From 6047878f5b8726984d263a85f7d91af484211efd Mon Sep 17 00:00:00 2001 From: Tim Van Baak Date: Sun, 8 Dec 2024 17:43:32 -0800 Subject: [PATCH 01/10] maintainers: add Jaculabilis --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index fe22dbee11342..5f1d9063e13ce 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -10110,6 +10110,12 @@ githubId = 45084216; keys = [ { fingerprint = "1BF9 8D10 E0D0 0B41 5723 5836 4C13 3A84 E646 9228"; } ]; }; + jaculabilis = { + name = "Tim Van Baak"; + email = "tim.vanbaak@gmail.com"; + github = "Jaculabilis"; + githubId = 10787844; + }; jaduff = { email = "jdduffpublic@proton.me"; github = "jaduff"; From 6a64387ced615dc99d761f2e728394995eda5046 Mon Sep 17 00:00:00 2001 From: Tim Van Baak Date: Sun, 8 Dec 2024 17:44:09 -0800 Subject: [PATCH 02/10] immich-public-proxy: init at 1.5.4 --- .../im/immich-public-proxy/package.nix | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 pkgs/by-name/im/immich-public-proxy/package.nix diff --git a/pkgs/by-name/im/immich-public-proxy/package.nix b/pkgs/by-name/im/immich-public-proxy/package.nix new file mode 100644 index 0000000000000..1ac698179c4b6 --- /dev/null +++ b/pkgs/by-name/im/immich-public-proxy/package.nix @@ -0,0 +1,46 @@ +{ + lib, + buildNpmPackage, + fetchFromGitHub, + nix-update-script, + nodejs, +}: +buildNpmPackage rec { + pname = "immich-public-proxy"; + version = "1.5.4"; + src = fetchFromGitHub { + owner = "alangrainger"; + repo = "immich-public-proxy"; + rev = "v${version}"; + hash = "sha256-GoAUR8s2tRHpXD/yk42u6DDvkI97XAUlF9Zsq8pb/1M="; + }; + + sourceRoot = "${src.name}/app"; + + npmDepsHash = "sha256-BN7g+31ijH8r9rsv5zzjnE8PT7ozAswoyZNJ0XqXGyw="; + + # patch in absolute nix store paths so the process doesn't need to cwd in $out + postPatch = '' + substituteInPlace src/index.ts --replace-fail \ + "const app = express()" \ + "const app = express() + // Set the views path to the nix output + app.set('views', '$out/lib/node_modules/immich-public-proxy/views')" \ + --replace-fail \ + "static('public'" \ + "static('$out/lib/node_modules/immich-public-proxy/public'" + ''; + + passthru = { + updateScript = nix-update-script { }; + }; + + meta = { + description = "Share your Immich photos and albums in a safe way without exposing your Immich instance to the public"; + homepage = "https://github.com/alangrainger/immich-public-proxy"; + license = lib.licenses.agpl3Only; + maintainers = with lib.maintainers; [ jaculabilis ]; + inherit (nodejs.meta) platforms; + mainProgram = "immich-public-proxy"; + }; +} From 62780717634cef75a7435dcf25c4d14afe4e6c1d Mon Sep 17 00:00:00 2001 From: Tim Van Baak Date: Fri, 29 Nov 2024 11:26:07 -0800 Subject: [PATCH 03/10] nixos/immich-public-proxy: init module --- .../manual/release-notes/rl-2505.section.md | 2 + nixos/modules/module-list.nix | 1 + .../services/web-apps/immich-public-proxy.nix | 98 ++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/web-apps/immich-public-proxy.nix | 105 ++++++++++++++++++ .../im/immich-public-proxy/package.nix | 4 + 6 files changed, 211 insertions(+) create mode 100644 nixos/modules/services/web-apps/immich-public-proxy.nix create mode 100644 nixos/tests/web-apps/immich-public-proxy.nix diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index f974d5836b174..20229a34bdebf 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -77,6 +77,8 @@ - [Actual Budget](https://actualbudget.org/), a local-first personal finance app. Available as [services.actual](#opt-services.actual.enable). +- [immich-public-proxy](https://github.com/alangrainger/immich-public-proxy), a proxy for sharing Immich albums without exposing the Immich API. Available as [services.immich-public-proxy](#opt-services.immich-public-proxy.enable). + - [mqtt-exporter](https://github.com/kpetremann/mqtt-exporter/), a Prometheus exporter for exposing messages from MQTT. Available as [services.prometheus.exporters.mqtt](#opt-services.prometheus.exporters.mqtt.enable). - [nvidia-gpu](https://github.com/utkuozdemir/nvidia_gpu_exporter), a Prometheus exporter that scrapes `nvidia-smi` for GPU metrics. Available as [services.prometheus.exporters.nvidia-gpu](#opt-services.prometheus.exporters.nvidia-gpu.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index b91d90994feaa..7de85e13c615c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1484,6 +1484,7 @@ ./services/web-apps/icingaweb2/module-monitoring.nix ./services/web-apps/ifm.nix ./services/web-apps/immich.nix + ./services/web-apps/immich-public-proxy.nix ./services/web-apps/invidious.nix ./services/web-apps/invoiceplane.nix ./services/web-apps/isso.nix diff --git a/nixos/modules/services/web-apps/immich-public-proxy.nix b/nixos/modules/services/web-apps/immich-public-proxy.nix new file mode 100644 index 0000000000000..85238e1cbacf3 --- /dev/null +++ b/nixos/modules/services/web-apps/immich-public-proxy.nix @@ -0,0 +1,98 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.services.immich-public-proxy; + format = pkgs.formats.json { }; + inherit (lib) + types + mkIf + mkOption + mkEnableOption + ; +in +{ + options.services.immich-public-proxy = { + enable = mkEnableOption "Immich Public Proxy"; + package = lib.mkPackageOption pkgs "immich-public-proxy" { }; + + immichUrl = mkOption { + type = types.str; + description = "URL of the Immich instance"; + }; + + port = mkOption { + type = types.port; + default = 3000; + description = "The port that IPP will listen on."; + }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Whether to open the IPP port in the firewall"; + }; + + settings = mkOption { + type = types.submodule { + freeformType = format.type; + }; + default = { }; + description = '' + Configuration for IPP. See for options and defaults. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.immich-public-proxy = { + description = "Immich public proxy for sharing albums publicly without exposing your Immich instance"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = { + IMMICH_URL = cfg.immichUrl; + IPP_PORT = builtins.toString cfg.port; + IPP_CONFIG = "${format.generate "config.json" cfg.settings}"; + }; + serviceConfig = { + ExecStart = lib.getExe cfg.package; + SyslogIdentifier = "ipp"; + User = "ipp"; + Group = "ipp"; + DynamicUser = true; + Type = "simple"; + Restart = "on-failure"; + RestartSec = 3; + + # Hardening + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + PrivateUsers = true; + PrivateTmp = true; + PrivateDevices = true; + PrivateMounts = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + }; + }; + + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; + + meta.maintainers = with lib.maintainers; [ jaculabilis ]; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 2952c67d19c28..c89c8b6b541a8 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -467,6 +467,7 @@ in { ifm = handleTest ./ifm.nix {}; iftop = handleTest ./iftop.nix {}; immich = handleTest ./web-apps/immich.nix {}; + immich-public-proxy = handleTest ./web-apps/immich-public-proxy.nix {}; incron = handleTest ./incron.nix {}; incus = pkgs.recurseIntoAttrs (handleTest ./incus { lts = false; inherit system pkgs; }); incus-lts = pkgs.recurseIntoAttrs (handleTest ./incus { inherit system pkgs; }); diff --git a/nixos/tests/web-apps/immich-public-proxy.nix b/nixos/tests/web-apps/immich-public-proxy.nix new file mode 100644 index 0000000000000..5f2034b29442e --- /dev/null +++ b/nixos/tests/web-apps/immich-public-proxy.nix @@ -0,0 +1,105 @@ +import ../make-test-python.nix ( + { pkgs, lib, ... }: + { + name = "immich-public-proxy"; + + nodes.machine = + { pkgs, ... }@args: + { + environment.systemPackages = [ + pkgs.imagemagick + pkgs.immich-cli + ]; + services.immich = { + enable = true; + port = 2283; + # disable a lot of features that aren't needed for this test + machine-learning.enable = false; + settings = { + backup.database.enabled = false; + machineLearning.enabled = false; + map.enabled = false; + reverseGeocoding.enabled = false; + metadata.faces.import = false; + newVersionCheck.enabled = false; + notifications.smtp.enabled = false; + }; + }; + services.immich-public-proxy = { + enable = true; + immichUrl = "http://localhost:2283"; + port = 8002; + settings.ipp.responseHeaders."X-NixOS" = "Rules"; + }; + }; + + testScript = '' + import json + + machine.wait_for_unit("immich-server.service") + machine.wait_for_unit("immich-public-proxy.service") + machine.wait_for_open_port(2283) + machine.wait_for_open_port(8002) + + # The proxy should be up + machine.succeed("curl -sf http://localhost:8002") + + # Verify the static assets are served + machine.succeed("curl -sf http://localhost:8002/robots.txt") + machine.succeed("curl -sf http://localhost:8002/share/static/style.css") + + # Check that the response header in the settings is sent + res = machine.succeed(""" + curl -sD - http://localhost:8002 -o /dev/null + """) + assert "x-nixos: rules" in res.lower(), res + + # Log in to Immich and create an access key + machine.succeed(""" + curl -sf --json '{ "email": "test@example.com", "name": "Admin", "password": "admin" }' http://localhost:2283/api/auth/admin-sign-up + """) + res = machine.succeed(""" + curl -sf --json '{ "email": "test@example.com", "password": "admin" }' http://localhost:2283/api/auth/login + """) + token = json.loads(res)['accessToken'] + res = machine.succeed(""" + curl -sf -H 'Cookie: immich_access_token=%s' --json '{ "name": "API Key", "permissions": ["all"] }' http://localhost:2283/api/api-keys + """ % token) + key = json.loads(res)['secret'] + machine.succeed(f"immich login http://localhost:2283/api {key}") + res = machine.succeed("immich server-info") + print(res) + + # Upload some blank images to a new album + # If there's only one image, the proxy serves the image directly + machine.succeed("magick -size 800x600 canvas:white /tmp/white.png") + machine.succeed("immich upload -A '✨ Reproducible Moments ✨' /tmp/white.png") + machine.succeed("magick -size 800x600 canvas:black /tmp/black.png") + machine.succeed("immich upload -A '✨ Reproducible Moments ✨' /tmp/black.png") + res = machine.succeed("immich server-info") + print(res) + + # Get the new album id + res = machine.succeed(""" + curl -sf -H 'Cookie: immich_access_token=%s' http://localhost:2283/api/albums + """ % token) + album_id = json.loads(res)[0]['id'] + + # Create a shared link + res = machine.succeed(""" + curl -sf -H 'Cookie: immich_access_token=%s' --json '{ "albumId": "%s", "type": "ALBUM" }' http://localhost:2283/api/shared-links + """ % (token, album_id)) + share_key = json.loads(res)['key'] + + # Access the share + machine.succeed(""" + curl -sf http://localhost:2283/share/%s + """ % share_key) + + # Access the share through the proxy + machine.succeed(""" + curl -sf http://localhost:8002/share/%s + """ % share_key) + ''; + } +) diff --git a/pkgs/by-name/im/immich-public-proxy/package.nix b/pkgs/by-name/im/immich-public-proxy/package.nix index 1ac698179c4b6..36335b3959603 100644 --- a/pkgs/by-name/im/immich-public-proxy/package.nix +++ b/pkgs/by-name/im/immich-public-proxy/package.nix @@ -3,6 +3,7 @@ buildNpmPackage, fetchFromGitHub, nix-update-script, + nixosTests, nodejs, }: buildNpmPackage rec { @@ -32,6 +33,9 @@ buildNpmPackage rec { ''; passthru = { + tests = { + inherit (nixosTests) immich-public-proxy; + }; updateScript = nix-update-script { }; }; From 77e361e9f854ff3a71e1a14f77c6d75b4b65488b Mon Sep 17 00:00:00 2001 From: Diogo Correia Date: Tue, 31 Dec 2024 19:47:34 +0000 Subject: [PATCH 04/10] element-web: escape JSON string Previously, if any part of the configuration (either key or value) contained a single quote ('), the build would fail. --- pkgs/by-name/el/element-web/package.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/by-name/el/element-web/package.nix b/pkgs/by-name/el/element-web/package.nix index 165761f2a25c9..b43013d179d12 100644 --- a/pkgs/by-name/el/element-web/package.nix +++ b/pkgs/by-name/el/element-web/package.nix @@ -1,4 +1,5 @@ { + lib, stdenv, jq, element-web-unwrapped, @@ -22,7 +23,7 @@ else mkdir -p $out ln -s ${element-web-unwrapped}/* $out rm $out/config.json - jq -s '.[0] * $conf' "${element-web-unwrapped}/config.json" --argjson "conf" '${builtins.toJSON conf}' > "$out/config.json" + jq -s '.[0] * $conf' "${element-web-unwrapped}/config.json" --argjson "conf" ${lib.escapeShellArg (builtins.toJSON conf)} > "$out/config.json" runHook postInstall ''; From 67dfca0395112999ca6eec8c6c31045f5d66631b Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Fri, 3 Jan 2025 17:57:07 +0100 Subject: [PATCH 05/10] mongodb{,-6_0}: use new apple sdk pattern --- pkgs/servers/nosql/mongodb/6.0.nix | 4 ---- pkgs/servers/nosql/mongodb/7.0.nix | 4 ---- pkgs/servers/nosql/mongodb/mongodb.nix | 4 ---- pkgs/top-level/all-packages.nix | 20 ++------------------ 4 files changed, 2 insertions(+), 30 deletions(-) diff --git a/pkgs/servers/nosql/mongodb/6.0.nix b/pkgs/servers/nosql/mongodb/6.0.nix index 20adcf8b024c6..b23fa286c50a6 100644 --- a/pkgs/servers/nosql/mongodb/6.0.nix +++ b/pkgs/servers/nosql/mongodb/6.0.nix @@ -4,8 +4,6 @@ fetchpatch, sasl, boost, - Security, - CoreFoundation, cctools, avxSupport ? stdenv.hostPlatform.avxSupport, }: @@ -15,8 +13,6 @@ let inherit sasl boost - Security - CoreFoundation cctools stdenv ; diff --git a/pkgs/servers/nosql/mongodb/7.0.nix b/pkgs/servers/nosql/mongodb/7.0.nix index 1c6389c8b4d1b..6e612b008ce80 100644 --- a/pkgs/servers/nosql/mongodb/7.0.nix +++ b/pkgs/servers/nosql/mongodb/7.0.nix @@ -3,8 +3,6 @@ callPackage, sasl, boost, - Security, - CoreFoundation, cctools, avxSupport ? stdenv.hostPlatform.avxSupport, nixosTests, @@ -16,8 +14,6 @@ let inherit sasl boost - Security - CoreFoundation cctools stdenv ; diff --git a/pkgs/servers/nosql/mongodb/mongodb.nix b/pkgs/servers/nosql/mongodb/mongodb.nix index 88da6993a6d46..9839b4ca949f4 100644 --- a/pkgs/servers/nosql/mongodb/mongodb.nix +++ b/pkgs/servers/nosql/mongodb/mongodb.nix @@ -16,8 +16,6 @@ openssl, libpcap, curl, - Security, - CoreFoundation, cctools, xz, }: @@ -102,8 +100,6 @@ stdenv.mkDerivation rec { zlib ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ - Security - CoreFoundation cctools ] ++ lib.optional stdenv.hostPlatform.isLinux net-snmp diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 58f4ab07d90a0..d388c96931cb6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11735,30 +11735,14 @@ with pkgs; mongodb = hiPrio mongodb-7_0; - mongodb-6_0 = darwin.apple_sdk_11_0.callPackage ../servers/nosql/mongodb/6.0.nix { + mongodb-6_0 = callPackage ../servers/nosql/mongodb/6.0.nix { sasl = cyrus_sasl; boost = boost178.override { enableShared = false; }; - inherit (darwin.apple_sdk.frameworks) CoreFoundation Security; - stdenv = if stdenv.hostPlatform.isDarwin then - darwin.apple_sdk_11_0.stdenv.override (old: { - hostPlatform = old.hostPlatform // { darwinMinVersion = "10.14"; }; - buildPlatform = old.buildPlatform // { darwinMinVersion = "10.14"; }; - targetPlatform = old.targetPlatform // { darwinMinVersion = "10.14"; }; - }) else - if stdenv.cc.isClang then llvmPackages.stdenv else stdenv; }; - mongodb-7_0 = darwin.apple_sdk_11_0.callPackage ../servers/nosql/mongodb/7.0.nix { + mongodb-7_0 = callPackage ../servers/nosql/mongodb/7.0.nix { sasl = cyrus_sasl; boost = boost179.override { enableShared = false; }; - inherit (darwin.apple_sdk.frameworks) CoreFoundation Security; - stdenv = if stdenv.hostPlatform.isDarwin then - darwin.apple_sdk_11_0.stdenv.override (old: { - hostPlatform = old.hostPlatform // { darwinMinVersion = "10.14"; }; - buildPlatform = old.buildPlatform // { darwinMinVersion = "10.14"; }; - targetPlatform = old.targetPlatform // { darwinMinVersion = "10.14"; }; - }) else - if stdenv.cc.isClang then llvmPackages.stdenv else stdenv; }; influxdb = callPackage ../servers/nosql/influxdb { }; From c2525c85faca142c7cc49b4a163334aa92daac11 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Fri, 3 Jan 2025 18:09:13 +0100 Subject: [PATCH 06/10] grpc: move to pkgs/by-name --- .../libraries => by-name/gr}/grpc/dynamic-lookup-darwin.patch | 0 .../grpc/default.nix => by-name/gr/grpc/package.nix} | 0 pkgs/top-level/all-packages.nix | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) rename pkgs/{development/libraries => by-name/gr}/grpc/dynamic-lookup-darwin.patch (100%) rename pkgs/{development/libraries/grpc/default.nix => by-name/gr/grpc/package.nix} (100%) diff --git a/pkgs/development/libraries/grpc/dynamic-lookup-darwin.patch b/pkgs/by-name/gr/grpc/dynamic-lookup-darwin.patch similarity index 100% rename from pkgs/development/libraries/grpc/dynamic-lookup-darwin.patch rename to pkgs/by-name/gr/grpc/dynamic-lookup-darwin.patch diff --git a/pkgs/development/libraries/grpc/default.nix b/pkgs/by-name/gr/grpc/package.nix similarity index 100% rename from pkgs/development/libraries/grpc/default.nix rename to pkgs/by-name/gr/grpc/package.nix diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 58f4ab07d90a0..dcf75172c4124 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9210,9 +9210,9 @@ with pkgs; goocanvas = callPackage ../development/libraries/goocanvas { }; goocanvas2 = callPackage ../development/libraries/goocanvas/2.x.nix { }; goocanvas3 = callPackage ../development/libraries/goocanvas/3.x.nix { }; - grpc = darwin.apple_sdk_11_0.callPackage ../development/libraries/grpc { + grpc = callPackage ../by-name/gr/grpc/package.nix { stdenv = if stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64 - then overrideSDK darwin.apple_sdk_11_0.stdenv { darwinMinVersion = "10.13"; } + then overrideSDK stdenv { darwinMinVersion = "10.13"; } else stdenv; }; From fff8abc77b4b73dbeed8c2fbc909c00a3f86ee70 Mon Sep 17 00:00:00 2001 From: Andrew Marshall Date: Sat, 26 Oct 2024 23:29:53 -0400 Subject: [PATCH 07/10] factorio: use actual args instead of sample in download help Makes it easier for the user since they should no longer have to manually replace things. Remove the note about the name as it may no longer be true, and the user now has to care less since the values are more easily copy-pastable. --- pkgs/by-name/fa/factorio/package.nix | 73 ++++++++++++++-------------- 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/pkgs/by-name/fa/factorio/package.nix b/pkgs/by-name/fa/factorio/package.nix index 82952186d86ee..665c9b729c387 100644 --- a/pkgs/by-name/fa/factorio/package.nix +++ b/pkgs/by-name/fa/factorio/package.nix @@ -40,46 +40,44 @@ let mods = args.mods or [ ]; - helpMsg = '' - - ===FETCH FAILED=== - Please ensure you have set the username and token with config.nix, or - /etc/nix/nixpkgs-config.nix if on NixOS. - - Your token can be seen at https://factorio.com/profile (after logging in). It is - not as sensitive as your password, but should still be safeguarded. There is a - link on that page to revoke/invalidate the token, if you believe it has been - leaked or wish to take precautions. - - Example: - { - packageOverrides = pkgs: { - factorio = pkgs.factorio.override { - username = "FactorioPlayer1654"; - token = "d5ad5a8971267c895c0da598688761"; + helpMsg = + { dlName, storeName }: + '' + + ===FETCH FAILED=== + Please ensure you have set the username and token with config.nix, or + /etc/nix/nixpkgs-config.nix if on NixOS. + + Your token can be seen at https://factorio.com/profile (after logging in). It is + not as sensitive as your password, but should still be safeguarded. There is a + link on that page to revoke/invalidate the token, if you believe it has been + leaked or wish to take precautions. + + Example: + { + packageOverrides = pkgs: { + factorio = pkgs.factorio.override { + username = "FactorioPlayer1654"; + token = "d5ad5a8971267c895c0da598688761"; + }; }; - }; - } + } - Alternatively, instead of providing the username+token, you may manually - download the release through https://factorio.com/download , then add it to - the store using e.g.: + Alternatively, instead of providing the username+token, you may manually + download the release through https://factorio.com/download , then add it to + the store using e.g.: - releaseType=alpha - version=0.17.74 - nix-prefetch-url file://\''$HOME/Downloads/factorio_\''${releaseType}_x64_\''${version}.tar.xz --name factorio_\''${releaseType}_x64-\''${version}.tar.xz + nix-prefetch-url file://\''$HOME/Downloads/${dlName} --name ${storeName} - Note the ultimate "_" is replaced with "-" in the --name arg! + If you go this route you might want to tell Nix to explicitly hold on to the + source tarball. Otherwise it could get GC'd from the Nix store and you'd + have to redownload it next time the package wants to rebuild to use a newer + dependency. E.g. if you're using NixOS: - If you go this route you might want to tell Nix to explicitly hold on to the - source tarball. Otherwise it could get GC'd from the Nix store and you'd - have to redownload it next time the package wants to rebuild to use a newer - dependency. E.g. if you're using NixOS: - - system.extraDependencies = [ - factorio.src - ]; - ''; + system.extraDependencies = [ + factorio.src + ]; + ''; desktopItem = makeDesktopItem { name = "factorio"; @@ -155,7 +153,10 @@ let ''; failureHook = '' cat < Date: Sat, 26 Oct 2024 23:35:02 -0400 Subject: [PATCH 08/10] factorio: note that credentials will be world-readable in help msg --- pkgs/by-name/fa/factorio/package.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pkgs/by-name/fa/factorio/package.nix b/pkgs/by-name/fa/factorio/package.nix index 665c9b729c387..917c7a2bfb3ab 100644 --- a/pkgs/by-name/fa/factorio/package.nix +++ b/pkgs/by-name/fa/factorio/package.nix @@ -48,10 +48,12 @@ let Please ensure you have set the username and token with config.nix, or /etc/nix/nixpkgs-config.nix if on NixOS. - Your token can be seen at https://factorio.com/profile (after logging in). It is - not as sensitive as your password, but should still be safeguarded. There is a - link on that page to revoke/invalidate the token, if you believe it has been - leaked or wish to take precautions. + Your token can be seen at https://factorio.com/profile (after logging in). + Beware this will add the credentials to the Nix store, which is + world-readable on the local machine. It is not as sensitive as your + password, but should still be safeguarded. There is a link on that page to + revoke/invalidate the token, if you believe it has been leaked or wish to + take precautions. Example: { From 22ed6be32516c5c9b4edd1ad52025564d29bbdd1 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 3 Jan 2025 21:37:42 +0300 Subject: [PATCH 09/10] mesa: 24.3.2 -> 24.3.3 --- pkgs/development/libraries/mesa/common.nix | 4 ++-- pkgs/development/libraries/mesa/gbm.nix | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/mesa/common.nix b/pkgs/development/libraries/mesa/common.nix index 1cf2792341ba5..7ba7c70bb6d77 100644 --- a/pkgs/development/libraries/mesa/common.nix +++ b/pkgs/development/libraries/mesa/common.nix @@ -5,14 +5,14 @@ # nix build .#legacyPackages.x86_64-darwin.mesa .#legacyPackages.aarch64-darwin.mesa rec { pname = "mesa"; - version = "24.3.2"; + version = "24.3.3"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "mesa"; repo = "mesa"; rev = "mesa-${version}"; - hash = "sha256-6EcSOE73wEz+aS4C+GUVfcbJtGB0MvIL4a6zA1ohVGA="; + hash = "sha256-OThJ/txyJ6p879jG5qOXX6mL27t7Uz/tbr620iRMeIc="; }; meta = { diff --git a/pkgs/development/libraries/mesa/gbm.nix b/pkgs/development/libraries/mesa/gbm.nix index 61a502adffda8..7b4021b372010 100644 --- a/pkgs/development/libraries/mesa/gbm.nix +++ b/pkgs/development/libraries/mesa/gbm.nix @@ -15,9 +15,19 @@ let common = import ./common.nix { inherit lib fetchFromGitLab; }; in -stdenv.mkDerivation { +stdenv.mkDerivation rec { pname = "mesa-libgbm"; - inherit (common) version src meta; + inherit (common) meta; + + version = "24.3.2"; + + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "mesa"; + repo = "mesa"; + rev = "mesa-${version}"; + hash = "sha256-6EcSOE73wEz+aS4C+GUVfcbJtGB0MvIL4a6zA1ohVGA="; + }; mesonAutoFeatures = "disabled"; From a5af1da13031048da9c54fdd9c6aef0889585fc1 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 4 Jan 2025 04:49:32 +1000 Subject: [PATCH 10/10] melonDS: 1.0rc-unstable-2024-12-05 -> 1.0rc-unstable-2024-12-26 (#370301) --- pkgs/by-name/me/melonDS/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/me/melonDS/package.nix b/pkgs/by-name/me/melonDS/package.nix index 35ac06ebe2b16..925dd9ae63e8c 100644 --- a/pkgs/by-name/me/melonDS/package.nix +++ b/pkgs/by-name/me/melonDS/package.nix @@ -27,13 +27,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "melonDS"; - version = "1.0rc-unstable-2024-12-05"; + version = "1.0rc-unstable-2024-12-26"; src = fetchFromGitHub { owner = "melonDS-emu"; repo = "melonDS"; - rev = "7d718ada390bc54749fa35389437147e1bbefae1"; - hash = "sha256-Oh69L4yOSeEAAUjUupMN7cQbPEUjZ0M/5FmiBvsBGxw="; + rev = "0c5dd28b1c5c1d17a2ce87efbd858059a8f9376f"; + hash = "sha256-hIpIt+krUpSW1T05Vq02IU5Lfaj4Sgg18qMoMH45NaE="; }; nativeBuildInputs = [