1
0
Fork 0

Compare commits

..

30 Commits

Author SHA1 Message Date
Andreas Wiese 6d2274218d xmm7680-pci: adopt fix.patch to 5.15
put_tty_driver() has been dropped as it is only an alias for
tty_driver_kref_put().
2021-11-18 13:51:40 +01:00
Andreas Wiese 81f8f4a66a vivaldi: remove 2021-11-09 22:09:15 +01:00
Andreas Wiese 91e380e7fa modules/snipe-it: make phpfpm use phpPackage
We only used phpPackage for artisan script but not for the actual PHPFPM
instance running the service.  This didn't cause any harm as long as the
default PHP instance was php74 but with the switch to php80 this should
be corrected, as Snipe-IT isn't compatible with 8.0.
2021-10-13 11:16:02 +02:00
Andreas Wiese d5ac2e7678 navidrome-bin: 0.45.1 -> 0.46.0 2021-10-13 11:15:48 +02:00
Andreas Wiese 828a26c33d modules/navidrome: enable only for <21.11 2021-09-22 13:30:05 +02:00
Andreas Wiese 7dc105d7af xmm7360-pci: init at untable-20210802
Kernel module and tools, NixOS module coming soon.
2021-09-17 00:39:45 +02:00
Andreas Wiese 5d36cfb94f snipe-it: 5.1.8 -> 5.2.0 2021-09-10 23:13:16 +02:00
Andreas Wiese 22521bcc05 janus-gateway: 0.11.3 -> 0.11.4 2021-09-09 00:29:32 +02:00
Andreas Wiese 324294e8a8 vivaldi: init at 4.1.2369.21-1
This is in nixpkgs-unstable and PR'ed for 21.05 () but doesn't
make progress so far, thus init here.  Expression is basically copied
from nixpkgs-unstable.
2021-09-09 00:17:04 +02:00
Andreas Wiese 995affe9dc modules/navidrome: init
This is basically copied from nixpkgs-unstable's navidrome module with
some minor modifications.
2021-08-29 23:08:54 +02:00
Andreas Wiese 56c0b03832 navidrome-bin: init at 0.45.1
This is basically copied from nixpkgs-unstable's navidrome derivation
but updated to current version.

I'd prefer building this from source, but currently only manage to build
the backend-only version without the web UI, as building both requires
somehow building a node.js package inside a Go package.
2021-08-29 23:00:06 +02:00
Andreas Wiese 1c6b646175 flake: Update overlay to contain all our packages
Add snipe-it and chrysalis-bin (for x86_64-linux) to overlay.  Those
somehow slipped through.
2021-08-09 00:22:47 +02:00
Andreas Wiese 1037ad9afd janus-gateway: use nixpkgs-unstable's derivation
This is in nixpkgs-unstable now, thus can be dropped once 21.11 (?) is
released.  For now, drop our own derivation in favour of what's coming.
2021-08-09 00:20:42 +02:00
Andreas Wiese 11d2b31e42 usrsctp: remove
This is in nixpkgs now.
2021-08-09 00:10:24 +02:00
Andreas Wiese d79195ebf3 flake: move inputs.nixpkgs to nixos-21.05-small
Flake input changes:

* Updated 'nixpkgs': 'github:NixOS/nixpkgs/60b18a066e8ce5dd21ebff5324345d3586a67ad9' -> 'github:NixOS/nixpkgs/348bc5de8bca09c624f5c4975f538684da4713d2'
2021-08-09 00:05:58 +02:00
Andreas Wiese f227ab33ff nextcloud-spreed-signaling: 0.2.0 -> 0.3.0 2021-08-08 23:11:11 +02:00
Andreas Wiese 85b0d11461 snipe-it: 5.1.6 -> 5.1.8
Tags v5.1.7 and v5.1.8 for some reason point to the same commit, so we
skip 5.1.7. *shrug*
2021-08-03 23:46:25 +02:00
Andreas Wiese d427d0953f snipe-it: 5.1.5 -> 5.1.6 2021-06-21 10:32:08 +02:00
Andreas Wiese 2267e18edf janus-gateway: 0.11.2 -> 0.11.3 2021-06-19 01:49:00 +02:00
Andreas Wiese 341e60a96c ryzenadj: 0.8.1 -> 0.8.2 2021-05-17 00:54:52 +02:00
Andreas Wiese 23ddb3b218 ryzen_smu: 0.1.1 -> 0.1.2 2021-05-11 00:54:49 +02:00
Andreas Wiese f972b70574 ryzenadj: unstable-2021-03-12 -> 0.8.1 2021-05-11 00:33:25 +02:00
Andreas Wiese eadfd4d0a5 snipe-it: 5.1.4 -> 5.1.5 2021-05-11 00:24:59 +02:00
Andreas Wiese 7be4eab398 janus-gateway: 0.10.10 -> 0.11.2
Also enable parallel building.
2021-05-10 19:05:31 +02:00
Andreas Wiese d2b6651201 usrsctp: enable parallel building 2021-05-10 19:00:42 +02:00
Andreas Wiese d41bbf5963 chrysalis{,-bin}: 0.8.3 -> 0.8.4
Also rename (files) to chrysalis-bin.  In a perfect world, we'd have a
source package, so at least do some symbolism.
2021-04-29 01:21:24 +02:00
Andreas Wiese 1538ca5859 modules/snipe-it: remove PostgreSQL support
Since Laravel, the PHP framework used by Snipe-IT in general supports PostgreSQL
and other database systems, there was a slight hope that it would just work™,
even though Snipe-IT itself officially only supports MySQL.  Turns out it
doesn't.

SQLite seems to work fine so far.
2021-04-23 00:34:45 +02:00
Andreas Wiese f8c0d8a036 modules: add services.snipe-it 2021-04-19 13:40:21 +02:00
Andreas Wiese b5e7f4a3a9 snipe-it: init at 5.1.4 2021-04-16 15:51:51 +02:00
Andreas Wiese a42deabaca chrysalis: init at 0.8.3 2021-04-01 21:41:23 +02:00
20 changed files with 3411 additions and 152 deletions

View File

@ -6,16 +6,26 @@ let
in rec { in rec {
janus-gateway = callPackage ./pkgs/janus-gateway { inherit usrsctp; }; janus-gateway = callPackage ./pkgs/janus-gateway { };
nextcloud-spreed-signaling = callPackage ./pkgs/nextcloud-spreed-signaling { }; nextcloud-spreed-signaling = callPackage ./pkgs/nextcloud-spreed-signaling { };
usrsctp = callPackage ./pkgs/usrsctp { }; snipe-it = callPackage ./pkgs/snipe-it { };
} // optionalAttrs (pkgs.system == "x86_64-linux") { } // optionalAttrs (pkgs.system == "x86_64-linux") rec {
chrysalis-bin = callPackage ./pkgs/chrysalis-bin { };
navidrome-bin = callPackage ./pkgs/navidrome-bin { };
ryzenadj = callPackage ./pkgs/ryzenadj { }; ryzenadj = callPackage ./pkgs/ryzenadj { };
ryzen_smu = callPackage ./pkgs/ryzen_smu { kernel = pkgs.linux; }; ryzen_smu = callPackage ./pkgs/ryzen_smu { kernel = pkgs.linux; };
} // optionalAttrs (builtins.elem pkgs.system pkgs.lib.platforms.linux) rec {
xmm7360-pci = callPackage ./pkgs/xmm7360-pci { kernel = pkgs.linux; };
xmm7360-pci-tools = callPackage ./pkgs/xmm7360-pci/tools.nix { inherit xmm7360-pci; };
} }

View File

@ -2,16 +2,16 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1615583000, "lastModified": 1628427351,
"narHash": "sha256-ysd3ntUs8qeVuYdmp2Y5J992NVdoKji9i92StU3IJ7M=", "narHash": "sha256-WuZUIQ07AvRw+T9wvQ3qFf8MXmKZ+ktZz9drNgWXDbs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "60b18a066e8ce5dd21ebff5324345d3586a67ad9", "rev": "348bc5de8bca09c624f5c4975f538684da4713d2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-20.09-small", "ref": "nixos-21.05-small",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

View File

@ -1,7 +1,7 @@
{ {
description = "meterriblecrew.net package flake"; description = "meterriblecrew.net package flake";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-20.09-small"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05-small";
outputs = inputs@{ self, nixpkgs }: let outputs = inputs@{ self, nixpkgs }: let
@ -19,10 +19,13 @@
nixosModules = { nixosModules = {
ryzenSMU = import ./modules/ryzenSMU; ryzenSMU = import ./modules/ryzenSMU;
servicesNavidrome = import ./modules/services/navidrome.nix;
servicesSnipeIT = import ./modules/services/snipe-it.nix;
}; };
packages = forAllSystems (system: import ./. { packages = forAllSystems (system: import ./. {
pkgs = import nixpkgs { inherit system; }; pkgs = import nixpkgs { inherit system; config = { allowUnfree = true; }; };
}); });
overlay = next: prev: overlay = next: prev:
@ -31,13 +34,20 @@
inherit (localPkgs) inherit (localPkgs)
janus-gateway janus-gateway
nextcloud-spreed-signaling nextcloud-spreed-signaling
usrsctp snipe-it
; ;
} // prev.lib.optionalAttrs (prev.system == "x86_64-linux") { } // prev.lib.optionalAttrs (prev.system == "x86_64-linux") rec {
inherit (localPkgs) inherit (localPkgs)
chrysalis-bin
navidrome-bin
ryzenadj ryzenadj
ryzen_smu ryzen_smu
; ;
} // prev.lib.optionalAttrs (builtins.elem prev.system prev.lib.platforms.linux) rec {
inherit (localPkgs)
xmm7360-pci
xmm7360-pci-tools
;
}; };
}; };

View File

@ -0,0 +1,82 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) callPackageWith mkEnableOption mkIf mkOption
recursiveUpdate types;
cfg = config.services.navidrome;
package = callPackageWith pkgs ../../pkgs/navidrome-bin { };
settingsFormat = pkgs.formats.json {};
in lib.optionalAttrs (lib.versionOlder lib.version "21.11pre") {
options = {
services.navidrome = {
enable = mkEnableOption package.meta.description;
package = mkOption {
type = types.package;
default = package;
description = "Navidrome package to use.";
};
settings = mkOption rec {
type = settingsFormat.type;
apply = recursiveUpdate default;
default = {
Address = "127.0.0.1";
Port = 4533;
};
example = {
MusicFolder = "/mnt/music";
};
description = ''
Configuration for Navidrome, see <link xlink:href="https://www.navidrome.org/docs/usage/configuration-options/"/> for supported values.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.navidrome = {
description = "Navidrome Media Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${cfg.package}/bin/navidrome --configfile ${settingsFormat.generate "navidrome.json" cfg.settings}
'';
DynamicUser = true;
StateDirectory = "navidrome";
WorkingDirectory = "/var/lib/navidrome";
RuntimeDirectory = "navidrome";
RootDirectory = "/run/navidrome";
ReadWritePaths = "";
BindReadOnlyPaths = [
builtins.storeDir
] ++ lib.optional (cfg.settings ? MusicFolder) cfg.settings.MusicFolder;
CapabilityBoundingSet = "";
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
RestrictRealtime = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
UMask = "0066";
ProtectHostname = true;
};
};
};
}

View File

@ -0,0 +1,498 @@
{ config, lib, pkgs, modulesPath, ... }:
let
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption types
boolToString callPackageWith optional optionals optionalString recursiveUpdate;
cfg = config.services.snipe-it;
phpPackage = cfg.phpPackage.withExtensions ({ enabled, all }:
enabled ++ (with all; [
json
openssl
pdo
mbstring
tokenizer
curl
ldap
zip
fileinfo
bcmath
gd
] ++ optionals useMysql [
pdo_mysql
])
);
nginxPackage = config.services.nginx.package;
user = cfg.user;
group = cfg.group;
db = cfg.database;
useMysql = db.type == "mysql";
useSqlite = db.type == "sqlite";
mail = cfg.mail;
useSSL = with cfg.nginx; (addSSL || forceSSL || onlySSL || enableACME);
snipe-it = cfg.package.override { inherit (cfg) cacheDir dataDir; };
artisan = pkgs.writeShellScriptBin "snipe-it" ''
cd ${snipe-it}
sudo=exec
if [[ "$USER" != ${user} ]]; then
sudo='exec /run/wrappers/bin/sudo -u ${user}'
fi
$sudo ${phpPackage}/bin/php artisan $*
'';
in {
options.services.snipe-it = {
enable = mkEnableOption "Snipe-IT free open source IT asset management";
package = mkOption {
type = types.package;
default = callPackageWith pkgs ../../pkgs/snipe-it { };
description = "Snipe-IT derivation to use.";
};
phpPackage = mkOption {
type = types.package;
default = pkgs.php74;
description = "PHP package to use.";
};
user = mkOption {
type = types.str;
default = "snipe-it";
description = "User Snipe-IT runs as.";
};
group = mkOption {
type = types.str;
default = "snipe-it";
description = "Group Snipe-IT runs as.";
};
hostName = mkOption {
type = types.str;
example = "assets.example.com";
description = "FQDN for the Snipe-IT instance.";
};
maxResults = mkOption {
type = types.int;
default = 500;
description = ''
The result limit. This value determines the maximum number of results to return,
even if a higher limit is passed in an API request. This is done to prevent
timeouts when custom scripts are requesting large numbers of assets at a time.
'';
};
# Basic app settings
appKeyFile = mkOption {
type = types.path;
example = "/run/keys/snipe-it-appkey";
description = ''
A file containing the app key. Used for encryption where needed.
Can be generated with <code>head -c32 /dev/urandom | base64</code>.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/snipe-it";
description = "Snipe-IT's data directory.";
};
cacheDir = mkOption {
type = types.path;
default = "/var/cache/snipe-it";
description = "Snipe-IT's cache directory";
};
database = {
type = mkOption {
type = types.enum [ "mysql" "sqlite" ];
default = "mysql";
description = "Database engine to use.";
};
host = mkOption {
type = types.str;
default = "localhost";
description = "Database host address.";
};
port = mkOption {
type = types.port;
default = if useMysql then 3306 else 5432;
description = ''
Database host port. This currently only has
an effect when using MySQL.
'';
};
name = mkOption {
type = types.str;
default = "snipe-it";
description = "Name of the MySQL database.";
};
username = mkOption {
type = types.str;
default = user;
description = "Username to use to connect to database.";
};
passwordFile = mkOption {
type = types.nullOr types.path;
example = "/run/keys/snipe-it-dbpass";
description = ''
File containing the password corresponding to
<option>database.username</option>.
'';
};
};
mail = {
host = mkOption {
type = types.str;
default = "localhost";
description = "Mail server host address.";
};
port = mkOption {
type = types.port;
default = 25;
description = "Mail server host port.";
};
encryption = mkOption {
type = types.nullOr (types.enum [ "ssl" "tls" ]);
default = null;
example = "tls";
description = ''
Type of transport encryption to use.
'';
};
username = mkOption {
type = types.nullOr types.str;
default = null;
description = "User to use to connect to mail server.";
};
passwordFile = mkOption {
type = types.path;
example = "/run/keys/snipe-it-mailpass";
description = ''
File containing the password corresponding to
<option>mail.username</option>.
'';
};
fromAddress = mkOption {
type = types.str;
description = ''Global "From" address.'';
};
fromName = mkOption {
type = types.str;
default = "Snipe-IT";
description = ''Global "From" name.'';
};
replytoAddress = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Global "Reply-To" address. If null (the default),
"Reply-To" won't be set.
'';
};
replytoName = mkOption {
type = types.str;
default = "Snipe-IT";
description = ''
Global "Reply-To" name. <option>mail.replytoAddress</option>
also has to be set for this to have any effect.
'';
};
autoEmbed = {
enable = mkEnableOption "Embed images into mails instead of hyperlinking them.";
method = mkOption {
type = types.enum [ "attachment" "base64" ];
default = "attachment";
description = "Embedding method to use.";
};
};
};
memcached = {
enable = mkEnableOption "memcached as caching backend";
host = mkOption {
type = types.str;
default = "localhost";
description = "Memcached host address.";
};
port = mkOption {
type = types.port;
default = 11211;
description = "Memcached host port.";
};
};
session = {
lifeTime = mkOption {
type = types.int;
default = 12000;
description = "Session lifetime in minutes.";
};
expireOnClose = mkOption {
type = types.bool;
default = false;
description = "Expire sessions when closing browser window.";
};
encrypt = mkOption {
type = types.bool;
default = false;
description = "Encrypt stored session data.";
};
};
maxUploadSize = mkOption {
type = types.str;
default = "16M";
example = "1G";
description = "The maximum size for uploads (e.g. images).";
};
poolConfig = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]);
default = {
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4;
"pm.max_requests" = 500;
};
description = ''
Options for the Snipe-IT PHP pool. See the documentation on
<literal>php-fpm.conf</literal> for details on configuration directives.
'';
};
nginx = mkOption {
type = types.submodule (
recursiveUpdate
(import
(modulesPath + "/services/web-servers/nginx/vhost-options.nix")
{ inherit config lib; })
{}
);
default = {};
example = {
serverAliases = [
"snipe-it.\${config.networking.domain}"
];
# To enable encryption and let letsencrypt take care of certificate
forceSSL = true;
enableACME = true;
};
description = ''
With this option, you can customize the nginz virtualHost settings.
'';
};
extraConfig = mkOption {
type = types.nullOr types.lines;
default = null;
example = ''
LOGIN_MAX_ATTEMPTS=3
LOGIN_LOCKOUT_DURATION=300
'';
};
};
config = mkIf cfg.enable {
warnings =
optional (!useMysql) ''
Please note: Using another database than MySQL isn't officially supported.
'';
environment.systemPackages = [ artisan ];
services.mysql = mkIf (useMysql && db.host == "localhost") {
enable = mkDefault true;
package = mkDefault pkgs.mariadb;
ensureDatabases = [ db.name ];
ensureUsers = [{
name = db.username;
ensurePermissions = { "${db.name}.*" = "ALL PRIVILEGES"; };
}];
};
services.phpfpm.pools.snipe-it = {
inherit user group phpPackage;
phpOptions = ''
log_errors = on
post_max_size = ${cfg.maxUploadSize}
upload_max_filesize = ${cfg.maxUploadSize}
'';
settings = {
"listen.mode" = "0660";
"listen.owner" = user;
"listen.group" = group;
} // cfg.poolConfig;
};
services.nginx = {
enable = mkDefault true;
virtualHosts."${cfg.hostName}" = mkMerge [ cfg.nginx {
root = mkForce "${snipe-it}/public";
extraConfig = ''
index index.php index.html index.htm;
${optionalString useSSL "fastcgi_param HTTPS on;"}
'';
locations = {
"/" = {
extraConfig = ''try_files $uri $uri/ /index.php$is_args$args;'';
};
"~ \.php$" = {
extraConfig = ''
try_files $uri $uri/ =404;
include ${nginxPackage}/conf/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools."snipe-it".socket};
${optionalString useSSL "fastcgi_param HTTPS on;"}
'';
};
};
}];
};
systemd.tmpfiles.rules = [
"d ${cfg.cacheDir} 0700 ${user} ${group} - -"
"d ${cfg.cacheDir}/bootstrap 0700 ${user} ${group} - -"
"d ${cfg.dataDir} 0710 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/accessories 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/assets 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/avatars 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/barcodes 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/categories 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/companies 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/components 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/consumables 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/departments 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/locations 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/manufacturers 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/models 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/uploads/suppliers 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/storage 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/app 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/app/backups 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/app/backups/env-backups 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/debugbar 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/framework 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/framework/cache 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/framework/sessions 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/framework/views 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/logs 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/private_uploads 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/private_uploads/assetmodels 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/private_uploads/assets 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/private_uploads/audits 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/private_uploads/imports 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/private_uploads/licenses 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/private_uploads/signatures 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/private_uploads/users 0700 ${user} ${group} - -"
] ++ optionals useSqlite [
"f ${cfg.dataDir}/database.sqlite 0600 ${user} ${group} -"
];
systemd.services.snipe-it-setup = {
description = "Preparation tasks for Snipe-IT";
before = [ "phpfpm-snipe-it.service" ];
after = optional useMysql "mysql.service";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
User = user;
WorkingDirectory = "${snipe-it}";
};
script = ''
# create .env file
cat > ${cfg.dataDir}/.env << EOF
APP_KEY="base64:$(head -n1 ${cfg.appKeyFile})"
APP_URL="http${optionalString useSSL "s"}://${cfg.hostName}"
APP_LOG=syslog
MAX_RESULTS=${toString cfg.maxResults}
'' + optionalString useSSL ''
ENABLE_HSTS=true
SECURE_COOKIES=true
'' + ''
SESSION_DRIVER=file
SESSION_LIFETIME=${toString cfg.session.lifeTime}
EXPIRE_ON_CLOSE=${boolToString cfg.session.expireOnClose}
ENCRYPT=${boolToString cfg.session.encrypt}
DB_CONNECTION=${db.type}
'' + optionalString (db.type != "sqlite") ''
DB_HOST=${db.host}
DB_PORT=${toString db.port}
DB_PASSWORD="$(head -n1 ${db.passwordFile})"
DB_USERNAME=${db.username}
DB_DATABASE=${db.name}
'' + ''
MAIL_DRIVER=smtp
MAIL_HOST=${mail.host}
MAIL_PORT=${toString mail.port}
${optionalString (mail.encryption != null) "MAIL_ENCRYPTION=${mail.encryption}"}
MAIL_FROM_ADDR=${mail.fromAddress}
MAIL_FROM_NAME=${mail.fromName}
MAIL_AUTO_EMBED=${boolToString mail.autoEmbed.enable}
MAIL_AUTO_EMBED_METHOD=${mail.autoEmbed.method}
'' + optionalString (mail.username != null) ''
MAIL_USERNAME=${mail.username}
MAIL_PASSWORD="$(head -n1 ${mail.passwordFile})"
'' + optionalString (mail.replytoAddress != null) ''
MAIL_REPLYTO_ADDR=${mail.replytoAddress}
MAIL_REPLYTO_NAME=${mail.replytoName}
'' + optionalString cfg.memcached.enable ''
CACHE_DRIVER=memcached
MEMCACHED_HOST=${cfg.memcached.host}
MEMCACHED_PORT=${toString cfg.memcached.port}
'' + ''
${optionalString (cfg.extraConfig != null) cfg.extraConfig}
EOF
chmod 600 ${cfg.dataDir}/.env
# re-evaluate configuration
${phpPackage}/bin/php artisan config:clear
${phpPackage}/bin/php artisan config:cache
# migrate db
${phpPackage}/bin/php artisan migrate --force
# create caches
${phpPackage}/bin/php artisan event:cache
${phpPackage}/bin/php artisan view:cache
'';
};
users = {
users."${user}" = {
isSystemUser = true;
home = cfg.dataDir;
group = group;
};
groups."${group}" = {};
users."${config.services.nginx.user}".extraGroups = [ group ];
};
};
}

View File

@ -0,0 +1,29 @@
{ lib, appimageTools, fetchurl }:
let
pname = "chrysalis";
version = "0.8.4";
in appimageTools.wrapType2 rec {
name = "${pname}-${version}-binary";
src = fetchurl {
url = "https://github.com/keyboardio/${pname}/releases/download/v${version}/${pname}-${version}.AppImage";
sha256 = "sha256-tB8+I9rIVbFYjP8UHj0xf5a6/5KaBUPHn8zuDG8JW8c=";
};
multiPkgs = null;
extraPkgs = p: (appimageTools.defaultFhsEnvArgs.multiPkgs p) ++ [
p.glib
p.xorg.libxshmfence
];
extraInstallCommands = "mv $out/bin/${name} $out/bin/${pname}";
meta = with lib; {
description = "A graphical configurator for Kaleidoscope-powered keyboards";
homepage = "https://github.com/keyboardio/Chrysalis";
license = licenses.gpl3;
maintainers = with maintainers; [ aw ];
platforms = [ "x86_64-linux" ];
};
}

View File

@ -1,79 +1,59 @@
{ stdenv, lib, fetchFromGitHub { lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, gengetopt
, jansson , glib, libconfig, libnice, jansson, boringssl, zlib, srtp, libuv
, libconfig , libmicrohttpd, curl, libwebsockets, sofia_sip, libogg, libopus
, libnice , usrsctp, ffmpeg
, openssl
, srtp
, usrsctp
, libmicrohttpd
, libwebsockets
, gnumake
#, cmake
, rabbitmq-c
#, paho-mqtt-c
, nanomsg
, curl
, sofia_sip
, libopus
, libogg
, lua
, glib
, zlib
, pkgconfig
, gengetopt
, autoconf
, automake
, libtool
, libuv
}: }:
let
libwebsockets_janus = libwebsockets.overrideAttrs (_: {
configureFlags = [
"-DLWS_MAX_SMP=1"
"-DLWS_WITHOUT_EXTENSIONS=0"
];
});
in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "janus-gateway"; pname = "janus-gateway";
version = "0.10.10"; version = "0.11.4";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "meetecho"; owner = "meetecho";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256-aMyae2jpP4ipgRl5Mp2m0v2M4PQtss3EeAil/MWfYrs="; sha256 = "sha256-K+6r7Nz+zzEDNd5Y44+V7x80DPxjaithregEg+goXk0=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [ autoreconfHook pkg-config gengetopt ];
jansson
libconfig
libnice
openssl
srtp
usrsctp
libmicrohttpd
libwebsockets
gnumake
#cmake
rabbitmq-c
#paho-mqtt-c
nanomsg
curl
sofia_sip
libopus
libogg
lua
glib
zlib
pkgconfig
gengetopt
libuv
autoconf buildInputs = [
automake glib libconfig libnice jansson boringssl zlib srtp libuv libmicrohttpd
libtool curl libwebsockets_janus sofia_sip libogg libopus usrsctp ffmpeg
]; ];
preConfigure = "./autogen.sh"; enableParallelBuilding = true;
configureFlags = [
"--enable-boringssl=${boringssl}"
"--enable-libsrtp2"
"--enable-turn-rest-api"
"--enable-json-logger"
"--enable-gelf-event-handler"
"--enable-post-processing"
];
outputs = [ "out" "dev" "doc" "man" ];
postInstall = ''
moveToOutput share/janus "$doc"
moveToOutput etc "$doc"
'';
meta = with lib; { meta = with lib; {
description = "Janus WebRTC server"; description = "General purpose WebRTC server";
homepage = src.meta.homepage; homepage = "https://janus.conf.meetecho.com/";
license = licenses.gpl3; license = licenses.gpl3Only;
maintainers = with maintainers; [ aw ]; platforms = platforms.linux;
maintainers = with maintainers; [ fpletz ];
}; };
} }

View File

@ -0,0 +1,49 @@
{ lib, stdenv, pkgs, fetchurl, ffmpeg, ffmpegSupport ? true, makeWrapper, nixosTests }:
with lib;
stdenv.mkDerivation rec {
pname = "navidrome-bin";
version = "0.46.0";
src = fetchurl (if pkgs.system == "x86_64-linux"
then {
url = "https://github.com/navidrome/navidrome/releases/download/v${version}/navidrome_${version}_Linux_x86_64.tar.gz";
sha256 = "sha256-baBSQZnlcC5zq7wKWbia8xEMqZuCgkn/zyQWwtfHn/w=";
}
else {
url = "https://github.com/navidrome/navidrome/releases/download/v${version}/navidrome_${version}_Linux_arm64.tar.gz";
sha256 = "sha256-Km58BMc2ngv6CLqXkNpDIxC+nFb/fbvz7iBF0/xNcsU=";
});
nativeBuildInputs = [ makeWrapper ];
unpackPhase = ''
tar xvf $src navidrome
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp navidrome $out/bin
runHook postInstall
'';
postFixup = ''
wrapProgram $out/bin/navidrome \
--prefix PATH : ${makeBinPath (optional ffmpegSupport ffmpeg)}
'';
passthru.tests.navidrome = nixosTests.navidrome;
meta = {
description = "Navidrome Music Server and Streamer compatible with Subsonic/Airsonic";
homepage = "https://www.navidrome.org/";
license = licenses.gpl3Only;
platforms = [ "x86_64-linux" "aarch64-linux" ];
maintainers = with maintainers; [ aciceri ];
};
}

View File

@ -2,21 +2,21 @@
buildGoPackage rec { buildGoPackage rec {
pname = "nextcloud-spreed-signaling"; pname = "nextcloud-spreed-signaling";
version = "0.2.0"; version = "0.3.0";
goPackagePath = "github.com/strukturag/nextcloud-spreed-signaling"; goPackagePath = "github.com/strukturag/nextcloud-spreed-signaling";
subPackages = [ subPackages = [
"src/signaling" "client"
"src/server" "server"
"src/proxy" "proxy"
]; ];
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "strukturag"; owner = "strukturag";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256-heDi/kWyPDZ9oPjBhNRBAkiKkkEnXmfSanYvCUSB5Ls="; sha256 = "sha256-oKH9rpZa+CGnqgQD6Wa1KPi26ePrGZJzz9WXOauNs+U=";
}; };
nativeBuildInputs = [ easyjson ]; nativeBuildInputs = [ easyjson ];
@ -24,8 +24,7 @@ buildGoPackage rec {
goDeps = ./deps.nix; goDeps = ./deps.nix;
preBuild = '' preBuild = ''
ln -s $PWD/go/src/${goPackagePath}/src/* go/src easyjson -all go/src/github.com/strukturag/nextcloud-spreed-signaling/{api_signaling,api_backend,api_proxy,natsclient,room}.go
easyjson -all go/src/signaling/{api_signaling,api_backend,api_proxy,natsclient,room}.go
''; '';
meta = with lib; { meta = with lib; {

File diff suppressed because it is too large Load Diff

View File

@ -2,13 +2,13 @@
kernel.stdenv.mkDerivation rec { kernel.stdenv.mkDerivation rec {
pname = "ryzen_smu"; pname = "ryzen_smu";
version = "0.1.1"; version = "0.1.2";
src = fetchFromGitLab { src = fetchFromGitLab {
owner = "leogx9r"; owner = "leogx9r";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256-1VxpJKKl/Og7Q6NpJ3Y+i8U9RKZkTCjv6LJzsLOC5vk="; sha256 = "sha256-d/UtfcTYl3Qqd15248qeIEMXzyZmkYMfqs5xQIadeyM=";
}; };
hardeningDisable = [ "pic" ]; hardeningDisable = [ "pic" ];

View File

@ -1,18 +1,14 @@
{ stdenv, lib, fetchFromGitHub, cmake, pciutils, ... }: { stdenv, lib, fetchFromGitHub, cmake, pciutils, ... }:
stdenv.mkDerivation rec {
pname = "ryzenadj";
version = "0.8.2";
let
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "FlyGoat"; owner = "FlyGoat";
repo = "RyzenAdj"; repo = pname;
rev = "a48d42addaad90832ab55b1ab56a0e2445338984"; rev = "v${version}";
sha256 = "sha256-rZPjmrloTMbzi7n1p6XrIaDWNgiU7hvY8XTnk2XMtrE="; sha256 = "sha256-jRrIhKlejX0Yt1wkF/MBJk/6DAIGWWRK9oReCplNVKA=";
}; };
version = "unstable-2021-03-12";
in stdenv.mkDerivation rec {
pname = "ryzenadj";
inherit version src;
nativeBuildInputs = [ cmake pciutils ]; nativeBuildInputs = [ cmake pciutils ];
installPhase = '' installPhase = ''

View File

@ -0,0 +1,239 @@
# This file originates from composer2nix
{ stdenv, lib, writeTextFile, fetchurl, php, unzip, phpPackages }:
let
inherit (phpPackages) composer;
buildZipPackage = { name, src }:
stdenv.mkDerivation {
inherit name src;
buildInputs = [ unzip ];
buildCommand = ''
unzip $src
baseDir=$(find . -type d -mindepth 1 -maxdepth 1)
cd $baseDir
mkdir -p $out
mv * $out
'';
};
buildPackage =
{ name
, src
, packages ? {}
, devPackages ? {}
, buildInputs ? []
, symlinkDependencies ? false
, executable ? false
, removeComposerArtifacts ? false
, postInstall ? ""
, noDev ? false
, composerExtraArgs ? ""
, unpackPhase ? "true"
, buildPhase ? "true"
, ...}@args:
let
reconstructInstalled = writeTextFile {
name = "reconstructinstalled.php";
executable = true;
text = ''
#! ${php}/bin/php
<?php
if(file_exists($argv[1]))
{
$composerLockStr = file_get_contents($argv[1]);
if($composerLockStr === false)
{
fwrite(STDERR, "Cannot open composer.lock contents\n");
exit(1);
}
else
{
$config = json_decode($composerLockStr, true);
if(array_key_exists("packages", $config))
$allPackages = $config["packages"];
else
$allPackages = array();
${lib.optionalString (!noDev) ''
if(array_key_exists("packages-dev", $config))
$allPackages = array_merge($allPackages, $config["packages-dev"]);
''}
$packagesStr = json_encode($allPackages, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
print($packagesStr);
}
}
else
print("[]");
?>
'';
};
constructBin = writeTextFile {
name = "constructbin.php";
executable = true;
text = ''
#! ${php}/bin/php
<?php
$composerJSONStr = file_get_contents($argv[1]);
if($composerJSONStr === false)
{
fwrite(STDERR, "Cannot open composer.json contents\n");
exit(1);
}
else
{
$config = json_decode($composerJSONStr, true);
if(array_key_exists("bin-dir", $config))
$binDir = $config["bin-dir"];
else
$binDir = "bin";
if(array_key_exists("bin", $config))
{
if(!file_exists("vendor/".$binDir))
mkdir("vendor/".$binDir);
foreach($config["bin"] as $bin)
symlink("../../".$bin, "vendor/".$binDir."/".basename($bin));
}
}
?>
'';
};
bundleDependencies = dependencies:
lib.concatMapStrings (dependencyName:
let
dependency = dependencies.${dependencyName};
in
''
${if dependency.targetDir == "" then ''
vendorDir="$(dirname ${dependencyName})"
mkdir -p "$vendorDir"
${if symlinkDependencies then
''ln -s "${dependency.src}" "$vendorDir/$(basename "${dependencyName}")"''
else
''cp -av "${dependency.src}" "$vendorDir/$(basename "${dependencyName}")"''
}
'' else ''
namespaceDir="${dependencyName}/$(dirname "${dependency.targetDir}")"
mkdir -p "$namespaceDir"
${if symlinkDependencies then
''ln -s "${dependency.src}" "$namespaceDir/$(basename "${dependency.targetDir}")"''
else
''cp -av "${dependency.src}" "$namespaceDir/$(basename "${dependency.targetDir}")"''
}
''}
'') (builtins.attrNames dependencies);
extraArgs = removeAttrs args [ "name" "packages" "devPackages" "buildInputs" ];
in
stdenv.mkDerivation ({
name = "composer-${name}";
buildInputs = [ php composer ] ++ buildInputs;
inherit unpackPhase buildPhase;
installPhase = ''
${if executable then ''
mkdir -p $out/share/php
cp -av $src $out/share/php/$name
chmod -R u+w $out/share/php/$name
cd $out/share/php/$name
'' else ''
cp -av $src $out
chmod -R u+w $out
cd $out
''}
# Remove unwanted files
rm -f *.nix
export HOME=$TMPDIR
# Remove the provided vendor folder if it exists
rm -Rf vendor
# If there is no composer.lock file, compose a dummy file.
# Otherwise, composer attempts to download the package.json file from
# the registry which we do not want.
if [ ! -f composer.lock ]
then
cat > composer.lock <<EOF
{
"packages": []
}
EOF
fi
# Reconstruct the installed.json file from the lock file
mkdir -p vendor/composer
${php}/bin/php ${reconstructInstalled} composer.lock > vendor/composer/installed.json
# Copy or symlink the provided dependencies
cd vendor
${bundleDependencies packages}
${lib.optionalString (!noDev) (bundleDependencies devPackages)}
cd ..
# Reconstruct autoload scripts
# We use the optimize feature because Nix packages cannot change after they have been built
# Using the dynamic loader for a Nix package is useless since there is nothing to dynamically reload.
composer dump-autoload --optimize ${lib.optionalString noDev "--no-dev"} ${composerExtraArgs}
# Run the install step as a validation to confirm that everything works out as expected
composer install --optimize-autoloader ${lib.optionalString noDev "--no-dev"} ${composerExtraArgs}
${lib.optionalString executable ''
# Reconstruct the bin/ folder if we deploy an executable project
${php}/bin/php ${constructBin} composer.json
ln -s $(pwd)/vendor/bin $out/bin
''}
${lib.optionalString (!symlinkDependencies) ''
# Patch the shebangs if possible
if [ -d $(pwd)/vendor/bin ]
then
# Look for all executables in bin/
for i in $(pwd)/vendor/bin/*
do
# Look for their location
realFile=$(readlink -f "$i")
# Restore write permissions
chmod u+wx "$(dirname "$realFile")"
chmod u+w "$realFile"
# Patch shebang
sed -e "s|#!/usr/bin/php|#!${php}/bin/php|" \
-e "s|#!/usr/bin/env php|#!${php}/bin/php|" \
"$realFile" > tmp
mv tmp "$realFile"
chmod u+x "$realFile"
done
fi
''}
if [ "$removeComposerArtifacts" = "1" ]
then
# Remove composer stuff
rm -f composer.json composer.lock
fi
# Execute post install hook
runHook postInstall
'';
} // extraArgs);
in
{
composer = lib.makeOverridable composer;
buildZipPackage = lib.makeOverridable buildZipPackage;
buildPackage = lib.makeOverridable buildPackage;
}

View File

@ -0,0 +1,13 @@
{pkgs ? import <nixpkgs> {
inherit system;
}, system ? builtins.currentSystem, noDev ? false}:
let
composerEnv = import ./composer-env.nix {
inherit (pkgs) stdenv lib writeTextFile fetchurl php unzip phpPackages;
};
in
import ./php-packages.nix {
inherit composerEnv noDev;
inherit (pkgs) fetchurl fetchgit fetchhg fetchsvn;
}

39
pkgs/snipe-it/default.nix Normal file
View File

@ -0,0 +1,39 @@
{ pkgs, system, lib, fetchFromGitHub
, dataDir ? "/var/lib/snipe-it"
, cacheDir ? "/var/cache/snipe-it"
}:
let
package = (import ./composition.nix {
inherit pkgs system;
noDev = true;
}).overrideAttrs (oldAttrs: {
installPhase = oldAttrs.installPhase + ''
rm -R $out/storage $out/public/uploads $out/bootstrap/cache
ln -s ${dataDir}/.env $out/.env
ln -s ${dataDir}/storage $out/storage
ln -s ${dataDir}/uploads $out/public/uploads
ln -s ${dataDir}/database.sqlite $out/database/database.sqlite
ln -s ${cacheDir}/bootstrap $out/bootstrap/cache
'';
});
in package.override rec {
name = "snipe-it";
version = "5.2.0";
src = fetchFromGitHub {
owner = "snipe";
repo = "snipe-it";
rev = "v${version}";
sha256 = "sha256-LT1JVHwmprLS52+OWgnddTKam5dEHDSuyHKxFG9WadM=";
};
meta = with lib; {
description = "A free open source IT asset management system";
homepage = "https://www.snipeitapp.com/";
license = licenses.agpl3;
maintainers = with maintainers; [ aw ];
platforms = platforms.unix;
};
}

File diff suppressed because it is too large Load Diff

View File

@ -1,26 +0,0 @@
{ lib, stdenv, fetchFromGitHub, which, libtool, autoconf, automake }:
stdenv.mkDerivation rec {
pname = "usrsctp";
version = "0.9.5.0";
src = fetchFromGitHub {
owner = "sctplab";
repo = pname;
rev = version;
sha256 = "sha256-Sengtkg4UoA03cPy5+dRSr5qKIttWHEKn48udOP8zYI=";
};
nativeBuildInputs = [ which libtool autoconf automake ];
NIX_CFLAGS_COMPILE = "-O2";
preConfigure = "./bootstrap";
meta = with lib; {
description = "A userland SCTP stack supporting FreeBSD, Linux, Mac OS X and Windows";
homepage = src.meta.homepage;
maintainers = with maintainers; [ aw ];
license = licenses.bsd3;
};
}

View File

@ -0,0 +1,33 @@
{ lib, fetchFromGitHub, kernel }:
kernel.stdenv.mkDerivation rec {
pname = "xmm7360-pci";
version = "unstable-20210802";
src = fetchFromGitHub {
owner = "xmm7360";
repo = pname;
rev = "b28714b6fb73887ecd5c0c25ffc0613d6eab6533";
sha256 = "sha256-wNSQZvPL297pTAVT9Hj4IgcsHSc7KVNe7K0raS0bObg=";
};
nativeBuildInputs = kernel.moduleBuildDependencies;
patches = [ ./fix.patch ];
makeFlags = [
"KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
];
installPhase = ''
install -m0644 -D xmm7360.ko $out/lib/modules/${kernel.modDirVersion}/misc/xmm7360.ko
'';
meta = with lib; {
description = "PCI driver for Fibocom L850-GL modem base on Intel XMM7360 modem";
homepage = src.meta.homepage;
license = licenses.gpl2;
maintainers = with maintainers; [ aw ];
platforms = platforms.linux;
};
}

View File

@ -0,0 +1,22 @@
diff --git a/xmm7360.c b/xmm7360.c
index ccd149d..5a4dc74 100644
--- a/xmm7360.c
+++ b/xmm7360.c
@@ -1272,7 +1272,7 @@ static int xmm7360_tty_write(struct tty_struct *tty,
return written;
}
-static int xmm7360_tty_write_room(struct tty_struct *tty)
+static unsigned int xmm7360_tty_write_room(struct tty_struct *tty)
{
struct queue_pair *qp = tty->driver_data;
if (!xmm7360_qp_can_write(qp))
@@ -1555,7 +1555,7 @@ static void xmm7360_exit(void)
pci_unregister_driver(&xmm7360_driver);
unregister_chrdev_region(xmm_base, 8);
tty_unregister_driver(xmm7360_tty_driver);
- put_tty_driver(xmm7360_tty_driver);
+ tty_driver_kref_put(xmm7360_tty_driver);
}
module_init(xmm7360_init);

View File

@ -0,0 +1,46 @@
{ lib, stdenv, fetchFromGitHub, xmm7360-pci, python3Packages, makeWrapper }:
let
inherit (xmm7360-pci) pname version src;
pythonPath = with python3Packages; makePythonPath [
python
configargparse
dbus-python
pyroute2
];
in stdenv.mkDerivation {
pname = "${pname}-tools";
inherit version src;
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ python3Packages.python ];
dontBuild = true;
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/lib
cp -a rpc/* $out/lib
pushd $out/lib
find . -executable -type f | while read file; do
makeWrapper ${python3Packages.python.interpreter} $out/bin/''${file%.py} \
--add-flags "$out/lib/''${file}" \
--prefix NIX_PYTHONPATH : "${pythonPath}"
done
runHook postInstall
'';
meta = with lib; {
description = xmm7360-pci.meta.description + " (tools)";
homepage = src.meta.homepage;
license = licenses.gpl2;
maintainers = with maintainers; [ aw ];
platforms = platforms.linux;
};
}