diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index bee9716629722..f2b09f4bc4b61 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -25,7 +25,7 @@ let || head srvMatch == srv # Include sections for the service being configured then v # Enable Web links and integrations between services. - else if tail srvMatch == [ null ] && elem (head srvMatch) cfg.services + else if tail srvMatch == [ null ] && cfg.${head srvMatch}.enable then { inherit (v) origin; # mansrht crashes without it @@ -38,9 +38,9 @@ let # for services needing access to them. "builds.sr.ht::worker".buildlogs = "/var/log/sourcehut/buildsrht-worker"; "git.sr.ht".post-update-script = "/usr/bin/gitsrht-update-hook"; - "git.sr.ht".repos = "/var/lib/sourcehut/gitsrht/repos"; + "git.sr.ht".repos = cfg.settings."git.sr.ht".repos; "hg.sr.ht".changegroup-script = "/usr/bin/hgsrht-hook-changegroup"; - "hg.sr.ht".repos = "/var/lib/sourcehut/hgsrht/repos"; + "hg.sr.ht".repos = cfg.settings."hg.sr.ht".repos; # Making this a per service option despite being in a global section, # so that it uses the redis-server used by the service. "sr.ht".redis-host = cfg.${srv}.redis.host; @@ -77,6 +77,14 @@ let type = types.path; apply = s: "<" + toString s; }; + api-origin = mkOption { + description = lib.mdDoc "Origin URL for the API"; + type = types.str; + default = "http://${cfg.listenAddress}:${toString (cfg.${srv}.port + 100)}"; + defaultText = lib.literalMD '' + `"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.${srv}.port)` + 100)}"` + ''; + }; }; # Specialized python containing all the modules @@ -112,15 +120,6 @@ in and account management services ''); - services = mkOption { - type = with types; listOf (enum - [ "builds" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); - defaultText = "locally enabled services"; - description = lib.mdDoc '' - Services that may be displayed as links in the title bar of the Web interface. - ''; - }; - listenAddress = mkOption { type = types.str; default = "localhost"; @@ -400,8 +399,8 @@ in This setting is propagated to newer and existing repositories. ''; type = types.str; - default = "${cfg.python}/bin/hgsrht-hook-changegroup"; - defaultText = "\${cfg.python}/bin/hgsrht-hook-changegroup"; + default = "${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup"; + defaultText = "\${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup"; }; repos = mkOption { description = lib.mdDoc '' @@ -501,12 +500,6 @@ in options."meta.sr.ht" = removeAttrs (commonServiceSettings "meta") ["oauth-client-id" "oauth-client-secret"] // { - api-origin = mkOption { - description = lib.mdDoc "Origin URL for API, 100 more than web."; - type = types.str; - default = "http://${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; - defaultText = lib.literalMD ''`"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.meta.port)` + 100)}"`''; - }; webhooks = mkOption { description = lib.mdDoc "The Redis connection used for the webhooks worker."; type = types.str; @@ -784,6 +777,7 @@ in extraConfig = '' PermitUserEnvironment SRHT_* ''; + startWhenNeeded = false; }; environment.etc."ssh/sourcehut/config.ini".source = settingsFormat.generate "sourcehut-dispatch-config.ini" @@ -792,15 +786,28 @@ in environment.etc."ssh/sourcehut/subdir/srht-dispatch" = { # sshd_config(5): The program must be owned by root, not writable by group or others mode = "0755"; - source = pkgs.writeShellScript "srht-dispatch" '' + source = pkgs.writeShellScript "srht-dispatch-wrapper" '' set -e + set -x cd /etc/ssh/sourcehut/subdir - ${cfg.python}/bin/gitsrht-dispatch "$@" + ${pkgs.sourcehut.gitsrht}/bin/gitsrht-dispatch "$@" ''; }; + systemd.tmpfiles.settings."10-sourcehut-gitsrht" = mkIf cfg.git.enable ( + builtins.listToAttrs (map (name: { + name = "/var/log/sourcehut/gitsrht-${name}"; + value.f = { + inherit (cfg.git) user group; + mode = "0644"; + }; + }) [ "keys" "shell" "update-hook" ]) + ); systemd.services.sshd = { - #path = optional cfg.git.enable [ cfg.git.package ]; + preStart = mkIf cfg.hg.enable '' + chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys + ''; serviceConfig = { + LogsDirectory = "sourcehut"; BindReadOnlyPaths = # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht, # for instance to get the user from the [git.sr.ht::dispatch] settings. @@ -813,7 +820,6 @@ in "${pkgs.writeShellScript "buildsrht-keys-wrapper" '' set -e cd /run/sourcehut/buildsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys "$@" ''}:/usr/bin/buildsrht-keys" "${pkgs.sourcehut.buildsrht}/bin/master-shell:/usr/bin/master-shell" @@ -825,31 +831,26 @@ in "${pkgs.writeShellScript "gitsrht-keys-wrapper" '' set -e cd /run/sourcehut/gitsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys "$@" ''}:/usr/bin/gitsrht-keys" "${pkgs.writeShellScript "gitsrht-shell-wrapper" '' set -e cd /run/sourcehut/gitsrht/subdir - set -x + export PATH="${cfg.git.package}/bin:$PATH" + export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell "$@" ''}:/usr/bin/gitsrht-shell" "${pkgs.writeShellScript "gitsrht-update-hook" '' set -e - test -e "''${PWD%/*}"/config.ini || - # Git hooks are run relative to their repository's directory, - # but gitsrht-update-hook looks up ../config.ini - ln -s /run/sourcehut/gitsrht/config.ini "''${PWD%/*}"/config.ini + export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini # hooks/post-update calls /usr/bin/gitsrht-update-hook as hooks/stage-3 # but this wrapper being a bash script, it overrides $0 with /usr/bin/gitsrht-update-hook # hence this hack to put hooks/stage-3 back into gitsrht-update-hook's $0 if test "''${STAGE3:+set}" then - set -x exec -a hooks/stage-3 ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" else export STAGE3=set - set -x exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" fi ''}:/usr/bin/gitsrht-update-hook" @@ -860,13 +861,11 @@ in "${pkgs.writeShellScript "hgsrht-keys-wrapper" '' set -e cd /run/sourcehut/hgsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-keys "$@" ''}:/usr/bin/hgsrht-keys" "${pkgs.writeShellScript "hgsrht-shell-wrapper" '' set -e cd /run/sourcehut/hgsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-shell "$@" ''}:/usr/bin/hgsrht-shell" # Mercurial's changegroup hooks are run relative to their repository's directory, @@ -875,8 +874,7 @@ in set -e test -e "''$PWD"/config.ini || ln -s /run/sourcehut/hgsrht/config.ini "''$PWD"/config.ini - set -x - exec -a "$0" ${cfg.python}/bin/hgsrht-hook-changegroup "$@" + exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup "$@" ''}:/usr/bin/hgsrht-hook-changegroup" ]; }; @@ -1066,10 +1064,11 @@ in }; }) ]; - extraServices.gitsrht-api = { - serviceConfig.Restart = "always"; - serviceConfig.RestartSec = "5s"; - serviceConfig.ExecStart = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}"; + extraServices.gitsrht-api.serviceConfig = { + Restart = "always"; + RestartSec = "5s"; + ExecStart = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}"; + BindPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/gitsrht/repos" ]; }; extraServices.gitsrht-fcgiwrap = mkIf cfg.nginx.enable { serviceConfig = { @@ -1188,7 +1187,7 @@ in extraServices.listssrht-lmtp = { wants = [ "postfix.service" ]; unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; - serviceConfig.ExecStart = "${cfg.python}/bin/listssrht-lmtp"; + serviceConfig.ExecStart = "${pkgs.sourcehut.listssrht}/bin/listssrht-lmtp"; # Avoid crashing: os.chown(sock, os.getuid(), sock_gid) serviceConfig.PrivateUsers = mkForce false; }; @@ -1252,55 +1251,30 @@ in ) cfg.settings)); serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; }; - extraConfig = mkMerge [ - { - assertions = [ - { assertion = let s = cfg.settings."meta.sr.ht::billing"; in - s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null); - message = "If meta.sr.ht::billing is enabled, the keys must be defined."; - } - ]; - environment.systemPackages = optional cfg.meta.enable - (pkgs.writeShellScriptBin "metasrht-manageuser" '' - set -eux - if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' - then exec sudo -u '${cfg.meta.user}' "$0" "$@" - else - # In order to load config.ini - if cd /run/sourcehut/metasrht - then exec ${cfg.python}/bin/metasrht-manageuser "$@" - else cat < (s.stripe-public-key != null && s.stripe-secret-key != null); + message = "If meta.sr.ht::billing is enabled, the keys must be defined."; + } + ]; + environment.systemPackages = optional cfg.meta.enable + (pkgs.writeShellScriptBin "metasrht-manageuser" '' + set -eux + if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' + then exec sudo -u '${cfg.meta.user}' "$0" "$@" + else + # In order to load config.ini + if cd /run/sourcehut/metasrht + then exec ${pkgs.sourcehut.metasrht}/bin/metasrht-manageuser "$@" + else cat <.enable flags. + '') ]; meta.doc = ./default.md; diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index aae13e0cc2c92..18c2f5effc5a5 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -108,7 +108,7 @@ let #SocketBindDeny = "any"; SystemCallFilter = [ "@system-service" - "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@resources" "~@timer" + "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@timer" "@chown" "@setuid" ]; SystemCallArchitectures = "native"; @@ -222,6 +222,23 @@ in expires 30d; ''; }; + locations."/query" = mkIf (cfg.settings.${iniKey} ? api-origin) { + proxyPass = cfg.settings.${iniKey}.api-origin; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain; charset=utf-8'; + add_header 'Content-Length' 0; + return 204; + } + + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + ''; + }; } cfg.nginx.virtualHost ]; }; @@ -236,9 +253,6 @@ in }) [srvCfg.user]; }; - services.sourcehut.services = mkDefault (filter (s: cfg.${s}.enable) - [ "builds" "dispatch" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); - services.sourcehut.settings = mkMerge [ { "${srv}.sr.ht".origin = mkDefault "https://${srv}.${cfg.settings."sr.ht".global-domain}"; @@ -363,6 +377,20 @@ in } extraService ])) extraServices) + + # Work around 'pq: permission denied for schema public' with postgres v15, until a + # solution for `services.postgresql.ensureUsers` is found. + # See https://github.com/NixOS/nixpkgs/issues/216989 + # Workaround taken from nixos/forgejo: https://github.com/NixOS/nixpkgs/pull/262741 + (lib.mkIf ( + cfg.postgresql.enable + && lib.strings.versionAtLeast config.services.postgresql.package.version "15.0" + ) { + postgresql.postStart = (lib.mkAfter '' + $PSQL -tAc 'ALTER DATABASE "${srvCfg.postgresql.database}" OWNER TO "${srvCfg.user}";' + ''); + } + ) ]; systemd.timers = mapAttrs (timerName: timer: diff --git a/nixos/tests/sourcehut.nix b/nixos/tests/sourcehut.nix index 87e6d82bdd8f4..0b258acc2af1d 100644 --- a/nixos/tests/sourcehut.nix +++ b/nixos/tests/sourcehut.nix @@ -126,6 +126,7 @@ in virtualisation.diskSize = 4 * 1024; virtualisation.memorySize = 2 * 1024; networking.domain = domain; + networking.enableIPv6 = false; networking.extraHosts = '' ${config.networking.primaryIPAddress} builds.${domain} ${config.networking.primaryIPAddress} git.${domain} @@ -134,11 +135,6 @@ in services.sourcehut = { enable = true; - services = [ - "builds" - "git" - "meta" - ]; nginx.enable = true; nginx.virtualHost = { forceSSL = true; diff --git a/pkgs/applications/version-management/sourcehut/builds.nix b/pkgs/applications/version-management/sourcehut/builds.nix index 0af4b1ceee29e..4831959d0fe0c 100644 --- a/pkgs/applications/version-management/sourcehut/builds.nix +++ b/pkgs/applications/version-management/sourcehut/builds.nix @@ -8,31 +8,32 @@ , pyyaml , markdown , ansi2html +, lxml , python , unzip }: let - version = "0.83.0"; + version = "0.86.10"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "builds.sr.ht"; rev = version; - hash = "sha256-u/y+sYu/09LypWI/ngghbge5SvkuLQpray10j0SjlOo="; + hash = "sha256-frwJgwJst2/NWd8VR0KbsVwm8JfWuekkY2oIIAdh3Fw="; }; buildsrht-api = buildGoModule ({ inherit src version; pname = "buildsrht-api"; modRoot = "api"; - vendorHash = "sha256-DfVWr/4J4ZrhHpy9CXPaAQcbag/9FmDgiexcNo0lEsk="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion= "0.17.20"; }); + vendorHash = "sha256-2khk7j22KON4MsuvFUNKSUpouJtVIOxE0hkh63iaxZ4="; + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.29"; }); buildsrht-worker = buildGoModule { inherit src version; sourceRoot = "${src.name}/worker"; pname = "buildsrht-worker"; - vendorHash = "sha256-y5RFPbtaGmgPpiV2Q3njeWORGZF1TJRjAbY6VgC1hek="; + vendorHash = "sha256-obdaeRwMhuiCV2kVwDo1c+rU/hmsbiL1IgAf7AcIpoc="; }; in buildPythonPackage rec { @@ -50,7 +51,9 @@ buildPythonPackage rec { celery pyyaml markdown + # Unofficial dependencies ansi2html + lxml ]; preBuild = '' diff --git a/pkgs/applications/version-management/sourcehut/core.nix b/pkgs/applications/version-management/sourcehut/core.nix index e31bc13c82ae1..b413aa2c001d1 100644 --- a/pkgs/applications/version-management/sourcehut/core.nix +++ b/pkgs/applications/version-management/sourcehut/core.nix @@ -1,94 +1,78 @@ { lib , fetchFromSourcehut -, fetchNodeModules , buildPythonPackage -, pgpy , flask -, bleach -, misaka , humanize -, html5lib -, markdown +, sqlalchemy +, sqlalchemy-utils , psycopg2 -, pygments +, markdown +, mistletoe +, bleach , requests -, sqlalchemy -, cryptography , beautifulsoup4 -, sqlalchemy-utils +, pygments +, cryptography , prometheus-client -, celery , alembic +, redis +, celery +, html5lib , importlib-metadata -, mistletoe -, minio +, tinycss2 , sassc -, nodejs -, redis +, minify }: buildPythonPackage rec { pname = "srht"; - version = "0.69.0"; + version = "0.69.15"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "core.sr.ht"; rev = version; - sha256 = "sha256-s/I0wxtPggjTkkTZnhm77PxdQjiT0Vq2MIk7JMvdupc="; + sha256 = "sha256-T9yewweqnWL3IW5PHGyAcsIWCGn1ayK2rwrHVukYpgE="; fetchSubmodules = true; }; - node_modules = fetchNodeModules { - src = "${src}/srht"; - nodejs = nodejs; - sha256 = "sha256-IWKahdWv3qJ5DNyb1GB9JWYkZxghn6wzZe68clYXij8="; - }; - patches = [ - # Disable check for npm - ./disable-npm-install.patch # Fix Unix socket support in RedisQueueCollector patches/redis-socket/core/0001-Fix-Unix-socket-support-in-RedisQueueCollector.patch ]; propagatedNativeBuildInputs = [ sassc - nodejs + minify ]; propagatedBuildInputs = [ - pgpy flask - bleach - misaka humanize - html5lib - markdown + sqlalchemy + sqlalchemy-utils psycopg2 - pygments - requests + markdown mistletoe - sqlalchemy - cryptography + bleach + requests beautifulsoup4 - sqlalchemy-utils + pygments + cryptography prometheus-client - - # Unofficial runtime dependencies? - celery alembic - importlib-metadata - minio redis + celery + # Used transitively through beautifulsoup4 + html5lib + # Used transitively trough bleach.css_sanitizer + tinycss2 + # Used by srht.debug + importlib-metadata ]; PKGVER = version; - preBuild = '' - cp -r ${node_modules} srht/node_modules - ''; - dontUseSetuptoolsCheck = true; pythonImportsCheck = [ "srht" ]; diff --git a/pkgs/applications/version-management/sourcehut/default.nix b/pkgs/applications/version-management/sourcehut/default.nix index 9c9f6f4033301..37840f486dc5d 100644 --- a/pkgs/applications/version-management/sourcehut/default.nix +++ b/pkgs/applications/version-management/sourcehut/default.nix @@ -3,17 +3,16 @@ , recurseIntoAttrs , nixosTests , config +, fetchPypi }: # To expose the *srht modules, they have to be a python module so we use `buildPythonModule` # Then we expose them through all-packages.nix as an application through `toPythonApplication` # https://github.com/NixOS/nixpkgs/pull/54425#discussion_r250688781 let - fetchNodeModules = callPackage ./fetchNodeModules.nix { }; - python = python3.override { packageOverrides = self: super: { - srht = self.callPackage ./core.nix { inherit fetchNodeModules; }; + srht = self.callPackage ./core.nix { }; buildsrht = self.callPackage ./builds.nix { }; gitsrht = self.callPackage ./git.nix { }; @@ -26,6 +25,52 @@ let todosrht = self.callPackage ./todo.nix { }; scmsrht = self.callPackage ./scm.nix { }; + + # sourcehut is not (yet) compatible with SQLAlchemy 2.x + sqlalchemy = super.sqlalchemy.overridePythonAttrs (oldAttrs: rec { + version = "1.4.46"; + src = fetchPypi { + pname = "SQLAlchemy"; + inherit version; + hash = "sha256-aRO4JH2KKS74MVFipRkx4rQM6RaB8bbxj2lwRSAMSjA="; + }; + nativeCheckInputs = with super; [ pytestCheckHook mock ]; + disabledTestPaths = []; + }); + + flask-sqlalchemy = super.flask-sqlalchemy.overridePythonAttrs (oldAttrs: rec { + version = "2.5.1"; + format = "setuptools"; + src = fetchPypi { + pname = "Flask-SQLAlchemy"; + inherit version; + hash = "sha256-K9pEtD58rLFdTgX/PMH4vJeTbMRkYjQkECv8LDXpWRI="; + }; + propagatedBuildInputs = with self; [ + flask + sqlalchemy + ]; + }); + + # sourcehut is not (yet) compatible with factory-boy 3.x + factory-boy = super.factory-boy.overridePythonAttrs (oldAttrs: rec { + version = "2.12.0"; + src = fetchPypi { + pname = "factory_boy"; + inherit version; + hash = "sha256-+vSNYIoXNfDQo8nL9TbWT5EytUfa57pFLE2Zp56Eo3A="; + }; + nativeCheckInputs = (with super; [ + django + flask + mongoengine + pytestCheckHook + ]) ++ (with self; [ + sqlalchemy + flask-sqlalchemy + ]); + postPatch = ""; + }); }; }; in diff --git a/pkgs/applications/version-management/sourcehut/disable-npm-install.patch b/pkgs/applications/version-management/sourcehut/disable-npm-install.patch deleted file mode 100644 index 3a8d1c82b3415..0000000000000 --- a/pkgs/applications/version-management/sourcehut/disable-npm-install.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/setup.py b/setup.py -index d63bac8..e1d0c35 100755 ---- a/setup.py -+++ b/setup.py -@@ -5,9 +5,6 @@ import glob - import os - import sys - --if subprocess.call(["npm", "i"], cwd="srht") != 0: -- sys.exit(1) -- - ver = os.environ.get("PKGVER") or subprocess.run(['git', 'describe', '--tags'], - stdout=subprocess.PIPE).stdout.decode().strip() - diff --git a/pkgs/applications/version-management/sourcehut/fetchNodeModules.nix b/pkgs/applications/version-management/sourcehut/fetchNodeModules.nix deleted file mode 100644 index bbc18d0442d62..0000000000000 --- a/pkgs/applications/version-management/sourcehut/fetchNodeModules.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, stdenv, jq }: { src, nodejs, sha256 }: - -# Only npm >= 5.4.2 is deterministic, see: -# https://github.com/npm/npm/issues/17979#issuecomment-332701215 -assert lib.versionAtLeast nodejs.version "8.9.0"; - -stdenv.mkDerivation { - name = "node_modules"; - - outputHashAlgo = "sha256"; - outputHash = sha256; - outputHashMode = "recursive"; - - nativeBuildInputs = [ jq nodejs ]; - - buildCommand = '' - cp -r ${src}/* . - HOME=. npm install --force --ignore-scripts --only=production - for f in $(find node_modules -name package.json); do - # https://github.com/npm/npm/issues/10393 - jq -S 'delpaths(keys | map(select(startswith("_")) | [.]))' $f > $f.tmp - mv $f.tmp $f - done - mv node_modules $out - ''; -} diff --git a/pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix b/pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix index 4327e395d5333..8737e4266f452 100644 --- a/pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix +++ b/pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix @@ -1,5 +1,5 @@ { unzip -, gqlgenVersion ? "0.17.2" +, gqlgenVersion ? "0.17.20" }: { overrideModAttrs = (_: { diff --git a/pkgs/applications/version-management/sourcehut/git.nix b/pkgs/applications/version-management/sourcehut/git.nix index eae70b3724677..3a5163f9d1712 100644 --- a/pkgs/applications/version-management/sourcehut/git.nix +++ b/pkgs/applications/version-management/sourcehut/git.nix @@ -4,32 +4,38 @@ , buildPythonPackage , python , srht -, pygit2 , scmsrht +, pygit2 +, minio , unzip }: let - version = "0.78.20"; + version = "0.84.2"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "git.sr.ht"; rev = version; - sha256 = "sha256-rZsTtHobsgRVmMOjPa1fiKrPsNyFu/gOsmO0cTl5MqQ="; + sha256 = "sha256-sAkTsQlWtNDQ5vAhA2EeOvuJcj9A6AG8pgDyIKtr65s="; }; gitApi = buildGoModule ({ inherit src version; pname = "gitsrht-api"; modRoot = "api"; - vendorHash = "sha256-cCs9FUBusaAou9w4TDOg8GKxhRcsPbSNcQpxvFH/+so="; + vendorHash = "sha256-LAYp0zgosZnFEbtxzjuTH9++0lbxhACr705HqXJz3D0="; } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); gitDispatch = buildGoModule { inherit src version; pname = "gitsrht-dispatch"; modRoot = "gitsrht-dispatch"; - vendorHash = "sha256-qWXPHo86s6iuRBhRMtmD5jxnAWKdrWHtA/iSUkdw89M="; + vendorHash = "sha256-EDvSZ3/g0xDSohrsAIpNhk+F0yy8tbnTW/3tURTonMc="; + + postPatch = '' + substituteInPlace gitsrht-dispatch/main.go \ + --replace /var/log/gitsrht-dispatch /var/log/sourcehut/gitsrht-dispatch + ''; }; gitKeys = buildGoModule { @@ -37,6 +43,11 @@ let pname = "gitsrht-keys"; modRoot = "gitsrht-keys"; vendorHash = "sha256-9pojS69HCKVHUceyOpGtv9ewcxFD4WsOVsEzkmWJkF4="; + + postPatch = '' + substituteInPlace gitsrht-keys/main.go \ + --replace /var/log/gitsrht-keys /var/log/sourcehut/gitsrht-keys + ''; }; gitShell = buildGoModule { @@ -44,6 +55,11 @@ let pname = "gitsrht-shell"; modRoot = "gitsrht-shell"; vendorHash = "sha256-WqfvSPuVsOHA//86u33atMfeA11+DJhjLmWy8Ivq0NI="; + + postPatch = '' + substituteInPlace gitsrht-shell/main.go \ + --replace /var/log/gitsrht-shell /var/log/sourcehut/gitsrht-shell + ''; }; gitUpdateHook = buildGoModule { @@ -51,6 +67,11 @@ let pname = "gitsrht-update-hook"; modRoot = "gitsrht-update-hook"; vendorHash = "sha256-Bc3yPabS2S+qiroHFKrtkII/CfzBDYQ6xWxKHAME+Tc="; + + postPatch = '' + substituteInPlace gitsrht-update-hook/main.go \ + --replace /var/log/gitsrht-update-hook /var/log/sourcehut/gitsrht-update-hook + ''; }; in @@ -65,8 +86,9 @@ buildPythonPackage rec { propagatedBuildInputs = [ srht - pygit2 scmsrht + pygit2 + minio ]; preBuild = '' diff --git a/pkgs/applications/version-management/sourcehut/hg.nix b/pkgs/applications/version-management/sourcehut/hg.nix index 205e4e7b1d1d1..f448109a6d7df 100644 --- a/pkgs/applications/version-management/sourcehut/hg.nix +++ b/pkgs/applications/version-management/sourcehut/hg.nix @@ -12,26 +12,29 @@ buildPythonPackage rec { pname = "hgsrht"; - version = "0.31.3"; + version = "0.32.4"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "hg.sr.ht"; rev = version; - sha256 = "4Qe08gqsSTMQVQBchFPEUXuxM8ZAAQGJT1EOcDjkZa0="; + sha256 = "mYkA44c9wy/Iy1h1lXkVpc9gN7rQXFm4T3YBlQ1Dj60="; vc = "hg"; }; postPatch = '' substituteInPlace Makefile \ --replace "all: api hgsrht-keys" "" + + substituteInPlace hgsrht-shell \ + --replace /var/log/hgsrht-shell /var/log/sourcehut/hgsrht-shell ''; hgsrht-api = buildGoModule ({ inherit src version; pname = "hgsrht-api"; modRoot = "api"; - vendorHash = "sha256-uIP3W7UJkP68HJUF33kz5xfg/KBiaSwMozFYmQJQkys="; + vendorHash = "sha256-vuOYpnF3WjA6kOe9MVSuVMhJBQqCmIex+QUBJrP+VDs="; } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); hgsrht-keys = buildGoModule { @@ -39,12 +42,17 @@ buildPythonPackage rec { pname = "hgsrht-keys"; modRoot = "hgsrht-keys"; vendorHash = "sha256-7ti8xCjSrxsslF7/1X/GY4FDl+69hPL4UwCDfjxmJLU="; + + postPatch = '' + substituteInPlace hgsrht-keys/main.go \ + --replace /var/log/hgsrht-keys /var/log/sourcehut/hgsrht-keys + ''; }; propagatedBuildInputs = [ - srht python-hglib scmsrht + srht unidiff ]; diff --git a/pkgs/applications/version-management/sourcehut/hub.nix b/pkgs/applications/version-management/sourcehut/hub.nix index c3a9c509f8934..6f1b17b01c3e7 100644 --- a/pkgs/applications/version-management/sourcehut/hub.nix +++ b/pkgs/applications/version-management/sourcehut/hub.nix @@ -1,21 +1,35 @@ { lib , fetchFromSourcehut +, buildGoModule , buildPythonPackage +, python , srht , pyyaml +, unzip }: buildPythonPackage rec { pname = "hubsrht"; - version = "0.14.14"; + version = "0.17.2"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "hub.sr.ht"; rev = version; - sha256 = "sha256-4n6oQ+AAvdJY/5KflxAp62chjyrlSUkmt319DKZk33w="; + sha256 = "sha256-A+lvRsPz5EBnM0gB4PJuxSMpELZTrK14ORxDbTKPXWg="; }; + postPatch = '' + substituteInPlace Makefile --replace "all: api" "" + ''; + + hubsrht-api = buildGoModule ({ + inherit src version; + pname = "hubsrht-api"; + modRoot = "api"; + vendorHash = "sha256-K5EmZ4U+xItTR85+SCwhwg5KUGLkKHo9Nr2pkvmJpfo="; + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); + propagatedBuildInputs = [ srht pyyaml @@ -23,9 +37,13 @@ buildPythonPackage rec { preBuild = '' export PKGVER=${version} + export SRHT_PATH=${srht}/${python.sitePackages}/srht + ''; + + postInstall = '' + ln -s ${hubsrht-api}/bin/api $out/bin/hubsrht-api ''; - dontUseSetuptoolsCheck = true; pythonImportsCheck = [ "hubsrht" ]; meta = with lib; { diff --git a/pkgs/applications/version-management/sourcehut/lists.nix b/pkgs/applications/version-management/sourcehut/lists.nix index b875a46fcafac..24b56b9dd3c15 100644 --- a/pkgs/applications/version-management/sourcehut/lists.nix +++ b/pkgs/applications/version-management/sourcehut/lists.nix @@ -3,31 +3,30 @@ , buildGoModule , buildPythonPackage , srht -, asyncpg , aiosmtpd +, asyncpg , pygit2 , emailthreads -, redis , python , unzip }: buildPythonPackage rec { pname = "listssrht"; - version = "0.51.11"; + version = "0.57.8"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "lists.sr.ht"; rev = version; - sha256 = "sha256-Qb70oOazZfmHpC5r0oMYCFdvfAeKbq3mQA8+M56YYnY="; + sha256 = "sha256-nQZRSTAyTWxcPHrRVCZ5TgcrNgrlxBFc1vRds0cQwA0="; }; listssrht-api = buildGoModule ({ inherit src version; pname = "listssrht-api"; modRoot = "api"; - vendorHash = "sha256-xnmMkRSokbhWD+kz0XQ9AinYdm6/50FRBISURPvlzD0="; + vendorHash = "sha256-E5Zzft9ANJT/nhhCuenZpdo3t9QYLmA+AyDyrbGectE="; } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); postPatch = '' @@ -37,11 +36,11 @@ buildPythonPackage rec { propagatedBuildInputs = [ srht - pygit2 - asyncpg aiosmtpd + asyncpg + pygit2 + # Unofficial dependency emailthreads - redis ]; preBuild = '' diff --git a/pkgs/applications/version-management/sourcehut/man.nix b/pkgs/applications/version-management/sourcehut/man.nix index dadc508edd869..b01d739a06009 100644 --- a/pkgs/applications/version-management/sourcehut/man.nix +++ b/pkgs/applications/version-management/sourcehut/man.nix @@ -1,22 +1,35 @@ { lib , fetchFromSourcehut +, buildGoModule , buildPythonPackage , srht , pygit2 , python +, unzip }: buildPythonPackage rec { pname = "mansrht"; - version = "0.15.26"; + version = "0.16.1"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "man.sr.ht"; rev = version; - sha256 = "sha256-5xZH6DrTXMdWd26OGICp7lZ/QDjACIa7zNUJHB7jzGo="; + sha256 = "sha256-94G9/Kzt1gaQ2CaXtsJYCB6W5OTdn27XhVdpNJ9a5cE="; }; + postPatch = '' + substituteInPlace Makefile --replace "all: api" "" + ''; + + mansrht-api = buildGoModule ({ + inherit src version; + pname = "mansrht-api"; + modRoot = "api"; + vendorHash = "sha256-K5EmZ4U+xItTR85+SCwhwg5KUGLkKHo9Nr2pkvmJpfo="; + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); + propagatedBuildInputs = [ srht pygit2 @@ -27,6 +40,10 @@ buildPythonPackage rec { export SRHT_PATH=${srht}/${python.sitePackages}/srht ''; + postInstall = '' + ln -s ${mansrht-api}/bin/api $out/bin/mansrht-api + ''; + pythonImportsCheck = [ "mansrht" ]; meta = with lib; { diff --git a/pkgs/applications/version-management/sourcehut/meta.nix b/pkgs/applications/version-management/sourcehut/meta.nix index 205409bb4d945..28cab5852193c 100644 --- a/pkgs/applications/version-management/sourcehut/meta.nix +++ b/pkgs/applications/version-management/sourcehut/meta.nix @@ -2,38 +2,34 @@ , fetchFromSourcehut , buildPythonPackage , buildGoModule -, pgpy -, srht -, redis +, alembic , bcrypt +, dnspython , qrcode +, redis +, srht , stripe -, zxcvbn -, alembic -, pystache -, dnspython -, sshpubkeys -, weasyprint , prometheus-client +, zxcvbn , python , unzip }: let - version = "0.61.3"; + version = "0.64.8"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "meta.sr.ht"; rev = version; - hash = "sha256-wMcpdRSRvxYEV163mdTGOemk62gljua89SOtwe6qGXU="; + hash = "sha256-eiNvoy68PvjZ3iwdeNPjsXJjxAXb2PMF1/HvJquWa/U="; }; metasrht-api = buildGoModule ({ inherit src version; pname = "metasrht-api"; modRoot = "api"; - vendorHash = "sha256-ZoDRGmGe9o5pn89gJ60wjSp5Cc0yxRfvdhNnbwAhmSI="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); + vendorHash = "sha256-D3stDSb99uXze49kKZgGrAq5Zmg6hkIzIpsQKlnKVtE="; + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); in buildPythonPackage rec { @@ -46,19 +42,15 @@ buildPythonPackage rec { ''; propagatedBuildInputs = [ - pgpy - srht - redis + alembic bcrypt + dnspython qrcode + redis + srht stripe - zxcvbn - alembic - pystache - sshpubkeys - weasyprint prometheus-client - dnspython + zxcvbn ]; preBuild = '' diff --git a/pkgs/applications/version-management/sourcehut/pages.nix b/pkgs/applications/version-management/sourcehut/pages.nix index abcef1648fc44..ca608438687ba 100644 --- a/pkgs/applications/version-management/sourcehut/pages.nix +++ b/pkgs/applications/version-management/sourcehut/pages.nix @@ -6,13 +6,13 @@ buildGoModule (rec { pname = "pagessrht"; - version = "0.7.4"; + version = "0.13.0"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "pages.sr.ht"; rev = version; - sha256 = "sha256-WM9T2LS8yIqaR0PQQRgMk/tiMYcw8DZVPMqMWkj/5RY="; + sha256 = "sha256-vUN6c6cyhcLI8bKrFYKoxlBQ29VS/bowpSfBRmi47wg="; }; postPatch = '' @@ -20,7 +20,7 @@ buildGoModule (rec { --replace "all: server" "" ''; - vendorHash = "sha256-VOqY/nStqGyfWOXnJSZX8UYyp2kzcibQM2NRNysHYEc="; + vendorHash = "sha256-GKuHkUqSVBLN3k8YsFtxdmdHFkqKo9YZqDk2GBmbfWo="; postInstall = '' mkdir -p $out/share/sql/ @@ -35,4 +35,4 @@ buildGoModule (rec { }; # There is no ./loaders but this does not cause troubles # to go generate -} // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion= "0.17.9"; }) +} // import ./fix-gqlgen-trimpath.nix { inherit unzip; }) diff --git a/pkgs/applications/version-management/sourcehut/paste.nix b/pkgs/applications/version-management/sourcehut/paste.nix index 253ea8c0b9d67..d62ee38fc2335 100644 --- a/pkgs/applications/version-management/sourcehut/paste.nix +++ b/pkgs/applications/version-management/sourcehut/paste.nix @@ -8,13 +8,13 @@ buildPythonPackage rec { pname = "pastesrht"; - version = "0.13.8"; + version = "0.15.1"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "paste.sr.ht"; rev = version; - sha256 = "sha256-Zji9FyYUtsklYz4qyLbtduusteC7WujLCMmvZKcqYis="; + sha256 = "sha256-IUFX7/V8AWqN+iuisLAyu7lMNIUCzSMoOfcZiYJTnrM="; }; postPatch = '' diff --git a/pkgs/applications/version-management/sourcehut/scm.nix b/pkgs/applications/version-management/sourcehut/scm.nix index 1edc951cbed8b..810f3007c2537 100644 --- a/pkgs/applications/version-management/sourcehut/scm.nix +++ b/pkgs/applications/version-management/sourcehut/scm.nix @@ -2,25 +2,23 @@ , fetchFromSourcehut , buildPythonPackage , srht -, redis , pyyaml , buildsrht }: buildPythonPackage rec { pname = "scmsrht"; - version = "0.22.22"; + version = "0.22.23"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "scm.sr.ht"; rev = version; - sha256 = "sha256-iSzzyI8HZOpOb4dyt520MV/wds14fNag2+UOF09KS7w="; + sha256 = "sha256-058dOEYJDY3jtxH1VkV1CFq5CZTkauSnTWg57DCnNtw="; }; propagatedBuildInputs = [ srht - redis pyyaml buildsrht ]; diff --git a/pkgs/applications/version-management/sourcehut/todo.nix b/pkgs/applications/version-management/sourcehut/todo.nix index 6b00d3793d93b..0a5cefc130d5c 100644 --- a/pkgs/applications/version-management/sourcehut/todo.nix +++ b/pkgs/applications/version-management/sourcehut/todo.nix @@ -3,9 +3,7 @@ , buildGoModule , buildPythonPackage , srht -, redis , alembic -, pystache , pytest , factory-boy , python @@ -14,13 +12,13 @@ buildPythonPackage rec { pname = "todosrht"; - version = "0.72.2"; + version = "0.74.6"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "todo.sr.ht"; rev = version; - sha256 = "sha256-FLjVO8Y/9s2gFfMXwcY7Rj3WNzPEBYs1AEjiVZFWsT8="; + sha256 = "sha256-j12pCGfKf6+9R8NOBIrH2V4OuSMuncU6S1AMWFVoHts="; }; postPatch = '' @@ -32,14 +30,12 @@ buildPythonPackage rec { inherit src version; pname = "todosrht-api"; modRoot = "api"; - vendorHash = "sha256-LB1H4jwnvoEyaaYJ09NI/M6IkgZwRet/fkso6b9EPV0="; + vendorHash = "sha256-rvfG5F6ez8UM0dYVhKfzwtb7ZEJlaKMBAfKDbo3Aofc="; } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); propagatedBuildInputs = [ srht - redis alembic - pystache ]; preBuild = '' diff --git a/pkgs/applications/version-management/sourcehut/update.sh b/pkgs/applications/version-management/sourcehut/update.sh index 54727e0317cb9..e9efc0816eb13 100755 --- a/pkgs/applications/version-management/sourcehut/update.sh +++ b/pkgs/applications/version-management/sourcehut/update.sh @@ -7,16 +7,26 @@ root=../../../.. tmp=$(mktemp -d) trap 'rm -rf "$tmp"' EXIT +attr_path() { + case "$1" in + pagessrht) printf "sourcehut.$1";; + *) printf "sourcehut.python.pkgs.$1";; + esac +} + default() { - (cd "$root" && nix-instantiate --eval --strict -A "sourcehut.python.pkgs.$1.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/') + local p="$(attr_path "$1")" + (cd "$root" && nix-instantiate --eval --strict -A $p.meta.position | sed -re 's/^"(.*):[0-9]+"$/\1/') } version() { - (cd "$root" && nix-instantiate --eval --strict -A "sourcehut.python.pkgs.$1.version" | tr -d '"') + local p="$(attr_path "$1")" + (cd "$root" && nix-instantiate --eval --strict -A $p.version | tr -d '"') } src_url() { - nix-instantiate --eval --strict --expr " with import $root {}; let src = sourcehut.python.pkgs.$1.drvAttrs.src; in src.meta.homepage" | tr -d '"' + local p="$(attr_path "$1")" + nix-instantiate --eval --strict --expr " with import $root {}; let src = $p.drvAttrs.src; in src.meta.homepage" | tr -d '"' } get_latest_version() { @@ -35,8 +45,9 @@ update_version() { default_nix="$(default "$1")" oldVersion="$(version "$1")" version="$(get_latest_version "$1")" + local p="$(attr_path "$1")" - (cd "$root" && update-source-version "sourcehut.python.pkgs.$1" "$version") + (cd "$root" && update-source-version "$p" "$version") # Update vendorHash of Go modules retry=true