6x3m_github@tatapa.org>";
tari = "Peter Marheine <peter@taricorp.net>";
tavyc = "Octavian Cerna <octavian.cerna@gmail.com>";
TealG = "Teal Gaure <~@Teal.Gr>";
teh = "Tom Hunger <tehunger@gmail.com>";
telotortium = "Robert Irelan <rirelan@gmail.com>";
teto = "Matthieu Coudron <mcoudron@hotmail.com>";
Expand Down
2 changes: 1 addition & 1 deletion nixos/modules/config/no-x-libs.nix
View file
Expand Up @@ -35,7 +35,7 @@ with lib;
networkmanager_pptp = pkgs.networkmanager_pptp.override { withGnome = false; };
networkmanager_vpnc = pkgs.networkmanager_vpnc.override { withGnome = false; };
networkmanager_iodine = pkgs.networkmanager_iodine.override { withGnome = false; };
pinentry = pkgs.pinentry.override { gcr = null; gtk2 = null; qt4 = null; };
pinentry = pkgs.pinentry.override { gtk2 = null; qt4 = null; };
};
};
}
1 change: 1 addition & 0 deletions nixos/modules/module-list.nix
View file
Expand Up @@ -622,6 +622,7 @@
./services/web-servers/phpfpm/default.nix
./services/web-servers/shellinabox.nix
./services/web-servers/tomcat.nix
./services/web-servers/traefik.nix
./services/web-servers/uwsgi.nix
./services/web-servers/varnish/default.nix
./services/web-servers/winstone.nix
Expand Down
3 changes: 2 additions & 1 deletion nixos/modules/services/misc/gitlab.nix
View file
Expand Up @@ -414,7 +414,7 @@ in {
Make sure the secret is an RSA private key in PEM format. You can
generate one with
openssl genrsa 2048openssl genpkey -algorithm RSA -out - -pkeyopt rsa_keygen_bits:2048
openssl genrsa 2048
'';
};

Expand Down Expand Up @@ -567,6 +567,7 @@ in {
mkdir -p ${cfg.statePath}/log
mkdir -p ${cfg.statePath}/tmp/pids
mkdir -p ${cfg.statePath}/tmp/sockets
mkdir -p ${cfg.statePath}/shell
rm -rf ${cfg.statePath}/config ${cfg.statePath}/shell/hooks
mkdir -p ${cfg.statePath}/config
Expand Down
29 changes: 29 additions & 0 deletions nixos/modules/services/misc/gitlab.xml
View file
Expand Up @@ -66,6 +66,35 @@ services.gitlab = {
db = "uPgq1gtwwHiatiuE0YHqbGa5lEIXH7fMsvuTNgdzJi8P0Dg12gibTzBQbq5LT7PNzcc3BP9P1snHVnduqtGF43PgrQtU7XL93ts6gqe9CBNhjtaqUwutQUDkygP5NrV6";
secret = "devzJ0Tz0POiDBlrpWmcsjjrLaltyiAdS8TtgT9YNBOoUcDsfppiY3IXZjMVtKgXrFImIennFGOpPN8IkP8ATXpRgDD5rxVnKuTTwYQaci2NtaV1XxOQGjdIE50VGsR3";
otp = "e1GATJVuS2sUh7jxiPzZPre4qtzGGaS22FR50Xs1TerRVdgI3CBVUi5XYtQ38W4xFeS4mDqi5cQjExE838iViSzCdcG19XSL6qNsfokQP9JugwiftmhmCadtsnHErBMI";
jws = ''
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArrtx4oHKwXoqUbMNqnHgAklnnuDon3XG5LJB35yPsXKv/8GK
ke92wkI+s1Xkvsp8tg9BIY/7c6YK4SR07EWL+dB5qwctsWR2Q8z+/BKmTx9D99pm
hnsjuNIXTF7BXrx3RX6BxZpH5Vzzh9nCwWKT/JCFqtwH7afNGGL7aMf+hdaiUg/Q
SD05yRObioiO4iXDolsJOhrnbZvlzVHl1ZYxFJv0H6/Snc0BBA9Fl/3uj6ANpbjP
eXF1SnJCqT87bj46r5NdVauzaRxAsIfqHroHK4UZ98X5LjGQFGvSqTvyjPBS4I1i
s7VJU28ObuutHxIxSlH0ibn4HZqWmKWlTS652wIDAQABAoIBAGtPcUTTw2sJlR3x
4k2wfAvLexkHNbZhBdKEa5JiO5mWPuLKwUiZEY2CU7Gd6csG3oqNWcm7/IjtC7dz
xV8p4yp8T4yq7vQIJ93B80NqTLtBD2QTvG2RCMJEPMzJUObWxkVmyVpLQyZo7KOd
KE/OM+aj94OUeEYLjRkSCScz1Gvq/qFG/nAy7KPCmN9JDHuhX26WHo2Rr1OnPNT/
7diph0bB9F3b8gjjNTqXDrpdAqVOgR/PsjEBz6DMY+bdyMIn87q2yfmMexxRofN6
LulpzSaa6Yup8N8H6PzVO6KAkQuf1aQRj0sMwGk1IZEnj6I0KbuHIZkw21Nc6sf2
ESFySDECgYEA1PnCNn5tmLnwe62Ttmrzl20zIS3Me1gUVJ1NTfr6+ai0I9iMYU21
5czuAjJPm9JKQF2vY8UAaCj2ZoObtHa/anb3xsCd8NXoM3iJq5JDoXI1ldz3Y+ad
U/bZUg1DLRvAniTuXmw9iOTwTwPxlDIGq5k+wG2Xmi1lk7zH8ezr9BMCgYEA0gfk
EhgcmPH8Z5cU3YYwOdt6HSJOM0OyN4k/5gnkv+HYVoJTj02gkrJmLr+mi1ugKj46
7huYO9TVnrKP21tmbaSv1dp5hS3letVRIxSloEtVGXmmdvJvBRzDWos+G+KcvADi
fFCz6w8v9NmO40CB7y/3SxTmSiSxDQeoi9LhDBkCgYEAsPgMWm25sfOnkY2NNUIv
wT8bAlHlHQT2d8zx5H9NttBpR3P0ShJhuF8N0sNthSQ7ULrIN5YGHYcUH+DyLAWU
TuomP3/kfa+xL7vUYb269tdJEYs4AkoppxBySoz8qenqpz422D0G8M6TpIS5Y5Qi
GMrQ6uLl21YnlpiCaFOfSQMCgYEAmZxj1kgEQmhZrnn1LL/D7czz1vMMNrpAUhXz
wg9iWmSXkU3oR1sDIceQrIhHCo2M6thwyU0tXjUft93pEQocM/zLDaGoVxtmRxxV
J08mg8IVD3jFoyFUyWxsBIDqgAKRl38eJsXvkO+ep3mm49Z+Ma3nM+apN3j2dQ0w
3HLzXaECgYBFLMEAboVFwi5+MZjGvqtpg2PVTisfuJy2eYnPwHs+AXUgi/xRNFjI
YHEa7UBPb5TEPSzWImQpETi2P5ywcUYL1EbN/nqPWmjFnat8wVmJtV4sUpJhubF4
Vqm9LxIWc1uQ1q1HDCejRIxIN3aSH+wgRS3Kcj8kCTIoXd1aERb04g==
-----END RSA PRIVATE KEY-----
'';
};
extraConfig = {
gitlab = {
Expand Down
11 changes: 9 additions & 2 deletions nixos/modules/services/network-filesystems/ipfs.nix
View file
Expand Up @@ -7,7 +7,7 @@ let

ipfsFlags = toString ([
(optionalString cfg.autoMount "--mount")
(optionalString cfg.autoMigrate "--migrate")
#(optionalString cfg.autoMigrate "--migrate")
(optionalString cfg.enableGC "--enable-gc")
(optionalString (cfg.serviceFdlimit != null) "--manage-fdlimit=false")
(optionalString (cfg.defaultMode == "offline") "--offline")
Expand Down Expand Up @@ -36,6 +36,7 @@ let

baseService = recursiveUpdate commonEnv {
wants = [ "ipfs-init.service" ];
# NB: migration must be performed prior to pre-start, else we get the failure message!
preStart = ''
ipfs repo fsck # workaround for BUG #4212 (https://github.com/ipfs/go-ipfs/issues/4214)
ipfs --local config Addresses.API ${cfg.apiAddress}
Expand Down Expand Up @@ -97,11 +98,17 @@ in {
description = "systemd service that is enabled by default";
};

/*
autoMigrate = mkOption {
type = types.bool;
default = false;
description = "Whether IPFS should try to migrate the file system automatically";
description = ''
Whether IPFS should try to migrate the file system automatically.
The daemon will need to be able to download a binary from https://ipfs.io to perform the migration.
'';
};
*/

autoMount = mkOption {
type = types.bool;
Expand Down
115 changes: 115 additions & 0 deletions nixos/modules/services/web-servers/traefik.nix
View file
@@ -0,0 +1,115 @@
{ config, lib, pkgs, ... }:

with lib;

let
cfg = config.services.traefik;
configFile =
if cfg.configFile == null then
pkgs.runCommand "config.toml" {
buildInputs = [ pkgs.remarshal ];
} ''
remarshal -if json -of toml \
< ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \
> $out
''
else cfg.configFile;

in {
options.services.traefik = {
enable = mkEnableOption "Traefik web server";

configFile = mkOption {
default = null;
example = literalExample "/path/to/config.toml";
type = types.nullOr types.path;
description = ''
Path to verbatim traefik.toml to use.
(Using that option has precedence over <literal>configOptions</literal>)
'';
};

configOptions = mkOption {
description = ''
Config for Traefik.
'';
type = types.attrs;
default = {
defaultEntryPoints = ["http"];
entryPoints.http.address = ":80";
};
example = {
defaultEntrypoints = [ "http" ];
web.address = ":8080";
entryPoints.http.address = ":80";

file = {};
frontends = {
frontend1 = {
backend = "backend1";
routes.test_1.rule = "Host:localhost";
};
};
backends.backend1 = {
servers.server1.url = "http://localhost:8000";
};
};
};

dataDir = mkOption {
default = "/var/lib/traefik";
type = types.path;
description = ''
Location for any persistent data traefik creates, ie. acme
'';
};

package = mkOption {
default = pkgs.traefik;
defaultText = "pkgs.traefik";
type = types.package;
description = "Traefik package to use.";
};
};

config = mkIf cfg.enable {
systemd.services.traefik = {
description = "Traefik web server";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
PermissionsStartOnly = true;
ExecStart = ''${cfg.package.bin}/bin/traefik --configfile=${configFile}'';
ExecStartPre = [
''${pkgs.coreutils}/bin/mkdir -p "${cfg.dataDir}"''
''${pkgs.coreutils}/bin/chmod 700 "${cfg.dataDir}"''
''${pkgs.coreutils}/bin/chown -R traefik:traefik "${cfg.dataDir}"''
];
Type = "simple";
User = "traefik";
Group = "traefik";
Restart = "on-failure";
StartLimitInterval = 86400;
StartLimitBurst = 5;
AmbientCapabilities = "cap_net_bind_service";
CapabilityBoundingSet = "cap_net_bind_service";
NoNewPrivileges = true;
LimitNPROC = 64;
LimitNOFILE = 1048576;
PrivateTmp = true;
PrivateDevices = true;
ProtectHome = true;
ProtectSystem = "full";
ReadWriteDirectories = cfg.dataDir;
};
};

users.extraUsers.traefik = {
group = "traefik";
home = cfg.dataDir;
createHome = true;
};

users.extraGroups.traefik = {};
};
}
51 changes: 23 additions & 28 deletions nixos/tests/pgjwt.nix
View file
@@ -1,42 +1,37 @@
import ./make-test.nix ({ pkgs, ...} :
import ./make-test.nix ({ pkgs, lib, ...}:
let
test = pkgs.writeText "test.sql" ''
CREATE EXTENSION pgcrypto;
CREATE EXTENSION pgjwt;
select sign('{"sub":"1234567890","name":"John Doe","admin":true}', 'secret');
select * from verify('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ', 'secret');
test = with pkgs; runCommand "patch-test" {
nativeBuildInputs = [ pgjwt ];
}
''
sed -e '12 i CREATE EXTENSION pgcrypto;\nCREATE EXTENSION pgtap;\nSET search_path TO tap,public;' ${pgjwt.src}/test.sql > $out;
'';
in
{
with pkgs; {
name = "pgjwt";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ spinus ];
meta = with lib.maintainers; {
maintainers = [ spinus willibutz ];
};

nodes = {
master =
{ pkgs, config, ... }:

{
services.postgresql = let mypg = pkgs.postgresql95; in {
enable = true;
package = mypg;
extraPlugins =[pkgs.pgjwt];
initialScript = pkgs.writeText "postgresql-init.sql"
''
CREATE ROLE postgres WITH superuser login createdb;
'';
};
master = { pkgs, config, ... }:
{
services.postgresql = {
enable = true;
extraPlugins = [ pgjwt pgtap ];
};
};
};

testScript = ''
testScript = { nodes, ... }:
let
sqlSU = "${nodes.master.config.services.postgresql.superUser}";
pgProve = "${pkgs.perlPackages.TAPParserSourceHandlerpgTAP}";
in
''
startAll;
$master->waitForUnit("postgresql");
$master->succeed("timeout 10 bash -c 'while ! psql postgres -c \"SELECT 1;\";do sleep 1;done;'");
$master->succeed("cat ${test} | psql postgres");
# I can't make original test working :[
# $master->succeed("${pkgs.perlPackages.TAPParserSourceHandlerpgTAP}/bin/pg_prove -d postgres ${pkgs.pgjwt.src}/test.sql");
$master->copyFileFromHost("${test}","/tmp/test.sql");
$master->succeed("${pkgs.sudo}/bin/sudo -u ${sqlSU} PGOPTIONS=--search_path=tap,public ${pgProve}/bin/pg_prove -d postgres -v -f /tmp/test.sql");
'';
})
4 changes: 2 additions & 2 deletions pkgs/applications/altcoins/go-ethereum.nix
View file
Expand Up @@ -2,7 +2,7 @@

buildGoPackage rec {
name = "go-ethereum-${version}";
version = "1.7.0";
version = "1.7.1";
goPackagePath = "github.com/ethereum/go-ethereum";

# Fix for usb-related segmentation faults on darwin
Expand All @@ -16,7 +16,7 @@ buildGoPackage rec {
owner = "ethereum";
repo = "go-ethereum";
rev = "v${version}";
sha256 = "0ybjaiyrfb320rab6a5r9iiqvkrcd8b2qvixzx0kjmc4a7l1q5zh";
sha256 = "1rhqnqp2d951d4084z7dc07q0my4wd5401968a0nqj030a9vgng2";
};

# Fix cyclic referencing on Darwin
Expand Down
8 changes: 4 additions & 4 deletions pkgs/applications/audio/ardour/default.nix
View file
Expand Up @@ -16,7 +16,7 @@ let
# "git describe" when _not_ on an annotated tag(!): MAJOR.MINOR-REV-HASH.

# Version to build.
tag = "5.11";
tag = "5.12";

in

Expand All @@ -25,12 +25,12 @@ stdenv.mkDerivation rec {

src = fetchgit {
url = "git://git.ardour.org/ardour/ardour.git";
rev = "bd40b9132cbac2d2b79ba0ef480bd41d837f8f71";
sha256 = "0xxxjg90jzj5cj364mlhk8srkgaghxif2jj1015bra25pffk41ay";
rev = "ae0dcdc0c5d13483271065c360e378202d20170a";
sha256 = "0mla5lm51ryikc2rrk53max2m7a5ds6i1ai921l2h95wrha45nkr";
};

buildInputs =
[ alsaLib aubio boost cairomm curl doxygen dbus fftw fftwSinglePrec flac
[ alsaLib aubio boost cairomm curl doxygen dbus fftw fftwSinglePrec flac
glibmm graphviz gtkmm2 libjack2 libgnomecanvas libgnomecanvasmm liblo
libmad libogg librdf librdf_raptor librdf_rasqal libsamplerate
libsigcxx libsndfile libusb libuuid libxml2 libxslt lilv lv2
Expand Down

0 comments on commit 66d4941

Please sign in to comment.