From 05ba8482d50ee02d214e4f4d8376adbc80eb6540 Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm@sourcephile.fr>
Date: Sat, 1 Feb 2020 02:29:41 +0100
Subject: [PATCH] nix: add patches to nixpkgs
---
nixos/modules.nix | 8 +-
.../modules/services/networking/shorewall.nix | 75 ----------
.../services/networking/shorewall6.nix | 75 ----------
overlays.nix | 6 +-
.../dovecot/plugins/fts_xapian/default.nix | 33 -----
pkgs/tools/networking/shorewall/default.nix | 131 ------------------
shell.nix | 29 ++--
7 files changed, 24 insertions(+), 333 deletions(-)
delete mode 100644 nixos/modules/services/networking/shorewall.nix
delete mode 100644 nixos/modules/services/networking/shorewall6.nix
delete mode 100644 pkgs/servers/mail/dovecot/plugins/fts_xapian/default.nix
delete mode 100644 pkgs/tools/networking/shorewall/default.nix
diff --git a/nixos/modules.nix b/nixos/modules.nix
index d683d0d..e11a2b4 100644
--- a/nixos/modules.nix
+++ b/nixos/modules.nix
@@ -1,15 +1,13 @@
{ pkgs, lib, config, ... }:
# NOTE: list explicitely the modules loaded by defaults.nix,
# its clearer, safer and more flexible if not quicker.
-{ imports = [
+{
+imports = [
modules/services/mail/dovecot.nix
modules/services/mail/postfix.nix
modules/services/networking/domains.nix
- modules/services/networking/shorewall.nix
- modules/services/networking/shorewall6.nix
- modules/services/networking/shorewall6.nix
modules/services/databases/openldap.nix
- ];
+];
}
/*
diff --git a/nixos/modules/services/networking/shorewall.nix b/nixos/modules/services/networking/shorewall.nix
deleted file mode 100644
index 0f94d41..0000000
--- a/nixos/modules/services/networking/shorewall.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- types = lib.types;
- cfg = config.services.shorewall;
-in {
- options = {
- services.shorewall = {
- enable = lib.mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to enable Shorewall IPv4 Firewall.
- <warning>
- <para>
- Enabling this service WILL disable the existing NixOS
- firewall! Default firewall rules provided by packages are not
- considered at the moment.
- </para>
- </warning>
- '';
- };
- package = lib.mkOption {
- type = types.package;
- default = pkgs.shorewall;
- defaultText = "pkgs.shorewall";
- description = "The shorewall package to use.";
- };
- configs = lib.mkOption {
- type = types.attrsOf types.str;
- default = {};
- description = ''
- This option defines the Shorewall configs.
- The attribute name defines the name of the config,
- and the attribute value defines the content of the config.
- '';
- apply = lib.mapAttrs (name: text: pkgs.writeText "${name}" text);
- };
- };
- };
-
- config = lib.mkIf cfg.enable {
- systemd.services.firewall.enable = false;
- systemd.services.shorewall = {
- description = "Shorewall IPv4 Firewall";
- after = [ "ipset.target" ];
- before = [ "network-pre.target" ];
- wants = [ "network-pre.target" ];
- wantedBy = [ "multi-user.target" ];
- reloadIfChanged = true;
- restartTriggers = lib.attrValues cfg.configs;
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = "yes";
- ExecStart = "${cfg.package}/bin/shorewall start";
- ExecReload = "${cfg.package}/bin/shorewall reload";
- ExecStop = "${cfg.package}/bin/shorewall stop";
- };
- preStart = ''
- install -D -d -m 750 /var/lib/shorewall
- install -D -d -m 755 /var/lock/subsys
- touch /var/log/shorewall.log
- chown 750 /var/log/shorewall.log
- '';
- };
- environment = {
- etc = lib.mapAttrsToList
- (name: file:
- { source = file;
- target = "shorewall/${name}";
- })
- cfg.configs;
- systemPackages = [ cfg.package ];
- };
- };
-}
diff --git a/nixos/modules/services/networking/shorewall6.nix b/nixos/modules/services/networking/shorewall6.nix
deleted file mode 100644
index 9c22a03..0000000
--- a/nixos/modules/services/networking/shorewall6.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- types = lib.types;
- cfg = config.services.shorewall6;
-in {
- options = {
- services.shorewall6 = {
- enable = lib.mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to enable Shorewall IPv6 Firewall.
- <warning>
- <para>
- Enabling this service WILL disable the existing NixOS
- firewall! Default firewall rules provided by packages are not
- considered at the moment.
- </para>
- </warning>
- '';
- };
- package = lib.mkOption {
- type = types.package;
- default = pkgs.shorewall;
- defaultText = "pkgs.shorewall";
- description = "The shorewall package to use.";
- };
- configs = lib.mkOption {
- type = types.attrsOf types.str;
- default = {};
- description = ''
- This option defines the Shorewall configs.
- The attribute name defines the name of the config,
- and the attribute value defines the content of the config.
- '';
- apply = lib.mapAttrs (name: text: pkgs.writeText "${name}" text);
- };
- };
- };
-
- config = lib.mkIf cfg.enable {
- systemd.services.firewall.enable = false;
- systemd.services.shorewall6 = {
- description = "Shorewall IPv6 Firewall";
- after = [ "ipset.target" ];
- before = [ "network-pre.target" ];
- wants = [ "network-pre.target" ];
- wantedBy = [ "multi-user.target" ];
- reloadIfChanged = true;
- restartTriggers = lib.attrValues cfg.configs;
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = "yes";
- ExecStart = "${cfg.package}/bin/shorewall6 start";
- ExecReload = "${cfg.package}/bin/shorewall6 reload";
- ExecStop = "${cfg.package}/bin/shorewall6 stop";
- };
- preStart = ''
- install -D -d -m 750 /var/lib/shorewall6
- install -D -d -m 755 /var/lock/subsys
- touch /var/log/shorewall6.log
- chown 750 /var/log/shorewall6.log
- '';
- };
- environment = {
- etc = lib.mapAttrsToList
- (name: file:
- { source = file;
- target = "shorewall6/${name}";
- })
- cfg.configs;
- systemPackages = [ cfg.package ];
- };
- };
-}
diff --git a/overlays.nix b/overlays.nix
index b7e4675..7abbe7c 100644
--- a/overlays.nix
+++ b/overlays.nix
@@ -4,8 +4,6 @@ map import
overlays/servers/dns/nsd.nix
#overlays/users-init.nix
] ++
-[ (self: super: { shorewall = super.callPackage pkgs/tools/networking/shorewall {}; })
- (self: super: { smartctl-tbw = super.callPackage pkgs/tools/system/smartmontools/smartctl-tbw {}; })
- (self: super: { swaplist = super.callPackage pkgs/tools/system/swaplist {}; })
- (self: super: { dovecot_fts_xapian = super.callPackage pkgs/servers/mail/dovecot/plugins/fts_xapian {}; })
+[ (self: super: { smartctl-tbw = super.callPackage pkgs/tools/system/smartmontools/smartctl-tbw {}; })
+ (self: super: { swaplist = super.callPackage pkgs/tools/system/swaplist {}; })
]
diff --git a/pkgs/servers/mail/dovecot/plugins/fts_xapian/default.nix b/pkgs/servers/mail/dovecot/plugins/fts_xapian/default.nix
deleted file mode 100644
index 70e9858..0000000
--- a/pkgs/servers/mail/dovecot/plugins/fts_xapian/default.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ stdenv, fetchFromGitHub, autoconf, automake, pkg-config, dovecot, libtool, xapian, icu64 }:
-stdenv.mkDerivation {
- pname = "fts-xapian";
- version = "1.2.7";
-
- src = fetchFromGitHub {
- owner = "grosjo";
- repo = "fts-xapian";
- rev = "f433203e37c84154ca2da6fad435c32242caa98a";
- sha256 = "0w40icjfvd4pbip16492kf75f83rnjhh6axyh4fmzmsjpzhqgybd";
- };
-
- buildInputs = [ dovecot autoconf automake libtool pkg-config xapian icu64 ];
-
- preConfigure = ''
- export PANDOC=false
- autoreconf -vi
- '';
-
- configureFlags = [
- "--with-dovecot=${dovecot}/lib/dovecot"
- "--without-dovecot-install-dirs"
- "--with-moduledir=$(out)/lib/dovecot"
- ];
-
- meta = with stdenv.lib; {
- homepage = https://github.com/grosjo/fts-xapian;
- description = "Dovecot FTS plugin based on Xapian";
- license = licenses.lgpl21;
- maintainers = with maintainers; [ ];
- platforms = platforms.unix;
- };
-}
diff --git a/pkgs/tools/networking/shorewall/default.nix b/pkgs/tools/networking/shorewall/default.nix
deleted file mode 100644
index 2fc5cb7..0000000
--- a/pkgs/tools/networking/shorewall/default.nix
+++ /dev/null
@@ -1,131 +0,0 @@
-{ coreutils
-, ebtables
-, fetchurl
-, gnugrep
-, gnused
-, iproute
-, ipset
-, iptables
-, perl
-, perlPackages
-, stdenv
-, tree
-, utillinux
-}:
-let
- PATH = stdenv.lib.concatStringsSep ":"
- [ "${coreutils}/bin"
- "${iproute}/bin"
- "${iptables}/bin"
- "${ipset}/bin"
- "${ebtables}/bin"
- "${utillinux}/bin"
- "${gnugrep}/bin"
- "${gnused}/bin"
- ];
-in
-stdenv.mkDerivation rec {
- baseName = "shorewall";
- version = "5.2.3.3";
- name = "${baseName}-${version}";
-
- srcs = [
- (fetchurl {
- url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-core-${version}.tar.bz2";
- sha256 = "1gg2yfxzm3y9qqjrrg5nq2ggi1c6yfxx0s7fvwjw70b185mwa5p5";
- })
- (fetchurl {
- url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-${version}.tar.bz2";
- sha256 = "1ka70pa3s0cnvc83rlm57r05cdv9idnxnq0vmxi6nr7razak5f3b";
- })
- (fetchurl {
- url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall6-${version}.tar.bz2";
- sha256 = "0mhs4m6agwk082h1n69gnyfsjpycdd8215r4r9rzb3czs5xi087n";
- })
- ];
- sourceRoot = ".";
-
- buildInputs = [
- coreutils
- iproute
- ipset
- iptables
- ebtables
- utillinux
- gnugrep
- gnused
- perl
- ] ++ (with perlPackages; [
- DigestSHA1
- ]);
- prePatch = ''
- # Patch configure and install.sh files
- patchShebangs .
-
- # Remove hardcoded PATH
- sed -i shorewall-core-${version}/lib.cli \
- -e '/^ *PATH=.*/d'
- '';
- configurePhase = ''
- shorewall-core-${version}/configure \
- HOST=linux \
- PREFIX=$out \
- CONFDIR=\$PREFIX/etc-example \
- SBINDIR=\$PREFIX/sbin \
- SYSCONFDIR= \
- SHAREDIR=\$PREFIX/share \
- LIBEXECDIR=\$SHAREDIR \
- PERLLIBDIR=\$SHAREDIR/shorewall \
- MANDIR=$out/man \
- VARLIB=/var/lib \
- INITSOURCE= \
- INITDIR= \
- INITFILE= \
- DEFAULT_PAGER=
- '';
- installPhase = ''
- export DESTDIR=/
- shorewall-core-${version}/install.sh
-
- ln -s ../shorewall-core-${version}/shorewallrc shorewall-${version}/
- shorewall-${version}/install.sh
-
- ln -s ../shorewall-core-${version}/shorewallrc shorewall6-${version}/
- shorewall6-${version}/install.sh
-
- # Patch the example shorewall{,6}.conf in case it is included
- # in services.shorewall{,6}.configs
- sed -i $out/etc-example/shorewall/shorewall.conf \
- $out/etc-example/shorewall6/shorewall6.conf \
- -e 's|^LOGFILE=.*|LOGFILE=/var/log/shorewall.log|' \
- -e 's|^PATH=.*|PATH=${PATH}|' \
- -e 's|^PERL=.*|PERL=${perl}/bin/perl|' \
- -e 's|^SHOREWALL_SHELL=.*|SHOREWALL_SHELL=${stdenv.shell}|'
- sed -i $out/etc-example/shorewall6/shorewall6.conf \
- -e 's|^CONFIG_PATH=.*|CONFIG_PATH=:''${CONFDIR}/shorewall6:''${SHAREDIR}/shorewall6:''${SHAREDIR}/shorewall|'
- # FIXME: the default GEOIPDIR=/usr/share/xt_geoip/LE may require attention.
-
- # Redirect CONFDIR to /etc where services.shorewall{,6}.configs
- # will generate the config files.
- sed -i $out/share/shorewall/shorewallrc \
- -e 's~^CONFDIR=.*~CONFDIR=/etc~'
- '';
-
- meta = {
- homepage = http://www.shorewall.net/;
- description = "An IPv4 gateway/firewall configuration tool for GNU/Linux";
- longDescription = ''
- Shorewall is a high-level tool for configuring Netfilter. You describe your
- firewall/gateway requirements using entries in a set of configuration
- files. Shorewall reads those configuration files and with the help of the
- iptables, iptables-restore, ip and tc utilities, Shorewall configures
- Netfilter and the Linux networking subsystem to match your requirements.
- Shorewall can be used on a dedicated firewall system, a multi-function
- gateway/router/server or on a standalone GNU/Linux system. Shorewall does
- not use Netfilter's ipchains compatibility mode and can thus take
- advantage of Netfilter's connection state tracking capabilities.
- '';
- license = stdenv.lib.licenses.gpl2Plus;
- platforms = stdenv.lib.platforms.linux;
- };
-}
diff --git a/shell.nix b/shell.nix
index 8bcea8f..0faae93 100644
--- a/shell.nix
+++ b/shell.nix
@@ -4,21 +4,30 @@ let
config = {}; # Make the config pure, ignoring user's config.
overlays = [];
};
-
+ nixpkgsPatches = [
+ { meta.description = "nsd : use types.lines where appropriate";
+ url = "https://github.com/NixOS/nixpkgs/pull/78968.diff";
+ sha256 = "11bqq1g1ax6i7xghihyhklmqpsq3njalardp6nvzphkjgxrypb47";
+ }
+ { meta.description = "shorewall: init at 5.2.3.3";
+ url = "https://github.com/NixOS/nixpkgs/pull/46131.diff";
+ sha256 = "0mfzlcr23ni5spnwksmmls50sw10alqbr5j6hjrwp9i30z0419yx";
+ }
+ { meta.description = "Dovecot plugin for Full Text Search (FTS) with Xapian";
+ url = "https://github.com/NixOS/nixpkgs/pull/78780.diff";
+ sha256 = "053md69ryybj27cp0xdfrza48zyzpblk6wvb2m2dbs9hm0gmcwc4";
+ }
+ ];
nixpkgs = originPkgs.stdenv.mkDerivation {
name = "nixpkgs-patched";
src = originNixpkgs;
phases = [ "unpackPhase" "patchPhase" ];
- patches = map originPkgs.fetchpatch [
- { meta.description = "nsd : use types.lines where appropriate";
- url = "https://github.com/NixOS/nixpkgs/pull/78968.diff";
- sha256 = "11bqq1g1ax6i7xghihyhklmqpsq3njalardp6nvzphkjgxrypb47";
- }
- ];
+ patches = map originPkgs.fetchpatch nixpkgsPatches;
postPatch = ''
- mkdir $out && cp -r * $out/
- echo "19.09" > $out/.version
- echo "19.09pre-git.custom" > $out/.version-suffix
+ patch=$(printf '%s\n' ${builtins.concatStringsSep " " (map (p: p.sha256) nixpkgsPatches)} |
+ sort | sha256sum | cut -c -7)
+ mv $PWD $out
+ echo "+patch-$patch" >$out/.version-suffix
'';
};
pkgs = import nixpkgs {
--
2.47.2