diff options
| author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-04-16 00:52:15 +0200 |
|---|---|---|
| committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-04-16 00:52:15 +0200 |
| commit | 2bd8fc9378a01ecf28d119fd86737d9c368bc620 (patch) | |
| tree | 6fdeb5f753ae9a7c0fcb12162f06660987320bad | |
| parent | 9ada55cec55cd7a1db6ac7a3bb93140961cfeac0 (diff) | |
| parent | d75710d82015b8ec2b11ba13fe23f9568ef76eb7 (diff) | |
Merge remote-tracking branch 'origin/master' into staging-next
43 files changed, 3410 insertions, 733 deletions
diff --git a/lib/systems/platforms.nix b/lib/systems/platforms.nix index 04d55416242e1..d65ff6487b7ad 100644 --- a/lib/systems/platforms.nix +++ b/lib/systems/platforms.nix @@ -500,7 +500,7 @@ rec { # based on: # https://www.mail-archive.com/qemu-discuss@nongnu.org/msg05179.html # https://gmplib.org/~tege/qemu.html#mips64-debian - mips64el-qemu-linux-gnuabi64 = (import ./examples).mips64el-linux-gnuabi64 // { + mips64el-qemu-linux-gnuabi64 = { linux-kernel = { name = "mips64el"; baseConfig = "64r2el_defconfig"; diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 0fbe13eac4eba..a5bc089f14635 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -734,6 +734,131 @@ </listitem> <listitem> <para> + The Keycloak package (<literal>pkgs.keycloak</literal>) has + been switched from the Wildfly version, which will soon be + deprecated, to the Quarkus based version. The Keycloak service + (<literal>services.keycloak</literal>) has been updated to + accommodate the change and now differs from the previous + version in a few ways: + </para> + <itemizedlist> + <listitem> + <para> + <literal>services.keycloak.extraConfig</literal> has been + removed in favor of the new + <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link> + <link linkend="opt-services.keycloak.settings"><literal>services.keycloak.settings</literal></link> + option. The available options correspond directly to + parameters in <literal>conf/keycloak.conf</literal>. Some + of the most important parameters are documented as + suboptions, the rest can be found in the + <link xlink:href="https://www.keycloak.org/server/all-config">All + configuration section of the Keycloak Server Installation + and Configuration Guide</link>. While the new + configuration is much simpler and cleaner than the old + JBoss CLI one, this unfortunately mean that there’s no + straightforward way to convert an old configuration to the + new format and some settings may not even be available + anymore. + </para> + </listitem> + <listitem> + <para> + <literal>services.keycloak.frontendUrl</literal> was + removed and the frontend URL is now configured through the + <literal>hostname</literal> family of settings in + <link linkend="opt-services.keycloak.settings"><literal>services.keycloak.settings</literal></link> + instead. See the + <link xlink:href="https://www.keycloak.org/server/hostname">Hostname + section of the Keycloak Server Installation and + Configuration Guide</link> for more details. Additionally, + <literal>/auth</literal> was removed from the default + context path and needs to be added back in + <link linkend="opt-services.keycloak.settings.http-relative-path"><literal>services.keycloak.settings.http-relative-path</literal></link> + if you want to keep compatibility with your current + clients. + </para> + </listitem> + <listitem> + <para> + <literal>services.keycloak.bindAddress</literal>, + <literal>services.keycloak.forceBackendUrlToFrontendUrl</literal>, + <literal>services.keycloak.httpPort</literal> and + <literal>services.keycloak.httpsPort</literal> have been + removed in favor of their equivalent options in + <link linkend="opt-services.keycloak.settings"><literal>services.keycloak.settings</literal></link>. + <literal>httpPort</literal> and + <literal>httpsPort</literal> have additionally had their + types changed from <literal>str</literal> to + <literal>port</literal>. + </para> + <para> + The new names are as follows: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + <literal>bindAddress</literal>: + <link linkend="opt-services.keycloak.settings.http-host"><literal>services.keycloak.settings.http-host</literal></link> + </para> + </listitem> + <listitem> + <para> + <literal>forceBackendUrlToFrontendUrl</literal>: + <link linkend="opt-services.keycloak.settings.hostname-strict-backchannel"><literal>services.keycloak.settings.hostname-strict-backchannel</literal></link> + </para> + </listitem> + <listitem> + <para> + <literal>httpPort</literal>: + <link linkend="opt-services.keycloak.settings.http-port"><literal>services.keycloak.settings.http-port</literal></link> + </para> + </listitem> + <listitem> + <para> + <literal>httpsPort</literal>: + <link linkend="opt-services.keycloak.settings.https-port"><literal>services.keycloak.settings.https-port</literal></link> + </para> + </listitem> + </itemizedlist> + </listitem> + </itemizedlist> + <para> + For example, when using a reverse proxy the migration could + look like this: + </para> + <para> + Before: + </para> + <programlisting language="bash"> + services.keycloak = { + enable = true; + httpPort = "8080"; + frontendUrl = "https://keycloak.example.com/auth"; + database.passwordFile = "/run/keys/db_password"; + extraConfig = { + "subsystem=undertow"."server=default-server"."http-listener=default".proxy-address-forwarding = true; + }; + }; +</programlisting> + <para> + After: + </para> + <programlisting language="bash"> + services.keycloak = { + enable = true; + settings = { + http-port = 8080; + hostname = "keycloak.example.com"; + http-relative-path = "/auth"; + proxy = "edge"; + }; + database.passwordFile = "/run/keys/db_password"; + }; +</programlisting> + </listitem> + <listitem> + <para> The MoinMoin wiki engine (<literal>services.moinmoin</literal>) has been removed, because Python 2 is being retired from nixpkgs. diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 78fcf4fecd1e5..f09d7d84d8162 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -290,6 +290,81 @@ In addition to numerous new and upgraded packages, this release has the followin `media_store_path` was changed from `${dataDir}/media` to `${dataDir}/media_store` if `system.stateVersion` is at least `22.05`. Files will need to be manually moved to the new location if the `stateVersion` is updated. +- The Keycloak package (`pkgs.keycloak`) has been switched from the + Wildfly version, which will soon be deprecated, to the Quarkus based + version. The Keycloak service (`services.keycloak`) has been updated + to accommodate the change and now differs from the previous version + in a few ways: + + - `services.keycloak.extraConfig` has been removed in favor of the + new [settings-style](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) + [`services.keycloak.settings`](#opt-services.keycloak.settings) + option. The available options correspond directly to parameters in + `conf/keycloak.conf`. Some of the most important parameters are + documented as suboptions, the rest can be found in the [All + configuration section of the Keycloak Server Installation and + Configuration + Guide](https://www.keycloak.org/server/all-config). While the new + configuration is much simpler and cleaner than the old JBoss CLI + one, this unfortunately mean that there's no straightforward way + to convert an old configuration to the new format and some + settings may not even be available anymore. + + - `services.keycloak.frontendUrl` was removed and the frontend URL + is now configured through the `hostname` family of settings in + [`services.keycloak.settings`](#opt-services.keycloak.settings) + instead. See the [Hostname section of the Keycloak Server + Installation and Configuration + Guide](https://www.keycloak.org/server/hostname) for more + details. Additionally, `/auth` was removed from the default + context path and needs to be added back in + [`services.keycloak.settings.http-relative-path`](#opt-services.keycloak.settings.http-relative-path) + if you want to keep compatibility with your current clients. + + - `services.keycloak.bindAddress`, + `services.keycloak.forceBackendUrlToFrontendUrl`, + `services.keycloak.httpPort` and `services.keycloak.httpsPort` + have been removed in favor of their equivalent options in + [`services.keycloak.settings`](#opt-services.keycloak.settings). `httpPort` + and `httpsPort` have additionally had their types changed from + `str` to `port`. + + The new names are as follows: + - `bindAddress`: [`services.keycloak.settings.http-host`](#opt-services.keycloak.settings.http-host) + - `forceBackendUrlToFrontendUrl`: [`services.keycloak.settings.hostname-strict-backchannel`](#opt-services.keycloak.settings.hostname-strict-backchannel) + - `httpPort`: [`services.keycloak.settings.http-port`](#opt-services.keycloak.settings.http-port) + - `httpsPort`: [`services.keycloak.settings.https-port`](#opt-services.keycloak.settings.https-port) + + For example, when using a reverse proxy the migration could look + like this: + + Before: + ```nix + services.keycloak = { + enable = true; + httpPort = "8080"; + frontendUrl = "https://keycloak.example.com/auth"; + database.passwordFile = "/run/keys/db_password"; + extraConfig = { + "subsystem=undertow"."server=default-server"."http-listener=default".proxy-address-forwarding = true; + }; + }; + ``` + + After: + ```nix + services.keycloak = { + enable = true; + settings = { + http-port = 8080; + hostname = "keycloak.example.com"; + http-relative-path = "/auth"; + proxy = "edge"; + }; + database.passwordFile = "/run/keys/db_password"; + }; + ``` + - The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs. - Services in the `hadoop` module previously set `openFirewall` to true by default. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 1d8bf49fdd271..f368a1b79e913 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -410,6 +410,7 @@ ./services/display-managers/greetd.nix ./services/editors/emacs.nix ./services/editors/infinoted.nix + ./services/editors/haste.nix ./services/finance/odoo.nix ./services/games/asf.nix ./services/games/crossfire-server.nix diff --git a/nixos/modules/services/editors/haste.nix b/nixos/modules/services/editors/haste.nix new file mode 100644 index 0000000000000..35fe26766ef7d --- /dev/null +++ b/nixos/modules/services/editors/haste.nix @@ -0,0 +1,86 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + pkg = pkgs.haste-server; + cfg = config.services.haste-server; + + format = pkgs.formats.json {}; +in +{ + options.services.haste-server = { + enable = mkEnableOption "haste-server"; + openFirewall = mkEnableOption "firewall passthrough for haste-server"; + + settings = mkOption { + description = '' + Configuration for haste-server. + For documentation see <link xlink:href="https://github.com/toptal/haste-server#settings">project readme</link> + ''; + type = format.type; + }; + }; + + config = mkIf (cfg.enable) { + networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.settings.port ]; + + services.haste-server = { + settings = { + host = mkDefault "::"; + port = mkDefault 7777; + + keyLength = mkDefault 10; + maxLength = mkDefault 400000; + + staticMaxAge = mkDefault 86400; + recompressStaticAssets = mkDefault false; + + logging = mkDefault [ + { + level = "verbose"; + type = "Console"; + colorize = true; + } + ]; + + keyGenerator = mkDefault { + type = "phonetic"; + }; + + rateLimits = { + categories = { + normal = { + totalRequests = mkDefault 500; + every = mkDefault 60000; + }; + }; + }; + + storage = mkDefault { + type = "file"; + }; + + documents = { + about = mkDefault "${pkg}/share/haste-server/about.md"; + }; + }; + }; + + systemd.services.haste-server = { + wantedBy = [ "multi-user.target" ]; + requires = [ "network.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + User = "haste-server"; + DynamicUser = true; + StateDirectory = "haste-server"; + WorkingDirectory = "/var/lib/haste-server"; + ExecStart = "${pkg}/bin/haste-server ${format.generate "config.json" cfg.settings}"; + }; + + path = with pkgs; [ pkg coreutils ]; + }; + }; +} diff --git a/nixos/modules/services/matrix/matrix-synapse.nix b/nixos/modules/services/matrix/matrix-synapse.nix index 4abcc8b69bc53..a498aff7a55bb 100644 --- a/nixos/modules/services/matrix/matrix-synapse.nix +++ b/nixos/modules/services/matrix/matrix-synapse.nix @@ -81,7 +81,7 @@ in { (mkRemovedOptionModule [ "services" "matrix-synapse" "verbose" ] "Use a log config instead." ) # options that were moved into rfc42 style settigns - (mkRemovedOptionModule [ "services" "matrix-synapse" "app_service_config_files" ] "Use settings.app_service_config_Files instead" ) + (mkRemovedOptionModule [ "services" "matrix-synapse" "app_service_config_files" ] "Use settings.app_service_config_files instead" ) (mkRemovedOptionModule [ "services" "matrix-synapse" "database_args" ] "Use settings.database.args instead" ) (mkRemovedOptionModule [ "services" "matrix-synapse" "database_name" ] "Use settings.database.args.database instead" ) (mkRemovedOptionModule [ "services" "matrix-synapse" "database_type" ] "Use settings.database.name instead" ) diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index c4a2127663a97..2d817ca19234b 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -4,20 +4,94 @@ let cfg = config.services.keycloak; opt = options.services.keycloak; - inherit (lib) types mkOption concatStringsSep mapAttrsToList - escapeShellArg recursiveUpdate optionalAttrs boolToString mkOrder - sort filterAttrs concatMapStringsSep concatStrings mkIf - optionalString optionals mkDefault literalExpression hasSuffix - foldl' isAttrs filter attrNames elem literalDocBook - maintainers; - - inherit (builtins) match typeOf; + inherit (lib) + types + mkMerge + mkOption + mkChangedOptionModule + mkRenamedOptionModule + mkRemovedOptionModule + concatStringsSep + mapAttrsToList + escapeShellArg + mkIf + optionalString + optionals + mkDefault + literalExpression + isAttrs + literalDocBook + maintainers + catAttrs + collect + splitString + ; + + inherit (builtins) + elem + typeOf + isInt + isString + hashString + isPath + ; + + prefixUnlessEmpty = prefix: string: optionalString (string != "") "${prefix}${string}"; in { + imports = + [ + (mkRenamedOptionModule + [ "services" "keycloak" "bindAddress" ] + [ "services" "keycloak" "settings" "http-host" ]) + (mkRenamedOptionModule + [ "services" "keycloak" "forceBackendUrlToFrontendUrl"] + [ "services" "keycloak" "settings" "hostname-strict-backchannel"]) + (mkChangedOptionModule + [ "services" "keycloak" "httpPort" ] + [ "services" "keycloak" "settings" "http-port" ] + (config: + builtins.fromJSON config.services.keycloak.httpPort)) + (mkChangedOptionModule + [ "services" "keycloak" "httpsPort" ] + [ "services" "keycloak" "settings" "https-port" ] + (config: + builtins.fromJSON config.services.keycloak.httpsPort)) + (mkRemovedOptionModule + [ "services" "keycloak" "frontendUrl" ] + '' + Set `services.keycloak.settings.hostname' and `services.keycloak.settings.http-relative-path' instead. + NOTE: You likely want to set 'http-relative-path' to '/auth' to keep compatibility with your clients. + See its description for more information. + '') + (mkRemovedOptionModule + [ "services" "keycloak" "extraConfig" ] + "Use `services.keycloak.settings' instead.") + ]; + options.services.keycloak = let - inherit (types) bool str nullOr attrsOf path enum anything - package port; + inherit (types) + bool + str + int + nullOr + attrsOf + oneOf + path + enum + package + port; + + assertStringPath = optionName: value: + if isPath value then + throw '' + services.keycloak.${optionName}: + ${toString value} + is a Nix path, but should be a string, since Nix + paths are copied into the world-readable Nix store. + '' + else value; in { enable = mkOption { @@ -30,89 +104,14 @@ in ''; }; - bindAddress = mkOption { - type = str; - default = "\${jboss.bind.address:0.0.0.0}"; - example = "127.0.0.1"; - description = '' - On which address Keycloak should accept new connections. - - A special syntax can be used to allow command line Java system - properties to override the value: ''${property.name:value} - ''; - }; - - httpPort = mkOption { - type = str; - default = "\${jboss.http.port:80}"; - example = "8080"; - description = '' - On which port Keycloak should listen for new HTTP connections. - - A special syntax can be used to allow command line Java system - properties to override the value: ''${property.name:value} - ''; - }; - - httpsPort = mkOption { - type = str; - default = "\${jboss.https.port:443}"; - example = "8443"; - description = '' - On which port Keycloak should listen for new HTTPS connections. - - A special syntax can be used to allow command line Java system - properties to override the value: ''${property.name:value} - ''; - }; - - frontendUrl = mkOption { - type = str; - apply = x: - if x == "" || hasSuffix "/" x then - x - else - x + "/"; - example = "keycloak.example.com/auth"; - description = '' - The public URL used as base for all frontend requests. Should - normally include a trailing <literal>/auth</literal>. - - See <link xlink:href="https://www.keycloak.org/docs/latest/server_installation/#_hostname">the - Hostname section of the Keycloak server installation - manual</link> for more information. - ''; - }; - - forceBackendUrlToFrontendUrl = mkOption { - type = bool; - default = false; - example = true; - description = '' - Whether Keycloak should force all requests to go through the - frontend URL configured in <xref - linkend="opt-services.keycloak.frontendUrl" />. By default, - Keycloak allows backend requests to instead use its local - hostname or IP address and may also advertise it to clients - through its OpenID Connect Discovery endpoint. - - See <link - xlink:href="https://www.keycloak.org/docs/latest/server_installation/#_hostname">the - Hostname section of the Keycloak server installation - manual</link> for more information. - ''; - }; - sslCertificate = mkOption { type = nullOr path; default = null; example = "/run/keys/ssl_cert"; + apply = assertStringPath "sslCertificate"; description = '' The path to a PEM formatted certificate to use for TLS/SSL connections. - - This should be a string, not a Nix path, since Nix paths are - copied into the world-readable Nix store. ''; }; @@ -120,28 +119,28 @@ in type = nullOr path; default = null; example = "/run/keys/ssl_key"; + apply = assertStringPath "sslCertificateKey"; description = '' The path to a PEM formatted private key to use for TLS/SSL connections. - - This should be a string, not a Nix path, since Nix paths are - copied into the world-readable Nix store. ''; }; plugins = lib.mkOption { type = lib.types.listOf lib.types.path; - default = []; + default = [ ]; description = '' - Keycloak plugin jar, ear files or derivations with them + Keycloak plugin jar, ear files or derivations containing + them. Packaged plugins are available through + <literal>pkgs.keycloak.plugins</literal>. ''; }; database = { type = mkOption { - type = enum [ "mysql" "postgresql" ]; + type = enum [ "mysql" "mariadb" "postgresql" ]; default = "postgresql"; - example = "mysql"; + example = "mariadb"; description = '' The type of database Keycloak should connect to. ''; @@ -159,6 +158,7 @@ in let dbPorts = { postgresql = 5432; + mariadb = 3306; mysql = 3306; }; in @@ -207,6 +207,21 @@ in ''; }; + name = mkOption { + type = str; + default = "keycloak"; + description = '' + Database name to use when connecting to an external or + manually provisioned database; has no effect when a local + database is automatically provisioned. + + To use this with a local database, set <xref + linkend="opt-services.keycloak.database.createLocally" /> to + <literal>false</literal> and create the database and user + manually. + ''; + }; + username = mkOption { type = str; default = "keycloak"; @@ -218,19 +233,16 @@ in To use this with a local database, set <xref linkend="opt-services.keycloak.database.createLocally" /> to <literal>false</literal> and create the database and user - manually. The database should be called - <literal>keycloak</literal>. + manually. ''; }; passwordFile = mkOption { type = path; example = "/run/keys/db_password"; + apply = assertStringPath "passwordFile"; description = '' - File containing the database password. - - This should be a string, not a Nix path, since Nix paths are - copied into the world-readable Nix store. + The path to a file containing the database password. ''; }; }; @@ -268,67 +280,181 @@ in ''; }; - extraConfig = mkOption { - type = attrsOf anything; - default = { }; + settings = mkOption { + type = lib.types.submodule { + freeformType = attrsOf (nullOr (oneOf [ str int bool (attrsOf path) ])); + + options = { + http-host = mkOption { + type = str; + default = "0.0.0.0"; + example = "127.0.0.1"; + description = '' + On which address Keycloak should accept new connections. + ''; + }; + + http-port = mkOption { + type = port; + default = 80; + example = 8080; + description = '' + On which port Keycloak should listen for new HTTP connections. + ''; + }; + + https-port = mkOption { + type = port; + default = 443; + example = 8443; + description = '' + On which port Keycloak should listen for new HTTPS connections. + ''; + }; + + http-relative-path = mkOption { + type = str; + default = ""; + example = "/auth"; + description = '' + The path relative to <literal>/</literal> for serving + resources. + + <note> + <para> + In versions of Keycloak using Wildfly (<17), + this defaulted to <literal>/auth</literal>. If + upgrading from the Wildfly version of Keycloak, + i.e. a NixOS version before 22.05, you'll likely + want to set this to <literal>/auth</literal> to + keep compatibility with your clients. + + See <link + xlink:href="https://www.keycloak.org/migration/migrating-to-quarkus" + /> for more information on migrating from Wildfly + to Quarkus. + </para> + </note> + ''; + }; + + hostname = mkOption { + type = str; + example = "keycloak.example.com"; + description = '' + The hostname part of the public URL used as base for + all frontend requests. + + See <link xlink:href="https://www.keycloak.org/server/hostname" /> + for more information about hostname configuration. + ''; + }; + + hostname-strict-backchannel = mkOption { + type = bool; + default = false; + example = true; + description = '' + Whether Keycloak should force all requests to go + through the frontend URL. By default, Keycloak allows + backend requests to instead use its local hostname or + IP address and may also advertise it to clients + through its OpenID Connect Discovery endpoint. + + See <link xlink:href="https://www.keycloak.org/server/hostname" /> + for more information about hostname configuration. + ''; + }; + + proxy = mkOption { + type = enum [ "edge" "reencrypt" "passthrough" "none" ]; + default = "none"; + example = "edge"; + description = '' + The proxy address forwarding mode if the server is + behind a reverse proxy. + + <variablelist> + <varlistentry> + <term>edge</term> + <listitem> + <para> + Enables communication through HTTP between the + proxy and Keycloak. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>reencrypt</term> + <listitem> + <para> + Requires communication through HTTPS between the + proxy and Keycloak. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>passthrough</term> + <listitem> + <para> + Enables communication through HTTP or HTTPS between + the proxy and Keycloak. + </para> + </listitem> + </varlistentry> + </variablelist> + + See <link + xlink:href="https://www.keycloak.org/server/reverseproxy" + /> for more information. + ''; + }; + }; + }; + example = literalExpression '' { - "subsystem=keycloak-server" = { - "spi=hostname" = { - "provider=default" = null; - "provider=fixed" = { - enabled = true; - properties.hostname = "keycloak.example.com"; - }; - default-provider = "fixed"; - }; - }; + hostname = "keycloak.example.com"; + proxy = "reencrypt"; + https-key-store-file = "/path/to/file"; + https-key-store-password = { _secret = "/run/keys/store_password"; }; } ''; + description = '' - Additional Keycloak configuration options to set in - <literal>standalone.xml</literal>. - - Options are expressed as a Nix attribute set which matches the - structure of the jboss-cli configuration. The configuration is - effectively overlayed on top of the default configuration - shipped with Keycloak. To remove existing nodes and undefine - attributes from the default configuration, set them to - <literal>null</literal>. - - The example configuration does the equivalent of the following - script, which removes the hostname provider - <literal>default</literal>, adds the deprecated hostname - provider <literal>fixed</literal> and defines it the default: - - <programlisting> - /subsystem=keycloak-server/spi=hostname/provider=default:remove() - /subsystem=keycloak-server/spi=hostname/provider=fixed:add(enabled = true, properties = { hostname = "keycloak.example.com" }) - /subsystem=keycloak-server/spi=hostname:write-attribute(name=default-provider, value="fixed") - </programlisting> - - You can discover available options by using the <link - xlink:href="http://docs.wildfly.org/21/Admin_Guide.html#Command_Line_Interface">jboss-cli.sh</link> - program and by referring to the <link - xlink:href="https://www.keycloak.org/docs/latest/server_installation/index.html">Keycloak - Server Installation and Configuration Guide</link>. + Configuration options corresponding to parameters set in + <filename>conf/keycloak.conf</filename>. + + Most available options are documented at <link + xlink:href="https://www.keycloak.org/server/all-config" />. + + Options containing secret data should be set to an attribute + set containing the attribute <literal>_secret</literal> - a + string pointing to a file containing the value the option + should be set to. See the example to get a better picture of + this: in the resulting + <filename>conf/keycloak.conf</filename> file, the + <literal>https-key-store-password</literal> key will be set + to the contents of the + <filename>/run/keys/store_password</filename> file. ''; }; - }; config = let - # We only want to create a database if we're actually going to connect to it. + # We only want to create a database if we're actually going to + # connect to it. databaseActuallyCreateLocally = cfg.database.createLocally && cfg.database.host == "localhost"; createLocalPostgreSQL = databaseActuallyCreateLocally && cfg.database.type == "postgresql"; - createLocalMySQL = databaseActuallyCreateLocally && cfg.database.type == "mysql"; + createLocalMySQL = databaseActuallyCreateLocally && elem cfg.database.type [ "mysql" "mariadb" ]; mySqlCaKeystore = pkgs.runCommand "mysql-ca-keystore" { } '' ${pkgs.jre}/bin/keytool -importcert -trustcacerts -alias MySQLCACert -file ${cfg.database.caCert} -keystore $out -storepass notsosecretpassword -noprompt ''; - # Both theme and theme type directories need to be actual directories in one hierarchy to pass Keycloak checks. + # Both theme and theme type directories need to be actual + # directories in one hierarchy to pass Keycloak checks. themesBundle = pkgs.runCommand "keycloak-themes" { } '' linkTheme() { theme="$1" @@ -347,7 +473,7 @@ in } mkdir -p "$out" - for theme in ${cfg.package}/themes/*; do + for theme in ${keycloakBuild}/themes/*; do if [ -d "$theme" ]; then linkTheme "$theme" "$(basename "$theme")" fi @@ -356,329 +482,25 @@ in ${concatStringsSep "\n" (mapAttrsToList (name: theme: "linkTheme ${theme} ${escapeShellArg name}") cfg.themes)} ''; - keycloakConfig' = foldl' recursiveUpdate - { - "interface=public".inet-address = cfg.bindAddress; - "socket-binding-group=standard-sockets"."socket-binding=http".port = cfg.httpPort; - "subsystem=keycloak-server" = { - "spi=hostname"."provider=default" = { - enabled = true; - properties = { - inherit (cfg) frontendUrl forceBackendUrlToFrontendUrl; - }; - }; - "theme=defaults".dir = toString themesBundle; - }; - "subsystem=datasources"."data-source=KeycloakDS" = { - max-pool-size = "20"; - user-name = if databaseActuallyCreateLocally then "keycloak" else cfg.database.username; - password = "@db-password@"; - }; - } [ - (optionalAttrs (cfg.database.type == "postgresql") { - "subsystem=datasources" = { - "jdbc-driver=postgresql" = { - driver-module-name = "org.postgresql"; - driver-name = "postgresql"; - driver-xa-datasource-class-name = "org.postgresql.xa.PGXADataSource"; - }; - "data-source=KeycloakDS" = { - connection-url = "jdbc:postgresql://${cfg.database.host}:${toString cfg.database.port}/keycloak"; - driver-name = "postgresql"; - "connection-properties=ssl".value = boolToString cfg.database.useSSL; - } // (optionalAttrs (cfg.database.caCert != null) { - "connection-properties=sslrootcert".value = cfg.database.caCert; - "connection-properties=sslmode".value = "verify-ca"; - }); - }; - }) - (optionalAttrs (cfg.database.type == "mysql") { - "subsystem=datasources" = { - "jdbc-driver=mysql" = { - driver-module-name = "com.mysql"; - driver-name = "mysql"; - driver-class-name = "com.mysql.jdbc.Driver"; - }; - "data-source=KeycloakDS" = { - connection-url = "jdbc:mysql://${cfg.database.host}:${toString cfg.database.port}/keycloak"; - driver-name = "mysql"; - "connection-properties=useSSL".value = boolToString cfg.database.useSSL; - "connection-properties=requireSSL".value = boolToString cfg.database.useSSL; - "connection-properties=verifyServerCertificate".value = boolToString cfg.database.useSSL; - "connection-properties=characterEncoding".value = "UTF-8"; - valid-connection-checker-class-name = "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"; - validate-on-match = true; - exception-sorter-class-name = "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"; - } // (optionalAttrs (cfg.database.caCert != null) { - "connection-properties=trustCertificateKeyStoreUrl".value = "file:${mySqlCaKeystore}"; - "connection-properties=trustCertificateKeyStorePassword".value = "notsosecretpassword"; - }); - }; - }) - (optionalAttrs (cfg.sslCertificate != null && cfg.sslCertificateKey != null) { - "socket-binding-group=standard-sockets"."socket-binding=https".port = cfg.httpsPort; - "subsystem=elytron" = mkOrder 900 { - "key-store=httpsKS" = mkOrder 900 { - path = "/run/keycloak/ssl/certificate_private_key_bundle.p12"; - credential-reference.clear-text = "notsosecretpassword"; - type = "JKS"; - }; - "key-manager=httpsKM" = mkOrder 901 { - key-store = "httpsKS"; - credential-reference.clear-text = "notsosecretpassword"; - }; - "server-ssl-context=httpsSSC" = mkOrder 902 { - key-manager = "httpsKM"; - }; - }; - "subsystem=undertow" = mkOrder 901 { - "server=default-server"."https-listener=https".ssl-context = "httpsSSC"; - }; - }) - cfg.extraConfig - ]; - - - /* Produces a JBoss CLI script that creates paths and sets - attributes matching those described by `attrs`. When the - script is run, the existing settings are effectively overlayed - by those from `attrs`. Existing attributes can be unset by - defining them `null`. - - JBoss paths and attributes / maps are distinguished by their - name, where paths follow a `key=value` scheme. - - Example: - mkJbossScript { - "subsystem=keycloak-server"."spi=hostname" = { - "provider=fixed" = null; - "provider=default" = { - enabled = true; - properties = { - inherit frontendUrl; - forceBackendUrlToFrontendUrl = false; - }; - }; - }; - } - => '' - if (outcome != success) of /:read-resource() - /:add() - end-if - if (outcome != success) of /subsystem=keycloak-server:read-resource() - /subsystem=keycloak-server:add() - end-if - if (outcome != success) of /subsystem=keycloak-server/spi=hostname:read-resource() - /subsystem=keycloak-server/spi=hostname:add() - end-if - if (outcome != success) of /subsystem=keycloak-server/spi=hostname/provider=default:read-resource() - /subsystem=keycloak-server/spi=hostname/provider=default:add(enabled = true, properties = { forceBackendUrlToFrontendUrl = false, frontendUrl = "https://keycloak.example.com/auth" }) - end-if - if (result != true) of /subsystem=keycloak-server/spi=hostname/provider=default:read-attribute(name="enabled") - /subsystem=keycloak-server/spi=hostname/provider=default:write-attribute(name=enabled, value=true) - end-if - if (result != false) of /subsystem=keycloak-server/spi=hostname/provider=default:read-attribute(name="properties.forceBackendUrlToFrontendUrl") - /subsystem=keycloak-server/spi=hostname/provider=default:write-attribute(name=properties.forceBackendUrlToFrontendUrl, value=false) - end-if - if (result != "https://keycloak.example.com/auth") of /subsystem=keycloak-server/spi=hostname/provider=default:read-attribute(name="properties.frontendUrl") - /subsystem=keycloak-server/spi=hostname/provider=default:write-attribute(name=properties.frontendUrl, value="https://keycloak.example.com/auth") - end-if - if (outcome != success) of /subsystem=keycloak-server/spi=hostname/provider=fixed:read-resource() - /subsystem=keycloak-server/spi=hostname/provider=fixed:remove() - end-if - '' - */ - mkJbossScript = attrs: - let - /* From a JBoss path and an attrset, produces a JBoss CLI - snippet that writes the corresponding attributes starting - at `path`. Recurses down into subattrsets as necessary, - producing the variable name from its full path in the - attrset. - - Example: - writeAttributes "/subsystem=keycloak-server/spi=hostname/provider=default" { - enabled = true; - properties = { - forceBackendUrlToFrontendUrl = false; - frontendUrl = "https://keycloak.example.com/auth"; - }; - } - => '' - if (result != true) of /subsystem=keycloak-server/spi=hostname/provider=default:read-attribute(name="enabled") - /subsystem=keycloak-server/spi=hostname/provider=default:write-attribute(name=enabled, value=true) - end-if - if (result != false) of /subsystem=keycloak-server/spi=hostname/provider=default:read-attribute(name="properties.forceBackendUrlToFrontendUrl") - /subsystem=keycloak-server/spi=hostname/provider=default:write-attribute(name=properties.forceBackendUrlToFrontendUrl, value=false) - end-if - if (result != "https://keycloak.example.com/auth") of /subsystem=keycloak-server/spi=hostname/provider=default:read-attribute(name="properties.frontendUrl") - /subsystem=keycloak-server/spi=hostname/provider=default:write-attribute(name=properties.frontendUrl, value="https://keycloak.example.com/auth") - end-if - '' - */ - writeAttributes = path: set: - let - # JBoss expressions like `${var}` need to be prefixed - # with `expression` to evaluate. - prefixExpression = string: - let - matchResult = match ''"\$\{.*}"'' string; - in - if matchResult != null then - "expression " + string - else - string; - - writeAttribute = attribute: value: - let - type = typeOf value; - in - if type == "set" then - let - names = attrNames value; - in - foldl' (text: name: text + (writeAttribute "${attribute}.${name}" value.${name})) "" names - else if value == null then '' - if (outcome == success) of ${path}:read-attribute(name="${attribute}") - ${path}:undefine-attribute(name="${attribute}") - end-if - '' - else if elem type [ "string" "path" "bool" ] then - let - value' = if type == "bool" then boolToString value else ''"${value}"''; - in - '' - if (result != ${prefixExpression value'}) of ${path}:read-attribute(name="${attribute}") - ${path}:write-attribute(name=${attribute}, value=${value'}) - end-if - '' - else throw "Unsupported type '${type}' for path '${path}'!"; - in - concatStrings - (mapAttrsToList - (attribute: value: (writeAttribute attribute value)) - set); - - - /* Produces an argument list for the JBoss `add()` function, - which adds a JBoss path and takes as its arguments the - required subpaths and attributes. - - Example: - makeArgList { - enabled = true; - properties = { - forceBackendUrlToFrontendUrl = false; - frontendUrl = "https://keycloak.example.com/auth"; - }; - } - => '' - enabled = true, properties = { forceBackendUrlToFrontendUrl = false, frontendUrl = "https://keycloak.example.com/auth" } - '' - */ - makeArgList = set: - let - makeArg = attribute: value: - let - type = typeOf value; - in - if type == "set" then - "${attribute} = { " + (makeArgList value) + " }" - else if elem type [ "string" "path" "bool" ] then - "${attribute} = ${if type == "bool" then boolToString value else ''"${value}"''}" - else if value == null then - "" - else - throw "Unsupported type '${type}' for attribute '${attribute}'!"; - - in - concatStringsSep ", " (mapAttrsToList makeArg set); - - - /* Recurses into the `nodeValue` attrset. Only subattrsets that - are JBoss paths, i.e. follows the `key=value` format, are recursed - into - the rest are considered JBoss attributes / maps. - */ - recurse = nodePath: nodeValue: - let - nodeContent = - if isAttrs nodeValue && nodeValue._type or "" == "order" then - nodeValue.content - else - nodeValue; - isPath = name: - let - value = nodeContent.${name}; - in - if (match ".*([=]).*" name) == [ "=" ] then - if isAttrs value || value == null then - true - else - throw "Parsing path '${concatStringsSep "." (nodePath ++ [ name ])}' failed: JBoss attributes cannot contain '='!" - else - false; - jbossPath = "/" + concatStringsSep "/" nodePath; - children = if !isAttrs nodeContent then { } else nodeContent; - subPaths = filter isPath (attrNames children); - getPriority = name: - let - value = children.${name}; - in - if value._type or "" == "order" then value.priority else 1000; - orderedSubPaths = sort (a: b: getPriority a < getPriority b) subPaths; - jbossAttrs = filterAttrs (name: _: !(isPath name)) children; - text = - if nodeContent != null then - '' - if (outcome != success) of ${jbossPath}:read-resource() - ${jbossPath}:add(${makeArgList jbossAttrs}) - end-if - '' + writeAttributes jbossPath jbossAttrs - else - '' - if (outcome == success) of ${jbossPath}:read-resource() - ${jbossPath}:remove() - end-if - ''; - in - text + concatMapStringsSep "\n" (name: recurse (nodePath ++ [ name ]) children.${name}) orderedSubPaths; - in - recurse [ ] attrs; - - jbossCliScript = pkgs.writeText "jboss-cli-script" (mkJbossScript keycloakConfig'); - - keycloakConfig = pkgs.runCommand "keycloak-config" - { - nativeBuildInputs = [ cfg.package ]; - } - '' - export JBOSS_BASE_DIR="$(pwd -P)"; - export JBOSS_MODULEPATH="${cfg.package}/modules"; - export JBOSS_LOG_DIR="$JBOSS_BASE_DIR/log"; - - cp -r ${cfg.package}/standalone/configuration . - chmod -R u+rwX ./configuration - - mkdir -p {deployments,ssl} - - standalone.sh& - - attempt=1 - max_attempts=30 - while ! jboss-cli.sh --connect ':read-attribute(name=server-state)'; do - if [[ "$attempt" == "$max_attempts" ]]; then - echo "ERROR: Could not connect to Keycloak after $attempt attempts! Failing.." >&2 - exit 1 - fi - echo "Keycloak not fully started yet, retrying.. ($attempt/$max_attempts)" - sleep 1 - (( attempt++ )) - done - - jboss-cli.sh --connect --file=${jbossCliScript} --echo-command + keycloakConfig = lib.generators.toKeyValue { + mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" { + mkValueString = v: with builtins; + if isInt v then toString v + else if isString v then v + else if true == v then "true" + else if false == v then "false" + else if isSecret v then hashString "sha256" v._secret + else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}"; + }; + }; - cp configuration/standalone.xml $out - ''; + isSecret = v: isAttrs v && v ? _secret && isString v._secret; + filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [{ } null])) cfg.settings; + confFile = pkgs.writeText "keycloak.conf" (keycloakConfig filteredConfig); + keycloakBuild = cfg.package.override { + inherit confFile; + plugins = cfg.package.enabledPlugins ++ cfg.plugins; + }; in mkIf cfg.enable { @@ -689,7 +511,45 @@ in } ]; - environment.systemPackages = [ cfg.package ]; + environment.systemPackages = [ keycloakBuild ]; + + services.keycloak.settings = + let + postgresParams = concatStringsSep "&" ( + optionals cfg.database.useSSL [ + "ssl=true" + ] ++ optionals (cfg.database.caCert != null) [ + "sslrootcert=${cfg.database.caCert}" + "sslmode=verify-ca" + ] + ); + mariadbParams = concatStringsSep "&" ([ + "characterEncoding=UTF-8" + ] ++ optionals cfg.database.useSSL [ + "useSSL=true" + "requireSSL=true" + "verifyServerCertificate=true" + ] ++ optionals (cfg.database.caCert != null) [ + "trustCertificateKeyStoreUrl=file:${mySqlCaKeystore}" + "trustCertificateKeyStorePassword=notsosecretpassword" + ]); + dbProps = if cfg.database.type == "postgresql" then postgresParams else mariadbParams; + in + mkMerge [ + { + db = if cfg.database.type == "postgresql" then "postgres" else cfg.database.type; + db-username = if databaseActuallyCreateLocally then "keycloak" else cfg.database.username; + db-password._secret = cfg.database.passwordFile; + db-url-host = "${cfg.database.host}:${toString cfg.database.port}"; + db-url-database = if databaseActuallyCreateLocally then "keycloak" else cfg.database.name; + db-url-properties = prefixUnlessEmpty "?" dbProps; + db-url = null; + } + (mkIf (cfg.sslCertificate != null && cfg.sslCertificateKey != null) { + https-certificate-file = "/run/keycloak/ssl/ssl_cert"; + https-certificate-key-file = "/run/keycloak/ssl/ssl_key"; + }) + ]; systemd.services.keycloakPostgreSQLInit = mkIf createLocalPostgreSQL { after = [ "postgresql.service" ]; @@ -752,41 +612,37 @@ in "mysql.service" ] else [ ]; + secretPaths = catAttrs "_secret" (collect isSecret cfg.settings); + mkSecretReplacement = file: '' + replace-secret ${hashString "sha256" file} $CREDENTIALS_DIRECTORY/${baseNameOf file} /run/keycloak/conf/keycloak.conf + ''; + secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths; in { after = databaseServices; bindsTo = databaseServices; wantedBy = [ "multi-user.target" ]; path = with pkgs; [ - cfg.package + keycloakBuild openssl replace-secret ]; environment = { - JBOSS_LOG_DIR = "/var/log/keycloak"; - JBOSS_BASE_DIR = "/run/keycloak"; - JBOSS_MODULEPATH = "${cfg.package}/modules"; + KC_HOME_DIR = "/run/keycloak"; + KC_CONF_DIR = "/run/keycloak/conf"; }; serviceConfig = { - LoadCredential = [ - "db_password:${cfg.database.passwordFile}" - ] ++ optionals (cfg.sslCertificate != null && cfg.sslCertificateKey != null) [ - "ssl_cert:${cfg.sslCertificate}" - "ssl_key:${cfg.sslCertificateKey}" - ]; + LoadCredential = + map (p: "${baseNameOf p}:${p}") secretPaths + ++ optionals (cfg.sslCertificate != null && cfg.sslCertificateKey != null) [ + "ssl_cert:${cfg.sslCertificate}" + "ssl_key:${cfg.sslCertificateKey}" + ]; User = "keycloak"; Group = "keycloak"; DynamicUser = true; - RuntimeDirectory = map (p: "keycloak/" + p) [ - "configuration" - "deployments" - "data" - "ssl" - "log" - "tmp" - ]; + RuntimeDirectory = "keycloak"; RuntimeDirectoryMode = 0700; - LogsDirectory = "keycloak"; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; }; script = '' @@ -795,41 +651,30 @@ in umask u=rwx,g=,o= - install_plugin() { - if [ -d "$1" ]; then - find "$1" -type f \( -iname \*.ear -o -iname \*.jar \) -exec install -m 0500 -o keycloak -g keycloak "{}" "/run/keycloak/deployments/" \; - else - install -m 0500 -o keycloak -g keycloak "$1" "/run/keycloak/deployments/" - fi - } - - install -m 0600 ${cfg.package}/standalone/configuration/*.properties /run/keycloak/configuration - install -T -m 0600 ${keycloakConfig} /run/keycloak/configuration/standalone.xml - - replace-secret '@db-password@' "$CREDENTIALS_DIRECTORY/db_password" /run/keycloak/configuration/standalone.xml - - export JAVA_OPTS=-Djboss.server.config.user.dir=/run/keycloak/configuration - add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}' - '' - + lib.optionalString (cfg.plugins != []) (lib.concatStringsSep "\n" (map (pl: "install_plugin ${lib.escapeShellArg pl}") cfg.plugins)) + "\n" - + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' - pushd /run/keycloak/ssl/ - cat "$CREDENTIALS_DIRECTORY/ssl_cert" <(echo) \ - "$CREDENTIALS_DIRECTORY/ssl_key" <(echo) \ - /etc/ssl/certs/ca-certificates.crt \ - > allcerts.pem - openssl pkcs12 -export -in "$CREDENTIALS_DIRECTORY/ssl_cert" -inkey "$CREDENTIALS_DIRECTORY/ssl_key" -chain \ - -name "${cfg.frontendUrl}" -out certificate_private_key_bundle.p12 \ - -CAfile allcerts.pem -passout pass:notsosecretpassword - popd + ln -s ${themesBundle} /run/keycloak/themes + ln -s ${keycloakBuild}/providers /run/keycloak/ + + install -D -m 0600 ${confFile} /run/keycloak/conf/keycloak.conf + + ${secretReplacements} + + '' + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' + mkdir -p /run/keycloak/ssl + cp $CREDENTIALS_DIRECTORY/ssl_{cert,key} /run/keycloak/ssl/ '' + '' - ${cfg.package}/bin/standalone.sh + export KEYCLOAK_ADMIN=admin + export KEYCLOAK_ADMIN_PASSWORD=${cfg.initialAdminPassword} + kc.sh start ''; }; services.postgresql.enable = mkDefault createLocalPostgreSQL; services.mysql.enable = mkDefault createLocalMySQL; - services.mysql.package = mkIf createLocalMySQL pkgs.mariadb; + services.mysql.package = + let + dbPkg = if cfg.database.type == "mariadb" then pkgs.mariadb else pkgs.mysql80; + in + mkIf createLocalMySQL (mkDefault dbPkg); }; meta.doc = ./keycloak.xml; diff --git a/nixos/modules/services/web-apps/keycloak.xml b/nixos/modules/services/web-apps/keycloak.xml index cb706932f48f5..861756e33ac09 100644 --- a/nixos/modules/services/web-apps/keycloak.xml +++ b/nixos/modules/services/web-apps/keycloak.xml @@ -27,10 +27,10 @@ <para> Refer to the <link - xlink:href="https://www.keycloak.org/docs/latest/server_admin/index.html#admin-console">Admin - Console section of the Keycloak Server Administration Guide</link> for - information on how to administer your - <productname>Keycloak</productname> instance. + xlink:href="https://www.keycloak.org/docs/latest/server_admin/index.html"> + Keycloak Server Administration Guide</link> for information on + how to administer your <productname>Keycloak</productname> + instance. </para> </section> @@ -38,27 +38,28 @@ <title>Database access</title> <para> <productname>Keycloak</productname> can be used with either - <productname>PostgreSQL</productname> or + <productname>PostgreSQL</productname>, + <productname>MariaDB</productname> or <productname>MySQL</productname>. Which one is used can be configured in <xref linkend="opt-services.keycloak.database.type" />. The selected database will automatically be enabled and a database and role created unless <xref - linkend="opt-services.keycloak.database.host" /> is changed from - its default of <literal>localhost</literal> or <xref - linkend="opt-services.keycloak.database.createLocally" /> is set - to <literal>false</literal>. + linkend="opt-services.keycloak.database.host" /> is changed + from its default of <literal>localhost</literal> or <xref + linkend="opt-services.keycloak.database.createLocally" /> is + set to <literal>false</literal>. </para> <para> External database access can also be configured by setting <xref linkend="opt-services.keycloak.database.host" />, <xref + linkend="opt-services.keycloak.database.name" />, <xref linkend="opt-services.keycloak.database.username" />, <xref linkend="opt-services.keycloak.database.useSSL" /> and <xref linkend="opt-services.keycloak.database.caCert" /> as - appropriate. Note that you need to manually create a database - called <literal>keycloak</literal> and allow the configured - database user full access to it. + appropriate. Note that you need to manually create the database + and allow the configured database user full access to it. </para> <para> @@ -79,22 +80,27 @@ </warning> </section> - <section xml:id="module-services-keycloak-frontendurl"> - <title>Frontend URL</title> + <section xml:id="module-services-keycloak-hostname"> + <title>Hostname</title> <para> - The frontend URL is used as base for all frontend requests and - must be configured through <xref linkend="opt-services.keycloak.frontendUrl" />. - It should normally include a trailing <literal>/auth</literal> - (the default web context). If you use a reverse proxy, you need - to set this option to <literal>""</literal>, so that frontend URL - is derived from HTTP headers. <literal>X-Forwarded-*</literal> headers - support also should be enabled, using <link - xlink:href="https://www.keycloak.org/docs/latest/server_installation/index.html#identifying-client-ip-addresses"> - respective guidelines</link>. + The hostname is used to build the public URL used as base for + all frontend requests and must be configured through <xref + linkend="opt-services.keycloak.settings.hostname" />. </para> + <note> + <para> + If you're migrating an old Wildfly based Keycloak instance + and want to keep compatibility with your current clients, + you'll likely want to set <xref + linkend="opt-services.keycloak.settings.http-relative-path" + /> to <literal>/auth</literal>. See the option description + for more details. + </para> + </note> + <para> - <xref linkend="opt-services.keycloak.forceBackendUrlToFrontendUrl" /> + <xref linkend="opt-services.keycloak.settings.hostname-strict-backchannel" /> determines whether Keycloak should force all requests to go through the frontend URL. By default, <productname>Keycloak</productname> allows backend requests to @@ -104,10 +110,10 @@ </para> <para> - See the <link - xlink:href="https://www.keycloak.org/docs/latest/server_installation/#_hostname">Hostname - section of the Keycloak Server Installation and Configuration - Guide</link> for more information. + For more information on hostname configuration, see the <link + xlink:href="https://www.keycloak.org/server/hostname">Hostname + section of the Keycloak Server Installation and Configuration + Guide</link>. </para> </section> @@ -139,68 +145,40 @@ <section xml:id="module-services-keycloak-themes"> <title>Themes</title> <para> - You can package custom themes and make them visible to Keycloak via - <xref linkend="opt-services.keycloak.themes" /> - option. See the <link xlink:href="https://www.keycloak.org/docs/latest/server_development/#_themes"> + You can package custom themes and make them visible to + Keycloak through <xref linkend="opt-services.keycloak.themes" + />. See the <link + xlink:href="https://www.keycloak.org/docs/latest/server_development/#_themes"> Themes section of the Keycloak Server Development Guide</link> - and respective NixOS option description for more information. + and the description of the aforementioned NixOS option for + more information. </para> </section> - <section xml:id="module-services-keycloak-extra-config"> - <title>Additional configuration</title> + <section xml:id="module-services-keycloak-settings"> + <title>Configuration file settings</title> <para> - Additional Keycloak configuration options, for which no - explicit <productname>NixOS</productname> options are provided, - can be set in <xref linkend="opt-services.keycloak.extraConfig" />. + Keycloak server configuration parameters can be set in <xref + linkend="opt-services.keycloak.settings" />. These correspond + directly to options in + <filename>conf/keycloak.conf</filename>. Some of the most + important parameters are documented as suboptions, the rest can + be found in the <link + xlink:href="https://www.keycloak.org/server/all-config">All + configuration section of the Keycloak Server Installation and + Configuration Guide</link>. </para> <para> - Options are expressed as a Nix attribute set which matches the - structure of the jboss-cli configuration. The configuration is - effectively overlayed on top of the default configuration - shipped with Keycloak. To remove existing nodes and undefine - attributes from the default configuration, set them to - <literal>null</literal>. - </para> - <para> - For example, the following script, which removes the hostname - provider <literal>default</literal>, adds the deprecated - hostname provider <literal>fixed</literal> and defines it the - default: - -<programlisting> -/subsystem=keycloak-server/spi=hostname/provider=default:remove() -/subsystem=keycloak-server/spi=hostname/provider=fixed:add(enabled = true, properties = { hostname = "keycloak.example.com" }) -/subsystem=keycloak-server/spi=hostname:write-attribute(name=default-provider, value="fixed") -</programlisting> - - would be expressed as - -<programlisting> -services.keycloak.extraConfig = { - "subsystem=keycloak-server" = { - "spi=hostname" = { - "provider=default" = null; - "provider=fixed" = { - enabled = true; - properties.hostname = "keycloak.example.com"; - }; - default-provider = "fixed"; - }; - }; -}; -</programlisting> - </para> - <para> - You can discover available options by using the <link - xlink:href="http://docs.wildfly.org/21/Admin_Guide.html#Command_Line_Interface">jboss-cli.sh</link> - program and by referring to the <link - xlink:href="https://www.keycloak.org/docs/latest/server_installation/index.html">Keycloak - Server Installation and Configuration Guide</link>. + Options containing secret data should be set to an attribute + set containing the attribute <literal>_secret</literal> - a + string pointing to a file containing the value the option + should be set to. See the description of <xref + linkend="opt-services.keycloak.settings" /> for an example. </para> </section> + <section xml:id="module-services-keycloak-example-config"> <title>Example configuration</title> <para> @@ -208,9 +186,11 @@ services.keycloak.extraConfig = { <programlisting> services.keycloak = { <link linkend="opt-services.keycloak.enable">enable</link> = true; + settings = { + <link linkend="opt-services.keycloak.settings.hostname">hostname</link> = "keycloak.example.com"; + <link linkend="opt-services.keycloak.settings.hostname-strict-backchannel">hostname-strict-backchannel</link> = true; + }; <link linkend="opt-services.keycloak.initialAdminPassword">initialAdminPassword</link> = "e6Wcm0RrtegMEHl"; # change on first login - <link linkend="opt-services.keycloak.frontendUrl">frontendUrl</link> = "https://keycloak.example.com/auth"; - <link linkend="opt-services.keycloak.forceBackendUrlToFrontendUrl">forceBackendUrlToFrontendUrl</link> = true; <link linkend="opt-services.keycloak.sslCertificate">sslCertificate</link> = "/run/keys/ssl_cert"; <link linkend="opt-services.keycloak.sslCertificateKey">sslCertificateKey</link> = "/run/keys/ssl_key"; <link linkend="opt-services.keycloak.database.passwordFile">database.passwordFile</link> = "/run/keys/db_password"; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 443a5e181f677..daef79e684d9c 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -196,6 +196,7 @@ in hadoop_3_2 = import ./hadoop { inherit handleTestOn; package=pkgs.hadoop_3_2; }; hadoop2 = import ./hadoop { inherit handleTestOn; package=pkgs.hadoop2; }; haka = handleTest ./haka.nix {}; + haste-server = handleTest ./haste-server.nix {}; haproxy = handleTest ./haproxy.nix {}; hardened = handleTest ./hardened.nix {}; hedgedoc = handleTest ./hedgedoc.nix {}; diff --git a/nixos/tests/haste-server.nix b/nixos/tests/haste-server.nix new file mode 100644 index 0000000000000..9097c992c5483 --- /dev/null +++ b/nixos/tests/haste-server.nix @@ -0,0 +1,23 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: + { + name = "haste-server"; + meta.maintainers = with lib.maintainers; [ mkg20001 ]; + + nodes.machine = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + curl + jq + ]; + + services.haste-server = { + enable = true; + }; + }; + + testScript = '' + machine.wait_for_unit("haste-server") + machine.wait_until_succeeds("curl -s localhost:7777") + machine.succeed('curl -s -X POST http://localhost:7777/documents -d "Hello World!" > bla') + machine.succeed('curl http://localhost:7777/raw/$(cat bla | jq -r .key) | grep "Hello World"') + ''; + }) diff --git a/nixos/tests/keycloak.nix b/nixos/tests/keycloak.nix index 267216a5e5a60..6ce136330d438 100644 --- a/nixos/tests/keycloak.nix +++ b/nixos/tests/keycloak.nix @@ -4,7 +4,7 @@ let certs = import ./common/acme/server/snakeoil-certs.nix; - frontendUrl = "https://${certs.domain}/auth"; + frontendUrl = "https://${certs.domain}"; initialAdminPassword = "h4IhoJFnt2iQIR9"; keycloakTest = import ./make-test-python.nix ( @@ -27,20 +27,23 @@ let services.keycloak = { enable = true; - inherit frontendUrl initialAdminPassword; - sslCertificate = certs.${certs.domain}.cert; - sslCertificateKey = certs.${certs.domain}.key; + settings = { + hostname = certs.domain; + }; + inherit initialAdminPassword; + sslCertificate = "${certs.${certs.domain}.cert}"; + sslCertificateKey = "${certs.${certs.domain}.key}"; database = { type = databaseType; username = "bogus"; - passwordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"; + name = "also bogus"; + passwordFile = "${pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"}"; }; plugins = with config.services.keycloak.package.plugins; [ keycloak-discord keycloak-metrics-spi ]; }; - environment.systemPackages = with pkgs; [ xmlstarlet html-tidy @@ -99,9 +102,9 @@ let in '' keycloak.start() keycloak.wait_for_unit("keycloak.service") + keycloak.wait_for_open_port(443) keycloak.wait_until_succeeds("curl -sSf ${frontendUrl}") - ### Realm Setup ### # Get an admin interface access token @@ -117,8 +120,8 @@ let # Register the metrics SPI keycloak.succeed( "${pkgs.jre}/bin/keytool -import -alias snakeoil -file ${certs.ca.cert} -storepass aaaaaa -keystore cacert.jks -noprompt", - "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' ${pkgs.keycloak}/bin/kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password '${initialAdminPassword}'", - "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' ${pkgs.keycloak}/bin/kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'", + "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password '${initialAdminPassword}'", + "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'", "curl -sSf '${frontendUrl}/realms/master/metrics' | grep '^keycloak_admin_event_UPDATE'" ) @@ -172,5 +175,6 @@ let in { postgres = keycloakTest { databaseType = "postgresql"; }; + mariadb = keycloakTest { databaseType = "mariadb"; }; mysql = keycloakTest { databaseType = "mysql"; }; } diff --git a/pkgs/applications/misc/anytype/default.nix b/pkgs/applications/misc/anytype/default.nix index 5f09fba4cb7a2..4603bea923869 100644 --- a/pkgs/applications/misc/anytype/default.nix +++ b/pkgs/applications/misc/anytype/default.nix @@ -2,13 +2,13 @@ let pname = "anytype"; - version = "0.24.0"; + version = "0.25.0"; name = "Anytype-${version}"; nameExecutable = pname; src = fetchurl { url = "https://at9412003.fra1.digitaloceanspaces.com/Anytype-${version}.AppImage"; name = "Anytype-${version}.AppImage"; - sha256 = "sha256-QyexUZNn7QGHjXYO/+1kUebTmAzdVpwG9Ile8Uh3i8Q="; + sha256 = "sha256-cfiSZLfaVmxsZWDwulbMHKzHCG7zMKCWwg8q/2MolVs="; }; appimageContents = appimageTools.extractType2 { inherit name src; }; in diff --git a/pkgs/build-support/setup-hooks/auto-patchelf.sh b/pkgs/build-support/setup-hooks/auto-patchelf.sh index 661b8597efea0..b56f9ce2dbf4c 100644 --- a/pkgs/build-support/setup-hooks/auto-patchelf.sh +++ b/pkgs/build-support/setup-hooks/auto-patchelf.sh @@ -53,17 +53,18 @@ autoPatchelf() { esac done - if [ "${autoPatchelfIgnoreMissingDeps[*]}" == "1" ]; then + local ignoreMissingDepsArray=($autoPatchelfIgnoreMissingDeps) + if [ "$autoPatchelfIgnoreMissingDeps" == "1" ]; then echo "autoPatchelf: WARNING: setting 'autoPatchelfIgnoreMissingDeps" \ "= true;' is deprecated and will be removed in a future release." \ "Use 'autoPatchelfIgnoreMissingDeps = [ \"*\" ];' instead." >&2 - autoPatchelfIgnoreMissingDeps=( "*" ) + ignoreMissingDepsArray=( "*" ) fi local runtimeDependenciesArray=($runtimeDependencies) @pythonInterpreter@ @autoPatchelfScript@ \ ${norecurse:+--no-recurse} \ - --ignore-missing "${autoPatchelfIgnoreMissingDeps[@]}" \ + --ignore-missing "${ignoreMissingDepsArray[@]}" \ --paths "$@" \ --libs "${autoPatchelfLibs[@]}" \ "${extraAutoPatchelfLibs[@]}" \ diff --git a/pkgs/development/compilers/ponyc/default.nix b/pkgs/development/compilers/ponyc/default.nix index d0479cb595bb0..c7ce1bbe43647 100644 --- a/pkgs/development/compilers/ponyc/default.nix +++ b/pkgs/development/compilers/ponyc/default.nix @@ -3,22 +3,13 @@ stdenv.mkDerivation (rec { pname = "ponyc"; - version = "0.44.0"; + version = "0.49.0"; src = fetchFromGitHub { owner = "ponylang"; repo = pname; rev = version; - sha256 = "0bzdkrrh6lvfqc61kdxvgz573dj32wwzhzwil53jvynhfcwp38ld"; - -# Due to a bug in LLVM 9.x, ponyc has to include its own vendored patched -# LLVM. (The submodule is a specific tag in the LLVM source tree). -# -# The pony developers are currently working to get off 9.x as quickly -# as possible so hopefully in a few revisions this package build will -# become a lot simpler. -# -# https://reviews.llvm.org/rG9f4f237e29e7150dfcf04ae78fa287d2dc8d48e2 + sha256 = "sha256-WS3/POC+2vdx6bA8314sjkdWCIWGu9lJG4kbKMWfnX8="; fetchSubmodules = true; }; diff --git a/pkgs/development/compilers/ponyc/disable-tests.patch b/pkgs/development/compilers/ponyc/disable-tests.patch index f8c996137af94..b3d83483a5f8e 100644 --- a/pkgs/development/compilers/ponyc/disable-tests.patch +++ b/pkgs/development/compilers/ponyc/disable-tests.patch @@ -1,14 +1,16 @@ diff --git a/packages/net/_test.pony b/packages/net/_test.pony -index baf29e7..b63f368 100644 +index 9044dfb1..f0ea10f7 100644 --- a/packages/net/_test.pony +++ b/packages/net/_test.pony -@@ -5,9 +5,6 @@ actor Main is TestList - new make() => None +@@ -26,11 +26,6 @@ actor \nodoc\ Main is TestList + test(_TestTCPThrottle) + end - fun tag tests(test: PonyTest) => +- // Tests below exclude osx and are listed alphabetically - ifdef not osx then - test(_TestBroadcast) - end - test(_TestTCPWritev) - test(_TestTCPExpect) - test(_TestTCPMute) +- + class \nodoc\ _TestPing is UDPNotify + let _h: TestHelper + let _ip: NetAddress diff --git a/pkgs/development/compilers/ponyc/make-safe-for-sandbox.patch b/pkgs/development/compilers/ponyc/make-safe-for-sandbox.patch index 796bbf81f4d4d..1c6c404762ff3 100644 --- a/pkgs/development/compilers/ponyc/make-safe-for-sandbox.patch +++ b/pkgs/development/compilers/ponyc/make-safe-for-sandbox.patch @@ -1,28 +1,33 @@ ---- a/lib/CMakeLists.txt.orig 2021-10-01 13:04:00.867762912 -0400 -+++ a/lib/CMakeLists.txt 2021-10-01 13:06:21.220023453 -0400 -@@ -15,12 +15,12 @@ +diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt +index dab2aaef..26b587b1 100644 +--- a/lib/CMakeLists.txt ++++ b/lib/CMakeLists.txt +@@ -36,7 +36,7 @@ if(${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD") endif() ExternalProject_Add(gbenchmark - URL ${PONYC_GBENCHMARK_URL} + SOURCE_DIR gbenchmark-prefix/src/benchmark - CMAKE_ARGS -DCMAKE_BUILD_TYPE=${PONYC_LIBS_BUILD_TYPE} -DCMAKE_INSTALL_PREFIX=${CMAKE_INSTALL_PREFIX} -DBENCHMARK_ENABLE_GTEST_TESTS=OFF -DCMAKE_CXX_FLAGS=-fpic --no-warn-unused-cli + CMAKE_ARGS -DCMAKE_BUILD_TYPE=${PONYC_LIBS_BUILD_TYPE} -DCMAKE_INSTALL_PREFIX=${CMAKE_INSTALL_PREFIX} -DBENCHMARK_ENABLE_GTEST_TESTS=OFF -DCMAKE_CXX_FLAGS=${PONY_PIC_FLAG} --no-warn-unused-cli ) +@@ -46,7 +46,7 @@ if(${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD") + endif() + ExternalProject_Add(googletest -- URL https://github.com/google/googletest/archive/release-1.10.0.tar.gz +- URL ${PONYC_GOOGLETEST_URL} + URL @googletest@ - CMAKE_ARGS -DCMAKE_BUILD_TYPE=${PONYC_LIBS_BUILD_TYPE} -DCMAKE_INSTALL_PREFIX=${CMAKE_INSTALL_PREFIX} -DCMAKE_CXX_FLAGS=-fpic -Dgtest_force_shared_crt=ON --no-warn-unused-cli + CMAKE_ARGS -DCMAKE_BUILD_TYPE=${PONYC_LIBS_BUILD_TYPE} -DCMAKE_INSTALL_PREFIX=${CMAKE_INSTALL_PREFIX} -DCMAKE_CXX_FLAGS=${PONY_PIC_FLAG} -Dgtest_force_shared_crt=ON --no-warn-unused-cli ) -@@ -33,82 +33,6 @@ +@@ -59,82 +59,6 @@ install(TARGETS blake2 COMPONENT library ) -find_package(Git) - --set(LLVM_DESIRED_HASH "fed41342a82f5a3a9201819a82bf7a48313e296b") --set(PATCHES_DESIRED_HASH "3a655193262fd9b2e87340e096efcbd96726a07fe6dd42a263f3a4fc2dc0192e") +-set(LLVM_DESIRED_HASH "75e33f71c2dae584b13a7d1186ae0a038ba98838") +-set(PATCHES_DESIRED_HASH "a16f299fbfced16a2bbc628746db341f2a5af9ae8cc9c9ef4b1e9ca26de3c292") - -if(GIT_FOUND) - if(EXISTS "${PROJECT_SOURCE_DIR}/../.git") @@ -57,7 +62,7 @@ - - # check to see if the patch hashes match - message("Checking patches ${PONY_LLVM_PATCHES}") -- set(PATCHES_ACTUAL_HASH "") +- set(PATCHES_ACTUAL_HASH "needed_if_no_patches") - foreach (PATCH ${PONY_LLVM_PATCHES}) - file(STRINGS ${PATCH} patch_file NEWLINE_CONSUME) - string(REPLACE "\n" " " patch_file ${patch_file}) @@ -69,8 +74,8 @@ - string(SHA256 PATCHES_ACTUAL_HASH ${PATCHES_ACTUAL_HASH}) - # message("Desired hash ${PATCHES_DESIRED_HASH}") - # message("Actual hash ${PATCHES_ACTUAL_HASH}") -- if(NOT PATCHES_ACTUAL_HASH EQUAL "${PATCHES_DESIRED_HASH}") -- message(FATAL_ERROR "Patch hash actual ${PATCHES_ACTUAL_HASH} does not match desired ${PATCHES_DESIRED_HASH}") +- if(NOT PATCHES_ACTUAL_HASH MATCHES "${PATCHES_DESIRED_HASH}") +- message(FATAL_ERROR "Patch hash actual '${PATCHES_ACTUAL_HASH}' does not match desired '${PATCHES_DESIRED_HASH}'") - endif() - - foreach (PATCH ${PONY_LLVM_PATCHES}) diff --git a/pkgs/development/compilers/ponyc/pony-corral.nix b/pkgs/development/compilers/ponyc/pony-corral.nix index 1c8b00c13cfc9..c0ff37e7bd5e3 100644 --- a/pkgs/development/compilers/ponyc/pony-corral.nix +++ b/pkgs/development/compilers/ponyc/pony-corral.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation ( rec { pname = "corral"; - version = "0.5.4"; + version = "0.5.7"; src = fetchFromGitHub { owner = "ponylang"; repo = pname; rev = version; - sha256 = "1chw56khx5akjxkq0vwrw9ryjpyc3fzdmksh496llc513l01hpkl"; + sha256 = "sha256-OLA09C/6s2PyzreBvqFfzsoRDXiRMbdf3Jgnmawr7k4="; }; buildInputs = [ ponyc ]; diff --git a/pkgs/development/libraries/spdlog/default.nix b/pkgs/development/libraries/spdlog/default.nix index 6ef4f4af43aee..5a21af12e33ca 100644 --- a/pkgs/development/libraries/spdlog/default.nix +++ b/pkgs/development/libraries/spdlog/default.nix @@ -1,7 +1,7 @@ -{ lib, stdenv, fetchFromGitHub, cmake, fmt_8, fetchpatch }: +{ lib, stdenv, fetchFromGitHub, cmake, fmt_8 }: let - generic = { version, sha256, patches ? [] }: + generic = { version, sha256 }: stdenv.mkDerivation { pname = "spdlog"; inherit version; @@ -13,8 +13,6 @@ let inherit sha256; }; - inherit patches; - nativeBuildInputs = [ cmake ]; # spdlog <1.3 uses a bundled version of fmt propagatedBuildInputs = lib.optional (lib.versionAtLeast version "1.3") fmt_8; @@ -38,7 +36,11 @@ let ''; doCheck = true; - preCheck = "export LD_LIBRARY_PATH=$(pwd)\${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"; + preCheck = if stdenv.isDarwin then '' + export DYLD_LIBRARY_PATH="$(pwd)''${DYLD_LIBRARY_PATH:+:}$DYLD_LIBRARY_PATH" + '' else '' + export LD_LIBRARY_PATH="$(pwd)''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" + ''; meta = with lib; { description = "Very fast, header only, C++ logging library"; @@ -51,15 +53,8 @@ let in { spdlog_1 = generic { - version = "1.9.2"; - sha256 = "sha256-GSUdHtvV/97RyDKy8i+ticnSlQCubGGWHg4Oo+YAr8Y="; - patches = [ - # glibc 2.34 compat - (fetchpatch { - url = "https://github.com/gabime/spdlog/commit/d54b8e89c058f3cab2b32b3e9a2b49fd171d5895.patch"; - sha256 = "sha256-pb7cREF90GXb5Mbs8xFLQ+eLo6Xum13/xYa8JUgJlbI="; - }) - ]; + version = "1.10.0"; + sha256 = "sha256-c6s27lQCXKx6S1FhZ/LiKh14GnXMhZtD1doltU4Avws="; }; spdlog_0 = generic { diff --git a/pkgs/development/libraries/template-glib/default.nix b/pkgs/development/libraries/template-glib/default.nix index 375a7c3237a58..23d2e8907ff1c 100644 --- a/pkgs/development/libraries/template-glib/default.nix +++ b/pkgs/development/libraries/template-glib/default.nix @@ -13,8 +13,8 @@ stdenv.mkDerivation { sha256 = "nsm3HgTU9csU91XveQYxzQtFwGA+Ecg2/Hz9niaM0Ho="; }; - buildInputs = [ meson ninja pkg-config gettext flex bison vala glib gtk-doc docbook_xsl docbook_xml_dtd_43 ]; - nativeBuildInputs = [ glib gobject-introspection ]; + nativeBuildInputs = [ meson ninja pkg-config gettext flex bison vala glib gtk-doc docbook_xsl docbook_xml_dtd_43 gobject-introspection ]; + buildInputs = [ glib ]; mesonFlags = [ "-Denable_gtk_doc=true" diff --git a/pkgs/development/python-modules/aesedb/default.nix b/pkgs/development/python-modules/aesedb/default.nix new file mode 100644 index 0000000000000..b6b0dce3c24b3 --- /dev/null +++ b/pkgs/development/python-modules/aesedb/default.nix @@ -0,0 +1,45 @@ +{ lib +, aiowinreg +, buildPythonPackage +, colorama +, fetchPypi +, pycryptodomex +, pythonOlder +, tqdm +, unicrypto +}: + +buildPythonPackage rec { + pname = "aesedb"; + version = "0.0.5"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; + + src = fetchPypi { + inherit pname version; + hash = "sha256-2m4VxqTD9zvUpZ1O8/SBprAzG4vUX4z3LthMpP5Hc8g="; + }; + + propagatedBuildInputs = [ + aiowinreg + colorama + pycryptodomex + tqdm + unicrypto + ]; + + # Module has no tests + doCheck = false; + + pythonImportsCheck = [ + "aesedb" + ]; + + meta = with lib; { + description = "Parser for JET databases"; + homepage = "https://github.com/skelsec/aesedb"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/development/python-modules/asn1crypto/default.nix b/pkgs/development/python-modules/asn1crypto/default.nix index 3c59c4b7cd2f2..0c071c4206b06 100644 --- a/pkgs/development/python-modules/asn1crypto/default.nix +++ b/pkgs/development/python-modules/asn1crypto/default.nix @@ -1,19 +1,25 @@ { lib , buildPythonPackage -, fetchPypi +, fetchFromGitHub +, pytestCheckHook }: buildPythonPackage rec { pname = "asn1crypto"; version = "1.5.1"; + format = "setuptools"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-E644UCvmMhFav4oky+X02lLjtSMZkK/zESPIBTBsy5w="; + # Pulling from Github to run tests + src = fetchFromGitHub { + owner = "wbond"; + repo = "asn1crypto"; + rev = version; + sha256 = "sha256-M8vASxhaJPgkiTrAckxz7gk/QHkrFlNz7fFbnLEBT+M="; }; - # No tests included - doCheck = false; + checkInputs = [ + pytestCheckHook + ]; meta = { description = "Fast ASN.1 parser and serializer with definitions for private keys, public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7, PKCS#8, PKCS#12, PKCS#5, X.509 and TSP"; diff --git a/pkgs/development/python-modules/cypherpunkpay/default.nix b/pkgs/development/python-modules/cypherpunkpay/default.nix new file mode 100644 index 0000000000000..3c72f2e073ed8 --- /dev/null +++ b/pkgs/development/python-modules/cypherpunkpay/default.nix @@ -0,0 +1,97 @@ +{ stdenv +, lib +, buildPythonPackage +, fetchFromGitHub +, poetry-core +, APScheduler +, bitstring +, cffi +, ecdsa +, monero +, pypng +, pyqrcode +, pyramid +, pyramid_jinja2 +, pysocks +, requests +, tzlocal +, waitress +, yoyo-migrations +, pytestCheckHook +, pytest-cov +, webtest +}: + +buildPythonPackage rec { + pname = "cypherpunkpay"; + version = "1.0.15"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "CypherpunkPay"; + repo = "CypherpunkPay"; + rev = "v${version}"; + sha256 = "sha256-W2f4jtEqopDXiXx0pklZrjOmVhpx2kDdTJRPm2Ka0Cg="; + }; + + postPatch = '' + substituteInPlace pyproject.toml \ + --replace 'monero = "^0.99"' 'monero = ">=0.99"' \ + --replace 'pypng = "^0.0.20"' 'pypng = ">=0.0.20"' \ + --replace 'tzlocal = "2.1"' 'tzlocal = ">=2.1"' + ''; + + nativeBuildInputs = [ + poetry-core + ]; + + propagatedBuildInputs = [ + APScheduler + bitstring + cffi + ecdsa + monero + pypng + pyqrcode + pyramid + pyramid_jinja2 + pysocks + requests + tzlocal + waitress + yoyo-migrations + ]; + + checkInputs = [ + pytestCheckHook + pytest-cov + webtest + ]; + + disabledTestPaths = [ + # performance test + "test/unit/tools/pbkdf2_test.py" + # tests require network connection + "test/network/explorers/bitcoin" + "test/network/net/http_client" + "test/network/prices" + # tests require bitcoind running + "test/network/full_node_clients" + # tests require lnd running + "test/network/ln" + # tests require tor running + "test/network/net/tor_client" + # tests require the full environment running + "test/acceptance/views" + "test/acceptance/views_admin" + "test/acceptance/views_donations" + "test/acceptance/views_dummystore" + ]; + + meta = with lib; { + description = "Modern self-hosted software for accepting Bitcoin"; + homepage = "https://cypherpunkpay.org"; + license = with licenses; [ mit /* or */ unlicense ]; + maintainers = with maintainers; [ prusnak ]; + }; +} diff --git a/pkgs/development/python-modules/ipympl/default.nix b/pkgs/development/python-modules/ipympl/default.nix index 922a619a4063e..226fea5b621dc 100644 --- a/pkgs/development/python-modules/ipympl/default.nix +++ b/pkgs/development/python-modules/ipympl/default.nix @@ -8,12 +8,12 @@ buildPythonPackage rec { pname = "ipympl"; - version = "0.8.8"; + version = "0.9.0"; format = "wheel"; src = fetchPypi { inherit pname version format; - sha256 = "sha256-hkaK6q6MCigAfQx/bbuF8rbLmAUWfojU2qdSlWIAkVk="; + sha256 = "sha256-HpO3T/zRbimxd1+nUkbSmclj7nPsMYuSUK0VJItZQs4="; }; diff --git a/pkgs/development/python-modules/jaxlib/default.nix b/pkgs/development/python-modules/jaxlib/default.nix index a15e86c016191..002858a8fa156 100644 --- a/pkgs/development/python-modules/jaxlib/default.nix +++ b/pkgs/development/python-modules/jaxlib/default.nix @@ -216,9 +216,9 @@ let fetchAttrs = { sha256 = if cudaSupport then - "1k0rjxqjm703gd9navwzx5x3874b4dxamr62m1fxhm79d271zxis" + "0d2rqwk9n4a6c51m4g21rxymv85kw2sdksni30cdx3pdcdbqgic7" else - "0ivah1w41jcj13jm740qzwx5h0ia8vbj71pjgd0zrfk3c92kll41"; + "0q540mwmh7grig0qq48ynzqi0gynimxnrq7k97wribqpkx99k39d"; }; buildAttrs = { diff --git a/pkgs/development/python-modules/monero/default.nix b/pkgs/development/python-modules/monero/default.nix new file mode 100644 index 0000000000000..907e54417d6dd --- /dev/null +++ b/pkgs/development/python-modules/monero/default.nix @@ -0,0 +1,51 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, pycryptodomex +, pysocks +, pynacl +, requests +, six +, varint +, pytestCheckHook +, pytest-cov +, responses +}: + +buildPythonPackage rec { + pname = "monero"; + version = "1.0.1"; + + src = fetchFromGitHub { + owner = "monero-ecosystem"; + repo = "monero-python"; + rev = "v${version}"; + sha256 = "sha256-ZjAShIeGVVIKlwgSNPVSN7eaqhKu3wEpDP9wgBMOyZU="; + }; + + postPatch = '' + substituteInPlace requirements.txt \ + --replace 'pynacl~=1.4' 'pynacl>=1.4' \ + --replace 'ipaddress' "" + ''; + + pythonImportsCheck = [ "monero" ]; + + propagatedBuildInputs = [ + pycryptodomex + pynacl + pysocks + requests + six + varint + ]; + + checkInputs = [ pytestCheckHook pytest-cov responses ]; + + meta = with lib; { + description = "Comprehensive Python module for handling Monero"; + homepage = "https://github.com/monero-ecosystem/monero-python"; + license = licenses.bsd3; + maintainers = with maintainers; [ prusnak ]; + }; +} diff --git a/pkgs/development/python-modules/pypng/default.nix b/pkgs/development/python-modules/pypng/default.nix new file mode 100644 index 0000000000000..968e9310318a0 --- /dev/null +++ b/pkgs/development/python-modules/pypng/default.nix @@ -0,0 +1,29 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, pytestCheckHook +}: + +buildPythonPackage rec { + pname = "pypng"; + version = "0.0.21"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "drj11"; + repo = "pypng"; + rev = "${pname}-${version}"; + sha256 = "sha256-JU1GCSTm2s6Kczn6aRcF5DizPJVpizNtnAMJxTBi9vo="; + }; + + pythonImportsCheck = [ "png" ]; + + checkInputs = [ pytestCheckHook ]; + + meta = with lib; { + description = "Pure Python library for PNG image encoding/decoding"; + homepage = "https://github.com/drj11/pypng"; + license = licenses.mit; + maintainers = with maintainers; [ prusnak ]; + }; +} diff --git a/pkgs/development/python-modules/pypykatz/default.nix b/pkgs/development/python-modules/pypykatz/default.nix index 2e2bd7def655d..67b5bf8be9e9c 100644 --- a/pkgs/development/python-modules/pypykatz/default.nix +++ b/pkgs/development/python-modules/pypykatz/default.nix @@ -1,4 +1,5 @@ { lib +, aesedb , aiosmb , aiowinreg , buildPythonPackage @@ -6,19 +7,24 @@ , minidump , minikerberos , msldap +, pythonOlder , winsspi }: buildPythonPackage rec { pname = "pypykatz"; - version = "0.5.2"; + version = "0.5.6"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - sha256 = "1lyvypi1g4l9fq1f9q05bdn6vq8y5y9ghmb6ziqdycr0lxn7lfdd"; + hash = "sha256-iuLQfdRNxy6Z+7sYGG+dSHlxicOPtNOdB/VNLyZjRsY="; }; propagatedBuildInputs = [ + aesedb aiosmb aiowinreg minikerberos @@ -29,7 +35,10 @@ buildPythonPackage rec { # Project doesn't have tests doCheck = false; - pythonImportsCheck = [ "pypykatz" ]; + + pythonImportsCheck = [ + "pypykatz" + ]; meta = with lib; { description = "Mimikatz implementation in Python"; diff --git a/pkgs/development/python-modules/pysigma-backend-insightidr/default.nix b/pkgs/development/python-modules/pysigma-backend-insightidr/default.nix index 4a8a51e222b90..46346f466b20d 100644 --- a/pkgs/development/python-modules/pysigma-backend-insightidr/default.nix +++ b/pkgs/development/python-modules/pysigma-backend-insightidr/default.nix @@ -9,7 +9,7 @@ buildPythonPackage rec { pname = "pysigma-backend-insightidr"; - version = "0.1.4"; + version = "0.1.5"; format = "pyproject"; disabled = pythonOlder "3.8"; @@ -17,8 +17,8 @@ buildPythonPackage rec { src = fetchFromGitHub { owner = "SigmaHQ"; repo = "pySigma-backend-insightidr"; - rev = "v${version}"; - hash = "sha256-ivigYBCoQtAfVmTiKvYugzPbw3tG0Xn5IYbHVJuubDE="; + rev = "refs/tags/v${version}"; + hash = "sha256-RjBRFNMIpjW/x5vShXUgi25oOmvRlD2zP6mNQJ7sG8M="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/testing-common-database/default.nix b/pkgs/development/python-modules/testing-common-database/default.nix index 1d50ed1ec49d9..ff323b85e720f 100644 --- a/pkgs/development/python-modules/testing-common-database/default.nix +++ b/pkgs/development/python-modules/testing-common-database/default.nix @@ -9,6 +9,11 @@ buildPythonPackage rec { sha256 = "0wvdv0frl7xib05sixjv9m6jywaa2wdhdhsqqdfk45akk2r80pcn"; }; + postPatch = '' + substituteInPlace src/testing/common/database.py \ + --replace "collections.Callable" "collections.abc.Callable" + ''; + # There are no unit tests doCheck = false; diff --git a/pkgs/development/python-modules/xknx/default.nix b/pkgs/development/python-modules/xknx/default.nix index 36b7f616e3d27..eee9647e709d3 100644 --- a/pkgs/development/python-modules/xknx/default.nix +++ b/pkgs/development/python-modules/xknx/default.nix @@ -12,7 +12,7 @@ buildPythonPackage rec { pname = "xknx"; - version = "0.20.2"; + version = "0.20.3"; format = "setuptools"; disabled = pythonOlder "3.8"; @@ -21,7 +21,7 @@ buildPythonPackage rec { owner = "XKNX"; repo = pname; rev = version; - sha256 = "sha256-9OEoU2r6/tThEoLjssWD0jrgF2oYk5IRCWLTeF4ddGc="; + sha256 = "sha256-RGwo6IH1WDNBanpQ14gB3/75db3NPwNUsFy0wPP1Yok="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/yoyo-migrations/default.nix b/pkgs/development/python-modules/yoyo-migrations/default.nix new file mode 100644 index 0000000000000..14c90dbd5f288 --- /dev/null +++ b/pkgs/development/python-modules/yoyo-migrations/default.nix @@ -0,0 +1,30 @@ +{ lib +, buildPythonPackage +, fetchPypi +, setuptools +, sqlparse +, tabulate +}: + +buildPythonPackage rec { + pname = "yoyo-migrations"; + version = "7.3.2"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-RIQIKOGgFp9UHnAtWu3KgYWtpoCH57rUhQpvxdced6Q="; + }; + + propagatedBuildInputs = [ setuptools sqlparse tabulate ]; + + doCheck = false; # pypi tarball does not contain tests + + pythonImportsCheck = [ "yoyo" ]; + + meta = with lib; { + description = "Database schema migration tool"; + homepage = "https://ollycope.com/software/yoyo"; + license = licenses.asl20; + maintainers = with maintainers; [ prusnak ]; + }; +} diff --git a/pkgs/os-specific/linux/pscircle/default.nix b/pkgs/os-specific/linux/pscircle/default.nix index ef7dbc55a9ab9..a293790cc97cc 100644 --- a/pkgs/os-specific/linux/pscircle/default.nix +++ b/pkgs/os-specific/linux/pscircle/default.nix @@ -11,11 +11,14 @@ stdenv.mkDerivation rec { sha256 = "1sm99423hh90kr4wdjqi9sdrrpk65j2vz2hzj65zcxfxyr6khjci"; }; + nativeBuildInputs = [ + meson + pkg-config + ninja + ]; + buildInputs = [ - meson - pkg-config - cairo - ninja + cairo ]; meta = with lib; { diff --git a/pkgs/servers/haste-server/default.nix b/pkgs/servers/haste-server/default.nix new file mode 100644 index 0000000000000..998d9c4235de6 --- /dev/null +++ b/pkgs/servers/haste-server/default.nix @@ -0,0 +1,62 @@ +{ lib +, nixosTests +, stdenv +, fetchFromGitHub +, makeWrapper +, nodejs +, pkgs +}: + +stdenv.mkDerivation rec { + pname = "haste-server"; + version = "3dcc43578b99dbafac35dece9d774ff2af39e8d0"; + + src = fetchFromGitHub { + owner = "toptal"; + repo = "haste-server"; + rev = version; + hash = "sha256-srSPRlG+gXSIwgVFLyfzRex97tCbV9FZXYpLD0KFRfw="; + }; + + nativeBuildInputs = [ + nodejs + makeWrapper + ]; + + installPhase = + let + nodeDependencies = ((import ./node-composition.nix { + inherit pkgs nodejs; + inherit (stdenv.hostPlatform) system; + }).nodeDependencies.override (old: { + # access to path '/nix/store/...-source' is forbidden in restricted mode + src = src; + dontNpmInstall = true; + })); + in + '' + runHook postInstall + + mkdir -p $out/share + cp -ra . $out/share/haste-server + ln -s ${nodeDependencies}/lib/node_modules $out/share/haste-server/node_modules + makeWrapper ${nodejs}/bin/node $out/bin/haste-server \ + --add-flags $out/share/haste-server/server.js + + runHook postBuild + ''; + + passthru = { + tests = { + inherit (nixosTests) haste-server; + }; + updateScript = ./update.sh; + }; + + meta = with lib; { + description = "open source pastebin written in node.js"; + homepage = "https://www.toptal.com/developers/hastebin/about.md"; + license = licenses.mit; + maintainers = with maintainers; [ mkg20001 ]; + }; +} diff --git a/pkgs/servers/haste-server/node-composition.nix b/pkgs/servers/haste-server/node-composition.nix new file mode 100644 index 0000000000000..7b8937a3647cc --- /dev/null +++ b/pkgs/servers/haste-server/node-composition.nix @@ -0,0 +1,17 @@ +# This file has been generated by node2nix 1.9.0. Do not edit! + +{pkgs ? import <nixpkgs> { + inherit system; + }, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-14_x"}: + +let + nodeEnv = import ./node-env.nix { + inherit (pkgs) stdenv lib python2 runCommand writeTextFile writeShellScript; + inherit pkgs nodejs; + libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; + }; +in +import ./node-deps.nix { + inherit (pkgs) fetchurl nix-gitignore stdenv lib fetchgit; + inherit nodeEnv; +} diff --git a/pkgs/servers/haste-server/node-deps.nix b/pkgs/servers/haste-server/node-deps.nix new file mode 100644 index 0000000000000..df902e8e18cd6 --- /dev/null +++ b/pkgs/servers/haste-server/node-deps.nix @@ -0,0 +1,1551 @@ +# This file has been generated by node2nix 1.9.0. Do not edit! + +{nodeEnv, fetchurl, fetchgit, nix-gitignore, stdenv, lib, globalBuildInputs ? []}: + +let + sources = { + "@ungap/promise-all-settled-1.1.2" = { + name = "_at_ungap_slash_promise-all-settled"; + packageName = "@ungap/promise-all-settled"; + version = "1.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz"; + sha512 = "sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q=="; + }; + }; + "ansi-colors-4.1.1" = { + name = "ansi-colors"; + packageName = "ansi-colors"; + version = "4.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz"; + sha512 = "JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA=="; + }; + }; + "ansi-regex-3.0.0" = { + name = "ansi-regex"; + packageName = "ansi-regex"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz"; + sha1 = "ed0317c322064f79466c02966bddb605ab37d998"; + }; + }; + "ansi-regex-5.0.1" = { + name = "ansi-regex"; + packageName = "ansi-regex"; + version = "5.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz"; + sha512 = "quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="; + }; + }; + "ansi-styles-4.3.0" = { + name = "ansi-styles"; + packageName = "ansi-styles"; + version = "4.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz"; + sha512 = "zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="; + }; + }; + "anymatch-3.1.2" = { + name = "anymatch"; + packageName = "anymatch"; + version = "3.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz"; + sha512 = "P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg=="; + }; + }; + "argparse-2.0.1" = { + name = "argparse"; + packageName = "argparse"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz"; + sha512 = "8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="; + }; + }; + "async-1.0.0" = { + name = "async"; + packageName = "async"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/async/-/async-1.0.0.tgz"; + sha1 = "f8fc04ca3a13784ade9e1641af98578cfbd647a9"; + }; + }; + "async-cache-1.1.0" = { + name = "async-cache"; + packageName = "async-cache"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/async-cache/-/async-cache-1.1.0.tgz"; + sha1 = "4a9a5a89d065ec5d8e5254bd9ee96ba76c532b5a"; + }; + }; + "balanced-match-1.0.2" = { + name = "balanced-match"; + packageName = "balanced-match"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz"; + sha512 = "3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="; + }; + }; + "base64-js-1.5.1" = { + name = "base64-js"; + packageName = "base64-js"; + version = "1.5.1"; + src = fetchurl { + url = "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz"; + sha512 = "AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA=="; + }; + }; + "binary-extensions-2.2.0" = { + name = "binary-extensions"; + packageName = "binary-extensions"; + version = "2.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz"; + sha512 = "jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA=="; + }; + }; + "bl-4.1.0" = { + name = "bl"; + packageName = "bl"; + version = "4.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz"; + sha512 = "1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w=="; + }; + }; + "brace-expansion-1.1.11" = { + name = "brace-expansion"; + packageName = "brace-expansion"; + version = "1.1.11"; + src = fetchurl { + url = "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz"; + sha512 = "iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA=="; + }; + }; + "braces-3.0.2" = { + name = "braces"; + packageName = "braces"; + version = "3.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz"; + sha512 = "b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A=="; + }; + }; + "browser-stdout-1.3.1" = { + name = "browser-stdout"; + packageName = "browser-stdout"; + version = "1.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz"; + sha512 = "qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw=="; + }; + }; + "buffer-5.7.1" = { + name = "buffer"; + packageName = "buffer"; + version = "5.7.1"; + src = fetchurl { + url = "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz"; + sha512 = "EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ=="; + }; + }; + "buffer-writer-2.0.0" = { + name = "buffer-writer"; + packageName = "buffer-writer"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/buffer-writer/-/buffer-writer-2.0.0.tgz"; + sha512 = "a7ZpuTZU1TRtnwyCNW3I5dc0wWNC3VR9S++Ewyk2HHZdrO3CQJqSpd+95Us590V6AL7JqUAH2IwZ/398PmNFgw=="; + }; + }; + "busboy-0.2.4" = { + name = "busboy"; + packageName = "busboy"; + version = "0.2.4"; + src = fetchurl { + url = "https://registry.npmjs.org/busboy/-/busboy-0.2.4.tgz"; + sha1 = "1977e96e1ee884649651ebdf548ca900758ba7f3"; + }; + }; + "camelcase-6.3.0" = { + name = "camelcase"; + packageName = "camelcase"; + version = "6.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz"; + sha512 = "Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA=="; + }; + }; + "chalk-4.1.2" = { + name = "chalk"; + packageName = "chalk"; + version = "4.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz"; + sha512 = "oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA=="; + }; + }; + "chokidar-3.5.1" = { + name = "chokidar"; + packageName = "chokidar"; + version = "3.5.1"; + src = fetchurl { + url = "https://registry.npmjs.org/chokidar/-/chokidar-3.5.1.tgz"; + sha512 = "9+s+Od+W0VJJzawDma/gvBNQqkTiqYTWLuZoyAsivsI4AaWTCzHG06/TMjsf1cYe9Cb97UCEhjz7HvnPk2p/tw=="; + }; + }; + "cliui-7.0.4" = { + name = "cliui"; + packageName = "cliui"; + version = "7.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz"; + sha512 = "OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ=="; + }; + }; + "color-convert-2.0.1" = { + name = "color-convert"; + packageName = "color-convert"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz"; + sha512 = "RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ=="; + }; + }; + "color-name-1.1.4" = { + name = "color-name"; + packageName = "color-name"; + version = "1.1.4"; + src = fetchurl { + url = "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz"; + sha512 = "dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="; + }; + }; + "colors-1.0.3" = { + name = "colors"; + packageName = "colors"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/colors/-/colors-1.0.3.tgz"; + sha1 = "0433f44d809680fdeb60ed260f1b0c262e82a40b"; + }; + }; + "commander-2.11.0" = { + name = "commander"; + packageName = "commander"; + version = "2.11.0"; + src = fetchurl { + url = "https://registry.npmjs.org/commander/-/commander-2.11.0.tgz"; + sha512 = "b0553uYA5YAEGgyYIGYROzKQ7X5RAqedkfjiZxwi0kL1g3bOaBNNZfYkzt/CL0umgD5wc9Jec2FbB98CjkMRvQ=="; + }; + }; + "concat-map-0.0.1" = { + name = "concat-map"; + packageName = "concat-map"; + version = "0.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz"; + sha1 = "d8a96bd77fd68df7793a73036a3ba0d5405d477b"; + }; + }; + "connect-3.7.0" = { + name = "connect"; + packageName = "connect"; + version = "3.7.0"; + src = fetchurl { + url = "https://registry.npmjs.org/connect/-/connect-3.7.0.tgz"; + sha512 = "ZqRXc+tZukToSNmh5C2iWMSoV3X1YUcPbqEM4DkEG5tNQXrQUZCNVGGv3IuicnkMtPfGf3Xtp8WCXs295iQ1pQ=="; + }; + }; + "connect-ratelimit-0.0.7" = { + name = "connect-ratelimit"; + packageName = "connect-ratelimit"; + version = "0.0.7"; + src = fetchurl { + url = "https://registry.npmjs.org/connect-ratelimit/-/connect-ratelimit-0.0.7.tgz"; + sha1 = "e6e09c950649e849499cab1870a415a07f731568"; + }; + }; + "connect-route-0.1.5" = { + name = "connect-route"; + packageName = "connect-route"; + version = "0.1.5"; + src = fetchurl { + url = "https://registry.npmjs.org/connect-route/-/connect-route-0.1.5.tgz"; + sha1 = "e3c218319d2e88a8a9ae0b0e0fe09a729c39744a"; + }; + }; + "core-util-is-1.0.3" = { + name = "core-util-is"; + packageName = "core-util-is"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz"; + sha512 = "ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ=="; + }; + }; + "cycle-1.0.3" = { + name = "cycle"; + packageName = "cycle"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/cycle/-/cycle-1.0.3.tgz"; + sha1 = "21e80b2be8580f98b468f379430662b046c34ad2"; + }; + }; + "debug-2.6.9" = { + name = "debug"; + packageName = "debug"; + version = "2.6.9"; + src = fetchurl { + url = "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz"; + sha512 = "bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="; + }; + }; + "debug-4.3.1" = { + name = "debug"; + packageName = "debug"; + version = "4.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz"; + sha512 = "doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ=="; + }; + }; + "decamelize-4.0.0" = { + name = "decamelize"; + packageName = "decamelize"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz"; + sha512 = "9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ=="; + }; + }; + "dicer-0.2.3" = { + name = "dicer"; + packageName = "dicer"; + version = "0.2.3"; + src = fetchurl { + url = "https://registry.npmjs.org/dicer/-/dicer-0.2.3.tgz"; + sha1 = "f00281189a55c2351ef80490a4fe9fb2c59c4939"; + }; + }; + "diff-5.0.0" = { + name = "diff"; + packageName = "diff"; + version = "5.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz"; + sha512 = "/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w=="; + }; + }; + "ee-first-1.1.1" = { + name = "ee-first"; + packageName = "ee-first"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz"; + sha1 = "590c61156b0ae2f4f0255732a158b266bc56b21d"; + }; + }; + "emoji-regex-8.0.0" = { + name = "emoji-regex"; + packageName = "emoji-regex"; + version = "8.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz"; + sha512 = "MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="; + }; + }; + "encodeurl-1.0.2" = { + name = "encodeurl"; + packageName = "encodeurl"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz"; + sha1 = "ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59"; + }; + }; + "escalade-3.1.1" = { + name = "escalade"; + packageName = "escalade"; + version = "3.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz"; + sha512 = "k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw=="; + }; + }; + "escape-html-1.0.3" = { + name = "escape-html"; + packageName = "escape-html"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz"; + sha1 = "0258eae4d3d0c0974de1c169188ef0051d1d1988"; + }; + }; + "escape-string-regexp-4.0.0" = { + name = "escape-string-regexp"; + packageName = "escape-string-regexp"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz"; + sha512 = "TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA=="; + }; + }; + "eyes-0.1.8" = { + name = "eyes"; + packageName = "eyes"; + version = "0.1.8"; + src = fetchurl { + url = "https://registry.npmjs.org/eyes/-/eyes-0.1.8.tgz"; + sha1 = "62cf120234c683785d902348a800ef3e0cc20bc0"; + }; + }; + "fd-0.0.3" = { + name = "fd"; + packageName = "fd"; + version = "0.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/fd/-/fd-0.0.3.tgz"; + sha512 = "iAHrIslQb3U68OcMSP0kkNWabp7sSN6d2TBSb2JO3gcLJVDd4owr/hKM4SFJovFOUeeXeItjYgouEDTMWiVAnA=="; + }; + }; + "fill-range-7.0.1" = { + name = "fill-range"; + packageName = "fill-range"; + version = "7.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz"; + sha512 = "qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ=="; + }; + }; + "finalhandler-1.1.2" = { + name = "finalhandler"; + packageName = "finalhandler"; + version = "1.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz"; + sha512 = "aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA=="; + }; + }; + "find-up-5.0.0" = { + name = "find-up"; + packageName = "find-up"; + version = "5.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz"; + sha512 = "78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng=="; + }; + }; + "flat-5.0.2" = { + name = "flat"; + packageName = "flat"; + version = "5.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz"; + sha512 = "b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ=="; + }; + }; + "fs.realpath-1.0.0" = { + name = "fs.realpath"; + packageName = "fs.realpath"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz"; + sha1 = "1504ad2523158caa40db4a2787cb01411994ea4f"; + }; + }; + "fsevents-2.3.2" = { + name = "fsevents"; + packageName = "fsevents"; + version = "2.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz"; + sha512 = "xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA=="; + }; + }; + "get-caller-file-2.0.5" = { + name = "get-caller-file"; + packageName = "get-caller-file"; + version = "2.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz"; + sha512 = "DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg=="; + }; + }; + "glob-7.1.6" = { + name = "glob"; + packageName = "glob"; + version = "7.1.6"; + src = fetchurl { + url = "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz"; + sha512 = "LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA=="; + }; + }; + "glob-parent-5.1.2" = { + name = "glob-parent"; + packageName = "glob-parent"; + version = "5.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz"; + sha512 = "AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow=="; + }; + }; + "graceful-fs-4.2.9" = { + name = "graceful-fs"; + packageName = "graceful-fs"; + version = "4.2.9"; + src = fetchurl { + url = "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.9.tgz"; + sha512 = "NtNxqUcXgpW2iMrfqSfR73Glt39K+BLwWsPs94yR63v45T0Wbej7eRmL5cWfwEgqXnmjQp3zaJTshdRW/qC2ZQ=="; + }; + }; + "growl-1.10.5" = { + name = "growl"; + packageName = "growl"; + version = "1.10.5"; + src = fetchurl { + url = "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz"; + sha512 = "qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA=="; + }; + }; + "has-flag-4.0.0" = { + name = "has-flag"; + packageName = "has-flag"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz"; + sha512 = "EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ=="; + }; + }; + "he-1.2.0" = { + name = "he"; + packageName = "he"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/he/-/he-1.2.0.tgz"; + sha512 = "F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw=="; + }; + }; + "ieee754-1.2.1" = { + name = "ieee754"; + packageName = "ieee754"; + version = "1.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz"; + sha512 = "dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA=="; + }; + }; + "inflight-1.0.6" = { + name = "inflight"; + packageName = "inflight"; + version = "1.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz"; + sha1 = "49bd6331d7d02d0c09bc910a1075ba8165b56df9"; + }; + }; + "inherits-2.0.4" = { + name = "inherits"; + packageName = "inherits"; + version = "2.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz"; + sha512 = "k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="; + }; + }; + "is-binary-path-2.1.0" = { + name = "is-binary-path"; + packageName = "is-binary-path"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz"; + sha512 = "ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw=="; + }; + }; + "is-extglob-2.1.1" = { + name = "is-extglob"; + packageName = "is-extglob"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz"; + sha1 = "a88c02535791f02ed37c76a1b9ea9773c833f8c2"; + }; + }; + "is-fullwidth-code-point-2.0.0" = { + name = "is-fullwidth-code-point"; + packageName = "is-fullwidth-code-point"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz"; + sha1 = "a3b30a5c4f199183167aaab93beefae3ddfb654f"; + }; + }; + "is-fullwidth-code-point-3.0.0" = { + name = "is-fullwidth-code-point"; + packageName = "is-fullwidth-code-point"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz"; + sha512 = "zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg=="; + }; + }; + "is-glob-4.0.3" = { + name = "is-glob"; + packageName = "is-glob"; + version = "4.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz"; + sha512 = "xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg=="; + }; + }; + "is-number-7.0.0" = { + name = "is-number"; + packageName = "is-number"; + version = "7.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz"; + sha512 = "41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng=="; + }; + }; + "is-plain-obj-2.1.0" = { + name = "is-plain-obj"; + packageName = "is-plain-obj"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz"; + sha512 = "YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA=="; + }; + }; + "isarray-0.0.1" = { + name = "isarray"; + packageName = "isarray"; + version = "0.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz"; + sha1 = "8a18acfca9a8f4177e09abfc6038939b05d1eedf"; + }; + }; + "isexe-2.0.0" = { + name = "isexe"; + packageName = "isexe"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz"; + sha1 = "e8fbf374dc556ff8947a10dcb0572d633f2cfa10"; + }; + }; + "isstream-0.1.2" = { + name = "isstream"; + packageName = "isstream"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz"; + sha1 = "47e63f7af55afa6f92e1500e690eb8b8529c099a"; + }; + }; + "js-yaml-4.0.0" = { + name = "js-yaml"; + packageName = "js-yaml"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/js-yaml/-/js-yaml-4.0.0.tgz"; + sha512 = "pqon0s+4ScYUvX30wxQi3PogGFAlUyH0awepWvwkj4jD4v+ova3RiYw8bmA6x2rDrEaj8i/oWKoRxpVNW+Re8Q=="; + }; + }; + "locate-path-6.0.0" = { + name = "locate-path"; + packageName = "locate-path"; + version = "6.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz"; + sha512 = "iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw=="; + }; + }; + "log-symbols-4.0.0" = { + name = "log-symbols"; + packageName = "log-symbols"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/log-symbols/-/log-symbols-4.0.0.tgz"; + sha512 = "FN8JBzLx6CzeMrB0tg6pqlGU1wCrXW+ZXGH481kfsBqer0hToTIiHdjH4Mq8xJUbvATujKCvaREGWpGUionraA=="; + }; + }; + "lru-cache-4.1.5" = { + name = "lru-cache"; + packageName = "lru-cache"; + version = "4.1.5"; + src = fetchurl { + url = "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz"; + sha512 = "sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g=="; + }; + }; + "mime-2.6.0" = { + name = "mime"; + packageName = "mime"; + version = "2.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/mime/-/mime-2.6.0.tgz"; + sha512 = "USPkMeET31rOMiarsBNIHZKLGgvKc/LrjofAnBlOttf5ajRvqiRA8QsenbcooctK6d6Ts6aqZXBA+XbkKthiQg=="; + }; + }; + "minimatch-3.0.4" = { + name = "minimatch"; + packageName = "minimatch"; + version = "3.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz"; + sha512 = "yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA=="; + }; + }; + "mocha-8.4.0" = { + name = "mocha"; + packageName = "mocha"; + version = "8.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/mocha/-/mocha-8.4.0.tgz"; + sha512 = "hJaO0mwDXmZS4ghXsvPVriOhsxQ7ofcpQdm8dE+jISUOKopitvnXFQmpRR7jd2K6VBG6E26gU3IAbXXGIbu4sQ=="; + }; + }; + "ms-2.0.0" = { + name = "ms"; + packageName = "ms"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz"; + sha1 = "5608aeadfc00be6c2901df5f9861788de0d597c8"; + }; + }; + "ms-2.1.2" = { + name = "ms"; + packageName = "ms"; + version = "2.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz"; + sha512 = "sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="; + }; + }; + "ms-2.1.3" = { + name = "ms"; + packageName = "ms"; + version = "2.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz"; + sha512 = "6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="; + }; + }; + "nanoid-3.1.20" = { + name = "nanoid"; + packageName = "nanoid"; + version = "3.1.20"; + src = fetchurl { + url = "https://registry.npmjs.org/nanoid/-/nanoid-3.1.20.tgz"; + sha512 = "a1cQNyczgKbLX9jwbS/+d7W8fX/RfgYR7lVWwWOGIPNgK2m0MWvrGF6/m4kk6U3QcFMnZf3RIhL0v2Jgh/0Uxw=="; + }; + }; + "negotiator-0.6.3" = { + name = "negotiator"; + packageName = "negotiator"; + version = "0.6.3"; + src = fetchurl { + url = "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz"; + sha512 = "+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg=="; + }; + }; + "normalize-path-3.0.0" = { + name = "normalize-path"; + packageName = "normalize-path"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz"; + sha512 = "6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA=="; + }; + }; + "on-finished-2.3.0" = { + name = "on-finished"; + packageName = "on-finished"; + version = "2.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz"; + sha1 = "20f1336481b083cd75337992a16971aa2d906947"; + }; + }; + "once-1.4.0" = { + name = "once"; + packageName = "once"; + version = "1.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/once/-/once-1.4.0.tgz"; + sha1 = "583b1aa775961d4b113ac17d9c50baef9dd76bd1"; + }; + }; + "p-limit-3.1.0" = { + name = "p-limit"; + packageName = "p-limit"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz"; + sha512 = "TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ=="; + }; + }; + "p-locate-5.0.0" = { + name = "p-locate"; + packageName = "p-locate"; + version = "5.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz"; + sha512 = "LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw=="; + }; + }; + "packet-reader-1.0.0" = { + name = "packet-reader"; + packageName = "packet-reader"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/packet-reader/-/packet-reader-1.0.0.tgz"; + sha512 = "HAKu/fG3HpHFO0AA8WE8q2g+gBJaZ9MG7fcKk+IJPLTGAD6Psw4443l+9DGRbOIh3/aXr7Phy0TjilYivJo5XQ=="; + }; + }; + "parseurl-1.3.3" = { + name = "parseurl"; + packageName = "parseurl"; + version = "1.3.3"; + src = fetchurl { + url = "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz"; + sha512 = "CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="; + }; + }; + "path-exists-4.0.0" = { + name = "path-exists"; + packageName = "path-exists"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz"; + sha512 = "ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w=="; + }; + }; + "path-is-absolute-1.0.1" = { + name = "path-is-absolute"; + packageName = "path-is-absolute"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz"; + sha1 = "174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f"; + }; + }; + "pg-8.7.3" = { + name = "pg"; + packageName = "pg"; + version = "8.7.3"; + src = fetchurl { + url = "https://registry.npmjs.org/pg/-/pg-8.7.3.tgz"; + sha512 = "HPmH4GH4H3AOprDJOazoIcpI49XFsHCe8xlrjHkWiapdbHK+HLtbm/GQzXYAZwmPju/kzKhjaSfMACG+8cgJcw=="; + }; + }; + "pg-connection-string-2.5.0" = { + name = "pg-connection-string"; + packageName = "pg-connection-string"; + version = "2.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.5.0.tgz"; + sha512 = "r5o/V/ORTA6TmUnyWZR9nCj1klXCO2CEKNRlVuJptZe85QuhFayC7WeMic7ndayT5IRIR0S0xFxFi2ousartlQ=="; + }; + }; + "pg-int8-1.0.1" = { + name = "pg-int8"; + packageName = "pg-int8"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/pg-int8/-/pg-int8-1.0.1.tgz"; + sha512 = "WCtabS6t3c8SkpDBUlb1kjOs7l66xsGdKpIPZsg4wR+B3+u9UAum2odSsF9tnvxg80h4ZxLWMy4pRjOsFIqQpw=="; + }; + }; + "pg-pool-3.5.1" = { + name = "pg-pool"; + packageName = "pg-pool"; + version = "3.5.1"; + src = fetchurl { + url = "https://registry.npmjs.org/pg-pool/-/pg-pool-3.5.1.tgz"; + sha512 = "6iCR0wVrro6OOHFsyavV+i6KYL4lVNyYAB9RD18w66xSzN+d8b66HiwuP30Gp1SH5O9T82fckkzsRjlrhD0ioQ=="; + }; + }; + "pg-protocol-1.5.0" = { + name = "pg-protocol"; + packageName = "pg-protocol"; + version = "1.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/pg-protocol/-/pg-protocol-1.5.0.tgz"; + sha512 = "muRttij7H8TqRNu/DxrAJQITO4Ac7RmX3Klyr/9mJEOBeIpgnF8f9jAfRz5d3XwQZl5qBjF9gLsUtMPJE0vezQ=="; + }; + }; + "pg-types-2.2.0" = { + name = "pg-types"; + packageName = "pg-types"; + version = "2.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/pg-types/-/pg-types-2.2.0.tgz"; + sha512 = "qTAAlrEsl8s4OiEQY69wDvcMIdQN6wdz5ojQiOy6YRMuynxenON0O5oCpJI6lshc6scgAY8qvJ2On/p+CXY0GA=="; + }; + }; + "pgpass-1.0.5" = { + name = "pgpass"; + packageName = "pgpass"; + version = "1.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/pgpass/-/pgpass-1.0.5.tgz"; + sha512 = "FdW9r/jQZhSeohs1Z3sI1yxFQNFvMcnmfuj4WBMUTxOrAyLMaTcE1aAMBiTlbMNaXvBCQuVi0R7hd8udDSP7ug=="; + }; + }; + "picomatch-2.3.1" = { + name = "picomatch"; + packageName = "picomatch"; + version = "2.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz"; + sha512 = "JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="; + }; + }; + "postgres-array-2.0.0" = { + name = "postgres-array"; + packageName = "postgres-array"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/postgres-array/-/postgres-array-2.0.0.tgz"; + sha512 = "VpZrUqU5A69eQyW2c5CA1jtLecCsN2U/bD6VilrFDWq5+5UIEVO7nazS3TEcHf1zuPYO/sqGvUvW62g86RXZuA=="; + }; + }; + "postgres-bytea-1.0.0" = { + name = "postgres-bytea"; + packageName = "postgres-bytea"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/postgres-bytea/-/postgres-bytea-1.0.0.tgz"; + sha1 = "027b533c0aa890e26d172d47cf9ccecc521acd35"; + }; + }; + "postgres-date-1.0.7" = { + name = "postgres-date"; + packageName = "postgres-date"; + version = "1.0.7"; + src = fetchurl { + url = "https://registry.npmjs.org/postgres-date/-/postgres-date-1.0.7.tgz"; + sha512 = "suDmjLVQg78nMK2UZ454hAG+OAW+HQPZ6n++TNDUX+L0+uUlLywnoxJKDou51Zm+zTCjrCl0Nq6J9C5hP9vK/Q=="; + }; + }; + "postgres-interval-1.2.0" = { + name = "postgres-interval"; + packageName = "postgres-interval"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/postgres-interval/-/postgres-interval-1.2.0.tgz"; + sha512 = "9ZhXKM/rw350N1ovuWHbGxnGh/SNJ4cnxHiM0rxE4VN41wsg8P8zWn9hv/buK00RP4WvlOyr/RBDiptyxVbkZQ=="; + }; + }; + "pseudomap-1.0.2" = { + name = "pseudomap"; + packageName = "pseudomap"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz"; + sha1 = "f052a28da70e618917ef0a8ac34c1ae5a68286b3"; + }; + }; + "randombytes-2.1.0" = { + name = "randombytes"; + packageName = "randombytes"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz"; + sha512 = "vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ=="; + }; + }; + "readable-stream-1.1.14" = { + name = "readable-stream"; + packageName = "readable-stream"; + version = "1.1.14"; + src = fetchurl { + url = "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz"; + sha1 = "7cf4c54ef648e3813084c636dd2079e166c081d9"; + }; + }; + "readable-stream-3.6.0" = { + name = "readable-stream"; + packageName = "readable-stream"; + version = "3.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz"; + sha512 = "BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA=="; + }; + }; + "readdirp-3.5.0" = { + name = "readdirp"; + packageName = "readdirp"; + version = "3.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/readdirp/-/readdirp-3.5.0.tgz"; + sha512 = "cMhu7c/8rdhkHXWsY+osBhfSy0JikwpHK/5+imo+LpeasTF8ouErHrlYkwT0++njiyuDvc7OFY5T3ukvZ8qmFQ=="; + }; + }; + "redis-0.8.1" = { + name = "redis"; + packageName = "redis"; + version = "0.8.1"; + src = fetchurl { + url = "https://registry.npmjs.org/redis/-/redis-0.8.1.tgz"; + sha1 = "159f2130599a2f719e44b03f0b4b7612f992fcb2"; + }; + }; + "redis-url-0.1.0" = { + name = "redis-url"; + packageName = "redis-url"; + version = "0.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/redis-url/-/redis-url-0.1.0.tgz"; + sha1 = "4da5e5b181b6c0cad6e1a55c7f50a8e6ee7779bb"; + }; + }; + "require-directory-2.1.1" = { + name = "require-directory"; + packageName = "require-directory"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz"; + sha1 = "8c64ad5fd30dab1c976e2344ffe7f792a6a6df42"; + }; + }; + "safe-buffer-5.2.1" = { + name = "safe-buffer"; + packageName = "safe-buffer"; + version = "5.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz"; + sha512 = "rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="; + }; + }; + "serialize-javascript-5.0.1" = { + name = "serialize-javascript"; + packageName = "serialize-javascript"; + version = "5.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-5.0.1.tgz"; + sha512 = "SaaNal9imEO737H2c05Og0/8LUXG7EnsZyMa8MzkmuHoELfT6txuj0cMqRj6zfPKnmQ1yasR4PCJc8x+M4JSPA=="; + }; + }; + "source-map-0.6.1" = { + name = "source-map"; + packageName = "source-map"; + version = "0.6.1"; + src = fetchurl { + url = "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz"; + sha512 = "UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g=="; + }; + }; + "split2-4.1.0" = { + name = "split2"; + packageName = "split2"; + version = "4.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/split2/-/split2-4.1.0.tgz"; + sha512 = "VBiJxFkxiXRlUIeyMQi8s4hgvKCSjtknJv/LVYbrgALPwf5zSKmEwV9Lst25AkvMDnvxODugjdl6KZgwKM1WYQ=="; + }; + }; + "st-2.0.0" = { + name = "st"; + packageName = "st"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/st/-/st-2.0.0.tgz"; + sha512 = "drN+aGYnrZPNYIymmNwIY7LXYJ8MqsqXj4fMRue3FOgGMdGjSX10fhJ3qx0sVQPhcWxhEaN4U/eWM4O4dbYNAw=="; + }; + }; + "stack-trace-0.0.10" = { + name = "stack-trace"; + packageName = "stack-trace"; + version = "0.0.10"; + src = fetchurl { + url = "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz"; + sha1 = "547c70b347e8d32b4e108ea1a2a159e5fdde19c0"; + }; + }; + "statuses-1.5.0" = { + name = "statuses"; + packageName = "statuses"; + version = "1.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz"; + sha1 = "161c7dac177659fd9811f43771fa99381478628c"; + }; + }; + "streamsearch-0.1.2" = { + name = "streamsearch"; + packageName = "streamsearch"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/streamsearch/-/streamsearch-0.1.2.tgz"; + sha1 = "808b9d0e56fc273d809ba57338e929919a1a9f1a"; + }; + }; + "string-width-2.1.1" = { + name = "string-width"; + packageName = "string-width"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz"; + sha512 = "nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw=="; + }; + }; + "string-width-4.2.3" = { + name = "string-width"; + packageName = "string-width"; + version = "4.2.3"; + src = fetchurl { + url = "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz"; + sha512 = "wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="; + }; + }; + "string_decoder-0.10.31" = { + name = "string_decoder"; + packageName = "string_decoder"; + version = "0.10.31"; + src = fetchurl { + url = "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz"; + sha1 = "62e203bc41766c6c28c9fc84301dab1c5310fa94"; + }; + }; + "string_decoder-1.3.0" = { + name = "string_decoder"; + packageName = "string_decoder"; + version = "1.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz"; + sha512 = "hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA=="; + }; + }; + "strip-ansi-4.0.0" = { + name = "strip-ansi"; + packageName = "strip-ansi"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz"; + sha1 = "a8479022eb1ac368a871389b635262c505ee368f"; + }; + }; + "strip-ansi-6.0.1" = { + name = "strip-ansi"; + packageName = "strip-ansi"; + version = "6.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz"; + sha512 = "Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="; + }; + }; + "strip-json-comments-3.1.1" = { + name = "strip-json-comments"; + packageName = "strip-json-comments"; + version = "3.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz"; + sha512 = "6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig=="; + }; + }; + "supports-color-7.2.0" = { + name = "supports-color"; + packageName = "supports-color"; + version = "7.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz"; + sha512 = "qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw=="; + }; + }; + "supports-color-8.1.1" = { + name = "supports-color"; + packageName = "supports-color"; + version = "8.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz"; + sha512 = "MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q=="; + }; + }; + "to-regex-range-5.0.1" = { + name = "to-regex-range"; + packageName = "to-regex-range"; + version = "5.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz"; + sha512 = "65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ=="; + }; + }; + "uglify-js-3.1.6" = { + name = "uglify-js"; + packageName = "uglify-js"; + version = "3.1.6"; + src = fetchurl { + url = "https://registry.npmjs.org/uglify-js/-/uglify-js-3.1.6.tgz"; + sha512 = "/rseyxEKEVMBo8279lqpoJgD6C/i/CIi+9TJDvWmb+Xo6mqMKwjA8Io3IMHlcXQzj99feR6zrN8m3wqqvm/nYA=="; + }; + }; + "unpipe-1.0.0" = { + name = "unpipe"; + packageName = "unpipe"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz"; + sha1 = "b2bf4ee8514aae6165b4817829d21b2ef49904ec"; + }; + }; + "util-deprecate-1.0.2" = { + name = "util-deprecate"; + packageName = "util-deprecate"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz"; + sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf"; + }; + }; + "utils-merge-1.0.1" = { + name = "utils-merge"; + packageName = "utils-merge"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz"; + sha1 = "9f95710f50a267947b2ccc124741c1028427e713"; + }; + }; + "which-2.0.2" = { + name = "which"; + packageName = "which"; + version = "2.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/which/-/which-2.0.2.tgz"; + sha512 = "BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA=="; + }; + }; + "wide-align-1.1.3" = { + name = "wide-align"; + packageName = "wide-align"; + version = "1.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/wide-align/-/wide-align-1.1.3.tgz"; + sha512 = "QGkOQc8XL6Bt5PwnsExKBPuMKBxnGxWWW3fU55Xt4feHozMUhdUMaBCk290qpm/wG5u/RSKzwdAC4i51YigihA=="; + }; + }; + "winston-2.4.5" = { + name = "winston"; + packageName = "winston"; + version = "2.4.5"; + src = fetchurl { + url = "https://registry.npmjs.org/winston/-/winston-2.4.5.tgz"; + sha512 = "TWoamHt5yYvsMarGlGEQE59SbJHqGsZV8/lwC+iCcGeAe0vUaOh+Lv6SYM17ouzC/a/LB1/hz/7sxFBtlu1l4A=="; + }; + }; + "workerpool-6.1.0" = { + name = "workerpool"; + packageName = "workerpool"; + version = "6.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/workerpool/-/workerpool-6.1.0.tgz"; + sha512 = "toV7q9rWNYha963Pl/qyeZ6wG+3nnsyvolaNUS8+R5Wtw6qJPTxIlOP1ZSvcGhEJw+l3HMMmtiNo9Gl61G4GVg=="; + }; + }; + "wrap-ansi-7.0.0" = { + name = "wrap-ansi"; + packageName = "wrap-ansi"; + version = "7.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz"; + sha512 = "YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q=="; + }; + }; + "wrappy-1.0.2" = { + name = "wrappy"; + packageName = "wrappy"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz"; + sha1 = "b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"; + }; + }; + "xtend-4.0.2" = { + name = "xtend"; + packageName = "xtend"; + version = "4.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz"; + sha512 = "LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ=="; + }; + }; + "y18n-5.0.8" = { + name = "y18n"; + packageName = "y18n"; + version = "5.0.8"; + src = fetchurl { + url = "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz"; + sha512 = "0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA=="; + }; + }; + "yallist-2.1.2" = { + name = "yallist"; + packageName = "yallist"; + version = "2.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz"; + sha1 = "1c11f9218f076089a47dd512f93c6699a6a81d52"; + }; + }; + "yargs-16.2.0" = { + name = "yargs"; + packageName = "yargs"; + version = "16.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz"; + sha512 = "D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw=="; + }; + }; + "yargs-parser-20.2.4" = { + name = "yargs-parser"; + packageName = "yargs-parser"; + version = "20.2.4"; + src = fetchurl { + url = "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz"; + sha512 = "WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA=="; + }; + }; + "yargs-unparser-2.0.0" = { + name = "yargs-unparser"; + packageName = "yargs-unparser"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz"; + sha512 = "7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA=="; + }; + }; + "yocto-queue-0.1.0" = { + name = "yocto-queue"; + packageName = "yocto-queue"; + version = "0.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz"; + sha512 = "rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q=="; + }; + }; + }; + args = { + name = "haste"; + packageName = "haste"; + version = "0.1.0"; + src = ../../../../../../../../nix/store/5pfi6mmmdlqm2ixww08p7mlqj9a2dwbz-source; + dependencies = [ + sources."@ungap/promise-all-settled-1.1.2" + sources."ansi-colors-4.1.1" + sources."ansi-regex-3.0.0" + sources."ansi-styles-4.3.0" + sources."anymatch-3.1.2" + sources."argparse-2.0.1" + sources."async-1.0.0" + sources."async-cache-1.1.0" + sources."balanced-match-1.0.2" + sources."base64-js-1.5.1" + sources."binary-extensions-2.2.0" + (sources."bl-4.1.0" // { + dependencies = [ + sources."readable-stream-3.6.0" + sources."string_decoder-1.3.0" + ]; + }) + sources."brace-expansion-1.1.11" + sources."braces-3.0.2" + sources."browser-stdout-1.3.1" + sources."buffer-5.7.1" + sources."buffer-writer-2.0.0" + sources."busboy-0.2.4" + sources."camelcase-6.3.0" + (sources."chalk-4.1.2" // { + dependencies = [ + sources."supports-color-7.2.0" + ]; + }) + sources."chokidar-3.5.1" + (sources."cliui-7.0.4" // { + dependencies = [ + sources."ansi-regex-5.0.1" + sources."is-fullwidth-code-point-3.0.0" + sources."string-width-4.2.3" + sources."strip-ansi-6.0.1" + ]; + }) + sources."color-convert-2.0.1" + sources."color-name-1.1.4" + sources."colors-1.0.3" + sources."commander-2.11.0" + sources."concat-map-0.0.1" + sources."connect-3.7.0" + sources."connect-ratelimit-0.0.7" + sources."connect-route-0.1.5" + sources."core-util-is-1.0.3" + sources."cycle-1.0.3" + sources."debug-2.6.9" + sources."decamelize-4.0.0" + sources."dicer-0.2.3" + sources."diff-5.0.0" + sources."ee-first-1.1.1" + sources."emoji-regex-8.0.0" + sources."encodeurl-1.0.2" + sources."escalade-3.1.1" + sources."escape-html-1.0.3" + sources."escape-string-regexp-4.0.0" + sources."eyes-0.1.8" + sources."fd-0.0.3" + sources."fill-range-7.0.1" + sources."finalhandler-1.1.2" + sources."find-up-5.0.0" + sources."flat-5.0.2" + sources."fs.realpath-1.0.0" + sources."fsevents-2.3.2" + sources."get-caller-file-2.0.5" + sources."glob-7.1.6" + sources."glob-parent-5.1.2" + sources."graceful-fs-4.2.9" + sources."growl-1.10.5" + sources."has-flag-4.0.0" + sources."he-1.2.0" + sources."ieee754-1.2.1" + sources."inflight-1.0.6" + sources."inherits-2.0.4" + sources."is-binary-path-2.1.0" + sources."is-extglob-2.1.1" + sources."is-fullwidth-code-point-2.0.0" + sources."is-glob-4.0.3" + sources."is-number-7.0.0" + sources."is-plain-obj-2.1.0" + sources."isarray-0.0.1" + sources."isexe-2.0.0" + sources."isstream-0.1.2" + sources."js-yaml-4.0.0" + sources."locate-path-6.0.0" + sources."log-symbols-4.0.0" + sources."lru-cache-4.1.5" + sources."mime-2.6.0" + sources."minimatch-3.0.4" + (sources."mocha-8.4.0" // { + dependencies = [ + (sources."debug-4.3.1" // { + dependencies = [ + sources."ms-2.1.2" + ]; + }) + sources."ms-2.1.3" + ]; + }) + sources."ms-2.0.0" + sources."nanoid-3.1.20" + sources."negotiator-0.6.3" + sources."normalize-path-3.0.0" + sources."on-finished-2.3.0" + sources."once-1.4.0" + sources."p-limit-3.1.0" + sources."p-locate-5.0.0" + sources."packet-reader-1.0.0" + sources."parseurl-1.3.3" + sources."path-exists-4.0.0" + sources."path-is-absolute-1.0.1" + sources."pg-8.7.3" + sources."pg-connection-string-2.5.0" + sources."pg-int8-1.0.1" + sources."pg-pool-3.5.1" + sources."pg-protocol-1.5.0" + sources."pg-types-2.2.0" + sources."pgpass-1.0.5" + sources."picomatch-2.3.1" + sources."postgres-array-2.0.0" + sources."postgres-bytea-1.0.0" + sources."postgres-date-1.0.7" + sources."postgres-interval-1.2.0" + sources."pseudomap-1.0.2" + sources."randombytes-2.1.0" + sources."readable-stream-1.1.14" + sources."readdirp-3.5.0" + sources."redis-0.8.1" + sources."redis-url-0.1.0" + sources."require-directory-2.1.1" + sources."safe-buffer-5.2.1" + sources."serialize-javascript-5.0.1" + sources."source-map-0.6.1" + sources."split2-4.1.0" + sources."st-2.0.0" + sources."stack-trace-0.0.10" + sources."statuses-1.5.0" + sources."streamsearch-0.1.2" + sources."string-width-2.1.1" + sources."string_decoder-0.10.31" + sources."strip-ansi-4.0.0" + sources."strip-json-comments-3.1.1" + sources."supports-color-8.1.1" + sources."to-regex-range-5.0.1" + sources."uglify-js-3.1.6" + sources."unpipe-1.0.0" + sources."util-deprecate-1.0.2" + sources."utils-merge-1.0.1" + sources."which-2.0.2" + sources."wide-align-1.1.3" + sources."winston-2.4.5" + sources."workerpool-6.1.0" + (sources."wrap-ansi-7.0.0" // { + dependencies = [ + sources."ansi-regex-5.0.1" + sources."is-fullwidth-code-point-3.0.0" + sources."string-width-4.2.3" + sources."strip-ansi-6.0.1" + ]; + }) + sources."wrappy-1.0.2" + sources."xtend-4.0.2" + sources."y18n-5.0.8" + sources."yallist-2.1.2" + (sources."yargs-16.2.0" // { + dependencies = [ + sources."ansi-regex-5.0.1" + sources."is-fullwidth-code-point-3.0.0" + sources."string-width-4.2.3" + sources."strip-ansi-6.0.1" + ]; + }) + sources."yargs-parser-20.2.4" + sources."yargs-unparser-2.0.0" + sources."yocto-queue-0.1.0" + ]; + buildInputs = globalBuildInputs; + meta = { + description = "Private Pastebin Server"; + }; + production = false; + bypassCache = true; + reconstructLock = true; + }; +in +{ + args = args; + sources = sources; + tarball = nodeEnv.buildNodeSourceDist args; + package = nodeEnv.buildNodePackage args; + shell = nodeEnv.buildNodeShell args; + nodeDependencies = nodeEnv.buildNodeDependencies (lib.overrideExisting args { + src = stdenv.mkDerivation { + name = args.name + "-package-json"; + src = nix-gitignore.gitignoreSourcePure [ + "*" + "!package.json" + "!package-lock.json" + ] args.src; + dontBuild = true; + installPhase = "mkdir -p $out; cp -r ./* $out;"; + }; + }); +} diff --git a/pkgs/servers/haste-server/node-env.nix b/pkgs/servers/haste-server/node-env.nix new file mode 100644 index 0000000000000..5f055785791ba --- /dev/null +++ b/pkgs/servers/haste-server/node-env.nix @@ -0,0 +1,588 @@ +# This file originates from node2nix + +{lib, stdenv, nodejs, python2, pkgs, libtool, runCommand, writeTextFile, writeShellScript}: + +let + # Workaround to cope with utillinux in Nixpkgs 20.09 and util-linux in Nixpkgs master + utillinux = if pkgs ? utillinux then pkgs.utillinux else pkgs.util-linux; + + python = if nodejs ? python then nodejs.python else python2; + + # Create a tar wrapper that filters all the 'Ignoring unknown extended header keyword' noise + tarWrapper = runCommand "tarWrapper" {} '' + mkdir -p $out/bin + + cat > $out/bin/tar <<EOF + #! ${stdenv.shell} -e + $(type -p tar) "\$@" --warning=no-unknown-keyword --delay-directory-restore + EOF + + chmod +x $out/bin/tar + ''; + + # Function that generates a TGZ file from a NPM project + buildNodeSourceDist = + { name, version, src, ... }: + + stdenv.mkDerivation { + name = "node-tarball-${name}-${version}"; + inherit src; + buildInputs = [ nodejs ]; + buildPhase = '' + export HOME=$TMPDIR + tgzFile=$(npm pack | tail -n 1) # Hooks to the pack command will add output (https://docs.npmjs.com/misc/scripts) + ''; + installPhase = '' + mkdir -p $out/tarballs + mv $tgzFile $out/tarballs + mkdir -p $out/nix-support + echo "file source-dist $out/tarballs/$tgzFile" >> $out/nix-support/hydra-build-products + ''; + }; + + # Common shell logic + installPackage = writeShellScript "install-package" '' + installPackage() { + local packageName=$1 src=$2 + + local strippedName + + local DIR=$PWD + cd $TMPDIR + + unpackFile $src + + # Make the base dir in which the target dependency resides first + mkdir -p "$(dirname "$DIR/$packageName")" + + if [ -f "$src" ] + then + # Figure out what directory has been unpacked + packageDir="$(find . -maxdepth 1 -type d | tail -1)" + + # Restore write permissions to make building work + find "$packageDir" -type d -exec chmod u+x {} \; + chmod -R u+w "$packageDir" + + # Move the extracted tarball into the output folder + mv "$packageDir" "$DIR/$packageName" + elif [ -d "$src" ] + then + # Get a stripped name (without hash) of the source directory. + # On old nixpkgs it's already set internally. + if [ -z "$strippedName" ] + then + strippedName="$(stripHash $src)" + fi + + # Restore write permissions to make building work + chmod -R u+w "$strippedName" + + # Move the extracted directory into the output folder + mv "$strippedName" "$DIR/$packageName" + fi + + # Change to the package directory to install dependencies + cd "$DIR/$packageName" + } + ''; + + # Bundle the dependencies of the package + # + # Only include dependencies if they don't exist. They may also be bundled in the package. + includeDependencies = {dependencies}: + lib.optionalString (dependencies != []) ( + '' + mkdir -p node_modules + cd node_modules + '' + + (lib.concatMapStrings (dependency: + '' + if [ ! -e "${dependency.name}" ]; then + ${composePackage dependency} + fi + '' + ) dependencies) + + '' + cd .. + '' + ); + + # Recursively composes the dependencies of a package + composePackage = { name, packageName, src, dependencies ? [], ... }@args: + builtins.addErrorContext "while evaluating node package '${packageName}'" '' + installPackage "${packageName}" "${src}" + ${includeDependencies { inherit dependencies; }} + cd .. + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + ''; + + pinpointDependencies = {dependencies, production}: + let + pinpointDependenciesFromPackageJSON = writeTextFile { + name = "pinpointDependencies.js"; + text = '' + var fs = require('fs'); + var path = require('path'); + + function resolveDependencyVersion(location, name) { + if(location == process.env['NIX_STORE']) { + return null; + } else { + var dependencyPackageJSON = path.join(location, "node_modules", name, "package.json"); + + if(fs.existsSync(dependencyPackageJSON)) { + var dependencyPackageObj = JSON.parse(fs.readFileSync(dependencyPackageJSON)); + + if(dependencyPackageObj.name == name) { + return dependencyPackageObj.version; + } + } else { + return resolveDependencyVersion(path.resolve(location, ".."), name); + } + } + } + + function replaceDependencies(dependencies) { + if(typeof dependencies == "object" && dependencies !== null) { + for(var dependency in dependencies) { + var resolvedVersion = resolveDependencyVersion(process.cwd(), dependency); + + if(resolvedVersion === null) { + process.stderr.write("WARNING: cannot pinpoint dependency: "+dependency+", context: "+process.cwd()+"\n"); + } else { + dependencies[dependency] = resolvedVersion; + } + } + } + } + + /* Read the package.json configuration */ + var packageObj = JSON.parse(fs.readFileSync('./package.json')); + + /* Pinpoint all dependencies */ + replaceDependencies(packageObj.dependencies); + if(process.argv[2] == "development") { + replaceDependencies(packageObj.devDependencies); + } + replaceDependencies(packageObj.optionalDependencies); + + /* Write the fixed package.json file */ + fs.writeFileSync("package.json", JSON.stringify(packageObj, null, 2)); + ''; + }; + in + '' + node ${pinpointDependenciesFromPackageJSON} ${if production then "production" else "development"} + + ${lib.optionalString (dependencies != []) + '' + if [ -d node_modules ] + then + cd node_modules + ${lib.concatMapStrings (dependency: pinpointDependenciesOfPackage dependency) dependencies} + cd .. + fi + ''} + ''; + + # Recursively traverses all dependencies of a package and pinpoints all + # dependencies in the package.json file to the versions that are actually + # being used. + + pinpointDependenciesOfPackage = { packageName, dependencies ? [], production ? true, ... }@args: + '' + if [ -d "${packageName}" ] + then + cd "${packageName}" + ${pinpointDependencies { inherit dependencies production; }} + cd .. + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + fi + ''; + + # Extract the Node.js source code which is used to compile packages with + # native bindings + nodeSources = runCommand "node-sources" {} '' + tar --no-same-owner --no-same-permissions -xf ${nodejs.src} + mv node-* $out + ''; + + # Script that adds _integrity fields to all package.json files to prevent NPM from consulting the cache (that is empty) + addIntegrityFieldsScript = writeTextFile { + name = "addintegrityfields.js"; + text = '' + var fs = require('fs'); + var path = require('path'); + + function augmentDependencies(baseDir, dependencies) { + for(var dependencyName in dependencies) { + var dependency = dependencies[dependencyName]; + + // Open package.json and augment metadata fields + var packageJSONDir = path.join(baseDir, "node_modules", dependencyName); + var packageJSONPath = path.join(packageJSONDir, "package.json"); + + if(fs.existsSync(packageJSONPath)) { // Only augment packages that exist. Sometimes we may have production installs in which development dependencies can be ignored + console.log("Adding metadata fields to: "+packageJSONPath); + var packageObj = JSON.parse(fs.readFileSync(packageJSONPath)); + + if(dependency.integrity) { + packageObj["_integrity"] = dependency.integrity; + } else { + packageObj["_integrity"] = "sha1-000000000000000000000000000="; // When no _integrity string has been provided (e.g. by Git dependencies), add a dummy one. It does not seem to harm and it bypasses downloads. + } + + if(dependency.resolved) { + packageObj["_resolved"] = dependency.resolved; // Adopt the resolved property if one has been provided + } else { + packageObj["_resolved"] = dependency.version; // Set the resolved version to the version identifier. This prevents NPM from cloning Git repositories. + } + + if(dependency.from !== undefined) { // Adopt from property if one has been provided + packageObj["_from"] = dependency.from; + } + + fs.writeFileSync(packageJSONPath, JSON.stringify(packageObj, null, 2)); + } + + // Augment transitive dependencies + if(dependency.dependencies !== undefined) { + augmentDependencies(packageJSONDir, dependency.dependencies); + } + } + } + + if(fs.existsSync("./package-lock.json")) { + var packageLock = JSON.parse(fs.readFileSync("./package-lock.json")); + + if(![1, 2].includes(packageLock.lockfileVersion)) { + process.stderr.write("Sorry, I only understand lock file versions 1 and 2!\n"); + process.exit(1); + } + + if(packageLock.dependencies !== undefined) { + augmentDependencies(".", packageLock.dependencies); + } + } + ''; + }; + + # Reconstructs a package-lock file from the node_modules/ folder structure and package.json files with dummy sha1 hashes + reconstructPackageLock = writeTextFile { + name = "addintegrityfields.js"; + text = '' + var fs = require('fs'); + var path = require('path'); + + var packageObj = JSON.parse(fs.readFileSync("package.json")); + + var lockObj = { + name: packageObj.name, + version: packageObj.version, + lockfileVersion: 1, + requires: true, + dependencies: {} + }; + + function augmentPackageJSON(filePath, dependencies) { + var packageJSON = path.join(filePath, "package.json"); + if(fs.existsSync(packageJSON)) { + var packageObj = JSON.parse(fs.readFileSync(packageJSON)); + dependencies[packageObj.name] = { + version: packageObj.version, + integrity: "sha1-000000000000000000000000000=", + dependencies: {} + }; + processDependencies(path.join(filePath, "node_modules"), dependencies[packageObj.name].dependencies); + } + } + + function processDependencies(dir, dependencies) { + if(fs.existsSync(dir)) { + var files = fs.readdirSync(dir); + + files.forEach(function(entry) { + var filePath = path.join(dir, entry); + var stats = fs.statSync(filePath); + + if(stats.isDirectory()) { + if(entry.substr(0, 1) == "@") { + // When we encounter a namespace folder, augment all packages belonging to the scope + var pkgFiles = fs.readdirSync(filePath); + + pkgFiles.forEach(function(entry) { + if(stats.isDirectory()) { + var pkgFilePath = path.join(filePath, entry); + augmentPackageJSON(pkgFilePath, dependencies); + } + }); + } else { + augmentPackageJSON(filePath, dependencies); + } + } + }); + } + } + + processDependencies("node_modules", lockObj.dependencies); + + fs.writeFileSync("package-lock.json", JSON.stringify(lockObj, null, 2)); + ''; + }; + + prepareAndInvokeNPM = {packageName, bypassCache, reconstructLock, npmFlags, production}: + let + forceOfflineFlag = if bypassCache then "--offline" else "--registry http://www.example.com"; + in + '' + # Pinpoint the versions of all dependencies to the ones that are actually being used + echo "pinpointing versions of dependencies..." + source $pinpointDependenciesScriptPath + + # Patch the shebangs of the bundled modules to prevent them from + # calling executables outside the Nix store as much as possible + patchShebangs . + + # Deploy the Node.js package by running npm install. Since the + # dependencies have been provided already by ourselves, it should not + # attempt to install them again, which is good, because we want to make + # it Nix's responsibility. If it needs to install any dependencies + # anyway (e.g. because the dependency parameters are + # incomplete/incorrect), it fails. + # + # The other responsibilities of NPM are kept -- version checks, build + # steps, postprocessing etc. + + export HOME=$TMPDIR + cd "${packageName}" + runHook preRebuild + + ${lib.optionalString bypassCache '' + ${lib.optionalString reconstructLock '' + if [ -f package-lock.json ] + then + echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!" + echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!" + rm package-lock.json + else + echo "No package-lock.json file found, reconstructing..." + fi + + node ${reconstructPackageLock} + ''} + + node ${addIntegrityFieldsScript} + ''} + + npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild + + if [ "''${dontNpmInstall-}" != "1" ] + then + # NPM tries to download packages even when they already exist if npm-shrinkwrap is used. + rm -f npm-shrinkwrap.json + + npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} install + fi + ''; + + # Builds and composes an NPM package including all its dependencies + buildNodePackage = + { name + , packageName + , version + , dependencies ? [] + , buildInputs ? [] + , production ? true + , npmFlags ? "" + , dontNpmInstall ? false + , bypassCache ? false + , reconstructLock ? false + , preRebuild ? "" + , dontStrip ? true + , unpackPhase ? "true" + , buildPhase ? "true" + , meta ? {} + , ... }@args: + + let + extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" "dontStrip" "dontNpmInstall" "preRebuild" "unpackPhase" "buildPhase" "meta" ]; + in + stdenv.mkDerivation ({ + name = "${name}-${version}"; + buildInputs = [ tarWrapper python nodejs ] + ++ lib.optional (stdenv.isLinux) utillinux + ++ lib.optional (stdenv.isDarwin) libtool + ++ buildInputs; + + inherit nodejs; + + inherit dontStrip; # Stripping may fail a build for some package deployments + inherit dontNpmInstall preRebuild unpackPhase buildPhase; + + compositionScript = composePackage args; + pinpointDependenciesScript = pinpointDependenciesOfPackage args; + + passAsFile = [ "compositionScript" "pinpointDependenciesScript" ]; + + installPhase = '' + source ${installPackage} + + # Create and enter a root node_modules/ folder + mkdir -p $out/lib/node_modules + cd $out/lib/node_modules + + # Compose the package and all its dependencies + source $compositionScriptPath + + ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }} + + # Create symlink to the deployed executable folder, if applicable + if [ -d "$out/lib/node_modules/.bin" ] + then + ln -s $out/lib/node_modules/.bin $out/bin + fi + + # Create symlinks to the deployed manual page folders, if applicable + if [ -d "$out/lib/node_modules/${packageName}/man" ] + then + mkdir -p $out/share + for dir in "$out/lib/node_modules/${packageName}/man/"* + do + mkdir -p $out/share/man/$(basename "$dir") + for page in "$dir"/* + do + ln -s $page $out/share/man/$(basename "$dir") + done + done + fi + + # Run post install hook, if provided + runHook postInstall + ''; + + meta = { + # default to Node.js' platforms + platforms = nodejs.meta.platforms; + } // meta; + } // extraArgs); + + # Builds a node environment (a node_modules folder and a set of binaries) + buildNodeDependencies = + { name + , packageName + , version + , src + , dependencies ? [] + , buildInputs ? [] + , production ? true + , npmFlags ? "" + , dontNpmInstall ? false + , bypassCache ? false + , reconstructLock ? false + , dontStrip ? true + , unpackPhase ? "true" + , buildPhase ? "true" + , ... }@args: + + let + extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" ]; + in + stdenv.mkDerivation ({ + name = "node-dependencies-${name}-${version}"; + + buildInputs = [ tarWrapper python nodejs ] + ++ lib.optional (stdenv.isLinux) utillinux + ++ lib.optional (stdenv.isDarwin) libtool + ++ buildInputs; + + inherit dontStrip; # Stripping may fail a build for some package deployments + inherit dontNpmInstall unpackPhase buildPhase; + + includeScript = includeDependencies { inherit dependencies; }; + pinpointDependenciesScript = pinpointDependenciesOfPackage args; + + passAsFile = [ "includeScript" "pinpointDependenciesScript" ]; + + installPhase = '' + source ${installPackage} + + mkdir -p $out/${packageName} + cd $out/${packageName} + + source $includeScriptPath + + # Create fake package.json to make the npm commands work properly + cp ${src}/package.json . + chmod 644 package.json + ${lib.optionalString bypassCache '' + if [ -f ${src}/package-lock.json ] + then + cp ${src}/package-lock.json . + fi + ''} + + # Go to the parent folder to make sure that all packages are pinpointed + cd .. + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + + ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }} + + # Expose the executables that were installed + cd .. + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + + mv ${packageName} lib + ln -s $out/lib/node_modules/.bin $out/bin + ''; + } // extraArgs); + + # Builds a development shell + buildNodeShell = + { name + , packageName + , version + , src + , dependencies ? [] + , buildInputs ? [] + , production ? true + , npmFlags ? "" + , dontNpmInstall ? false + , bypassCache ? false + , reconstructLock ? false + , dontStrip ? true + , unpackPhase ? "true" + , buildPhase ? "true" + , ... }@args: + + let + nodeDependencies = buildNodeDependencies args; + in + stdenv.mkDerivation { + name = "node-shell-${name}-${version}"; + + buildInputs = [ python nodejs ] ++ lib.optional (stdenv.isLinux) utillinux ++ buildInputs; + buildCommand = '' + mkdir -p $out/bin + cat > $out/bin/shell <<EOF + #! ${stdenv.shell} -e + $shellHook + exec ${stdenv.shell} + EOF + chmod +x $out/bin/shell + ''; + + # Provide the dependencies in a development shell through the NODE_PATH environment variable + inherit nodeDependencies; + shellHook = lib.optionalString (dependencies != []) '' + export NODE_PATH=${nodeDependencies}/lib/node_modules + export PATH="${nodeDependencies}/bin:$PATH" + ''; + }; +in +{ + buildNodeSourceDist = lib.makeOverridable buildNodeSourceDist; + buildNodePackage = lib.makeOverridable buildNodePackage; + buildNodeDependencies = lib.makeOverridable buildNodeDependencies; + buildNodeShell = lib.makeOverridable buildNodeShell; +} diff --git a/pkgs/servers/haste-server/update.sh b/pkgs/servers/haste-server/update.sh new file mode 100755 index 0000000000000..1c5cf6f64f640 --- /dev/null +++ b/pkgs/servers/haste-server/update.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl common-updater-scripts nodePackages.node2nix gnused nix coreutils jq + +set -euo pipefail + +latestVersion="$(curl -s "https://api.github.com/repos/toptal/haste-server/commits?per_page=1" | jq -r ".[0].sha")" +currentVersion=$(nix-instantiate --eval -E "with import ./. {}; haste-server.version or (lib.getVersion haste-server)" | tr -d '"') + +if [[ "$currentVersion" == "$latestVersion" ]]; then + echo "haste-server is up-to-date: $currentVersion" + exit 0 +fi + +update-source-version haste-server 0 sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= +update-source-version haste-server "$latestVersion" + +# use patched source +store_src="$(nix-build . -A haste-server.src --no-out-link)" + +cd "$(dirname "${BASH_SOURCE[0]}")" + +node2nix \ + --nodejs-14 \ + --development \ + --node-env ./node-env.nix \ + --output ./node-deps.nix \ + --input "$store_src/package.json" \ + --composition ./node-composition.nix diff --git a/pkgs/servers/keycloak/default.nix b/pkgs/servers/keycloak/default.nix index 6f7723eb34482..f28679f2cf5fc 100644 --- a/pkgs/servers/keycloak/default.nix +++ b/pkgs/servers/keycloak/default.nix @@ -1,73 +1,81 @@ -{ stdenv, lib, fetchzip, makeWrapper, jre, writeText, nixosTests -, postgresql_jdbc ? null, mysql_jdbc ? null +{ stdenv +, lib +, fetchzip +, makeWrapper +, jre +, writeText +, nixosTests , callPackage + +, confFile ? null +, plugins ? [ ] }: -let - mkModuleXml = name: jarFile: writeText "module.xml" '' - <?xml version="1.0" ?> - <module xmlns="urn:jboss:module:1.3" name="${name}"> - <resources> - <resource-root path="${jarFile}"/> - </resources> - <dependencies> - <module name="javax.api"/> - <module name="javax.transaction.api"/> - </dependencies> - </module> - ''; -in stdenv.mkDerivation rec { - pname = "keycloak"; + pname = "keycloak"; version = "17.0.1"; src = fetchzip { - url = "https://github.com/keycloak/keycloak/releases/download/${version}/keycloak-legacy-${version}.zip"; - sha256 = "sha256-oqANNk7T6+CAS818v3I1QNsuxetL/JFZMqxouRn+kdE="; + url = "https://github.com/keycloak/keycloak/releases/download/${version}/keycloak-${version}.zip"; + sha256 = "sha256-z1LfTUoK+v4oQxdyIQruFhl5O333zirSrkPoTFgVfmI="; }; - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeWrapper jre ]; + + buildPhase = '' + runHook preBuild + '' + lib.optionalString (confFile != null) '' + install -m 0600 ${confFile} conf/keycloak.conf + '' + '' + install_plugin() { + if [ -d "$1" ]; then + find "$1" -type f \( -iname \*.ear -o -iname \*.jar \) -exec install -m 0500 "{}" "providers/" \; + else + install -m 0500 "$1" "providers/" + fi + } + ${lib.concatMapStringsSep "\n" (pl: "install_plugin ${lib.escapeShellArg pl}") plugins} + '' + '' + export KC_HOME_DIR=$out + export KC_CONF_DIR=$out/conf + + patchShebangs bin/kc.sh + bin/kc.sh build + + runHook postBuild + ''; installPhase = '' + runHook preInstall + mkdir $out cp -r * $out - rm -rf $out/bin/*.{ps1,bat} + rm $out/bin/*.{ps1,bat} - module_path=$out/modules/system/layers/keycloak - if ! [[ -d $module_path ]]; then - echo "The module path $module_path not found!" - exit 1 - fi + runHook postInstall + ''; + + postFixup = '' + substituteInPlace $out/bin/kc.sh --replace '-Dkc.home.dir=$DIRNAME/../' '-Dkc.home.dir=$KC_HOME_DIR' + substituteInPlace $out/bin/kc.sh --replace '-Djboss.server.config.dir=$DIRNAME/../conf' '-Djboss.server.config.dir=$KC_CONF_DIR' - ${lib.optionalString (postgresql_jdbc != null) '' - mkdir -p $module_path/org/postgresql/main - ln -s ${postgresql_jdbc}/share/java/postgresql-jdbc.jar $module_path/org/postgresql/main/ - ln -s ${mkModuleXml "org.postgresql" "postgresql-jdbc.jar"} $module_path/org/postgresql/main/module.xml - ''} - ${lib.optionalString (mysql_jdbc != null) '' - mkdir -p $module_path/com/mysql/main - ln -s ${mysql_jdbc}/share/java/mysql-connector-java.jar $module_path/com/mysql/main/ - ln -s ${mkModuleXml "com.mysql" "mysql-connector-java.jar"} $module_path/com/mysql/main/module.xml - ''} - - for script in add-user-keycloak.sh add-user.sh domain.sh elytron-tool.sh jboss-cli.sh jconsole.sh jdr.sh standalone.sh wsconsume.sh wsprovide.sh; do - wrapProgram $out/bin/$script --set JAVA_HOME ${jre} + for script in $(find $out/bin -type f -executable); do + wrapProgram "$script" --set JAVA_HOME ${jre} --prefix PATH : ${jre}/bin done - wrapProgram $out/bin/kcadm.sh --prefix PATH : ${jre}/bin - wrapProgram $out/bin/kcreg.sh --prefix PATH : ${jre}/bin ''; passthru = { tests = nixosTests.keycloak; - plugins = callPackage ./all-plugins.nix {}; + plugins = callPackage ./all-plugins.nix { }; + enabledPlugins = plugins; }; meta = with lib; { - homepage = "https://www.keycloak.org/"; + homepage = "https://www.keycloak.org/"; description = "Identity and access management for modern applications and services"; - license = licenses.asl20; - platforms = jre.meta.platforms; + license = licenses.asl20; + platforms = jre.meta.platforms; maintainers = with maintainers; [ ngerstle talyz ]; }; diff --git a/pkgs/servers/monitoring/prometheus/bird-exporter.nix b/pkgs/servers/monitoring/prometheus/bird-exporter.nix index caa17ce97fc4c..33005279962a6 100644 --- a/pkgs/servers/monitoring/prometheus/bird-exporter.nix +++ b/pkgs/servers/monitoring/prometheus/bird-exporter.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "bird-exporter"; - version = "1.4.0"; + version = "1.4.1"; src = fetchFromGitHub { owner = "czerwonk"; repo = "bird_exporter"; rev = version; - sha256 = "sha256-N/00+2OrP0BsEazD9bHk+w/xO9E6sFT6nC0MM4n9lR4="; + sha256 = "sha256-QCnOMiAcvn0HcppGJlf3sdllApKcjHpucvk9xxD/MqE="; }; - vendorSha256 = "sha256-9xKMwHNgPMtC+J3mwwUNSJnpMGttpaWF6l8gv0YtvHE="; + vendorSha256 = "sha256-jBwaneVv1a8iIqnhDbQOnvaJdnXgO8P90Iv51IfGaM0="; passthru.tests = { inherit (nixosTests.prometheus-exporters) bird; }; diff --git a/pkgs/tools/filesystems/mtools/default.nix b/pkgs/tools/filesystems/mtools/default.nix index 949b8c92f8468..e7345c639fe28 100644 --- a/pkgs/tools/filesystems/mtools/default.nix +++ b/pkgs/tools/filesystems/mtools/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, fetchurl, libiconv }: stdenv.mkDerivation rec { pname = "mtools"; @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { # fails to find X on darwin configureFlags = lib.optional stdenv.isDarwin "--without-x"; + buildInputs = lib.optional stdenv.isDarwin libiconv; + doCheck = true; meta = with lib; { diff --git a/pkgs/tools/misc/gti/default.nix b/pkgs/tools/misc/gti/default.nix index e950d58fc76ee..21089caf0236d 100644 --- a/pkgs/tools/misc/gti/default.nix +++ b/pkgs/tools/misc/gti/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "gti"; - version = "1.7.0"; + version = "1.8.0"; src = fetchFromGitHub { owner = "rwos"; repo = "gti"; rev = "v${version}"; - sha256 = "1jivnjswlhwjfg5v9nwfg3vfssvqbdxxf9znwmfb5dgfblg9wxw9"; + sha256 = "sha256-x6ncvnZPPrVcQYwtwkSenW+ri0L6FpuDa7U7uYUqiyk="; }; postPatch = '' diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index aa4133c1a669b..025461bd61e4c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6504,6 +6504,8 @@ with pkgs; haste-client = callPackage ../tools/misc/haste-client { }; + haste-server = callPackage ../servers/haste-server { }; + hal-hardware-analyzer = libsForQt5.callPackage ../applications/science/electronics/hal-hardware-analyzer { }; half = callPackage ../development/libraries/half { }; @@ -27103,7 +27105,7 @@ with pkgs; # C++20 is required, darwin has Clang 7 by default, aarch64 has gcc 9 by default stdenv = if stdenv.isDarwin - then clang12Stdenv + then llvmPackages_12.stdenv else if stdenv.isAarch64 then gcc10Stdenv else stdenv; # tdesktop has random crashes when jemalloc is built with gcc. diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 684c3097433dd..b9637aef7d187 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -209,6 +209,8 @@ in { aesara = callPackage ../development/python-modules/aesara { }; + aesedb = callPackage ../development/python-modules/aesedb { }; + afdko = callPackage ../development/python-modules/afdko { }; affine = callPackage ../development/python-modules/affine { }; @@ -1982,6 +1984,8 @@ in { cypari2 = callPackage ../development/python-modules/cypari2 { }; + cypherpunkpay = callPackage ../development/python-modules/cypherpunkpay { }; + cysignals = callPackage ../development/python-modules/cysignals { }; cython = callPackage ../development/python-modules/Cython { }; @@ -5253,6 +5257,8 @@ in { mohawk = callPackage ../development/python-modules/mohawk { }; + monero = callPackage ../development/python-modules/monero { }; + mongomock = callPackage ../development/python-modules/mongomock { }; mongodict = callPackage ../development/python-modules/mongodict { }; @@ -7432,6 +7438,8 @@ in { inherit (pkgs) jq; }; + pypng = callPackage ../development/python-modules/pypng { }; + phonemizer = callPackage ../development/python-modules/phonemizer { }; pyopencl = callPackage ../development/python-modules/pyopencl { @@ -11000,6 +11008,8 @@ in { phantomjsSupport = false; }; + yoyo-migrations = callPackage ../development/python-modules/yoyo-migrations { }; + yt-dlp = callPackage ../tools/misc/yt-dlp { }; yt-dlp-light = callPackage ../tools/misc/yt-dlp { |