From 1a096320a6eb080ba15a5de4b869d0bb4a063dc2 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Sat, 18 Sep 2021 18:06:13 +0200 Subject: [PATCH 01/16] nix: update nixpkgs --- flake.lock | 8 +- flake.nix | 2 +- hosts/losurdo/networking/nsupdate.nix | 6 +- .../nginx/sourcephile.fr/nix-serve.nix | 8 +- nixos/modules/services/networking/upnpc.nix | 8 +- nixpkgs/patches/sourcehut.diff | 1408 ++++++++++++++--- 6 files changed, 1216 insertions(+), 224 deletions(-) diff --git a/flake.lock b/flake.lock index e6b7625..f128490 100644 --- a/flake.lock +++ b/flake.lock @@ -252,17 +252,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1630081448, - "narHash": "sha256-Uwe8E3D+ye/Cu9XArMCsW4PKETJU1JJgAVdHvslbdhM=", + "lastModified": 1631451570, + "narHash": "sha256-71d3TwgU4Y86iiZZj0LXgWJiy31ZyoYfgPp9DjIb5YI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2114075986ac3653d5a83e1c693b84d7197e7176", + "rev": "bc3bca822a32fbbc73a9d55394991cef92dba3b9", "type": "github" }, "original": { "owner": "NixOS", "repo": "nixpkgs", - "rev": "2114075986ac3653d5a83e1c693b84d7197e7176", + "rev": "bc3bca822a32fbbc73a9d55394991cef92dba3b9", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 2fb8d08..da0160b 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { # Pin down nixpkgs from github, instead of using global, system or user registries. -inputs.nixpkgs.url = "github:NixOS/nixpkgs/2114075986ac3653d5a83e1c693b84d7197e7176"; +inputs.nixpkgs.url = "github:NixOS/nixpkgs/bc3bca822a32fbbc73a9d55394991cef92dba3b9"; #inputs.nixpkgs.url = "flake:nixpkgs"; inputs.flake-utils.url = "github:numtide/flake-utils"; inputs.home-manager.follows = "julm-nix/home-manager"; diff --git a/hosts/losurdo/networking/nsupdate.nix b/hosts/losurdo/networking/nsupdate.nix index b0d2b4e..f23de49 100644 --- a/hosts/losurdo/networking/nsupdate.nix +++ b/hosts/losurdo/networking/nsupdate.nix @@ -43,7 +43,11 @@ systemd.services.nsupdate = { User = users."nsupdate".name; }; }; -users.users."nsupdate".isSystemUser = true; +users.users."nsupdate" = { + isSystemUser = true; + group = groups."nsupdate".name; +}; +users.groups."nsupdate" = {}; users.groups."keys".members = [users."nsupdate".name]; security.gnupg.secrets."knot/tsig/${domain}/bureau1.key" = { user = users."nsupdate".name; diff --git a/hosts/losurdo/nginx/sourcephile.fr/nix-serve.nix b/hosts/losurdo/nginx/sourcephile.fr/nix-serve.nix index 29ac7a2..09fefe6 100644 --- a/hosts/losurdo/nginx/sourcephile.fr/nix-serve.nix +++ b/hosts/losurdo/nginx/sourcephile.fr/nix-serve.nix @@ -9,8 +9,12 @@ let in { nix.trustedUsers = [ users."nix-serve".name ]; -users.users."nix-serve".isSystemUser = true; -users.users."nix-serve".extraGroups = [ groups."keys".name ]; +users.users."nix-serve" = { + isSystemUser = true; + group = groups."nix-serve".name; + extraGroups = [ groups."keys".name ]; +}; +users.groups."nix-serve" = {}; security.gnupg.secrets."nix/binary-cache-key/1" = { user = users."nix-serve".name; systemdConfig = { diff --git a/nixos/modules/services/networking/upnpc.nix b/nixos/modules/services/networking/upnpc.nix index abe9e20..e6d4919 100644 --- a/nixos/modules/services/networking/upnpc.nix +++ b/nixos/modules/services/networking/upnpc.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: with lib; let - inherit (config.users) users; + inherit (config.users) users groups; cfg = config.services.upnpc; getInfo = '' while IFS=: read -r k v; do @@ -117,7 +117,11 @@ config = { ) cfg.redirections); # This enables to match on the uid in the firewall. - users.users."upnpc".isSystemUser = true; + users.users."upnpc" = { + isSystemUser = true; + group = groups."upnpc".name; + }; + users.groups."upnpc" = {}; }; meta.maintainers = with maintainers; [ julm ]; } diff --git a/nixpkgs/patches/sourcehut.diff b/nixpkgs/patches/sourcehut.diff index d145141..35091e8 100644 --- a/nixpkgs/patches/sourcehut.diff +++ b/nixpkgs/patches/sourcehut.diff @@ -12,7 +12,7 @@ index 18d19fddaca..304698a51ad 100644 diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix -index 8873f6d00e0..e14bb89c75c 100644 +index 1b9358c81a1..b6ff355f58b 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -5,17 +5,18 @@ with lib; @@ -374,7 +374,7 @@ index 8873f6d00e0..e14bb89c75c 100644 }; + config.settings = mkMerge [ + { -+ port = config.port; ++ port = if config.bind == null then 0 else config.port; + daemonize = false; + supervised = "systemd"; + loglevel = config.logLevel; @@ -474,7 +474,7 @@ index 8873f6d00e0..e14bb89c75c 100644 }; }; -@@ -230,77 +290,60 @@ in { +@@ -230,78 +290,60 @@ in { ###### implementation @@ -506,6 +506,7 @@ index 8873f6d00e0..e14bb89c75c 100644 - - users.users.redis = { - description = "Redis database user"; +- group = "redis"; - isSystemUser = true; - }; - users.groups.redis = {}; @@ -589,7 +590,7 @@ index 8873f6d00e0..e14bb89c75c 100644 StateDirectoryMode = "0700"; # Access write directories UMask = "0077"; -@@ -309,7 +352,7 @@ in { +@@ -310,7 +352,7 @@ in { # Security NoNewPrivileges = true; # Process Properties @@ -598,7 +599,7 @@ index 8873f6d00e0..e14bb89c75c 100644 # Sandboxing ProtectSystem = "strict"; ProtectHome = true; -@@ -322,7 +365,9 @@ in { +@@ -323,7 +365,9 @@ in { ProtectKernelModules = true; ProtectKernelTunables = true; ProtectControlGroups = true; @@ -609,7 +610,7 @@ index 8873f6d00e0..e14bb89c75c 100644 RestrictNamespaces = true; LockPersonality = true; MemoryDenyWriteExecute = true; -@@ -333,6 +378,7 @@ in { +@@ -334,6 +378,7 @@ in { SystemCallArchitectures = "native"; SystemCallFilter = "~@cpu-emulation @debug @keyring @memlock @mount @obsolete @privileged @resources @setuid"; }; @@ -859,7 +860,7 @@ index e446f08284f..00000000000 - }; -} diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix -index 9c812d6b043..c6c70e6ae2b 100644 +index 9c812d6b043..6cea2ce6490 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -1,14 +1,90 @@ @@ -1044,7 +1045,7 @@ index 9c812d6b043..c6c70e6ae2b 100644 }; python = mkOption { -@@ -94,105 +138,1222 @@ in +@@ -94,105 +138,1212 @@ in ''; }; @@ -1239,7 +1240,7 @@ index 9c812d6b043..c6c70e6ae2b 100644 + redis = mkOption { + description = "The Redis connection used for the Celery worker."; + type = types.str; -+ default = "unix+socket:/run/redis-sourcehut-buildsrht/redis.sock?virtual_host=2"; ++ default = "redis+socket:///run/redis-sourcehut-buildsrht/redis.sock?virtual_host=2"; + }; + shell = mkOption { + description = '' @@ -1301,8 +1302,9 @@ index 9c812d6b043..c6c70e6ae2b 100644 + # Git hooks are run relative to their repository's directory, + # but gitsrht-update-hook looks up ../config.ini + apply = p: pkgs.writeShellScript "update-hook-wrapper" '' ++ set -e + test -e "''${PWD%/*}"/config.ini || -+ ln -s ${users."sshsrht".home}/../config.ini "''${PWD%/*}"/config.ini ++ ln -s /run/sourcehut/gitsrht/config.ini "''${PWD%/*}"/config.ini + exec -a "$0" '${p}' "$@" + ''; + }; @@ -1318,7 +1320,7 @@ index 9c812d6b043..c6c70e6ae2b 100644 + webhooks = mkOption { + description = "The Redis connection used for the webhooks worker."; + type = types.str; -+ default = "unix+socket:/run/redis-sourcehut-gitsrht/redis.sock?virtual_host=1"; ++ default = "redis+socket:///run/redis-sourcehut-gitsrht/redis.sock?virtual_host=1"; + }; + }; + options."git.sr.ht::api" = { @@ -1346,8 +1348,9 @@ index 9c812d6b043..c6c70e6ae2b 100644 + # Mercurial's changegroup hooks are run relative to their repository's directory, + # but hgsrht-hook-changegroup looks up ./config.ini + apply = p: pkgs.writeShellScript "hook-changegroup-wrapper" '' ++ set -e + test -e "''$PWD"/config.ini || -+ ln -s ${users."sshsrht".home}/../config.ini "''$PWD"/config.ini ++ ln -s /run/sourcehut/hgsrht/config.ini "''$PWD"/config.ini + exec -a "$0" '${p}' "$@" + ''; + }; @@ -1378,7 +1381,7 @@ index 9c812d6b043..c6c70e6ae2b 100644 + webhooks = mkOption { + description = "The Redis connection used for the webhooks worker."; + type = types.str; -+ default = "unix+socket:/run/redis-sourcehut-hgsrht/redis.sock?virtual_host=1"; ++ default = "redis+socket:///run/redis-sourcehut-hgsrht/redis.sock?virtual_host=1"; + }; + }; + @@ -1400,12 +1403,12 @@ index 9c812d6b043..c6c70e6ae2b 100644 + redis = mkOption { + description = "The Redis connection used for the Celery worker."; + type = types.str; -+ default = "unix+socket:/run/redis-sourcehut-listssrht/redis.sock?virtual_host=2"; ++ default = "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=2"; + }; + webhooks = mkOption { + description = "The Redis connection used for the webhooks worker."; + type = types.str; -+ default = "unix+socket:/run/redis-sourcehut-listssrht/redis.sock?virtual_host=1"; ++ default = "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=1"; + }; + }; + options."lists.sr.ht::worker" = { @@ -1458,7 +1461,7 @@ index 9c812d6b043..c6c70e6ae2b 100644 + webhooks = mkOption { + description = "The Redis connection used for the webhooks worker."; + type = types.str; -+ default = "unix+socket:/run/redis-sourcehut-metasrht/redis.sock?virtual_host=1"; ++ default = "redis+socket:///run/redis-sourcehut-metasrht/redis.sock?virtual_host=1"; + }; + welcome-emails = mkEnableOption "sending stock sourcehut welcome emails after signup"; + }; @@ -1555,7 +1558,7 @@ index 9c812d6b043..c6c70e6ae2b 100644 + webhooks = mkOption { + description = "The Redis connection used for the webhooks worker."; + type = types.str; -+ default = "unix+socket:/run/redis-sourcehut-todosrht/redis.sock?virtual_host=1"; ++ default = "redis+socket:///run/redis-sourcehut-todosrht/redis.sock?virtual_host=1"; + }; + }; + options."todo.sr.ht::mail" = { @@ -1779,41 +1782,36 @@ index 9c812d6b043..c6c70e6ae2b 100644 + }) + (mkIf (cfg.builds.enable || cfg.git.enable || cfg.hg.enable) { + services.openssh = { -+ # Note that sshd will continue to honor AuthorizedKeysFile -+ # sshsrht-dispatch needs to read ${users."sshsrht".home}/../config.ini, ++ # Note that sshd will continue to honor AuthorizedKeysFile. + # Note that you may want automatically rotate + # or link to /dev/null the following log files: + # - /var/log/gitsrht-dispatch + # - /var/log/{build,git,hg}srht-keys + # - /var/log/{git,hg}srht-shell + # - /var/log/gitsrht-update-hook -+ authorizedKeysCommand = ''/etc/ssh/srht-dispatch "%u" "%h" "%t" "%k"''; ++ authorizedKeysCommand = ''/etc/ssh/sourcehut/subdir/srht-dispatch "%u" "%h" "%t" "%k"''; + # srht-dispatch will setuid/setgid according to [git.sr.ht::dispatch] + authorizedKeysCommandUser = "root"; + extraConfig = '' + PermitUserEnvironment SRHT_* + ''; + }; -+ environment.etc."ssh/srht-dispatch" = { ++ environment.etc."ssh/sourcehut/config.ini".source = ++ settingsFormat.generate "sourcehut-dispatch-config.ini" ++ (filterAttrs (k: v: k == "git.sr.ht::dispatch") ++ cfg.settings); ++ environment.etc."ssh/sourcehut/subdir/srht-dispatch" = { + # sshd_config(5): The program must be owned by root, not writable by group or others + mode = "0755"; + source = pkgs.writeShellScript "srht-dispatch" '' + set -e -+ cd ${users."sshsrht".home} ++ cd /etc/ssh/sourcehut/subdir + ${cfg.python}/bin/gitsrht-dispatch "$@" + ''; + }; -+ systemd.services.sshd = let -+ # TODO: use a filtered config.ini containing only [git.sr.ht::dispatch] -+ configIni = settingsFormat.generate "sourcehut-dispatch-config.ini" -+ # Each service needs access to only a subset of sections (and secrets). -+ (filterAttrs (k: v: k == "git.sr.ht::dispatch") -+ cfg.settings); -+ in { ++ systemd.services.sshd = { + #path = optional cfg.git.enable [ cfg.git.package ]; -+ restartTriggers = [ configIni ]; + serviceConfig = { -+ RuntimeDirectory = [ "sourcehut/sshsrht/subdir" ]; + BindReadOnlyPaths = + # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht, + # for instance to get the user from the [git.sr.ht::dispatch] settings. @@ -1821,51 +1819,47 @@ index 9c812d6b043..c6c70e6ae2b 100644 + # - access a redis-server in [sr.ht] redis-host, + # - access the PostgreSQL server in [*.sr.ht] connection-string, + # - query metasrht-api (through the HTTP API). ++ # Using this has the side effect of creating empty files in /usr/bin/ + optionals cfg.builds.enable [ + "${pkgs.writeShellScript "buildsrht-keys-wrapper" '' + set -ex + cd /run/sourcehut/buildsrht/subdir -+ exec ${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys "$@" ++ exec -a "$0" ${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys "$@" + ''}:/usr/bin/buildsrht-keys" + "${pkgs.sourcehut.buildsrht}/bin/master-shell:/usr/bin/master-shell" + "${pkgs.sourcehut.buildsrht}/bin/runner-shell:/usr/bin/runner-shell" + ] ++ + optionals cfg.git.enable [ ++ # /path/to/gitsrht-keys calls /path/to/gitsrht-shell, ++ # or [git.sr.ht] shell= if set. + "${pkgs.writeShellScript "gitsrht-keys-wrapper" '' + set -ex + cd /run/sourcehut/gitsrht/subdir -+ exec ${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys "$@" ++ exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys "$@" + ''}:/usr/bin/gitsrht-keys" -+ "${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell:/usr/bin/gitsrht-shell" ++ "${pkgs.writeShellScript "gitsrht-shell-wrapper" '' ++ set -e ++ cd /run/sourcehut/gitsrht/subdir ++ exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell "$@" ++ ''}:/usr/bin/gitsrht-shell" + ] ++ + optionals cfg.hg.enable [ ++ # /path/to/hgsrht-keys calls /path/to/hgsrht-shell, ++ # or [hg.sr.ht] shell= if set. + "${pkgs.writeShellScript "hgsrht-keys-wrapper" '' + set -ex + cd /run/sourcehut/hgsrht/subdir -+ exec ${pkgs.sourcehut.hgsrht}/bin/hgsrht-keys "$@" ++ exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-keys "$@" + ''}:/usr/bin/hgsrht-keys" -+ "${pkgs.sourcehut.hgsrht}/bin/hgsrht-shell:/usr/bin/hgsrht-shell" ++ ":/usr/bin/hgsrht-shell" ++ "${pkgs.writeShellScript "hgsrht-shell-wrapper" '' ++ set -e ++ cd /run/sourcehut/hgsrht/subdir ++ exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-shell "$@" ++ ''}:/usr/bin/hgsrht-shell" + ]; -+ ExecStartPre = mkBefore [("+"+pkgs.writeShellScript "sshsrht-credentials" '' -+ # Replace values begining with a '<' by the content of the file whose name is after. -+ ${pkgs.gawk}/bin/gawk '{ if (match($0,/^([^=]+=)<(.+)/,m)) { getline f < m[2]; print m[1] f } else print $0 }' ${configIni} | -+ install -o ${users."sshsrht".name} -g ${groups."sshsrht".name} -m 440 \ -+ /dev/stdin ${users."sshsrht".home}/../config.ini -+ '')]; + }; + }; -+ users = { -+ users."sshsrht" = { -+ isSystemUser = true; -+ # srht-dispatch, *srht-keys, and *srht-shell -+ # look up in ../config.ini from this directory; -+ # that config.ini being set in *srht.service's ExecStartPre= -+ home = "/run/sourcehut/sshsrht/subdir"; -+ group = groups.nogroup.name; -+ description = "sourcehut user for sshd's AuthorizedKeysCommandUser"; -+ }; -+ groups."sshsrht" = {}; -+ }; + }) + ]); + @@ -1931,11 +1925,7 @@ index 9c812d6b043..c6c70e6ae2b 100644 + ''; + in mkMerge [ + { -+ users.users.${cfg.builds.user} = { -+ shell = pkgs.bash; -+ # Allow reading of ${users."sshsrht".home}/../config.ini -+ extraGroups = [ groups."sshsrht".name ]; -+ }; ++ users.users.${cfg.builds.user}.shell = pkgs.bash; + + virtualisation.docker.enable = true; + @@ -2000,14 +1990,9 @@ index 9c812d6b043..c6c70e6ae2b 100644 + }; + extraConfig = mkMerge [ + { -+ users.users.${cfg.git.user} = { -+ # https://stackoverflow.com/questions/22314298/git-push-results-in-fatal-protocol-error-bad-line-length-character-this -+ # Probably could use gitsrht-shell if output is restricted to just parameters... -+ shell = pkgs.bash; -+ # Allow reading of ${users."sshsrht".home}/../config.ini -+ extraGroups = [ groups."sshsrht".name ]; -+ home = users.sshsrht.home; -+ }; ++ # https://stackoverflow.com/questions/22314298/git-push-results-in-fatal-protocol-error-bad-line-length-character-this ++ # Probably could use gitsrht-shell if output is restricted to just parameters... ++ users.users.${cfg.git.user}.shell = pkgs.bash; + services.sourcehut.settings = { + "git.sr.ht::dispatch"."/usr/bin/gitsrht-keys" = + mkDefault "${cfg.git.user}:${cfg.git.group}"; @@ -2096,11 +2081,7 @@ index 9c812d6b043..c6c70e6ae2b 100644 + }; + extraConfig = mkMerge [ + { -+ users.users.${cfg.hg.user} = { -+ shell = pkgs.bash; -+ # Allow reading of ${users."sshsrht".home}/../config.ini -+ extraGroups = [ groups."sshsrht".name ]; -+ }; ++ users.users.${cfg.hg.user}.shell = pkgs.bash; + services.sourcehut.settings = { + # Note that git.sr.ht::dispatch is not a typo, + # gitsrht-dispatch always uses this section. @@ -2332,9 +2313,19 @@ index 9c812d6b043..c6c70e6ae2b 100644 + extraConfig = mkIf cfg.postfix.enable { + users.groups.${postfix.group}.members = [ cfg.todo.user ]; + services.sourcehut.settings."todo.sr.ht::mail".sock-group = postfix.group; -+ services.postfix.transport = '' -+ todo.${domain} lmtp:unix:${cfg.settings."todo.sr.ht::mail".sock} -+ ''; ++ services.postfix = { ++ destination = [ "todo.${domain}" ]; ++ # FIXME: an accurate recipient list should be queried ++ # from the todo.sr.ht PostgreSQL database to avoid backscattering. ++ # But usernames are unfortunately not in that database but in meta.sr.ht. ++ # Note that two syntaxes are allowed: ++ # - ~username/tracker-name@todo.${domain} ++ # - u.username.tracker-name@todo.${domain} ++ localRecipients = [ "@todo.${domain}" ]; ++ transport = '' ++ todo.${domain} lmtp:unix:${cfg.settings."todo.sr.ht::mail".sock} ++ ''; ++ }; + }; + }) + @@ -4329,27 +4320,70 @@ index aec773b0669..00000000000 - }; - }; -} +diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix +index dab99dd8d04..2b6ba687fe8 100644 +--- a/nixos/tests/all-tests.nix ++++ b/nixos/tests/all-tests.nix +@@ -408,6 +408,7 @@ in + solanum = handleTest ./solanum.nix {}; + solr = handleTest ./solr.nix {}; + sonarr = handleTest ./sonarr.nix {}; ++ sourcehut = handleTest ./sourcehut.nix {}; + spacecookie = handleTest ./spacecookie.nix {}; + spike = handleTest ./spike.nix {}; + sslh = handleTest ./sslh.nix {}; +diff --git a/nixos/tests/sourcehut.nix b/nixos/tests/sourcehut.nix +index b56a14ebf85..6492250bd57 100644 +--- a/nixos/tests/sourcehut.nix ++++ b/nixos/tests/sourcehut.nix +@@ -12,10 +12,20 @@ import ./make-test-python.nix ({ pkgs, ... }: + services.sourcehut = { + enable = true; + services = [ "meta" ]; +- originBase = "sourcehut"; +- settings."sr.ht".service-key = "8888888888888888888888888888888888888888888888888888888888888888"; +- settings."sr.ht".network-key = "0000000000000000000000000000000000000000000="; +- settings.webhooks.private-key = "0000000000000000000000000000000000000000000="; ++ redis.enable = true; ++ postgresql.enable = true; ++ meta.enable = true; ++ settings."sr.ht" = { ++ global-domain = "sourcehut"; ++ service-key = pkgs.writeText "service-key" "8b327279b77e32a3620e2fc9aabce491cc46e7d821fd6713b2a2e650ce114d01"; ++ network-key = pkgs.writeText "network-key" "cEEmc30BRBGkgQZcHFksiG7hjc6_dK1XR2Oo5Jb9_nQ="; ++ }; ++ settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA="; ++ }; ++ services.postgresql = { ++ enable = true; ++ enableTCPIP = false; ++ settings.unix_socket_permissions = "0770"; + }; + }; + diff --git a/pkgs/applications/version-management/sourcehut/builds.nix b/pkgs/applications/version-management/sourcehut/builds.nix -index c8163caf8ea..374736e80f5 100644 +index c8163caf8ea..a0bd6e83b3c 100644 --- a/pkgs/applications/version-management/sourcehut/builds.nix +++ b/pkgs/applications/version-management/sourcehut/builds.nix -@@ -11,13 +11,13 @@ +@@ -11,26 +11,55 @@ , python }: let - version = "0.66.7"; +- +- buildWorker = src: buildGoModule { +- inherit src version; +- pname = "builds-sr-ht-worker"; +- +- vendorSha256 = "sha256-giOaldV46aBqXyFH/cQVsbUr6Rb4VMhbBO86o48tRZY="; +- }; +-in +-buildPythonPackage rec { +- inherit version; +- pname = "buildsrht"; + version = "0.71.0"; - buildWorker = src: buildGoModule { - inherit src version; - pname = "builds-sr-ht-worker"; - -- vendorSha256 = "sha256-giOaldV46aBqXyFH/cQVsbUr6Rb4VMhbBO86o48tRZY="; -+ vendorSha256 = "sha256-ZEarWM/33t+pNXUEIpfd/DkBkhu3UUg17Hh8XXWOepA="; - }; - in - buildPythonPackage rec { -@@ -28,7 +28,7 @@ buildPythonPackage rec { + src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "builds.sr.ht"; rev = version; @@ -4357,12 +4391,61 @@ index c8163caf8ea..374736e80f5 100644 + sha256 = "sha256-S3mMndUdVGi+YxAOI3wSNlSZrH3cwumxatXpErS2yQI="; }; ++ worker = buildGoModule rec { ++ inherit src version; ++ sourceRoot = "source/worker"; ++ pname = "buildsrht-worker"; ++ ++ vendorSha256 = "sha256-iMlCZPCIwhppPAYUi6E8td1BoNaqBuQCI5E83cnEBJ0="; ++ ++ # What follows is only to update go-redis, ++ # and thus also using a patched srht-keys. ++ # go.{mod,sum} could be patched directly but that would be less resilient ++ # to changes from upstream, and thus harder to maintain the patching ++ # while it hasn't been merged upstream. ++ ++ overrideModAttrs = old: { ++ inherit patches patchFlags; ++ preBuild = '' ++ go get github.com/go-redis/redis/v8 ++ go get github.com/go-redis/redis@none ++ go mod tidy ++ ''; ++ # Pass updated go.{mod,sum} from go-modules to worker's vendor/go.{mod,sum} ++ postInstall = '' ++ cp --reflink=auto go.* $out/ ++ ''; ++ }; ++ ++ patches = [ ++ # Update go-redis to support Unix sockets ++ patches/redis-socket/build/v3-0001-worker-update-go-redis-to-support-Unix-sockets.patch ++ ]; ++ patchFlags = "-p2"; ++ postConfigure = '' ++ cp -v vendor/go.{mod,sum} . ++ ''; ++ }; ++in ++buildPythonPackage rec { ++ inherit src version; ++ pname = "buildsrht"; ++ nativeBuildInputs = srht.nativeBuildInputs; -@@ -56,10 +56,12 @@ buildPythonPackage rec { - cp ${buildWorker "${src}/worker"}/bin/worker $out/bin/builds.sr.ht-worker + + propagatedBuildInputs = [ +@@ -53,13 +82,18 @@ buildPythonPackage rec { + + cp -r images $out/lib + cp contrib/submit_image_build $out/bin/builds.sr.ht +- cp ${buildWorker "${src}/worker"}/bin/worker $out/bin/builds.sr.ht-worker ++ cp ${worker}/bin/worker $out/bin/builds.sr.ht-worker ++ cp --reflink=auto *.go vendor/go.* $out ''; + pythonImportsCheck = [ "buildsrht" ]; ++ ++ passthru = { inherit worker; }; + meta = with lib; { homepage = "https://git.sr.ht/~sircmpwn/builds.sr.ht"; @@ -4373,7 +4456,7 @@ index c8163caf8ea..374736e80f5 100644 }; } diff --git a/pkgs/applications/version-management/sourcehut/core.nix b/pkgs/applications/version-management/sourcehut/core.nix -index d359d524eb2..939d9d7b750 100644 +index 7c3a516ed9d..2e2c55617dc 100644 --- a/pkgs/applications/version-management/sourcehut/core.nix +++ b/pkgs/applications/version-management/sourcehut/core.nix @@ -25,17 +25,16 @@ @@ -4406,7 +4489,7 @@ index d359d524eb2..939d9d7b750 100644 + # Fix broken hack: removing dots from "builds.sr.ht" does not produce "buildsrht" + patches/srht-update-profiles/0001-fix-disgusting-hack-in-the-case-of-buildsrht.patch + # Add Unix socket support for redis-host= -+ patches/redis-socket/core/v2-0001-add-Unix-socket-support-for-redis-host.patch ++ patches/redis-socket/core/v3-0001-add-Unix-socket-support-for-redis-host.patch ]; nativeBuildInputs = [ @@ -4479,10 +4562,10 @@ index 637c6f9c1df..9456d0c998c 100644 }; } diff --git a/pkgs/applications/version-management/sourcehut/git.nix b/pkgs/applications/version-management/sourcehut/git.nix -index e44fb9cd6c6..0a09530b14b 100644 +index e44fb9cd6c6..33394e13ac8 100644 --- a/pkgs/applications/version-management/sourcehut/git.nix +++ b/pkgs/applications/version-management/sourcehut/git.nix -@@ -6,42 +6,109 @@ +@@ -6,42 +6,111 @@ , srht , pygit2 , scmsrht @@ -4516,7 +4599,7 @@ index e44fb9cd6c6..0a09530b14b 100644 vendorSha256 = "sha256-qWXPHo86s6iuRBhRMtmD5jxnAWKdrWHtA/iSUkdw89M="; + patches = [ + # Add support for supplementary groups -+ patches/redis-socket/git/v2-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch ++ patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch + ]; + patchFlags = "-p2"; }; @@ -4529,7 +4612,8 @@ index e44fb9cd6c6..0a09530b14b 100644 - vendorSha256 = "1d94cqy7x0q0agwg515xxsbl70b3qrzxbzsyjhn1pbyj532brn7f"; + vendorSha256 = "sha256-0Rnyo4IRQFhM4LFi0499+xJaboMiKEYOgoR5BumzRE8="; + -+ # What follows is only to update go-redis ++ # What follows is only to update go-redis, ++ # and thus also using a patched srht-keys. + # go.{mod,sum} could be patched directly but that would be less resilient + # to changes from upstream, and thus harder to maintain the patching + # while it hasn't been merged upstream. @@ -4553,7 +4637,7 @@ index e44fb9cd6c6..0a09530b14b 100644 + + patches = [ + # Update go-redis to support Unix sockets -+ patches/redis-socket/git/v2-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch ++ patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch + ]; + patchFlags = "-p2"; + postConfigure = '' @@ -4572,6 +4656,7 @@ index e44fb9cd6c6..0a09530b14b 100644 - updateHook = buildUpdateHook "${src}/gitsrht-update-hook"; + # What follows is only to update go-redis ++ # and thus also using a patched srht-keys. + + overrideModAttrs = old: { + inherit patches patchFlags; @@ -4592,7 +4677,7 @@ index e44fb9cd6c6..0a09530b14b 100644 + + patches = [ + # Update go-redis to support Unix sockets -+ patches/redis-socket/git/v2-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch ++ patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch + ]; + patchFlags = "-p2"; + postConfigure = '' @@ -4602,7 +4687,7 @@ index e44fb9cd6c6..0a09530b14b 100644 in buildPythonPackage rec { -@@ -63,19 +130,21 @@ buildPythonPackage rec { +@@ -63,19 +132,21 @@ buildPythonPackage rec { postInstall = '' mkdir -p $out/bin @@ -4766,7 +4851,7 @@ index bd331f000a7..47c6bb0ac4f 100644 }; } diff --git a/pkgs/applications/version-management/sourcehut/meta.nix b/pkgs/applications/version-management/sourcehut/meta.nix -index a285d484ed2..dbb0483c5bb 100644 +index 86d293973d7..46e9475b8f8 100644 --- a/pkgs/applications/version-management/sourcehut/meta.nix +++ b/pkgs/applications/version-management/sourcehut/meta.nix @@ -18,19 +18,19 @@ @@ -4917,16 +5002,519 @@ diff --git a/pkgs/applications/version-management/sourcehut/disable-npm-install. similarity index 100% rename from pkgs/applications/version-management/sourcehut/disable-npm-install.patch rename to pkgs/applications/version-management/sourcehut/patches/disable-npm-install.patch -diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/v2-0001-add-Unix-socket-support-for-redis-host.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/v2-0001-add-Unix-socket-support-for-redis-host.patch +diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0001-worker-update-go-redis-to-support-Unix-sockets.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0001-worker-update-go-redis-to-support-Unix-sockets.patch new file mode 100644 -index 00000000000..46241bc847f +index 00000000000..4efd12be875 --- /dev/null -+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/v2-0001-add-Unix-socket-support-for-redis-host.patch ++++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0001-worker-update-go-redis-to-support-Unix-sockets.patch +@@ -0,0 +1,113 @@ ++From 5991960a5d412f0e1bdc505b970248c68b44a720 Mon Sep 17 00:00:00 2001 ++From: Julien Moutinho ++Date: Wed, 15 Sep 2021 19:45:41 +0200 ++Subject: [PATCH builds.sr.ht v3 1/2] worker: update go-redis to support Unix ++ sockets ++ ++--- ++ worker/context.go | 4 ++-- ++ worker/main.go | 11 +++++++---- ++ worker/tasks.go | 10 +++++----- ++ 3 files changed, 14 insertions(+), 11 deletions(-) ++ ++diff --git a/worker/context.go b/worker/context.go ++index f84a60c..be54717 100644 ++--- a/worker/context.go +++++ b/worker/context.go ++@@ -14,7 +14,7 @@ import ( ++ "strings" ++ "time" ++ ++- "github.com/go-redis/redis" +++ goredis "github.com/go-redis/redis/v8" ++ "github.com/google/shlex" ++ "github.com/pkg/errors" ++ "github.com/prometheus/client_golang/prometheus" ++@@ -41,7 +41,7 @@ var ( ++ ++ type WorkerContext struct { ++ Db *sql.DB ++- Redis *redis.Client +++ Redis *goredis.Client ++ Conf func(section, key string) string ++ } ++ ++diff --git a/worker/main.go b/worker/main.go ++index 274ba68..e22ab6b 100644 ++--- a/worker/main.go +++++ b/worker/main.go ++@@ -1,6 +1,7 @@ ++ package main ++ ++ import ( +++ "context" ++ "database/sql" ++ "flag" ++ "log" ++@@ -9,7 +10,7 @@ import ( ++ "runtime" ++ "sync" ++ ++- "github.com/go-redis/redis" +++ goredis "github.com/go-redis/redis/v8" ++ "github.com/vaughan0/go-ini" ++ "git.sr.ht/~sircmpwn/core-go/crypto" ++ ++@@ -26,6 +27,8 @@ var ( ++ jobsMutex sync.Mutex ++ ) ++ +++var redisctx = context.Background() +++ ++ func main() { ++ flag.IntVar(&workers, "workers", runtime.NumCPU(), ++ "configure number of workers") ++@@ -68,12 +71,12 @@ func main() { ++ if !ok { ++ redisHost = "redis://localhost:6379" ++ } ++- ropts, err := redis.ParseURL(redisHost) +++ ropts, err := goredis.ParseURL(redisHost) ++ if err != nil { ++ panic(err) ++ } ++- localRedis := redis.NewClient(ropts) ++- if _, err := localRedis.Ping().Result(); err != nil { +++ localRedis := goredis.NewClient(ropts) +++ if _, err := localRedis.Ping(redisctx).Result(); err != nil { ++ panic(err) ++ } ++ ++diff --git a/worker/tasks.go b/worker/tasks.go ++index d27bf33..d0c28f1 100644 ++--- a/worker/tasks.go +++++ b/worker/tasks.go ++@@ -19,7 +19,7 @@ import ( ++ "time" ++ ++ "git.sr.ht/~sircmpwn/core-go/auth" ++- "github.com/go-redis/redis" +++ goredis "github.com/go-redis/redis/v8" ++ "github.com/kr/pty" ++ "github.com/minio/minio-go/v6" ++ "github.com/pkg/errors" ++@@ -39,12 +39,12 @@ var ( ++ }, []string{"image", "arch"}) ++ ) ++ ++-func (ctx *JobContext) Boot(r *redis.Client) func() { ++- port, err := r.Incr("builds.sr.ht.ssh-port").Result() +++func (ctx *JobContext) Boot(r *goredis.Client) func() { +++ port, err := r.Incr(ctx.Context, "builds.sr.ht.ssh-port").Result() ++ if err == nil && port < 22000 { ++- err = r.Set("builds.sr.ht.ssh-port", 22100, 0).Err() +++ err = r.Set(ctx.Context, "builds.sr.ht.ssh-port", 22100, 0).Err() ++ } else if err == nil && port >= 23000 { ++- err = r.Set("builds.sr.ht.ssh-port", 22000, 0).Err() +++ err = r.Set(ctx.Context, "builds.sr.ht.ssh-port", 22000, 0).Err() ++ } ++ if err != nil { ++ panic(errors.Wrap(err, "assign port")) ++-- ++2.32.0 ++ +diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0002-worker-update-go.-mod-sum-for-go-redis.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0002-worker-update-go.-mod-sum-for-go-redis.patch +new file mode 100644 +index 00000000000..c9368d05c18 +--- /dev/null ++++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0002-worker-update-go.-mod-sum-for-go-redis.patch +@@ -0,0 +1,378 @@ ++From eac18e913e4ee48895b94acfa56cf1c6a3fb49fa Mon Sep 17 00:00:00 2001 ++From: Julien Moutinho ++Date: Wed, 15 Sep 2021 20:11:49 +0200 ++Subject: [PATCH builds.sr.ht v3 2/2] worker: update go.{mod,sum} for go-redis ++ ++--- ++ worker/go.mod | 8 +------ ++ worker/go.sum | 64 +++++++++++++++++++-------------------------------- ++ 2 files changed, 25 insertions(+), 47 deletions(-) ++ ++diff --git a/worker/go.mod b/worker/go.mod ++index 6e9a11c..4893dfa 100644 ++--- a/worker/go.mod +++++ b/worker/go.mod ++@@ -2,24 +2,18 @@ module git.sr.ht/~sircmpwn/builds.sr.ht/worker ++ ++ require ( ++ git.sr.ht/~sircmpwn/core-go v0.0.0-20210108160653-070566136c1a ++- github.com/go-gomail/gomail v0.0.0-20160411212932-81ebce5c23df ++- github.com/go-redis/redis v6.15.2+incompatible +++ github.com/go-redis/redis/v8 v8.2.3 ++ github.com/gocelery/gocelery v0.0.0-20201111034804-825d89059344 ++- github.com/gomodule/redigo v2.0.0+incompatible // indirect ++ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 ++- github.com/jpillora/longestcommon v0.0.0-20161227235612-adb9d91ee629 ++ github.com/kr/pty v1.1.3 ++ github.com/lib/pq v1.8.0 ++ github.com/martinlindhe/base36 v1.1.0 ++- github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect ++ github.com/minio/minio-go/v6 v6.0.49 ++ github.com/mitchellh/mapstructure v1.1.2 ++ github.com/pkg/errors v0.9.1 ++ github.com/prometheus/client_golang v1.7.1 ++- github.com/shicky/gocelery v0.0.0-20180807061531-b2f0dd7ec05b ++ github.com/streadway/amqp v1.0.0 // indirect ++ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec ++- golang.org/x/sys v0.0.0-20201013132646-2da7054afaeb ++ gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect ++ gopkg.in/mail.v2 v2.3.1 ++ gopkg.in/yaml.v2 v2.3.0 ++diff --git a/worker/go.sum b/worker/go.sum ++index 1cd3989..4a2d6d9 100644 ++--- a/worker/go.sum +++++ b/worker/go.sum ++@@ -10,6 +10,7 @@ git.sr.ht/~sircmpwn/go-bare v0.0.0-20200812160916-d2c72e1a5018/go.mod h1:BVJwbDf ++ github.com/99designs/gqlgen v0.13.0 h1:haLTcUp3Vwp80xMVEg5KRNwzfUrgFdRmtBY8fuB8scA= ++ github.com/99designs/gqlgen v0.13.0/go.mod h1:NV130r6f4tpRWuAI+zsrSdooO/eWUv+Gyyoi3rEfXIk= ++ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +++github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= ++ github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= ++ github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= ++ github.com/Masterminds/squirrel v1.4.0 h1:he5i/EXixZxrBUWcxzDYMiju9WZ3ld/l7QBNuo/eN3w= ++@@ -25,6 +26,7 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy ++ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= ++ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= ++ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= +++github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= ++ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= ++ github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= ++ github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= ++@@ -36,7 +38,6 @@ github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6l ++ github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= ++ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= ++ github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= ++-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0= ++ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= ++ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= ++ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= ++@@ -58,8 +59,10 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma ++ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= ++ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= ++ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +++github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= ++ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= ++ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= ++ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= ++ github.com/dgryski/trifles v0.0.0-20190318185328-a8d75aae118c/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= ++ github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= ++@@ -84,22 +87,18 @@ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001/go.mod h1:2H9hjfb ++ github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= ++ github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= ++ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +++github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= ++ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= ++ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= ++ github.com/go-chi/chi v3.3.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= ++ github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= ++-github.com/go-gomail/gomail v0.0.0-20160411212932-81ebce5c23df h1:Bao6dhmbTA1KFVxmJ6nBoMuOJit2yjEgLJpIMYpop0E= ++-github.com/go-gomail/gomail v0.0.0-20160411212932-81ebce5c23df/go.mod h1:GJr+FCSXshIwgHBtLglIg9M2l2kQSi6QjVAngtzI08Y= ++ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= ++ github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= ++ github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= ++ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= ++ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= ++ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= ++-github.com/go-redis/redis v6.14.1+incompatible h1:kSJohAREGMr344uMa8PzuIg5OU6ylCbyDkWkkNOfEik= ++-github.com/go-redis/redis v6.14.1+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= ++-github.com/go-redis/redis v6.15.2+incompatible h1:9SpNVG76gr6InJGxoZ6IuuxaCOQwDAhzyXg+Bs+0Sb4= ++-github.com/go-redis/redis v6.15.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= +++github.com/go-redis/redis/v8 v8.2.3 h1:eNesND+DWt/sjQOtPFxAbQkTIXaXX00qNLxjVWkZ70k= ++ github.com/go-redis/redis/v8 v8.2.3/go.mod h1:ysgGY09J/QeDYbu3HikWEIPCwaeOkuNoTgKayTEaEOw= ++ github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= ++ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= ++@@ -114,7 +113,6 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfU ++ github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= ++ github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= ++ github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= ++-github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM= ++ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= ++ github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= ++ github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= ++@@ -136,12 +134,14 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw ++ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= ++ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= ++ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +++github.com/google/go-cmp v0.5.1 h1:JFrFEBb2xKufg6XkJsJr+WbKb4FQlURi5RUcBveYu9k= ++ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= ++ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= ++ github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= ++ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= ++ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= ++ github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +++github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= ++ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= ++ github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= ++ github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= ++@@ -180,12 +180,11 @@ github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod ++ github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= ++ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= ++ github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= ++-github.com/jpillora/longestcommon v0.0.0-20161227235612-adb9d91ee629 h1:1dSBUfGlorLAua2CRx0zFN7kQsTpE2DQSmr7rrTNgY8= ++-github.com/jpillora/longestcommon v0.0.0-20161227235612-adb9d91ee629/go.mod h1:mb5nS4uRANwOJSZj8rlCWAfAcGi72GGMIXx+xGOjA7M= ++ github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= ++ github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= ++ github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= ++ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +++github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= ++ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= ++ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= ++ github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= ++@@ -200,20 +199,18 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= ++ github.com/kr/pty v1.1.3 h1:/Um6a/ZmD5tF7peoOJ5oN5KMQ0DrGVQSXLNwyckutPk= ++ github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= ++ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +++github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= ++ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= ++ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw= ++ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= ++ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= ++ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= ++-github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A= ++-github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= ++ github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg= ++ github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= ++ github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= ++ github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= ++ github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= ++ github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= ++-github.com/martinlindhe/base36 v1.0.0 h1:eYsumTah144C0A8P1T/AVSUk5ZoLnhfYFM3OGQxB52A= ++ github.com/martinlindhe/base36 v1.0.0/go.mod h1:+AtEs8xrBpCeYgSLoY/aJ6Wf37jtBuR0s35750M27+8= ++ github.com/martinlindhe/base36 v1.1.0 h1:cIwvvwYse/0+1CkUPYH5ZvVIYG3JrILmQEIbLuar02Y= ++ github.com/martinlindhe/base36 v1.1.0/go.mod h1:+AtEs8xrBpCeYgSLoY/aJ6Wf37jtBuR0s35750M27+8= ++@@ -228,7 +225,6 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp ++ github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= ++ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= ++ github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= ++-github.com/minio/minio-go v6.0.14+incompatible h1:fnV+GD28LeqdN6vT2XdGKW8Qe/IfjJDswNVuni6km9o= ++ github.com/minio/minio-go/v6 v6.0.49 h1:bU4kIa/qChTLC1jrWZ8F+8gOiw1MClubddAJVR4gW3w= ++ github.com/minio/minio-go/v6 v6.0.49/go.mod h1:qD0lajrGW49lKZLtXKtCB4X/qkMf0a5tBvN2PaZg7Gg= ++ github.com/minio/sha256-simd v0.1.1 h1:5QHSlgo3nt5yKOJrC7W8w7X+NFl8cMPZm96iu8kKUJU= ++@@ -242,8 +238,6 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4 ++ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= ++ github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= ++ github.com/mitchellh/mapstructure v0.0.0-20180203102830-a4e142e9c047/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= ++-github.com/mitchellh/mapstructure v1.0.0 h1:vVpGvMXJPqSDh2VYHF7gsfQj8Ncx+Xw5Y1KHeTRY+7I= ++-github.com/mitchellh/mapstructure v1.0.0/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= ++ github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= ++ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= ++ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= ++@@ -259,7 +253,9 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE ++ github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= ++ github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= ++ github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= +++github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= ++ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +++github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= ++ github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= ++ github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= ++ github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= ++@@ -267,10 +263,12 @@ github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:v ++ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= ++ github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= ++ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +++github.com/onsi/ginkgo v1.14.1 h1:jMU0WaQrP0a/YAEq8eJmJKjBoMs+pClEr1vDMlM/Do4= ++ github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= ++ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= ++ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= ++ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +++github.com/onsi/gomega v1.10.2 h1:aY/nuoWlKJud2J6U0E3NWsjlg+0GtwXxgEqthRdzlcs= ++ github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= ++ github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= ++ github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= ++@@ -287,22 +285,20 @@ github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtP ++ github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= ++ github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= ++ github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= ++-github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw= ++ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= ++ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= ++ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= ++ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= ++ github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= +++github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= ++ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= ++ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= ++-github.com/prometheus/client_golang v0.9.1 h1:K47Rk0v/fkEfwfQet2KWhscE0cJzjgCCDBG2KHZoVno= ++ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= ++ github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= ++ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= ++ github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= ++ github.com/prometheus/client_golang v1.7.1 h1:NTGy1Ja9pByO+xAeH/qiWnLrKtr3hJPNjaVUwnjpdpA= ++ github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= ++-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910 h1:idejC8f05m9MGOsuEi1ATq9shN03HrxNkD/luQvxCv8= ++ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= ++ github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= ++ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= ++@@ -310,15 +306,12 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1: ++ github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= ++ github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= ++ github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= ++-github.com/prometheus/common v0.0.0-20181020173914-7e9e6cabbd39 h1:Cto4X6SVMWRPBkJ/3YHn1iDGDGc/Z+sW+AEMKHMVvN4= ++-github.com/prometheus/common v0.0.0-20181020173914-7e9e6cabbd39/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= ++ github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= ++ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= ++ github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= ++ github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= ++ github.com/prometheus/common v0.14.0 h1:RHRyE8UocrbjU+6UvRzwi6HjiDfxrrBU91TtbKzkGp4= ++ github.com/prometheus/common v0.14.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= ++-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d h1:GoAlyOgbOEIFdaDqxJVlbOQ1DtGmZWs/Qau0hIlk+WQ= ++ github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= ++ github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= ++ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= ++@@ -333,36 +326,28 @@ github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= ++ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= ++ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= ++ github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= ++-github.com/satori/go.uuid v1.1.0 h1:B9KXyj+GzIpJbV7gmr873NsY6zpbxNy24CBtGrk7jHo= ++-github.com/satori/go.uuid v1.1.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= ++-github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww= ++-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= ++-github.com/satori/go.uuid v1.2.1-0.20180103174451-36e9d2ebbde5 h1:Jw7W4WMfQDxsXvfeFSaS2cHlY7bAF4MGrgnbd0+Uo78= ++-github.com/satori/go.uuid v1.2.1-0.20180103174451-36e9d2ebbde5/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= ++ github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b h1:gQZ0qzfKHQIybLANtM3mBXNUtOfsCFXeTsnBqCsx1KM= ++ github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= ++ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= ++ github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +++github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= ++ github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= ++-github.com/shicky/gocelery v0.0.0-20180807061531-b2f0dd7ec05b h1:7kJLeBNcPG1orS3ksAFN0qoJGtf8jvwgOh5Q+bsNZvc= ++-github.com/shicky/gocelery v0.0.0-20180807061531-b2f0dd7ec05b/go.mod h1:kn4CkFIzvsrXBvbNk2hX9DpIM8xo/74mYhiYTpGhYXE= ++ github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= ++ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= ++ github.com/shurcooL/vfsgen v0.0.0-20180121065927-ffb13db8def0/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw= ++ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= ++ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= ++ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= +++github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= ++ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= ++ github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +++github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= ++ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= ++ github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= ++ github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= ++ github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= ++ github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= ++-github.com/streadway/amqp v0.0.0-20180806233856-70e15c650864 h1:Oj3PUEs+OUSYUpn35O+BE/ivHGirKixA3+vqA0Atu9A= ++-github.com/streadway/amqp v0.0.0-20180806233856-70e15c650864/go.mod h1:1WNBiOZtZQLpVAyu0iTduoJL9hEsMloAK5XWrtW0xdY= ++ github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= ++-github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271 h1:WhxRHzgeVGETMlmVfqhRn8RIeeNoPr2Czh33I4Zdccw= ++ github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= ++ github.com/streadway/amqp v1.0.0 h1:kuuDrUJFZL1QYL9hUNuCxNObNzB0bV/ZG5jV3RWAQgo= ++ github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= ++@@ -373,6 +358,7 @@ github.com/stretchr/testify v1.2.1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf ++ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= ++ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= ++ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +++github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= ++ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= ++ github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= ++ github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= ++@@ -391,6 +377,7 @@ go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mI ++ go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= ++ go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= ++ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +++go.opentelemetry.io/otel v0.11.0 h1:IN2tzQa9Gc4ZVKnTaMbPVcHjvzOdg5n9QfnmlqiET7E= ++ go.opentelemetry.io/otel v0.11.0/go.mod h1:G8UCk+KooF2HLkgo8RHX9epABH/aRGYET7gQOqBVdB0= ++ go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= ++ go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= ++@@ -403,7 +390,6 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf ++ golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= ++ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= ++ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= ++-golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f h1:R423Cnkcp5JABoeemiGEPlt9tHXFfw5kvc0yqlxRPWo= ++ golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= ++ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= ++ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= ++@@ -431,7 +417,6 @@ golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73r ++ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= ++ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= ++ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= ++-golang.org/x/net v0.0.0-20190522155817-f3200d17e092 h1:4QSRKanuywn15aTZvI/mIDEgPQpswuFndXpOj3rKEco= ++ golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= ++ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= ++ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= ++@@ -451,7 +436,6 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ ++ golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++ golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e h1:o3PsSEY8E4eXWkXrIP9YJALUkVZqzHJT5DOasTyn8Vs= ++ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++ golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++@@ -460,7 +444,6 @@ golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5h ++ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++ golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= ++-golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc= ++ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= ++ golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= ++ golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= ++@@ -477,7 +460,6 @@ golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7w ++ golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= ++ golang.org/x/sys v0.0.0-20201013132646-2da7054afaeb h1:HS9IzC4UFbpMBLQUDSQcU+ViVT1vdFCQVjdPVpTlZrs= ++ golang.org/x/sys v0.0.0-20201013132646-2da7054afaeb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= ++-golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= ++ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= ++ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= ++ golang.org/x/text v0.3.4-0.20201021145329-22f1617af38e h1:0kyKOEC0chG7FKmnf/1uNwvDLc3NtNTRip2rXAN9nwI= ++@@ -502,6 +484,7 @@ golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapK ++ golang.org/x/tools v0.0.0-20200114235610-7ae403b6b589/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= ++ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= ++ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +++golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= ++ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= ++ google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= ++ google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= ++@@ -539,6 +522,7 @@ gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod ++ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= ++ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= ++ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +++gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= ++ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= ++ gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= ++ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= ++@@ -549,6 +533,7 @@ gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= ++ gopkg.in/mail.v2 v2.3.1 h1:WYFn/oANrAGP2C0dcV6/pbkPzv8yGzqTjPmTeO7qoXk= ++ gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw= ++ gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= ++ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= ++ gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= ++ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= ++@@ -556,10 +541,9 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= ++ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= ++ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= ++ gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= ++-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= ++-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= ++ gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= ++ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +++gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= ++ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= ++ honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= ++ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= ++-- ++2.32.0 ++ +diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/v3-0001-add-Unix-socket-support-for-redis-host.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/v3-0001-add-Unix-socket-support-for-redis-host.patch +new file mode 100644 +index 00000000000..299ad3d83c5 +--- /dev/null ++++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/v3-0001-add-Unix-socket-support-for-redis-host.patch @@ -0,0 +1,30 @@ +From c0ccc8db051a2f8278edf59b41ed238fa71aa4c0 Mon Sep 17 00:00:00 2001 +From: Julien Moutinho +Date: Mon, 23 Aug 2021 18:43:18 +0200 -+Subject: [PATCH core.sr.ht v2] add Unix socket support for redis-host= ++Subject: [PATCH core.sr.ht v3] add Unix socket support for redis-host= + +--- + srht/redis.py | 11 ++--------- @@ -4953,24 +5541,24 @@ index 00000000000..46241bc847f +-- +2.32.0 + -diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v2-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v2-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch +diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch new file mode 100644 -index 00000000000..24fbc26399c +index 00000000000..8b210fbb6e1 --- /dev/null -+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v2-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch -@@ -0,0 +1,40 @@ -+From 466528eabef3123c715420472dc2cc15e8807bdf Mon Sep 17 00:00:00 2001 ++++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch +@@ -0,0 +1,26 @@ ++From 2f949b484b62b2cdb71d417c52935978fab10f62 Mon Sep 17 00:00:00 2001 +From: Julien Moutinho +Date: Fri, 27 Aug 2021 15:38:28 +0200 -+Subject: [PATCH git.sr.ht v2 1/5] gitsrht-keys: update go-redis to support ++Subject: [PATCH git.sr.ht v3 1/5] gitsrht-keys: update go-redis to support + Unix sockets + +--- -+ gitsrht-keys/main.go | 6 +++--- -+ 1 file changed, 3 insertions(+), 3 deletions(-) ++ gitsrht-keys/main.go | 2 +- ++ 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gitsrht-keys/main.go b/gitsrht-keys/main.go -+index 0c1aea1..b4278c3 100644 ++index 0c1aea1..fa17183 100644 +--- a/gitsrht-keys/main.go ++++ b/gitsrht-keys/main.go +@@ -5,7 +5,7 @@ import ( @@ -4978,47 +5566,33 @@ index 00000000000..24fbc26399c + "path" + +- goredis "github.com/go-redis/redis" -++ goRedis "github.com/go-redis/redis/v8" +++ goredis "github.com/go-redis/redis/v8" + "github.com/vaughan0/go-ini" + "git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys" + ) -+@@ -53,11 +53,11 @@ func main() { -+ if redisHost == "" { -+ redisHost = "redis://localhost:6379" -+ } -+- ropts, err := goredis.ParseURL(redisHost) -++ ropts, err := goRedis.ParseURL(redisHost) -+ if err != nil { -+ logger.Fatalf("Failed to parse redis host: %v", err) -+ } -+- redis := goredis.NewClient(ropts) -++ redis := goRedis.NewClient(ropts) -+ -+ keyType, b64key, prefix, err = srhtkeys.ParseArgs(logger) -+ if err != nil { +-- +2.32.0 + -diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v2-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v2-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch +diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch new file mode 100644 -index 00000000000..36566a6f7d9 +index 00000000000..ecca8227115 --- /dev/null -+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v2-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch -@@ -0,0 +1,139 @@ -+From 4f947b26e42d3bcab6d675718eed28ca2fdf4762 Mon Sep 17 00:00:00 2001 ++++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch +@@ -0,0 +1,109 @@ ++From 1ac95fc65ea68eb207e0cae1b1f3c0afac70613b Mon Sep 17 00:00:00 2001 +From: Julien Moutinho +Date: Fri, 27 Aug 2021 15:39:29 +0200 -+Subject: [PATCH git.sr.ht v2 2/5] gitsrht-update-hook: update go-redis to ++Subject: [PATCH git.sr.ht v3 2/5] gitsrht-update-hook: update go-redis to + support Unix sockets + +--- -+ gitsrht-update-hook/options.go | 16 +++++++++------- -+ gitsrht-update-hook/post-update.go | 8 ++++---- -+ gitsrht-update-hook/update.go | 8 ++++---- -+ 3 files changed, 17 insertions(+), 15 deletions(-) ++ gitsrht-update-hook/options.go | 12 +++++++----- ++ gitsrht-update-hook/post-update.go | 4 ++-- ++ gitsrht-update-hook/update.go | 4 ++-- ++ 3 files changed, 11 insertions(+), 9 deletions(-) + +diff --git a/gitsrht-update-hook/options.go b/gitsrht-update-hook/options.go -+index 8efbb0a..4e9d294 100644 ++index 8efbb0a..962502a 100644 +--- a/gitsrht-update-hook/options.go ++++ b/gitsrht-update-hook/options.go +@@ -1,15 +1,17 @@ @@ -5033,25 +5607,14 @@ index 00000000000..36566a6f7d9 + "time" + +- goredis "github.com/go-redis/redis" -++ goRedis "github.com/go-redis/redis/v8" +++ goredis "github.com/go-redis/redis/v8" + ) + ++var ctx = context.Background() + var options map[string]string + + func loadOptions() { -+@@ -26,19 +28,19 @@ func loadOptions() { -+ if !ok { -+ redisHost = "redis://localhost:6379" -+ } -+- ropts, err := goredis.ParseURL(redisHost) -++ ropts, err := goRedis.ParseURL(redisHost) -+ if err != nil { -+ logger.Fatalf("Failed to parse redis host: %v", err) -+ } -+- redis := goredis.NewClient(ropts) -++ redis := goRedis.NewClient(ropts) -+ ++@@ -35,10 +37,10 @@ func loadOptions() { + var n int + if nopts, ok := os.LookupEnv("GIT_PUSH_OPTION_COUNT"); ok { + n, _ = strconv.Atoi(nopts) @@ -5080,7 +5643,7 @@ index 00000000000..36566a6f7d9 + parts := strings.SplitN(opt, "=", 2) + if len(parts) == 1 { +diff --git a/gitsrht-update-hook/post-update.go b/gitsrht-update-hook/post-update.go -+index d14d616..37c08b3 100644 ++index d14d616..fcd7864 100644 +--- a/gitsrht-update-hook/post-update.go ++++ b/gitsrht-update-hook/post-update.go +@@ -15,7 +15,7 @@ import ( @@ -5088,23 +5651,11 @@ index 00000000000..36566a6f7d9 + "github.com/go-git/go-git/v5/plumbing/object" + "github.com/go-git/go-git/v5/plumbing/storer" +- goredis "github.com/go-redis/redis" -++ goRedis "github.com/go-redis/redis/v8" +++ goredis "github.com/go-redis/redis/v8" + _ "github.com/lib/pq" + ) + -+@@ -210,17 +210,17 @@ func postUpdate() { -+ if !ok { -+ redisHost = "redis://localhost:6379" -+ } -+- ropts, err := goredis.ParseURL(redisHost) -++ ropts, err := goRedis.ParseURL(redisHost) -+ if err != nil { -+ logger.Fatalf("Failed to parse redis host: %v", err) -+ } -+ nbuilds := 0 -+- redis := goredis.NewClient(ropts) -++ redis := goRedis.NewClient(ropts) -+ for i, refname := range refs { ++@@ -220,7 +220,7 @@ func postUpdate() { + var oldref, newref string + var oldobj, newobj object.Object + updateKey := fmt.Sprintf("update.%s.%s", pushUuid, refname) @@ -5114,7 +5665,7 @@ index 00000000000..36566a6f7d9 + logger.Println("redis.Get: missing key") + continue +diff --git a/gitsrht-update-hook/update.go b/gitsrht-update-hook/update.go -+index 72c661a..0968cfb 100644 ++index 72c661a..e33fd4b 100644 +--- a/gitsrht-update-hook/update.go ++++ b/gitsrht-update-hook/update.go +@@ -5,7 +5,7 @@ import ( @@ -5122,38 +5673,31 @@ index 00000000000..36566a6f7d9 + "time" + +- goredis "github.com/go-redis/redis" -++ goRedis "github.com/go-redis/redis/v8" +++ goredis "github.com/go-redis/redis/v8" + ) + + // XXX: This is run once for every single ref that's pushed. If someone pushes -+@@ -26,11 +26,11 @@ func update() { -+ if !ok { -+ redisHost = "redis://localhost:6379" -+ } -+- ropts, err := goredis.ParseURL(redisHost) -++ ropts, err := goRedis.ParseURL(redisHost) -+ if err != nil { ++@@ -31,6 +31,6 @@ func update() { + logger.Fatalf("Failed to parse redis host: %v", err) + } -+- redis := goredis.NewClient(ropts) ++ redis := goredis.NewClient(ropts) +- redis.Set(fmt.Sprintf("update.%s.%s", pushUuid, refname), -++ redis := goRedis.NewClient(ropts) ++ redis.Set(ctx, fmt.Sprintf("update.%s.%s", pushUuid, refname), + fmt.Sprintf("%s:%s", oldref, newref), 10*time.Minute) + } +-- +2.32.0 + -diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v2-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v2-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch +diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch new file mode 100644 -index 00000000000..a96f6430b56 +index 00000000000..a5b6a5f699e --- /dev/null -+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v2-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch ++++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch @@ -0,0 +1,57 @@ -+From ef02ce68925888b2bca77713c6321cb33023e026 Mon Sep 17 00:00:00 2001 ++From f8da7df610a77003d1bc06c1fae453f5e1efe0e6 Mon Sep 17 00:00:00 2001 +From: Julien Moutinho +Date: Fri, 27 Aug 2021 17:42:33 +0200 -+Subject: [PATCH git.sr.ht v2 3/5] gitsrht-dispatch: add support for ++Subject: [PATCH git.sr.ht v3 3/5] gitsrht-dispatch: add support for + supplementary groups + +--- @@ -5207,23 +5751,473 @@ index 00000000000..a96f6430b56 +-- +2.32.0 + -diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v2-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v2-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch +diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0004-gitsrht-keys-update-go.-mod-sum-for-go-redis.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0004-gitsrht-keys-update-go.-mod-sum-for-go-redis.patch new file mode 100644 -index 00000000000..389cd71751a +index 00000000000..d2140d97cc0 --- /dev/null -+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v2-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch -@@ -0,0 +1,74 @@ -+From 538ff956141f5b56b77233664d4d4ea5eff8ad08 Mon Sep 17 00:00:00 2001 ++++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0004-gitsrht-keys-update-go.-mod-sum-for-go-redis.patch +@@ -0,0 +1,174 @@ ++From c650827afa6f5b393ddd73ff7d4ba1e44cf36962 Mon Sep 17 00:00:00 2001 ++From: Julien Moutinho ++Date: Fri, 27 Aug 2021 15:39:15 +0200 ++Subject: [PATCH git.sr.ht v3 4/5] gitsrht-keys: update go.{mod,sum} for ++ go-redis ++ ++--- ++ gitsrht-keys/go.mod | 4 +- ++ gitsrht-keys/go.sum | 115 ++++++++++++++++++++++++++++++++++++++------ ++ 2 files changed, 101 insertions(+), 18 deletions(-) ++ ++diff --git a/gitsrht-keys/go.mod b/gitsrht-keys/go.mod ++index 8189248..15ca698 100644 ++--- a/gitsrht-keys/go.mod +++++ b/gitsrht-keys/go.mod ++@@ -3,8 +3,8 @@ module git.sr.ht/~sircmpwn/git.sr.ht/gitsrht-keys ++ go 1.13 ++ ++ require ( ++- git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20201005173856-253d4b3ba1aa ++- github.com/go-redis/redis v6.15.9+incompatible +++ git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20210728080601-bfa237a21e3c +++ github.com/go-redis/redis/v8 v8.11.3 ++ github.com/google/uuid v1.1.2 // indirect ++ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec ++ ) ++diff --git a/gitsrht-keys/go.sum b/gitsrht-keys/go.sum ++index 6a148e7..bfafaa3 100644 ++--- a/gitsrht-keys/go.sum +++++ b/gitsrht-keys/go.sum ++@@ -1,41 +1,124 @@ ++-git.sr.ht/~sircmpwn/core-go v0.0.0-20200820135923-98806e712f5e h1:TJqf/neVU5peFAS9WcR1aADXcflPOvAd7ABEirmU7m0= ++-git.sr.ht/~sircmpwn/core-go v0.0.0-20200820135923-98806e712f5e/go.mod h1:aXSNgRsGoI3tTFKlwD0xm2htbEzKlR2xUm1osRxfhOM= ++ git.sr.ht/~sircmpwn/core-go v0.0.0-20201005173246-a9e49d17a1e6 h1:Ky6HzcRmbMUxOrWXv04+mb97GkyxO/Nx7v8uJBUdpNk= ++ git.sr.ht/~sircmpwn/core-go v0.0.0-20201005173246-a9e49d17a1e6/go.mod h1:HpPX22ilJUWKOA4NDhrOcIyblQhdiKHPg4oMJFYdh0Y= ++-git.sr.ht/~sircmpwn/scm.sr.ht v0.0.0-20200818140842-69dc60d7baaf h1:5qYB5U4zn97aUu1RA90ke0xi5SEn7F7+NPykkpeiRDM= ++-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20200818140842-69dc60d7baaf h1:qFAjPhZDlKqQejSbloU+SHwiClcD8mwe135MzTU7+DA= ++-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20200818140842-69dc60d7baaf/go.mod h1:Agf7zmDrTdkJ5BiCLb9jwpEiV3JCMAVFyzUtLVHUgOE= ++-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20200820140830-14788ed2b332 h1:ATNQ3dAJWOtm4yguxwHeCh2p5qtIpYJmo/8jsnVTNTI= ++-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20200820140830-14788ed2b332/go.mod h1:ARwiMukA8HXQ4lv54NglccZKTx+RcKAg5XXpkVH+fvQ= ++-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20201005173805-6de3fddf5862 h1:f7nKVC/wyxv1Q6SI4fd+D3r42reZ1A+rPvYtRP8AA0Q= ++-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20201005173805-6de3fddf5862/go.mod h1:OwtcEVWvnvuJiHPbe4gR28ot8zEjtjAmDVgPCWUmxcQ= ++-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20201005173856-253d4b3ba1aa h1:yZUhFN9adGsqKIRRH2SEop3/XgoYYDqMqbzi50DcEkM= ++-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20201005173856-253d4b3ba1aa/go.mod h1:OwtcEVWvnvuJiHPbe4gR28ot8zEjtjAmDVgPCWUmxcQ= +++git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20210728080601-bfa237a21e3c h1:RE8x0GE0eQmlZERWYvhxRmK0yxTQgud051PZwBVsTbs= +++git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20210728080601-bfa237a21e3c/go.mod h1:OwtcEVWvnvuJiHPbe4gR28ot8zEjtjAmDVgPCWUmxcQ= +++github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= +++github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= ++ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +++github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +++github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= ++ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001 h1:/UMxx5lGDg30aioUL9e7xJnbJfJeX7vhcm57fa5udaI= ++ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c= ++-github.com/go-redis/redis v6.15.6+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= +++github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +++github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= +++github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= ++ github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg= ++ github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= ++-github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= +++github.com/go-redis/redis/v8 v8.11.3 h1:GCjoYp8c+yQTJfc0n69iwSiHjvuAdruxl7elnZCxgt8= +++github.com/go-redis/redis/v8 v8.11.3/go.mod h1:xNJ9xDG09FsIPwh3bWdk+0oDWHbtF9rPN0F/oD9XeKc= +++github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= +++github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +++github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +++github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +++github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +++github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +++github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +++github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +++github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +++github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +++github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +++github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +++github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +++github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +++github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +++github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= +++github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= ++ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= ++ github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= ++ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= ++-github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0= ++-github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +++github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= ++ github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg= ++ github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +++github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +++github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +++github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +++github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +++github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +++github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= +++github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= +++github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +++github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +++github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU= +++github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= +++github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= ++ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= ++ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +++github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +++github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= ++ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= ++ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec h1:DGmKwyZwEB8dI7tbLt/I/gQuP559o/0FrAkHKlQM/Ks= ++ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec/go.mod h1:owBmyHYMLkxyrugmfwE/DLJyW8Ro9mkphwuVErQ0iUw= +++github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= ++ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= ++-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= +++golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +++golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= ++ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +++golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +++golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= ++ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +++golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +++golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +++golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +++golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 h1:DzZ89McO9/gWPsQXS/FVKAlG02ZjaQ6AlZRBimEYOd0= +++golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= +++golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +++golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +++golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +++golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c= +++golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= ++ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +++golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +++golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= +++golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +++golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +++golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +++golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +++golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +++golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +++golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +++golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= +++golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +++google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +++google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +++google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +++google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +++google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +++google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +++google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +++google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= +++google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +++gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= ++ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +++gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +++gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +++gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +++gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +++gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +++gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +++gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= ++ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= ++-- ++2.32.0 ++ +diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0005-gitsrht-update-hook-update-go.-mod-sum-for-go-red.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0005-gitsrht-update-hook-update-go.-mod-sum-for-go-red.patch +new file mode 100644 +index 00000000000..d8ee71f17bd +--- /dev/null ++++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0005-gitsrht-update-hook-update-go.-mod-sum-for-go-red.patch +@@ -0,0 +1,263 @@ ++From bfe2cf682527fe41e9eb44bc4bf818ba828a2e5c Mon Sep 17 00:00:00 2001 ++From: Julien Moutinho ++Date: Fri, 27 Aug 2021 15:39:38 +0200 ++Subject: [PATCH git.sr.ht v3 5/5] gitsrht-update-hook: update go.{mod,sum} for ++ go-redis ++ ++--- ++ gitsrht-update-hook/go.mod | 4 +- ++ gitsrht-update-hook/go.sum | 115 ++++++++++++++++++++++++++++++++----- ++ 2 files changed, 102 insertions(+), 17 deletions(-) ++ ++diff --git a/gitsrht-update-hook/go.mod b/gitsrht-update-hook/go.mod ++index 6d29243..c39beb9 100644 ++--- a/gitsrht-update-hook/go.mod +++++ b/gitsrht-update-hook/go.mod ++@@ -7,12 +7,12 @@ require ( ++ github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 ++ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001 ++ github.com/go-git/go-git/v5 v5.1.0 ++- github.com/go-redis/redis v6.15.9+incompatible +++ github.com/go-redis/redis/v8 v8.11.3 ++ github.com/google/uuid v1.1.1 ++ github.com/lib/pq v1.8.0 ++ github.com/mattn/go-runewidth v0.0.9 ++ github.com/minio/minio-go/v7 v7.0.5 ++ github.com/pkg/errors v0.9.1 ++ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec ++- gopkg.in/yaml.v2 v2.3.0 +++ gopkg.in/yaml.v2 v2.4.0 ++ ) ++diff --git a/gitsrht-update-hook/go.sum b/gitsrht-update-hook/go.sum ++index cc41162..973519d 100644 ++--- a/gitsrht-update-hook/go.sum +++++ b/gitsrht-update-hook/go.sum ++@@ -1,37 +1,65 @@ ++-git.sr.ht/~sircmpwn/core-go v0.0.0-20200820135923-98806e712f5e h1:TJqf/neVU5peFAS9WcR1aADXcflPOvAd7ABEirmU7m0= ++-git.sr.ht/~sircmpwn/core-go v0.0.0-20200820135923-98806e712f5e/go.mod h1:aXSNgRsGoI3tTFKlwD0xm2htbEzKlR2xUm1osRxfhOM= ++ git.sr.ht/~sircmpwn/core-go v0.0.0-20201005173246-a9e49d17a1e6 h1:Ky6HzcRmbMUxOrWXv04+mb97GkyxO/Nx7v8uJBUdpNk= ++ git.sr.ht/~sircmpwn/core-go v0.0.0-20201005173246-a9e49d17a1e6/go.mod h1:HpPX22ilJUWKOA4NDhrOcIyblQhdiKHPg4oMJFYdh0Y= +++github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7 h1:uSoVVbwJiQipAclBbw+8quDsfcvFjOpI5iCf4p/cqCs= ++ github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= +++github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= ++ github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= +++github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= ++ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +++github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= +++github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= ++ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= ++ github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 h1:y5HC9v93H5EPKqaS1UYVg1uYah5Xf51mBfIoWehClUQ= ++ github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9hchkHSWYkEqJwUGisez3G1QY8Ryz0sdWrLPMGjLk= ++ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +++github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= ++ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= ++ github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= ++ github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= ++ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001 h1:/UMxx5lGDg30aioUL9e7xJnbJfJeX7vhcm57fa5udaI= ++ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c= +++github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ= ++ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= +++github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +++github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= +++github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +++github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= ++ github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= ++ github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= ++ github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= ++ github.com/go-git/go-billy/v5 v5.0.0 h1:7NQHvd9FVid8VL4qVUMm8XifBK+2xCoZ2lSk0agRrHM= ++ github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= ++-github.com/go-git/go-git v1.0.0 h1:YcN9iDGDoXuIw0vHls6rINwV416HYa0EB2X+RBsyYp4= ++-github.com/go-git/go-git v4.7.0+incompatible h1:+W9rgGY4DOKKdX2x6HxSR7HNeTxqiKrOvKnuittYVdA= +++github.com/go-git/go-git-fixtures/v4 v4.0.1 h1:q+IFMfLx200Q3scvt2hN79JsEzy4AmBTp/pqnefH+Bc= ++ github.com/go-git/go-git-fixtures/v4 v4.0.1/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw= ++ github.com/go-git/go-git/v5 v5.1.0 h1:HxJn9g/E7eYvKW3Fm7Jt4ee8LXfPOm/H1cdDu8vEssk= ++ github.com/go-git/go-git/v5 v5.1.0/go.mod h1:ZKfuPUoY1ZqIG4QG9BDBh3G4gLM5zvPuSJAozQrZuyM= ++-github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg= ++-github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= +++github.com/go-redis/redis/v8 v8.11.3 h1:GCjoYp8c+yQTJfc0n69iwSiHjvuAdruxl7elnZCxgt8= +++github.com/go-redis/redis/v8 v8.11.3/go.mod h1:xNJ9xDG09FsIPwh3bWdk+0oDWHbtF9rPN0F/oD9XeKc= +++github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= +++github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +++github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +++github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +++github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +++github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +++github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +++github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +++github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +++github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +++github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= ++ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +++github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +++github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +++github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +++github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= +++github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= ++ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= ++ github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= ++ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +++github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= ++ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +++github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= ++ github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg= ++ github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= ++ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= ++@@ -39,6 +67,7 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i ++ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= ++ github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= ++ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +++github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= ++ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= ++ github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd h1:Coekwdh0v2wtGp9Gmz1Ze3eVRAWJMLokvN3QjdzCHLY= ++ github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= ++@@ -48,6 +77,7 @@ github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd ++ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= ++ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= ++ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +++github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= ++ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= ++ github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg= ++ github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= ++@@ -55,8 +85,6 @@ github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/Qd ++ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= ++ github.com/minio/md5-simd v1.1.0 h1:QPfiOqlZH+Cj9teu0t9b1nTBfPbyTl16Of5MeuShdK4= ++ github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw= ++-github.com/minio/minio-go v1.0.0 h1:ooSujki+Z1PRGZsYffJw5jnF5eMBvzMVV86TLAlM0UM= ++-github.com/minio/minio-go v6.0.14+incompatible h1:fnV+GD28LeqdN6vT2XdGKW8Qe/IfjJDswNVuni6km9o= ++ github.com/minio/minio-go/v7 v7.0.5 h1:I2NIJ2ojwJqD/YByemC1M59e1b4FW9kS7NlOar7HPV4= ++ github.com/minio/minio-go/v7 v7.0.5/go.mod h1:TA0CQCjJZHM5SJj9IjqR0NmpmQJ6bCbXifAJ3mUU6Hw= ++ github.com/minio/sha256-simd v0.1.1 h1:5QHSlgo3nt5yKOJrC7W8w7X+NFl8cMPZm96iu8kKUJU= ++@@ -69,64 +97,121 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ ++ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= ++ github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= ++ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +++github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= ++ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +++github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +++github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +++github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +++github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +++github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +++github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= +++github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= +++github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +++github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +++github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU= +++github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= ++ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= ++ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= ++ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +++github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= ++ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= ++ github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= ++ github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= ++ github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= ++ github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +++github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= ++ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +++github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2YqsZKovtsgrwcDH1RZhVbTKCjLp47XpqCDs= ++ github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= ++ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= ++ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= ++ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +++github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +++github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= ++ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= ++ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec h1:DGmKwyZwEB8dI7tbLt/I/gQuP559o/0FrAkHKlQM/Ks= ++ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec/go.mod h1:owBmyHYMLkxyrugmfwE/DLJyW8Ro9mkphwuVErQ0iUw= ++ github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70= ++ github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= +++github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= ++ golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= ++ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= ++-golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM= +++golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= ++ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= ++ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= ++ golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= ++ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= ++ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +++golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +++golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= ++ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= ++ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= ++-golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0= +++golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= ++ golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= ++-golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= +++golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= ++ golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +++golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +++golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 h1:DzZ89McO9/gWPsQXS/FVKAlG02ZjaQ6AlZRBimEYOd0= +++golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= +++golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +++golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +++golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +++golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++ golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= ++ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= ++-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So= +++golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= ++ golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= ++ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= ++-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae h1:Ih9Yo4hSPImZOpfGuA4bR/ORKTAbhZo2AbWNRCnevdo= ++ golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c= +++golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +++golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= ++ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= ++ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= ++-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= ++ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +++golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= +++golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= ++ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= ++ golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +++golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +++golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +++golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +++golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +++golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +++golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= +++golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +++google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +++google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +++google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +++google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +++google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +++google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +++google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +++google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= +++google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= ++ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= ++ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= ++ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +++gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= ++ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +++gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= ++ gopkg.in/ini.v1 v1.57.0 h1:9unxIsFcTt4I55uWluz+UmL95q4kdJ0buvQ1ZIqVQww= ++ gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= ++ gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= ++ gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= ++ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= ++ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= ++ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= ++-gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= ++ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +++gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +++gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +++gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= ++ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= ++-- ++2.32.0 ++ +diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch +new file mode 100644 +index 00000000000..191ff61b826 +--- /dev/null ++++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch +@@ -0,0 +1,61 @@ ++From e244cb7398758f91cc6deaabf278a1b6412ee477 Mon Sep 17 00:00:00 2001 +From: Julien Moutinho +Date: Fri, 27 Aug 2021 12:48:56 +0200 -+Subject: [PATCH v2 1/2] srht-keys: update go-redis to support Unix sockets ++Subject: [PATCH scm.sr.ht v3 1/2] srht-keys: update go-redis to support Unix ++ sockets + +--- -+ srht-keys/srhtkeys.go | 13 ++++++++----- -+ 1 file changed, 8 insertions(+), 5 deletions(-) ++ srht-keys/srhtkeys.go | 9 ++++++--- ++ 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/srht-keys/srhtkeys.go b/srht-keys/srhtkeys.go -+index be925ed..4cc144c 100644 ++index be925ed..1a300d5 100644 +--- a/srht-keys/srhtkeys.go ++++ b/srht-keys/srhtkeys.go +@@ -1,6 +1,7 @@ @@ -5239,7 +6233,7 @@ index 00000000000..389cd71751a + "time" + +- goredis "github.com/go-redis/redis" -++ goRedis "github.com/go-redis/redis/v8" +++ goredis "github.com/go-redis/redis/v8" + "github.com/google/uuid" + _ "github.com/lib/pq" + "github.com/vaughan0/go-ini" @@ -5252,15 +6246,6 @@ index 00000000000..389cd71751a + // Stores the SSH key in the database and returns the user's ID. + func storeKey(logger *log.Logger, db *sql.DB, key *MetaSSHKey) (int, error) { + logger.Println("Storing meta.sr.ht key in database") -+@@ -84,7 +87,7 @@ func storeKey(logger *log.Logger, db *sql.DB, key *MetaSSHKey) (int, error) { -+ } -+ -+ func fetchKeysFromMeta(logger *log.Logger, config ini.File, -+- redis *goredis.Client, service string, b64key string) (string, int) { -++ redis *goRedis.Client, service string, b64key string) (string, int) { -+ -+ meta, ok := config.Get("meta.sr.ht", "internal-origin") -+ if !ok { +@@ -145,7 +148,7 @@ func fetchKeysFromMeta(logger *log.Logger, config ini.File, + if err != nil { + logger.Printf("Caching SSH key in redis failed: %v", err) @@ -5270,12 +6255,7 @@ index 00000000000..389cd71751a + } + + return key.Owner.Username, userId -+@@ -164,11 +167,11 @@ func ParseArgs(logger *log.Logger) (string, string, string, error) { -+ } -+ -+ func UserFromKey(logger *log.Logger, config ini.File, -+- redis *goredis.Client, service string, b64key string) (string, int) { -++ redis *goRedis.Client, service string, b64key string) (string, int) { ++@@ -168,7 +171,7 @@ func UserFromKey(logger *log.Logger, config ini.File, + + cacheKey := fmt.Sprintf("%s.ssh-keys.%s", service, b64key) + logger.Printf("Cache key for SSH key lookup: %s", cacheKey) @@ -5287,16 +6267,16 @@ index 00000000000..389cd71751a +-- +2.32.0 + -diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v2-0002-srht-keys-update-go.-mod-sum-for-go-redis.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v2-0002-srht-keys-update-go.-mod-sum-for-go-redis.patch +diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0002-srht-keys-update-go.-mod-sum-for-go-redis.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0002-srht-keys-update-go.-mod-sum-for-go-redis.patch new file mode 100644 -index 00000000000..8db7dc674c7 +index 00000000000..c5407a26491 --- /dev/null -+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v2-0002-srht-keys-update-go.-mod-sum-for-go-redis.patch ++++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0002-srht-keys-update-go.-mod-sum-for-go-redis.patch @@ -0,0 +1,155 @@ -+From d0862969b1470701edded4772337822ca52c8509 Mon Sep 17 00:00:00 2001 ++From aeb3e0dc2270e6ab3cd0f651ea735275e527e7ce Mon Sep 17 00:00:00 2001 +From: Julien Moutinho +Date: Fri, 27 Aug 2021 13:06:27 +0200 -+Subject: [PATCH v2 2/2] srht-keys: update go.{mod,sum} for go-redis ++Subject: [PATCH scm.sr.ht v3 2/2] srht-keys: update go.{mod,sum} for go-redis + +--- + srht-keys/go.mod | 2 +- @@ -5480,7 +6460,7 @@ index 00000000000..9db31c9e554 +2.32.0 + diff --git a/pkgs/applications/version-management/sourcehut/scm.nix b/pkgs/applications/version-management/sourcehut/scm.nix -index 1f385265360..6737251f833 100644 +index 1f385265360..6efb48cd557 100644 --- a/pkgs/applications/version-management/sourcehut/scm.nix +++ b/pkgs/applications/version-management/sourcehut/scm.nix @@ -1,22 +1,59 @@ @@ -5536,7 +6516,7 @@ index 1f385265360..6737251f833 100644 + + patches = [ + # Update go-redis to support Unix sockets -+ patches/redis-socket/scm/v2-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch ++ patches/redis-socket/scm/v3-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch + ]; + patchFlags = "-p2"; + postInstall = '' -- 2.49.0 From 6e8c7f221e081c271fc65a5d21becab31d1d2266 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 1 Oct 2021 14:14:29 +0200 Subject: [PATCH 02/16] sourcehut: update patches --- nixpkgs/patches/sourcehut.diff | 635 ++++----------------------------- 1 file changed, 63 insertions(+), 572 deletions(-) diff --git a/nixpkgs/patches/sourcehut.diff b/nixpkgs/patches/sourcehut.diff index 35091e8..e408863 100644 --- a/nixpkgs/patches/sourcehut.diff +++ b/nixpkgs/patches/sourcehut.diff @@ -12,7 +12,7 @@ index 18d19fddaca..304698a51ad 100644 diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix -index 1b9358c81a1..b6ff355f58b 100644 +index 1b9358c81a1..16159e62d9d 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -5,17 +5,18 @@ with lib; @@ -474,7 +474,7 @@ index 1b9358c81a1..b6ff355f58b 100644 }; }; -@@ -230,78 +290,60 @@ in { +@@ -230,78 +290,61 @@ in { ###### implementation @@ -543,6 +543,7 @@ index 1b9358c81a1..b6ff355f58b 100644 + users.users = mapAttrs' (name: conf: nameValuePair (redisName name) { + description = "System user for the redis-server instance ${name}"; + isSystemUser = true; ++ group = redisName name; + }) enabledServers; + users.groups = mapAttrs' (name: conf: nameValuePair (redisName name) { + }) enabledServers; @@ -590,7 +591,7 @@ index 1b9358c81a1..b6ff355f58b 100644 StateDirectoryMode = "0700"; # Access write directories UMask = "0077"; -@@ -310,7 +352,7 @@ in { +@@ -310,7 +353,7 @@ in { # Security NoNewPrivileges = true; # Process Properties @@ -599,7 +600,7 @@ index 1b9358c81a1..b6ff355f58b 100644 # Sandboxing ProtectSystem = "strict"; ProtectHome = true; -@@ -323,7 +365,9 @@ in { +@@ -323,7 +366,9 @@ in { ProtectKernelModules = true; ProtectKernelTunables = true; ProtectControlGroups = true; @@ -610,7 +611,7 @@ index 1b9358c81a1..b6ff355f58b 100644 RestrictNamespaces = true; LockPersonality = true; MemoryDenyWriteExecute = true; -@@ -334,6 +378,7 @@ in { +@@ -334,6 +379,7 @@ in { SystemCallArchitectures = "native"; SystemCallFilter = "~@cpu-emulation @debug @keyring @memlock @mount @obsolete @privileged @resources @setuid"; }; @@ -4362,7 +4363,7 @@ index b56a14ebf85..6492250bd57 100644 }; diff --git a/pkgs/applications/version-management/sourcehut/builds.nix b/pkgs/applications/version-management/sourcehut/builds.nix -index c8163caf8ea..a0bd6e83b3c 100644 +index c8163caf8ea..7ea2fef54bb 100644 --- a/pkgs/applications/version-management/sourcehut/builds.nix +++ b/pkgs/applications/version-management/sourcehut/builds.nix @@ -11,26 +11,55 @@ @@ -4381,14 +4382,14 @@ index c8163caf8ea..a0bd6e83b3c 100644 -buildPythonPackage rec { - inherit version; - pname = "buildsrht"; -+ version = "0.71.0"; ++ version = "0.71.6"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "builds.sr.ht"; rev = version; - sha256 = "sha256-2MLs/DOXHjEYarXDVUcPZe3o0fmZbzVxn528SE72lhM="; -+ sha256 = "sha256-S3mMndUdVGi+YxAOI3wSNlSZrH3cwumxatXpErS2yQI="; ++ sha256 = "sha256-c2xp2uIP8+WeRMz0efA1H58Nkot65bc03e7rrrZk3jo="; }; + worker = buildGoModule rec { @@ -4434,13 +4435,12 @@ index c8163caf8ea..a0bd6e83b3c 100644 nativeBuildInputs = srht.nativeBuildInputs; propagatedBuildInputs = [ -@@ -53,13 +82,18 @@ buildPythonPackage rec { +@@ -53,13 +82,17 @@ buildPythonPackage rec { cp -r images $out/lib cp contrib/submit_image_build $out/bin/builds.sr.ht - cp ${buildWorker "${src}/worker"}/bin/worker $out/bin/builds.sr.ht-worker + cp ${worker}/bin/worker $out/bin/builds.sr.ht-worker -+ cp --reflink=auto *.go vendor/go.* $out ''; + pythonImportsCheck = [ "buildsrht" ]; @@ -4456,7 +4456,7 @@ index c8163caf8ea..a0bd6e83b3c 100644 }; } diff --git a/pkgs/applications/version-management/sourcehut/core.nix b/pkgs/applications/version-management/sourcehut/core.nix -index 7c3a516ed9d..2e2c55617dc 100644 +index 7c3a516ed9d..2b302d1441c 100644 --- a/pkgs/applications/version-management/sourcehut/core.nix +++ b/pkgs/applications/version-management/sourcehut/core.nix @@ -25,17 +25,16 @@ @@ -4469,31 +4469,29 @@ index 7c3a516ed9d..2e2c55617dc 100644 buildPythonPackage rec { pname = "srht"; - version = "0.67.4"; -+ version = "0.67.18"; ++ version = "0.67.25"; src = fetchgit { url = "https://git.sr.ht/~sircmpwn/core.sr.ht"; rev = version; - sha256 = "sha256-XvzFfcBK5Mq8p7xEBAF/eupUE1kkUBh5k+ByM/WA9bc="; -+ sha256 = "sha256-lPPB1DRWHANGBBfWeu0pUn1xBkd37ZhyreozLlxX6cA="; ++ sha256 = "sha256-JZXIpNEY1/KUaYh0Vk5j/zVO9JQc2F1RmnZ/5TFN0PI="; fetchSubmodules = true; }; -@@ -46,7 +45,12 @@ buildPythonPackage rec { +@@ -46,7 +45,10 @@ buildPythonPackage rec { }; patches = [ - ./disable-npm-install.patch + # Disable check for npm + patches/disable-npm-install.patch -+ # Fix broken hack: removing dots from "builds.sr.ht" does not produce "buildsrht" -+ patches/srht-update-profiles/0001-fix-disgusting-hack-in-the-case-of-buildsrht.patch + # Add Unix socket support for redis-host= + patches/redis-socket/core/v3-0001-add-Unix-socket-support-for-redis-host.patch ]; nativeBuildInputs = [ -@@ -87,6 +91,7 @@ buildPythonPackage rec { +@@ -87,6 +89,7 @@ buildPythonPackage rec { ''; dontUseSetuptoolsCheck = true; @@ -4562,7 +4560,7 @@ index 637c6f9c1df..9456d0c998c 100644 }; } diff --git a/pkgs/applications/version-management/sourcehut/git.nix b/pkgs/applications/version-management/sourcehut/git.nix -index e44fb9cd6c6..33394e13ac8 100644 +index e44fb9cd6c6..2aed7b4a5fe 100644 --- a/pkgs/applications/version-management/sourcehut/git.nix +++ b/pkgs/applications/version-management/sourcehut/git.nix @@ -6,42 +6,111 @@ @@ -4573,14 +4571,14 @@ index e44fb9cd6c6..33394e13ac8 100644 }: let - version = "0.72.8"; -+ version = "0.72.44"; ++ version = "0.72.47"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "git.sr.ht"; rev = version; - sha256 = "sha256-AB2uzajO5PtcpJfbOOTfuDFM6is5K39v3AZJ1hShRNc="; -+ sha256 = "sha256-U+hJiQpAJIHBC//M/Lfw82DLhZF46qHhz8zZW1ZvJoo="; ++ sha256 = "sha256-jk2DFC/fDYN88nofntJrBtYfCWr39YaNv2azH/tdZtQ="; }; - buildShell = src: buildGoModule { @@ -4610,7 +4608,7 @@ index e44fb9cd6c6..33394e13ac8 100644 + sourceRoot = "source/gitsrht-keys"; pname = "gitsrht-keys"; - vendorSha256 = "1d94cqy7x0q0agwg515xxsbl70b3qrzxbzsyjhn1pbyj532brn7f"; -+ vendorSha256 = "sha256-0Rnyo4IRQFhM4LFi0499+xJaboMiKEYOgoR5BumzRE8="; ++ vendorSha256 = "sha256-m6uIrYDWqGagi+jjfYo4C59SjLqaaXwDq9vO0b9EW6M="; + + # What follows is only to update go-redis, + # and thus also using a patched srht-keys. @@ -4749,7 +4747,7 @@ index cddb76cabf2..1d6062d81cc 100644 }; } diff --git a/pkgs/applications/version-management/sourcehut/hub.nix b/pkgs/applications/version-management/sourcehut/hub.nix -index 17cb3fe4b61..31191cba713 100644 +index 17cb3fe4b61..31975b305c5 100644 --- a/pkgs/applications/version-management/sourcehut/hub.nix +++ b/pkgs/applications/version-management/sourcehut/hub.nix @@ -6,13 +6,13 @@ @@ -4757,14 +4755,14 @@ index 17cb3fe4b61..31191cba713 100644 buildPythonPackage rec { pname = "hubsrht"; - version = "0.13.1"; -+ version = "0.13.8"; ++ version = "0.13.11"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "hub.sr.ht"; rev = version; - sha256 = "sha256-Kqzy4mh5Nn1emzHBco/LVuXro/tW3NX+OYqdEwBSQ/U="; -+ sha256 = "sha256-RsRJxwViEoQLh86o+8kQE5PBlLrOyIFM7hkSGjXhqdg="; ++ sha256 = "sha256-AIpP7gfXoBvl6s8+dA3XrjuUHsPTtKFsZqwqbjBKYUk="; }; nativeBuildInputs = srht.nativeBuildInputs; @@ -4783,7 +4781,7 @@ index 17cb3fe4b61..31191cba713 100644 }; } diff --git a/pkgs/applications/version-management/sourcehut/lists.nix b/pkgs/applications/version-management/sourcehut/lists.nix -index b419b49f7b5..0882241401a 100644 +index b419b49f7b5..51b1a3627db 100644 --- a/pkgs/applications/version-management/sourcehut/lists.nix +++ b/pkgs/applications/version-management/sourcehut/lists.nix @@ -12,13 +12,13 @@ @@ -4791,14 +4789,14 @@ index b419b49f7b5..0882241401a 100644 buildPythonPackage rec { pname = "listssrht"; - version = "0.48.19"; -+ version = "0.49.3"; ++ version = "0.50.1"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "lists.sr.ht"; rev = version; - sha256 = "sha256-bsakEMyvWaxiE4/SGcAP4mlGG9jkdHfFxpt9H+TJn/8="; -+ sha256 = "sha256-kEzKgB8godIL7hEXMrqaxVte6RJAegjT4keZifXbOq0="; ++ sha256 = "sha256-FrC3Au/ZdDtJuczGgaAhAEZu0hVa74LOM8z3aOiqGZc="; }; nativeBuildInputs = srht.nativeBuildInputs; @@ -4851,7 +4849,7 @@ index bd331f000a7..47c6bb0ac4f 100644 }; } diff --git a/pkgs/applications/version-management/sourcehut/meta.nix b/pkgs/applications/version-management/sourcehut/meta.nix -index 86d293973d7..46e9475b8f8 100644 +index 86d293973d7..0964960fea0 100644 --- a/pkgs/applications/version-management/sourcehut/meta.nix +++ b/pkgs/applications/version-management/sourcehut/meta.nix @@ -18,19 +18,19 @@ @@ -4859,21 +4857,21 @@ index 86d293973d7..46e9475b8f8 100644 }: let - version = "0.53.14"; -+ version = "0.54.4"; ++ version = "0.56.0"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "meta.sr.ht"; rev = version; - sha256 = "sha256-/+r/XLDkcSTW647xPMh5bcJmR2xZNNH74AJ5jemna2k="; -+ sha256 = "sha256-MleyF6aqFWbYtxRdMHXpy7HBgJKL9doBmDcYLLe8bW4="; ++ sha256 = "sha256-+fCNtW+k9fmjh1TLK0WUv0EgWKGlhURYS6atUH5EOjM="; }; buildApi = src: buildGoModule { inherit src version; pname = "metasrht-api"; - vendorSha256 = "sha256-eZyDrr2VcNMxI++18qUy7LA1Q1YDlWCoRtl00L8lfR4="; -+ vendorSha256 = "sha256-gi+dGQPVzrZI+1s9SSa2M3bdgi8vwpR/ofaLG2ZX4kU="; ++ vendorSha256 = "sha256-m9j9tmss+utTVMywI9wB1n9EK8sbElW0ej2YqK1yL5M="; }; in @@ -4891,66 +4889,31 @@ index 86d293973d7..46e9475b8f8 100644 maintainers = with maintainers; [ eadwu ]; }; } -diff --git a/pkgs/applications/version-management/sourcehut/pages-fix-syntax-error-in-schema.sql.patch b/pkgs/applications/version-management/sourcehut/pages-fix-syntax-error-in-schema.sql.patch -new file mode 100644 -index 00000000000..9b3f6fbc6fb ---- /dev/null -+++ b/pkgs/applications/version-management/sourcehut/pages-fix-syntax-error-in-schema.sql.patch -@@ -0,0 +1,27 @@ -+From 3df160ad289b25574322f587095d00d6641f057c Mon Sep 17 00:00:00 2001 -+From: Juan Picca -+Date: Wed, 21 Jul 2021 08:26:56 -0300 -+Subject: [PATCH] Fix syntax error in schema.sql -+ -+--- -+ schema.sql | 4 ++-- -+ 1 file changed, 2 insertions(+), 2 deletions(-) -+ -+diff --git a/schema.sql b/schema.sql -+index 168377f..2e473ea 100644 -+--- a/schema.sql -++++ b/schema.sql -+@@ -28,8 +28,8 @@ CREATE TABLE sites ( -+ user_id integer NOT NULL references "user"(id), -+ domain varchar NOT NULL, -+ protocol protocol NOT NULL, -+- version varchar NOT NULL -+- UNIQUE (domain, protocol), -++ version varchar NOT NULL, -++ UNIQUE (domain, protocol) -+ ); -+ -+ COMMIT; -+-- -+2.32.0 -+ diff --git a/pkgs/applications/version-management/sourcehut/pages.nix b/pkgs/applications/version-management/sourcehut/pages.nix new file mode 100644 -index 00000000000..d04182251a7 +index 00000000000..4a3d9f8c7d0 --- /dev/null +++ b/pkgs/applications/version-management/sourcehut/pages.nix -@@ -0,0 +1,34 @@ +@@ -0,0 +1,32 @@ +{ lib +, fetchFromSourcehut +, buildGoModule +}: -+buildGoModule rec { -+ pname = "pagessrht"; -+ version = "0.4.8"; ++let ++ version = "0.4.10"; + + src = fetchFromSourcehut { + owner = "~sircmpwn"; + repo = "pages.sr.ht"; + rev = version; -+ sha256 = "sha256-z9w8v5e6LY6VUEczltyD55KEUUH7Gw1vUO00KPmT+D8="; ++ sha256 = "sha256-Lq/xCCAywxxjX5nHbOvmCaQ4wtLgjcMo3Qc7xO1fdAs="; + }; + -+ vendorSha256 = "sha256-xOd9i+PNlLxZrw/+z/C9V+AbOLEociW2YHY+x1K+mJI="; -+ -+ patches = [ -+ # Upstream after 0.4.8 -+ ./pages-fix-syntax-error-in-schema.sql.patch -+ ]; ++in ++buildGoModule { ++ inherit src version; ++ pname = "pagessrht"; ++ vendorSha256 = "sha256-YFRBoflFy48ipTvXdZ4qPSEgTIYvm4752JRZSzRG++U="; + + postInstall = '' + mkdir -p $out/share/sql/ @@ -5543,14 +5506,14 @@ index 00000000000..299ad3d83c5 + diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch new file mode 100644 -index 00000000000..8b210fbb6e1 +index 00000000000..48e91ac739b --- /dev/null +++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch @@ -0,0 +1,26 @@ -+From 2f949b484b62b2cdb71d417c52935978fab10f62 Mon Sep 17 00:00:00 2001 ++From 083e4791771d998c9a6c881a4101d24296e38252 Mon Sep 17 00:00:00 2001 +From: Julien Moutinho +Date: Fri, 27 Aug 2021 15:38:28 +0200 -+Subject: [PATCH git.sr.ht v3 1/5] gitsrht-keys: update go-redis to support ++Subject: [PATCH git.sr.ht v3 1/3] gitsrht-keys: update go-redis to support + Unix sockets + +--- @@ -5575,14 +5538,14 @@ index 00000000000..8b210fbb6e1 + diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch new file mode 100644 -index 00000000000..ecca8227115 +index 00000000000..41847ac8717 --- /dev/null +++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch @@ -0,0 +1,109 @@ -+From 1ac95fc65ea68eb207e0cae1b1f3c0afac70613b Mon Sep 17 00:00:00 2001 ++From d9683aced0dc3a94c56de2fde31c1765054900fa Mon Sep 17 00:00:00 2001 +From: Julien Moutinho +Date: Fri, 27 Aug 2021 15:39:29 +0200 -+Subject: [PATCH git.sr.ht v3 2/5] gitsrht-update-hook: update go-redis to ++Subject: [PATCH git.sr.ht v3 2/3] gitsrht-update-hook: update go-redis to + support Unix sockets + +--- @@ -5690,14 +5653,14 @@ index 00000000000..ecca8227115 + diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch new file mode 100644 -index 00000000000..a5b6a5f699e +index 00000000000..9a4b0300921 --- /dev/null +++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch @@ -0,0 +1,57 @@ -+From f8da7df610a77003d1bc06c1fae453f5e1efe0e6 Mon Sep 17 00:00:00 2001 ++From fcbec39a406562c29dfcf7eeef6f284da28bc619 Mon Sep 17 00:00:00 2001 +From: Julien Moutinho +Date: Fri, 27 Aug 2021 17:42:33 +0200 -+Subject: [PATCH git.sr.ht v3 3/5] gitsrht-dispatch: add support for ++Subject: [PATCH git.sr.ht v3 3/3] gitsrht-dispatch: add support for + supplementary groups + +--- @@ -5751,455 +5714,6 @@ index 00000000000..a5b6a5f699e +-- +2.32.0 + -diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0004-gitsrht-keys-update-go.-mod-sum-for-go-redis.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0004-gitsrht-keys-update-go.-mod-sum-for-go-redis.patch -new file mode 100644 -index 00000000000..d2140d97cc0 ---- /dev/null -+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0004-gitsrht-keys-update-go.-mod-sum-for-go-redis.patch -@@ -0,0 +1,174 @@ -+From c650827afa6f5b393ddd73ff7d4ba1e44cf36962 Mon Sep 17 00:00:00 2001 -+From: Julien Moutinho -+Date: Fri, 27 Aug 2021 15:39:15 +0200 -+Subject: [PATCH git.sr.ht v3 4/5] gitsrht-keys: update go.{mod,sum} for -+ go-redis -+ -+--- -+ gitsrht-keys/go.mod | 4 +- -+ gitsrht-keys/go.sum | 115 ++++++++++++++++++++++++++++++++++++++------ -+ 2 files changed, 101 insertions(+), 18 deletions(-) -+ -+diff --git a/gitsrht-keys/go.mod b/gitsrht-keys/go.mod -+index 8189248..15ca698 100644 -+--- a/gitsrht-keys/go.mod -++++ b/gitsrht-keys/go.mod -+@@ -3,8 +3,8 @@ module git.sr.ht/~sircmpwn/git.sr.ht/gitsrht-keys -+ go 1.13 -+ -+ require ( -+- git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20201005173856-253d4b3ba1aa -+- github.com/go-redis/redis v6.15.9+incompatible -++ git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20210728080601-bfa237a21e3c -++ github.com/go-redis/redis/v8 v8.11.3 -+ github.com/google/uuid v1.1.2 // indirect -+ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec -+ ) -+diff --git a/gitsrht-keys/go.sum b/gitsrht-keys/go.sum -+index 6a148e7..bfafaa3 100644 -+--- a/gitsrht-keys/go.sum -++++ b/gitsrht-keys/go.sum -+@@ -1,41 +1,124 @@ -+-git.sr.ht/~sircmpwn/core-go v0.0.0-20200820135923-98806e712f5e h1:TJqf/neVU5peFAS9WcR1aADXcflPOvAd7ABEirmU7m0= -+-git.sr.ht/~sircmpwn/core-go v0.0.0-20200820135923-98806e712f5e/go.mod h1:aXSNgRsGoI3tTFKlwD0xm2htbEzKlR2xUm1osRxfhOM= -+ git.sr.ht/~sircmpwn/core-go v0.0.0-20201005173246-a9e49d17a1e6 h1:Ky6HzcRmbMUxOrWXv04+mb97GkyxO/Nx7v8uJBUdpNk= -+ git.sr.ht/~sircmpwn/core-go v0.0.0-20201005173246-a9e49d17a1e6/go.mod h1:HpPX22ilJUWKOA4NDhrOcIyblQhdiKHPg4oMJFYdh0Y= -+-git.sr.ht/~sircmpwn/scm.sr.ht v0.0.0-20200818140842-69dc60d7baaf h1:5qYB5U4zn97aUu1RA90ke0xi5SEn7F7+NPykkpeiRDM= -+-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20200818140842-69dc60d7baaf h1:qFAjPhZDlKqQejSbloU+SHwiClcD8mwe135MzTU7+DA= -+-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20200818140842-69dc60d7baaf/go.mod h1:Agf7zmDrTdkJ5BiCLb9jwpEiV3JCMAVFyzUtLVHUgOE= -+-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20200820140830-14788ed2b332 h1:ATNQ3dAJWOtm4yguxwHeCh2p5qtIpYJmo/8jsnVTNTI= -+-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20200820140830-14788ed2b332/go.mod h1:ARwiMukA8HXQ4lv54NglccZKTx+RcKAg5XXpkVH+fvQ= -+-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20201005173805-6de3fddf5862 h1:f7nKVC/wyxv1Q6SI4fd+D3r42reZ1A+rPvYtRP8AA0Q= -+-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20201005173805-6de3fddf5862/go.mod h1:OwtcEVWvnvuJiHPbe4gR28ot8zEjtjAmDVgPCWUmxcQ= -+-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20201005173856-253d4b3ba1aa h1:yZUhFN9adGsqKIRRH2SEop3/XgoYYDqMqbzi50DcEkM= -+-git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20201005173856-253d4b3ba1aa/go.mod h1:OwtcEVWvnvuJiHPbe4gR28ot8zEjtjAmDVgPCWUmxcQ= -++git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20210728080601-bfa237a21e3c h1:RE8x0GE0eQmlZERWYvhxRmK0yxTQgud051PZwBVsTbs= -++git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys v0.0.0-20210728080601-bfa237a21e3c/go.mod h1:OwtcEVWvnvuJiHPbe4gR28ot8zEjtjAmDVgPCWUmxcQ= -++github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= -++github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -+ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -++github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -++github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= -++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= -+ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001 h1:/UMxx5lGDg30aioUL9e7xJnbJfJeX7vhcm57fa5udaI= -+ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c= -+-github.com/go-redis/redis v6.15.6+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= -++github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -++github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= -++github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -+ github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg= -+ github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= -+-github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= -++github.com/go-redis/redis/v8 v8.11.3 h1:GCjoYp8c+yQTJfc0n69iwSiHjvuAdruxl7elnZCxgt8= -++github.com/go-redis/redis/v8 v8.11.3/go.mod h1:xNJ9xDG09FsIPwh3bWdk+0oDWHbtF9rPN0F/oD9XeKc= -++github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -++github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -++github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -++github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -++github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -++github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -++github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -++github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -++github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -++github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= -++github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -++github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -++github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -++github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -++github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -++github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= -++github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -+ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -+ github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= -+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -+-github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0= -+-github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -++github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -+ github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg= -+ github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -++github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -++github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -++github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -++github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -++github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -++github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= -++github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= -++github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -++github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -++github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU= -++github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= -++github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -+ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -+ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -++github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -++github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= -+ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -+ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec h1:DGmKwyZwEB8dI7tbLt/I/gQuP559o/0FrAkHKlQM/Ks= -+ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec/go.mod h1:owBmyHYMLkxyrugmfwE/DLJyW8Ro9mkphwuVErQ0iUw= -++github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -+ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -+-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= -++golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -++golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -+ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -++golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -++golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -+ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -++golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -++golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -++golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -++golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 h1:DzZ89McO9/gWPsQXS/FVKAlG02ZjaQ6AlZRBimEYOd0= -++golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= -++golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -++golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -++golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -++golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -+ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -+ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c= -++golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -++golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -++golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= -++golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -++golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -++golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -++golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -++golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -++golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -++golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -++golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -++golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -++google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -++google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -++google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -++google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -++google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -++google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -++google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -++google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= -++google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -++gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= -+ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -++gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -++gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -++gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -++gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -++gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -++gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -++gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= -+ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -+-- -+2.32.0 -+ -diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0005-gitsrht-update-hook-update-go.-mod-sum-for-go-red.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0005-gitsrht-update-hook-update-go.-mod-sum-for-go-red.patch -new file mode 100644 -index 00000000000..d8ee71f17bd ---- /dev/null -+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0005-gitsrht-update-hook-update-go.-mod-sum-for-go-red.patch -@@ -0,0 +1,263 @@ -+From bfe2cf682527fe41e9eb44bc4bf818ba828a2e5c Mon Sep 17 00:00:00 2001 -+From: Julien Moutinho -+Date: Fri, 27 Aug 2021 15:39:38 +0200 -+Subject: [PATCH git.sr.ht v3 5/5] gitsrht-update-hook: update go.{mod,sum} for -+ go-redis -+ -+--- -+ gitsrht-update-hook/go.mod | 4 +- -+ gitsrht-update-hook/go.sum | 115 ++++++++++++++++++++++++++++++++----- -+ 2 files changed, 102 insertions(+), 17 deletions(-) -+ -+diff --git a/gitsrht-update-hook/go.mod b/gitsrht-update-hook/go.mod -+index 6d29243..c39beb9 100644 -+--- a/gitsrht-update-hook/go.mod -++++ b/gitsrht-update-hook/go.mod -+@@ -7,12 +7,12 @@ require ( -+ github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 -+ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001 -+ github.com/go-git/go-git/v5 v5.1.0 -+- github.com/go-redis/redis v6.15.9+incompatible -++ github.com/go-redis/redis/v8 v8.11.3 -+ github.com/google/uuid v1.1.1 -+ github.com/lib/pq v1.8.0 -+ github.com/mattn/go-runewidth v0.0.9 -+ github.com/minio/minio-go/v7 v7.0.5 -+ github.com/pkg/errors v0.9.1 -+ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec -+- gopkg.in/yaml.v2 v2.3.0 -++ gopkg.in/yaml.v2 v2.4.0 -+ ) -+diff --git a/gitsrht-update-hook/go.sum b/gitsrht-update-hook/go.sum -+index cc41162..973519d 100644 -+--- a/gitsrht-update-hook/go.sum -++++ b/gitsrht-update-hook/go.sum -+@@ -1,37 +1,65 @@ -+-git.sr.ht/~sircmpwn/core-go v0.0.0-20200820135923-98806e712f5e h1:TJqf/neVU5peFAS9WcR1aADXcflPOvAd7ABEirmU7m0= -+-git.sr.ht/~sircmpwn/core-go v0.0.0-20200820135923-98806e712f5e/go.mod h1:aXSNgRsGoI3tTFKlwD0xm2htbEzKlR2xUm1osRxfhOM= -+ git.sr.ht/~sircmpwn/core-go v0.0.0-20201005173246-a9e49d17a1e6 h1:Ky6HzcRmbMUxOrWXv04+mb97GkyxO/Nx7v8uJBUdpNk= -+ git.sr.ht/~sircmpwn/core-go v0.0.0-20201005173246-a9e49d17a1e6/go.mod h1:HpPX22ilJUWKOA4NDhrOcIyblQhdiKHPg4oMJFYdh0Y= -++github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7 h1:uSoVVbwJiQipAclBbw+8quDsfcvFjOpI5iCf4p/cqCs= -+ github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= -++github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= -+ github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= -++github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -+ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -++github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= -++github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -+ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -+ github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 h1:y5HC9v93H5EPKqaS1UYVg1uYah5Xf51mBfIoWehClUQ= -+ github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9hchkHSWYkEqJwUGisez3G1QY8Ryz0sdWrLPMGjLk= -+ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -++github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -+ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= -++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= -+ github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= -+ github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= -+ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001 h1:/UMxx5lGDg30aioUL9e7xJnbJfJeX7vhcm57fa5udaI= -+ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c= -++github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ= -+ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -++github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -++github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= -++github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -++github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= -+ github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -+ github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= -+ github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -+ github.com/go-git/go-billy/v5 v5.0.0 h1:7NQHvd9FVid8VL4qVUMm8XifBK+2xCoZ2lSk0agRrHM= -+ github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -+-github.com/go-git/go-git v1.0.0 h1:YcN9iDGDoXuIw0vHls6rINwV416HYa0EB2X+RBsyYp4= -+-github.com/go-git/go-git v4.7.0+incompatible h1:+W9rgGY4DOKKdX2x6HxSR7HNeTxqiKrOvKnuittYVdA= -++github.com/go-git/go-git-fixtures/v4 v4.0.1 h1:q+IFMfLx200Q3scvt2hN79JsEzy4AmBTp/pqnefH+Bc= -+ github.com/go-git/go-git-fixtures/v4 v4.0.1/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw= -+ github.com/go-git/go-git/v5 v5.1.0 h1:HxJn9g/E7eYvKW3Fm7Jt4ee8LXfPOm/H1cdDu8vEssk= -+ github.com/go-git/go-git/v5 v5.1.0/go.mod h1:ZKfuPUoY1ZqIG4QG9BDBh3G4gLM5zvPuSJAozQrZuyM= -+-github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg= -+-github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= -++github.com/go-redis/redis/v8 v8.11.3 h1:GCjoYp8c+yQTJfc0n69iwSiHjvuAdruxl7elnZCxgt8= -++github.com/go-redis/redis/v8 v8.11.3/go.mod h1:xNJ9xDG09FsIPwh3bWdk+0oDWHbtF9rPN0F/oD9XeKc= -++github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -++github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -++github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -++github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -++github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -++github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -++github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -++github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -++github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -++github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= -++github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -+ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -++github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -++github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -++github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -++github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= -++github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -+ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -+ github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= -+ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -++github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= -+ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -++github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -+ github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg= -+ github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -+ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= -+@@ -39,6 +67,7 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i -+ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -+ github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= -+ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -++github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= -+ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -+ github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd h1:Coekwdh0v2wtGp9Gmz1Ze3eVRAWJMLokvN3QjdzCHLY= -+ github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= -+@@ -48,6 +77,7 @@ github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd -+ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -+ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -+ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -++github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -+ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -+ github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg= -+ github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -+@@ -55,8 +85,6 @@ github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/Qd -+ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -+ github.com/minio/md5-simd v1.1.0 h1:QPfiOqlZH+Cj9teu0t9b1nTBfPbyTl16Of5MeuShdK4= -+ github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw= -+-github.com/minio/minio-go v1.0.0 h1:ooSujki+Z1PRGZsYffJw5jnF5eMBvzMVV86TLAlM0UM= -+-github.com/minio/minio-go v6.0.14+incompatible h1:fnV+GD28LeqdN6vT2XdGKW8Qe/IfjJDswNVuni6km9o= -+ github.com/minio/minio-go/v7 v7.0.5 h1:I2NIJ2ojwJqD/YByemC1M59e1b4FW9kS7NlOar7HPV4= -+ github.com/minio/minio-go/v7 v7.0.5/go.mod h1:TA0CQCjJZHM5SJj9IjqR0NmpmQJ6bCbXifAJ3mUU6Hw= -+ github.com/minio/sha256-simd v0.1.1 h1:5QHSlgo3nt5yKOJrC7W8w7X+NFl8cMPZm96iu8kKUJU= -+@@ -69,64 +97,121 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ -+ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -+ github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= -+ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -++github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= -+ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -++github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -++github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -++github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -++github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -++github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -++github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= -++github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= -++github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -++github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -++github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU= -++github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= -+ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -+ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -+ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -++github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -+ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -+ github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= -+ github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= -+ github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= -+ github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -++github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= -+ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -++github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2YqsZKovtsgrwcDH1RZhVbTKCjLp47XpqCDs= -+ github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -+ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -+ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -+ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -++github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -++github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= -+ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -+ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec h1:DGmKwyZwEB8dI7tbLt/I/gQuP559o/0FrAkHKlQM/Ks= -+ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec/go.mod h1:owBmyHYMLkxyrugmfwE/DLJyW8Ro9mkphwuVErQ0iUw= -+ github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70= -+ github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= -++github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -+ golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -+ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -+-golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM= -++golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -+ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -+ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -+ golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -+ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= -+ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -++golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -++golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -+ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -+ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -+-golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0= -++golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -+ golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -+-golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= -++golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -+ golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -++golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -++golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 h1:DzZ89McO9/gWPsQXS/FVKAlG02ZjaQ6AlZRBimEYOd0= -++golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= -++golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -++golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -++golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -++golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -+ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -+ golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -+ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -+-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So= -++golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -+ golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -+ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -+-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae h1:Ih9Yo4hSPImZOpfGuA4bR/ORKTAbhZo2AbWNRCnevdo= -+ golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c= -++golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -++golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -+ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -+-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= -+ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -++golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= -++golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -+ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -+ golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -++golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -++golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -++golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -++golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -++golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -++golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -++golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -++google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -++google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -++google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -++google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -++google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -++google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -++google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -++google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= -++google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -+ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -+ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -+ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -++gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= -+ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -++gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -+ gopkg.in/ini.v1 v1.57.0 h1:9unxIsFcTt4I55uWluz+UmL95q4kdJ0buvQ1ZIqVQww= -+ gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -+ gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= -+ gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= -+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -+ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -+ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -+-gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= -+ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -++gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -++gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -++gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= -+ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -+-- -+2.32.0 -+ diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch new file mode 100644 index 00000000000..191ff61b826 @@ -6428,42 +5942,11 @@ index 00000000000..c5407a26491 +-- +2.32.0 + -diff --git a/pkgs/applications/version-management/sourcehut/patches/srht-update-profiles/0001-fix-disgusting-hack-in-the-case-of-buildsrht.patch b/pkgs/applications/version-management/sourcehut/patches/srht-update-profiles/0001-fix-disgusting-hack-in-the-case-of-buildsrht.patch -new file mode 100644 -index 00000000000..9db31c9e554 ---- /dev/null -+++ b/pkgs/applications/version-management/sourcehut/patches/srht-update-profiles/0001-fix-disgusting-hack-in-the-case-of-buildsrht.patch -@@ -0,0 +1,25 @@ -+From 8bb7c927c815582b26d026f4b2ea72f0245ccab7 Mon Sep 17 00:00:00 2001 -+From: Julien Moutinho -+Date: Mon, 23 Aug 2021 18:45:07 +0200 -+Subject: [PATCH core.sr.ht] fix "disgusting hack" in the case of buildsrht -+ -+--- -+ srht-update-profiles | 2 +- -+ 1 file changed, 1 insertion(+), 1 deletion(-) -+ -+diff --git a/srht-update-profiles b/srht-update-profiles -+index 0d9588c..063d6e2 100755 -+--- a/srht-update-profiles -++++ b/srht-update-profiles -+@@ -3,7 +3,7 @@ import sys -+ import os -+ sys.path.append(os.getcwd()) -+ site = sys.argv[1] -+-app = __import__(site.replace(".", "") + ".app").app.app # disgusting hack -++app = __import__(site.replace(".", "").replace("builds","build") + ".app").app.app # disgusting hack -+ from srht.config import cfg -+ from srht.database import db, DbSession -+ db = DbSession(cfg(site, "connection-string")) -+-- -+2.32.0 -+ diff --git a/pkgs/applications/version-management/sourcehut/scm.nix b/pkgs/applications/version-management/sourcehut/scm.nix -index 1f385265360..6efb48cd557 100644 +index 1f385265360..257f8deaf90 100644 --- a/pkgs/applications/version-management/sourcehut/scm.nix +++ b/pkgs/applications/version-management/sourcehut/scm.nix -@@ -1,22 +1,59 @@ +@@ -1,22 +1,58 @@ { lib , fetchFromSourcehut +, buildGoModule @@ -6471,7 +5954,7 @@ index 1f385265360..6efb48cd557 100644 , srht , redis , pyyaml - , buildsrht +-, buildsrht -, writeText +, applyPatches }: @@ -6526,7 +6009,15 @@ index 1f385265360..6efb48cd557 100644 }; nativeBuildInputs = srht.nativeBuildInputs; -@@ -33,11 +70,12 @@ buildPythonPackage rec { +@@ -25,7 +61,6 @@ buildPythonPackage rec { + srht + redis + pyyaml +- buildsrht + ]; + + preBuild = '' +@@ -33,11 +68,12 @@ buildPythonPackage rec { ''; dontUseSetuptoolsCheck = true; @@ -6541,7 +6032,7 @@ index 1f385265360..6efb48cd557 100644 }; } diff --git a/pkgs/applications/version-management/sourcehut/todo.nix b/pkgs/applications/version-management/sourcehut/todo.nix -index 85e1f5637b6..e091341c7dd 100644 +index 85e1f5637b6..88b7a33495a 100644 --- a/pkgs/applications/version-management/sourcehut/todo.nix +++ b/pkgs/applications/version-management/sourcehut/todo.nix @@ -12,13 +12,13 @@ @@ -6549,14 +6040,14 @@ index 85e1f5637b6..e091341c7dd 100644 buildPythonPackage rec { pname = "todosrht"; - version = "0.64.14"; -+ version = "0.64.24"; ++ version = "0.64.28"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "todo.sr.ht"; rev = version; - sha256 = "sha256-huIAhn6h1F5w5ST4/yBwr82kAzyYwhLu+gpRuOQgnsE="; -+ sha256 = "sha256-H2XGOxHyurXw3GekZJXSO6RMChRjNbjqxik/mvFVqfY="; ++ sha256 = "sha256-uClWcR0saH4dUGRRTueLv7T4IBefMVSI5khCdeDBRv4="; }; nativeBuildInputs = srht.nativeBuildInputs; -- 2.49.0 From 0c72d23e3c6eb87b380df938de0324eafa57b1ba Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 1 Oct 2021 14:15:28 +0200 Subject: [PATCH 03/16] nix: update nixpkgs --- flake.lock | 8 +-- flake.nix | 15 ++---- hosts/mermet/gitolite.nix | 1 + hosts/mermet/prosody/biboumi.nix | 6 ++- nixos/modules/services/databases/redis.nix | 1 + nixpkgs/patches.nix | 62 ---------------------- 6 files changed, 13 insertions(+), 80 deletions(-) diff --git a/flake.lock b/flake.lock index f128490..781f12a 100644 --- a/flake.lock +++ b/flake.lock @@ -252,17 +252,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1631451570, - "narHash": "sha256-71d3TwgU4Y86iiZZj0LXgWJiy31ZyoYfgPp9DjIb5YI=", + "lastModified": 1633089619, + "narHash": "sha256-XFjDdiOvnkaaOhUCnjtvz6Kig9WjwYVjoNDlXDNgI1Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bc3bca822a32fbbc73a9d55394991cef92dba3b9", + "rev": "62ca4a425ab112e5d8a75682ee76c069cdb42d4b", "type": "github" }, "original": { "owner": "NixOS", "repo": "nixpkgs", - "rev": "bc3bca822a32fbbc73a9d55394991cef92dba3b9", + "rev": "62ca4a425ab112e5d8a75682ee76c069cdb42d4b", "type": "github" } }, diff --git a/flake.nix b/flake.nix index da0160b..033c568 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { # Pin down nixpkgs from github, instead of using global, system or user registries. -inputs.nixpkgs.url = "github:NixOS/nixpkgs/bc3bca822a32fbbc73a9d55394991cef92dba3b9"; +inputs.nixpkgs.url = "github:NixOS/nixpkgs/62ca4a425ab112e5d8a75682ee76c069cdb42d4b"; #inputs.nixpkgs.url = "flake:nixpkgs"; inputs.flake-utils.url = "github:numtide/flake-utils"; inputs.home-manager.follows = "julm-nix/home-manager"; @@ -17,16 +17,6 @@ outputs = inputs: let remoteNixpkgsPatches = import nixpkgs/patches.nix; localNixpkgsPatches = [ nixpkgs/patches/sourcehut.diff - #nixpkgs/patches/transmission.diff - #nixpkgs/patches/apparmor.diff - #nixpkgs/patches/ifcopenshell.diff - #nixpkgs/patches/public-inbox.diff - #nixpkgs/patches/zerobin.diff - #nixpkgs/patches/gitolite.diff - #nixpkgs/patches/tor.diff - #nixpkgs/patches/freeciv.diff - #nixpkgs/patches/fix-ld-nix.diff - #nixpkgs/patches/fix-ld-nix-apparmor.diff ]; originPkgs = inputs.nixpkgs.legacyPackages."x86_64-linux"; nixpkgs = originPkgs.applyPatches { @@ -97,7 +87,8 @@ outputs = inputs: let })); in { - # nix -L build .#nixosConfigurations.${hostName}.config.system.build.toplevel + # Example: nix -L build .#nixosConfigurations.losurdo.config.system.build.toplevel + # Example: nix eval .#nixosConfigurations.losurdo.config.networking.hostName nixosConfigurations = hosts { losurdo = hosts/losurdo.nix; mermet = hosts/mermet.nix; diff --git a/hosts/mermet/gitolite.nix b/hosts/mermet/gitolite.nix index 5860cd7..8a33966 100644 --- a/hosts/mermet/gitolite.nix +++ b/hosts/mermet/gitolite.nix @@ -74,6 +74,7 @@ systemd.services.git-daemon = { users.users."git-daemon" = { uid = config.ids.uids.git; description = "Git daemon user"; + group = groups."git-daemon".name; }; fileSystems."/var/lib/gitolite" = { device = "rpool/var/git"; diff --git a/hosts/mermet/prosody/biboumi.nix b/hosts/mermet/prosody/biboumi.nix index a206157..e83ab74 100644 --- a/hosts/mermet/prosody/biboumi.nix +++ b/hosts/mermet/prosody/biboumi.nix @@ -2,14 +2,16 @@ let inherit (config) networking; inherit (config.services) biboumi; - inherit (config.users) users; + inherit (config.users) users groups; in { networking.nftables.ruleset = '' add rule inet filter net2fw tcp dport ${toString biboumi.settings.identd_port} counter accept comment "identd" add rule inet filter fw2net meta skuid ${users.biboumi.name} meta l4proto tcp counter accept comment "Biboumi" ''; -users.users.biboumi.isSystemUser = true; +users.users."biboumi".isSystemUser = true; +users.users."biboumi".group = groups."biboumi".name; +users.groups."biboumi" = {}; systemd.services.biboumi.after = ["prosody.service"]; services.biboumi = { enable = true; diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index b6ff355..16159e6 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -314,6 +314,7 @@ in { users.users = mapAttrs' (name: conf: nameValuePair (redisName name) { description = "System user for the redis-server instance ${name}"; isSystemUser = true; + group = redisName name; }) enabledServers; users.groups = mapAttrs' (name: conf: nameValuePair (redisName name) { }) enabledServers; diff --git a/nixpkgs/patches.nix b/nixpkgs/patches.nix index 745ac3d..98889a7 100644 --- a/nixpkgs/patches.nix +++ b/nixpkgs/patches.nix @@ -1,30 +1,11 @@ [ /* -{ - meta.description = "nixos/sanoid: fix submodule aliases"; - url = "https://github.com/NixOS/nixpkgs/pull/130288.diff"; - sha256 = "sha256-Ivqpf++6OdRng33xCbh4xCQ090g9QunEf4Jsf5TEWiQ="; -} { meta.description = "nixos/postfix: systemd sandbox"; url = "https://github.com/NixOS/nixpkgs/pull/93305.diff"; sha256 = "sha256-KmoaPj8G4kRlwkBKo/giyST8xQfnjX3OJhh68NKNaRI="; } */ -/* -{ # merged - meta.description = "nixos/rspamd: add sandbox"; - url = "https://github.com/NixOS/nixpkgs/pull/93293.diff"; - sha256 = "sha256-UBnEpI7TtECBsLwBTmEuvlR19A+F0MEw7ZhbA9o+wA8="; -} -*/ -/* -{ # merged - meta.description = "apparmor: fix and improve the service"; - url = "https://github.com/NixOS/nixpkgs/pull/93457.diff"; - sha256 = "sha256-JzS6/42AS9f0XUuC8ybw1tR8lpFwOC59BNqYN4mmeVI="; -} -*/ { meta.description = "nixos/security.gnupg: provisioning GnuPG-protected secrets through the Nix store"; url = "https://github.com/NixOS/nixpkgs/pull/93659.diff"; @@ -35,47 +16,11 @@ url = "https://github.com/NixOS/nixpkgs/pull/96655.diff"; sha256 = "sha256-gkZO+mcPj4VoxKD4EwgYw7eEAuHtUwt2Fs2AaypIj6g="; } -/* -{ - meta.description = "nixos/tor: improve type-checking and hardening"; - url = "https://github.com/NixOS/nixpkgs/pull/97740.diff"; - sha256 = "sha256-3W1I3+Rx/rsoOAPqHLVlsOgu0b/1+D3iX8yaxIpnNBI="; -} -{ - meta.description = "nixos/tor: fix client.dns.automapHostsSuffixes renaming"; - url = "https://github.com/NixOS/nixpkgs/pull/108524.diff"; - sha256 = "sha256-M5FVsbenPRSUKTn0k57EFZ0JTE8ZvhckkHCIEgxKAwA="; -} -{ - meta.description = "nixos/tor: fix ORPort"; - url = "https://github.com/NixOS/nixpkgs/pull/109096.diff"; - sha256 = "sha256-pXVlSqUfBJLwphfa3HCzdsXA7gyJY4w/FU4mEW73Xxk="; -} -*/ -/* -{ - meta.description = "nixos/syncoid: split in multiple systemd services and harden them"; - url = "https://github.com/NixOS/nixpkgs/pull/98455.diff"; - sha256 = "sha256-6JgDfU6cIgW7Ei2eY4Wtd6tiFwFEAy9V9/+G42B6kp4="; -} -{ - meta.description = "apparmor: try again to fix and improve"; - url = "https://github.com/NixOS/nixpkgs/pull/101071.diff"; - sha256 = "sha256-UrZVDTS15VaQ16xl0jhTypyDED6yx72hYHqFc99oPj0"; -} -*/ { meta.description = "Update public-inbox to 1.6.1 and add systemd services"; url = "https://github.com/NixOS/nixpkgs/pull/104457.diff"; sha256 = "sha256-zwdvMxlUTCP9Ubz220zJnkD2D/EdE3iJ7vFMkjo1keI="; } -/* -{ - meta.description = "biboumi: 8.5 -> 9.0"; - url = "https://github.com/NixOS/nixpkgs/pull/106765.diff"; - sha256 = "sha256-ggoHzJ++hIYwlvngl9dPJCWC9CilrdhGp5MxjLxj64M="; -} -*/ { meta.description = "nixos/openvpn: add network namespace support"; url = "https://github.com/NixOS/nixpkgs/pull/109643.diff"; @@ -86,11 +31,4 @@ url = "https://github.com/NixOS/nixpkgs/pull/128014.diff"; sha256 = "sha256-1iJ46NXslDxsP/uO0cSaCzO3A5VF338M6d027G7sK3o="; } -/* -{ - meta.description = "nixos/{sanoid,syncoid}: Improve ZFS permission delegation"; - url = "https://github.com/NixOS/nixpkgs/pull/131118.diff"; - sha256 = "sha256-0YTwPGydHc1bUCGQrCrEACOLzliknzsFCC7pz8TDXNE="; -} -*/ ] -- 2.49.0 From 847f79d0abb856b882b57141e616be5ce3403c30 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 1 Oct 2021 15:11:08 +0200 Subject: [PATCH 04/16] syncoid: upstream module --- nixos/modules/services/backup/syncoid.nix | 421 ++++++++++++++++++++++ 1 file changed, 421 insertions(+) create mode 100644 nixos/modules/services/backup/syncoid.nix diff --git a/nixos/modules/services/backup/syncoid.nix b/nixos/modules/services/backup/syncoid.nix new file mode 100644 index 0000000..6e44a99 --- /dev/null +++ b/nixos/modules/services/backup/syncoid.nix @@ -0,0 +1,421 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.syncoid; + + # Extract local dasaset names (so no datasets containing "@") + localDatasetName = d: optionals (d != null) ( + let m = builtins.match "([^/@]+[^@]*)" d; in + optionals (m != null) m + ); + + # Escape as required by: https://www.freedesktop.org/software/systemd/man/systemd.unit.html + escapeUnitName = name: + lib.concatMapStrings (s: if lib.isList s then "-" else s) + (builtins.split "[^a-zA-Z0-9_.\\-]+" name); + + # Function to build "zfs allow" commands for the filesystems we've + # delegated permissions to. It also checks if the target dataset + # exists before delegating permissions, if it doesn't exist we + # delegate it to the parent dataset. This should solve the case of + # provisoning new datasets. + buildAllowCommand = permissions: dataset: ( + "-+${pkgs.writeShellScript "zfs-allow-${dataset}" '' + # Here we explicitly use the booted system to guarantee the stable API needed by ZFS + + # Run a ZFS list on the dataset to check if it exists + if ${lib.escapeShellArgs [ + "/run/booted-system/sw/bin/zfs" + "list" + dataset + ]} 2> /dev/null; then + ${lib.escapeShellArgs [ + "/run/booted-system/sw/bin/zfs" + "allow" + cfg.user + (concatStringsSep "," permissions) + dataset + ]} + else + ${lib.escapeShellArgs [ + "/run/booted-system/sw/bin/zfs" + "allow" + cfg.user + (concatStringsSep "," permissions) + # Remove the last part of the path + (builtins.dirOf dataset) + ]} + fi + ''}" + ); + + # Function to build "zfs unallow" commands for the filesystems we've + # delegated permissions to. Here we unallow both the target but also + # on the parent dataset because at this stage we have no way of + # knowing if the allow command did execute on the parent dataset or + # not in the pre-hook. We can't run the same if in the post hook + # since the dataset should have been created at this point. + buildUnallowCommand = permissions: dataset: ( + "-+${pkgs.writeShellScript "zfs-unallow-${dataset}" '' + # Here we explicitly use the booted system to guarantee the stable API needed by ZFS + ${lib.escapeShellArgs [ + "/run/booted-system/sw/bin/zfs" + "unallow" + cfg.user + (concatStringsSep "," permissions) + dataset + ]} + ${lib.escapeShellArgs [ + "/run/booted-system/sw/bin/zfs" + "unallow" + cfg.user + (concatStringsSep "," permissions) + # Remove the last part of the path + (builtins.dirOf dataset) + ]} + ''}" + ); +in +{ + + # Interface + + options.services.syncoid = { + enable = mkEnableOption "Syncoid ZFS synchronization service"; + + interval = mkOption { + type = types.str; + default = "hourly"; + example = "*-*-* *:15:00"; + description = '' + Run syncoid at this interval. The default is to run hourly. + + The format is described in + systemd.time + 7. + ''; + }; + + user = mkOption { + type = types.str; + default = "syncoid"; + example = "backup"; + description = '' + The user for the service. ZFS privilege delegation will be + automatically configured for any local pools used by syncoid if this + option is set to a user other than root. The user will be given the + "hold" and "send" privileges on any pool that has datasets being sent + and the "create", "mount", "receive", and "rollback" privileges on + any pool that has datasets being received. + ''; + }; + + group = mkOption { + type = types.str; + default = "syncoid"; + example = "backup"; + description = "The group for the service."; + }; + + sshKey = mkOption { + type = types.nullOr types.path; + # Prevent key from being copied to store + apply = mapNullable toString; + default = null; + description = '' + SSH private key file to use to login to the remote system. Can be + overridden in individual commands. + ''; + }; + + localSourceAllow = mkOption { + type = types.listOf types.str; + # Permissions snapshot and destroy are in case --no-sync-snap is not used + default = [ "bookmark" "hold" "send" "snapshot" "destroy" ]; + description = '' + Permissions granted for the user + for local source datasets. See + + for available permissions. + ''; + }; + + localTargetAllow = mkOption { + type = types.listOf types.str; + default = [ "change-key" "compression" "create" "mount" "mountpoint" "receive" "rollback" ]; + example = [ "create" "mount" "receive" "rollback" ]; + description = '' + Permissions granted for the user + for local target datasets. See + + for available permissions. + Make sure to include the change-key permission if you send raw encrypted datasets, + the compression permission if you send raw compressed datasets, and so on. + For remote target datasets you'll have to set your remote user permissions by yourself. + ''; + }; + + commonArgs = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "--no-sync-snap" ]; + description = '' + Arguments to add to every syncoid command, unless disabled for that + command. See + + for available options. + ''; + }; + + service = mkOption { + type = types.attrs; + default = { }; + description = '' + Systemd configuration common to all syncoid services. + ''; + }; + + commands = mkOption { + type = types.attrsOf (types.submodule ({ name, ... }: { + options = { + source = mkOption { + type = types.str; + example = "pool/dataset"; + description = '' + Source ZFS dataset. Can be either local or remote. Defaults to + the attribute name. + ''; + }; + + target = mkOption { + type = types.str; + example = "user@server:pool/dataset"; + description = '' + Target ZFS dataset. Can be either local + (pool/dataset) or remote + (user@server:pool/dataset). + ''; + }; + + recursive = mkEnableOption ''the transfer of child datasets''; + + sshKey = mkOption { + type = types.nullOr types.path; + # Prevent key from being copied to store + apply = mapNullable toString; + description = '' + SSH private key file to use to login to the remote system. + Defaults to option. + ''; + }; + + localSourceAllow = mkOption { + type = types.listOf types.str; + description = '' + Permissions granted for the user + for local source datasets. See + + for available permissions. + Defaults to option. + ''; + }; + + localTargetAllow = mkOption { + type = types.listOf types.str; + description = '' + Permissions granted for the user + for local target datasets. See + + for available permissions. + Make sure to include the change-key permission if you send raw encrypted datasets, + the compression permission if you send raw compressed datasets, and so on. + For remote target datasets you'll have to set your remote user permissions by yourself. + ''; + }; + + sendOptions = mkOption { + type = types.separatedString " "; + default = ""; + example = "Lc e"; + description = '' + Advanced options to pass to zfs send. Options are specified + without their leading dashes and separated by spaces. + ''; + }; + + recvOptions = mkOption { + type = types.separatedString " "; + default = ""; + example = "ux recordsize o compression=lz4"; + description = '' + Advanced options to pass to zfs recv. Options are specified + without their leading dashes and separated by spaces. + ''; + }; + + useCommonArgs = mkOption { + type = types.bool; + default = true; + description = '' + Whether to add the configured common arguments to this command. + ''; + }; + + service = mkOption { + type = types.attrs; + default = { }; + description = '' + Systemd configuration specific to this syncoid service. + ''; + }; + + extraArgs = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "--sshport 2222" ]; + description = "Extra syncoid arguments for this command."; + }; + }; + config = { + source = mkDefault name; + sshKey = mkDefault cfg.sshKey; + localSourceAllow = mkDefault cfg.localSourceAllow; + localTargetAllow = mkDefault cfg.localTargetAllow; + }; + })); + default = { }; + example = literalExample '' + { + "pool/test".target = "root@target:pool/test"; + } + ''; + description = "Syncoid commands to run."; + }; + }; + + # Implementation + + config = mkIf cfg.enable { + users = { + users = mkIf (cfg.user == "syncoid") { + syncoid = { + group = cfg.group; + isSystemUser = true; + # For syncoid to be able to create /var/lib/syncoid/.ssh/ + # and to use custom ssh_config or known_hosts. + home = "/var/lib/syncoid"; + createHome = false; + }; + }; + groups = mkIf (cfg.group == "syncoid") { + syncoid = { }; + }; + }; + + systemd.services = mapAttrs' + (name: c: + nameValuePair "syncoid-${escapeUnitName name}" (mkMerge [ + { + description = "Syncoid ZFS synchronization from ${c.source} to ${c.target}"; + after = [ "zfs.target" ]; + startAt = cfg.interval; + # syncoid may need zpool to get feature@extensible_dataset + path = [ "/run/booted-system/sw/bin/" ]; + serviceConfig = { + ExecStartPre = + (map (buildAllowCommand c.localSourceAllow) (localDatasetName c.source)) ++ + (map (buildAllowCommand c.localTargetAllow) (localDatasetName c.target)); + ExecStopPost = + (map (buildUnallowCommand c.localSourceAllow) (localDatasetName c.source)) ++ + (map (buildUnallowCommand c.localTargetAllow) (localDatasetName c.target)); + ExecStart = lib.escapeShellArgs ([ "${pkgs.sanoid}/bin/syncoid" ] + ++ optionals c.useCommonArgs cfg.commonArgs + ++ optional c.recursive "-r" + ++ optionals (c.sshKey != null) [ "--sshkey" c.sshKey ] + ++ c.extraArgs + ++ [ + "--sendoptions" + c.sendOptions + "--recvoptions" + c.recvOptions + "--no-privilege-elevation" + c.source + c.target + ]); + User = cfg.user; + Group = cfg.group; + StateDirectory = [ "syncoid" ]; + StateDirectoryMode = "700"; + # Prevent SSH control sockets of different syncoid services from interfering + PrivateTmp = true; + # Permissive access to /proc because syncoid + # calls ps(1) to detect ongoing `zfs receive`. + ProcSubset = "all"; + ProtectProc = "default"; + + # The following options are only for optimizing: + # systemd-analyze security | grep syncoid-'*' + AmbientCapabilities = ""; + CapabilityBoundingSet = ""; + DeviceAllow = [ "/dev/zfs" ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateNetwork = mkDefault false; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RootDirectory = "/run/syncoid/${escapeUnitName name}"; + RootDirectoryStartOnly = true; + BindPaths = [ "/dev/zfs" ]; + BindReadOnlyPaths = [ builtins.storeDir "/etc" "/run" "/bin/sh" ]; + # Avoid useless mounting of RootDirectory= in the own RootDirectory= of ExecStart='s mount namespace. + InaccessiblePaths = [ "-+/run/syncoid/${escapeUnitName name}" ]; + MountAPIVFS = true; + # Create RootDirectory= in the host's mount namespace. + RuntimeDirectory = [ "syncoid/${escapeUnitName name}" ]; + RuntimeDirectoryMode = "700"; + SystemCallFilter = [ + "@system-service" + # Groups in @system-service which do not contain a syscall listed by: + # perf stat -x, 2>perf.log -e 'syscalls:sys_enter_*' syncoid … + # awk >perf.syscalls -F "," '$1 > 0 {sub("syscalls:sys_enter_","",$3); print $3}' perf.log + # systemd-analyze syscall-filter | grep -v -e '#' | sed -e ':loop; /^[^ ]/N; s/\n //; t loop' | grep $(printf ' -e \\<%s\\>' $(cat perf.syscalls)) | cut -f 1 -d ' ' + "~@aio" + "~@chown" + "~@keyring" + "~@memlock" + "~@privileged" + "~@resources" + "~@setuid" + "~@timer" + ]; + SystemCallArchitectures = "native"; + # This is for BindPaths= and BindReadOnlyPaths= + # to allow traversal of directories they create in RootDirectory=. + UMask = "0066"; + }; + } + cfg.service + c.service + ])) + cfg.commands; + }; + + meta.maintainers = with maintainers; [ julm lopsided98 ]; +} -- 2.49.0 From 664ea87493cd84bde07a51c56be8bcd733c8045b Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Sat, 2 Oct 2021 02:53:00 +0200 Subject: [PATCH 05/16] syncoid: use DynamicUser= --- hosts/losurdo/syncoid.nix | 15 +-- nixos/modules.nix | 4 +- nixos/modules/services/backup/syncoid.nix | 154 ++++++++-------------- 3 files changed, 65 insertions(+), 108 deletions(-) diff --git a/hosts/losurdo/syncoid.nix b/hosts/losurdo/syncoid.nix index 1ee8606..e07a371 100644 --- a/hosts/losurdo/syncoid.nix +++ b/hosts/losurdo/syncoid.nix @@ -8,26 +8,22 @@ in { networking.nftables.ruleset = '' add rule inet filter fw2net \ - skuid "${syncoid.user}" \ - tcp dport 22 \ - ip daddr ${hosts.mermet.extraArgs.ipv4} \ + meta skuid @nixos-syncoid-uids \ + meta l4proto tcp \ counter accept \ - comment "SSH to mermet" + comment "syncoid: allow SSH" ''; -security.gnupg.secrets."ssh/backup.ssh-ed25519" = { - user = syncoid.user; -}; -users.groups.keys.members = [ syncoid.user ]; +security.gnupg.secrets."ssh/backup.ssh-ed25519" = {}; systemd.tmpfiles.rules = [ "z /dev/zfs 0660 - disk -" ]; services.syncoid = { enable = true; interval = "*-*-* *:05:00"; - group = "disk"; #interval = "*:0/1"; sshKey = gnupg.secrets."ssh/backup.ssh-ed25519".path; commonArgs = [ + #"--debug" "--no-sync-snap" "--create-bookmark" #"--no-privilege-elevation" @@ -36,6 +32,7 @@ services.syncoid = { service = { after = [ gnupg.secrets."ssh/backup.ssh-ed25519".service ]; wants = [ gnupg.secrets."ssh/backup.ssh-ed25519".service ]; + serviceConfig.Group = groups."disk".name; }; commands = { "${hostName}/home/julm/work" = { diff --git a/nixos/modules.nix b/nixos/modules.nix index 2232d61..997e296 100644 --- a/nixos/modules.nix +++ b/nixos/modules.nix @@ -10,7 +10,7 @@ imports = [ modules/services/networking/upnpc.nix #modules/services/networking/wireguard.nix #modules/services/security/tor.nix - #modules/services/backup/syncoid.nix + modules/services/backup/syncoid.nix #modules/services/backup/sanoid.nix #modules/services/torrent/transmission.nix #modules/security/gnupg.nix @@ -31,7 +31,7 @@ disabledModules = [ #"security/gnupg.nix" #"services/mail/public-inbox.nix" #"services/security/tor.nix" - #"services/backup/syncoid.nix" + "services/backup/syncoid.nix" #"services/networking/biboumi.nix" #"services/networking/croc.nix" #"services/networking/netns.nix" diff --git a/nixos/modules/services/backup/syncoid.nix b/nixos/modules/services/backup/syncoid.nix index 6e44a99..a4e3c16 100644 --- a/nixos/modules/services/backup/syncoid.nix +++ b/nixos/modules/services/backup/syncoid.nix @@ -4,6 +4,7 @@ with lib; let cfg = config.services.syncoid; + inherit (config.networking) nftables; # Extract local dasaset names (so no datasets containing "@") localDatasetName = d: optionals (d != null) ( @@ -23,26 +24,15 @@ let # provisoning new datasets. buildAllowCommand = permissions: dataset: ( "-+${pkgs.writeShellScript "zfs-allow-${dataset}" '' - # Here we explicitly use the booted system to guarantee the stable API needed by ZFS - + set -eux # Run a ZFS list on the dataset to check if it exists - if ${lib.escapeShellArgs [ - "/run/booted-system/sw/bin/zfs" - "list" - dataset - ]} 2> /dev/null; then - ${lib.escapeShellArgs [ - "/run/booted-system/sw/bin/zfs" - "allow" - cfg.user + if zfs list ${lib.escapeShellArg dataset} >/dev/null 2>/dev/null; then + zfs allow "$USER" ${lib.escapeShellArgs [ (concatStringsSep "," permissions) dataset ]} else - ${lib.escapeShellArgs [ - "/run/booted-system/sw/bin/zfs" - "allow" - cfg.user + zfs allow "$USER" ${lib.escapeShellArgs [ (concatStringsSep "," permissions) # Remove the last part of the path (builtins.dirOf dataset) @@ -52,29 +42,16 @@ let ); # Function to build "zfs unallow" commands for the filesystems we've - # delegated permissions to. Here we unallow both the target but also - # on the parent dataset because at this stage we have no way of + # delegated permissions to. Here we unallow both the target and + # the parent dataset because at this stage we have no way of # knowing if the allow command did execute on the parent dataset or - # not in the pre-hook. We can't run the same if in the post hook + # not in the pre-hook. We can't run the same if-then-else in the post hook # since the dataset should have been created at this point. - buildUnallowCommand = permissions: dataset: ( + buildUnallowCommand = dataset: ( "-+${pkgs.writeShellScript "zfs-unallow-${dataset}" '' - # Here we explicitly use the booted system to guarantee the stable API needed by ZFS - ${lib.escapeShellArgs [ - "/run/booted-system/sw/bin/zfs" - "unallow" - cfg.user - (concatStringsSep "," permissions) - dataset - ]} - ${lib.escapeShellArgs [ - "/run/booted-system/sw/bin/zfs" - "unallow" - cfg.user - (concatStringsSep "," permissions) - # Remove the last part of the path - (builtins.dirOf dataset) - ]} + set -eux + zfs unallow "$USER" ${lib.escapeShellArg dataset} + zfs unallow "$USER" ${lib.escapeShellArg (builtins.dirOf dataset)} ''}" ); in @@ -98,27 +75,6 @@ in ''; }; - user = mkOption { - type = types.str; - default = "syncoid"; - example = "backup"; - description = '' - The user for the service. ZFS privilege delegation will be - automatically configured for any local pools used by syncoid if this - option is set to a user other than root. The user will be given the - "hold" and "send" privileges on any pool that has datasets being sent - and the "create", "mount", "receive", and "rollback" privileges on - any pool that has datasets being received. - ''; - }; - - group = mkOption { - type = types.str; - default = "syncoid"; - example = "backup"; - description = "The group for the service."; - }; - sshKey = mkOption { type = types.nullOr types.path; # Prevent key from being copied to store @@ -127,6 +83,9 @@ in description = '' SSH private key file to use to login to the remote system. Can be overridden in individual commands. + For more SSH tuning, you may use syncoid's --sshoption + in commonArgs + and/or in the extraArgs of a specific command. ''; }; @@ -135,9 +94,8 @@ in # Permissions snapshot and destroy are in case --no-sync-snap is not used default = [ "bookmark" "hold" "send" "snapshot" "destroy" ]; description = '' - Permissions granted for the user - for local source datasets. See - + Permissions granted for the syncoid user for local source datasets. + See for available permissions. ''; }; @@ -147,9 +105,8 @@ in default = [ "change-key" "compression" "create" "mount" "mountpoint" "receive" "rollback" ]; example = [ "create" "mount" "receive" "rollback" ]; description = '' - Permissions granted for the user - for local target datasets. See - + Permissions granted for the syncoid user for local target datasets. + See for available permissions. Make sure to include the change-key permission if you send raw encrypted datasets, the compression permission if you send raw compressed datasets, and so on. @@ -255,13 +212,9 @@ in ''; }; - useCommonArgs = mkOption { - type = types.bool; - default = true; - description = '' - Whether to add the configured common arguments to this command. - ''; - }; + useCommonArgs = mkEnableOption '' + configured common arguments to this command + '' // { default = true; }; service = mkOption { type = types.attrs; @@ -298,22 +251,6 @@ in # Implementation config = mkIf cfg.enable { - users = { - users = mkIf (cfg.user == "syncoid") { - syncoid = { - group = cfg.group; - isSystemUser = true; - # For syncoid to be able to create /var/lib/syncoid/.ssh/ - # and to use custom ssh_config or known_hosts. - home = "/var/lib/syncoid"; - createHome = false; - }; - }; - groups = mkIf (cfg.group == "syncoid") { - syncoid = { }; - }; - }; - systemd.services = mapAttrs' (name: c: nameValuePair "syncoid-${escapeUnitName name}" (mkMerge [ @@ -321,19 +258,22 @@ in description = "Syncoid ZFS synchronization from ${c.source} to ${c.target}"; after = [ "zfs.target" ]; startAt = cfg.interval; - # syncoid may need zpool to get feature@extensible_dataset - path = [ "/run/booted-system/sw/bin/" ]; + # Here we explicitly use the booted system to guarantee the stable API needed by ZFS. + # Moreover syncoid may need zpool to get feature@extensible_dataset. + path = [ "/run/booted-system/sw" ]; serviceConfig = { ExecStartPre = (map (buildAllowCommand c.localSourceAllow) (localDatasetName c.source)) ++ - (map (buildAllowCommand c.localTargetAllow) (localDatasetName c.target)); + (map (buildAllowCommand c.localTargetAllow) (localDatasetName c.target)) ++ + optional nftables.enable "+${pkgs.nftables}/bin/nft add element inet filter nixos-syncoid-uids { $USER }"; ExecStopPost = - (map (buildUnallowCommand c.localSourceAllow) (localDatasetName c.source)) ++ - (map (buildUnallowCommand c.localTargetAllow) (localDatasetName c.target)); + (map buildUnallowCommand (localDatasetName c.source)) ++ + (map buildUnallowCommand (localDatasetName c.target)) ++ + optional nftables.enable "+${pkgs.nftables}/bin/nft delete element inet filter nixos-syncoid-uids { $USER }"; ExecStart = lib.escapeShellArgs ([ "${pkgs.sanoid}/bin/syncoid" ] ++ optionals c.useCommonArgs cfg.commonArgs - ++ optional c.recursive "-r" - ++ optionals (c.sshKey != null) [ "--sshkey" c.sshKey ] + ++ optional c.recursive "--recursive" + ++ optionals (c.sshKey != null) [ "--sshkey" "\${CREDENTIALS_DIRECTORY}/ssh-key" ] ++ c.extraArgs ++ [ "--sendoptions" @@ -344,10 +284,8 @@ in c.source c.target ]); - User = cfg.user; - Group = cfg.group; - StateDirectory = [ "syncoid" ]; - StateDirectoryMode = "700"; + DynamicUser = true; + LoadCredential = [ "ssh-key:${c.sshKey}" ]; # Prevent SSH control sockets of different syncoid services from interfering PrivateTmp = true; # Permissive access to /proc because syncoid @@ -383,7 +321,23 @@ in RootDirectory = "/run/syncoid/${escapeUnitName name}"; RootDirectoryStartOnly = true; BindPaths = [ "/dev/zfs" ]; - BindReadOnlyPaths = [ builtins.storeDir "/etc" "/run" "/bin/sh" ]; + BindReadOnlyPaths = [ builtins.storeDir "/etc" "/run" "/bin/sh" + # A custom LD_LIBRARY_PATH is needed to access in `getent passwd` + # the systemd's entry about the DynamicUser=, + # so that ssh won't fail with: "No user exists for uid $UID". + # Unfortunately, Bash is incompatible with libnss_systemd.so: + # https://www.mail-archive.com/bug-bash@gnu.org/msg24306.html + # Hence the wrapping of ssh is done here as a mounted path, + # because Nixpkgs' wrapping of syncoid enforces the use + # of the ${pkgs.openssh}/bin/ssh path. + # This problem does not arise on NixOS systems where stdenv.hostPlatform.libc == "musl", + # because then Bash is built with --without-bash-malloc + ("${pkgs.writeShellScript "ssh-with-support-for-DynamicUser" '' + export LD_LIBRARY_PATH="${config.system.nssModules.path}" + exec -a ${pkgs.openssh}/bin/ssh /bin/ssh "$@" + ''}:${pkgs.openssh}/bin/ssh") + "${pkgs.openssh}/bin/ssh:/bin/ssh" + ]; # Avoid useless mounting of RootDirectory= in the own RootDirectory= of ExecStart='s mount namespace. InaccessiblePaths = [ "-+/run/syncoid/${escapeUnitName name}" ]; MountAPIVFS = true; @@ -415,6 +369,12 @@ in c.service ])) cfg.commands; + networking.nftables.ruleset = '' + # A set containing the dynamic UIDs of the syncoid services currently active + add set inet filter nixos-syncoid-uids { type uid; } + # Example of use (assuming fw2net is being called by the output chain): + #add rule inet filter fw2net meta skuid @nixos-syncoid-uids meta l4proto tcp accept + ''; }; meta.maintainers = with maintainers; [ julm lopsided98 ]; -- 2.49.0 From ef7b365f50a21515b7754699f4eb04dfe29d26e7 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Sun, 3 Oct 2021 21:03:25 +0200 Subject: [PATCH 06/16] openvpn: update PR#109643 --- nixpkgs/patches.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixpkgs/patches.nix b/nixpkgs/patches.nix index 98889a7..6fde2df 100644 --- a/nixpkgs/patches.nix +++ b/nixpkgs/patches.nix @@ -24,7 +24,7 @@ { meta.description = "nixos/openvpn: add network namespace support"; url = "https://github.com/NixOS/nixpkgs/pull/109643.diff"; - sha256 = "sha256-llQhFuvnql7ct8IHkIZLbiTOFzKdoRRsfTHImF1p8bE="; + sha256 = "sha256-kFBR33vGbEJr+8BloBxijNniPRv3ynxgU7TlpIBwDio="; } { meta.description = "nixos/wireguard"; -- 2.49.0 From 66ce9e08d3a3bb6c9d3d56619ec7e35ba7826a1f Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Mon, 4 Oct 2021 01:22:32 +0200 Subject: [PATCH 07/16] losurdo: install valgrind --- hosts/losurdo/debug.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/losurdo/debug.nix b/hosts/losurdo/debug.nix index edefaa4..1240582 100644 --- a/hosts/losurdo/debug.nix +++ b/hosts/losurdo/debug.nix @@ -1,3 +1,4 @@ +{ pkgs, lib, config, ... }: { systemd.coredump = { enable = true; @@ -8,6 +9,9 @@ systemd.coredump = { ''; }; environment.enableDebugInfo = true; +environment.systemPackages = [ + pkgs.valgrind +]; /* environment.etc."sudo.conf".text = '' Debug sudo /var/log/sudo_debug.log all@debug -- 2.49.0 From efb142a4f1514b678cb366f3f8a662bae6ec51c4 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Mon, 4 Oct 2021 01:22:58 +0200 Subject: [PATCH 08/16] losurdo: fallback to old screen --- hosts/losurdo/system.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/losurdo/system.nix b/hosts/losurdo/system.nix index 9e12dcd..8b002fa 100644 --- a/hosts/losurdo/system.nix +++ b/hosts/losurdo/system.nix @@ -25,7 +25,7 @@ documentation.nixos = { boot.kernelParams = [ # Rotate the consoles anti-clockwise. - #"fbcon=rotate:3" + "fbcon=rotate:3" ]; environment.systemPackages = with pkgs; [ -- 2.49.0 From 0b9e33d4e4f3c549e8a8993fd88c6aec447aa5a3 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Wed, 20 Oct 2021 02:41:34 +0200 Subject: [PATCH 09/16] nixos: remove fontconfig --- hosts/carotte.nix | 19 + hosts/carotte/hardware.nix | 8 + hosts/carotte/networking.nix | 12 + hosts/carotte/security.nix | 17 + hosts/carotte/system.nix | 17 + hosts/carotte/users.nix | 61 +++ hosts/carotte/xserver.nix | 50 +++ nixos/defaults.nix | 17 +- nixos/defaults/security.nix | 4 +- nixos/profiles/hardware/cubieboard2.nix | 431 ++++++++++++++++++++ nixos/profiles/systems/crossCompilation.nix | 53 +++ nixpkgs/patches.nix | 30 ++ 12 files changed, 708 insertions(+), 11 deletions(-) create mode 100644 hosts/carotte.nix create mode 100644 hosts/carotte/hardware.nix create mode 100644 hosts/carotte/networking.nix create mode 100644 hosts/carotte/security.nix create mode 100644 hosts/carotte/system.nix create mode 100644 hosts/carotte/users.nix create mode 100644 hosts/carotte/xserver.nix create mode 100644 nixos/profiles/hardware/cubieboard2.nix create mode 100644 nixos/profiles/systems/crossCompilation.nix diff --git a/hosts/carotte.nix b/hosts/carotte.nix new file mode 100644 index 0000000..6d6bb2f --- /dev/null +++ b/hosts/carotte.nix @@ -0,0 +1,19 @@ +# NixOS configuration of carotte.sourcephile.fr +{ inputs, hostName, ... }: +{ +system = "x86_64-linux"; +extraArgs = { + CPUs = 2; +}; +modules = [ + ../nixos/defaults.nix + #carotte/fileSystems.nix + carotte/hardware.nix + carotte/networking.nix + carotte/security.nix + carotte/system.nix + carotte/users.nix + (inputs.secrets + "/hosts/${hostName}/users.nix") + carotte/xserver.nix +]; +} diff --git a/hosts/carotte/hardware.nix b/hosts/carotte/hardware.nix new file mode 100644 index 0000000..54acb06 --- /dev/null +++ b/hosts/carotte/hardware.nix @@ -0,0 +1,8 @@ +{ pkgs, lib, config, hostName, ... }: +{ +imports = [ + ../../nixos/profiles/hardware/cubieboard2.nix + ../../nixos/profiles/systems/zramSwap.nix + ../../nixos/profiles/systems/crossCompilation.nix +]; +} diff --git a/hosts/carotte/networking.nix b/hosts/carotte/networking.nix new file mode 100644 index 0000000..ac1fa0f --- /dev/null +++ b/hosts/carotte/networking.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, hostName, ... }: +{ +networking = { + hostName = hostName; + domain = "sourcephile.fr"; + firewall.enable = true; + firewall.allowedTCPPorts = [ 22 ]; + #wireless.enable = true; + useDHCP = true; + #networkmanager.enable = true; +}; +} diff --git a/hosts/carotte/security.nix b/hosts/carotte/security.nix new file mode 100644 index 0000000..1674b5e --- /dev/null +++ b/hosts/carotte/security.nix @@ -0,0 +1,17 @@ +{ inputs, pkgs, lib, config, ... }: +{ +security.lockKernelModules = false; +security.virtualisation.flushL1DataCache = lib.mkForce null; +/* +security.gnupg.agent = { + keyring."9AA84E6F6D71F9163C46BF396B141A0806219077" = {}; +}; +services.openssh.extraConfig = '' + # This is for removing remote gpg-agent's socket + StreamLocalBindUnlink yes +''; +environment.systemPackages = [ + pkgs.tshark +]; +*/ +} diff --git a/hosts/carotte/system.nix b/hosts/carotte/system.nix new file mode 100644 index 0000000..34e5bd7 --- /dev/null +++ b/hosts/carotte/system.nix @@ -0,0 +1,17 @@ +{ pkgs, lib, config, ... }: +{ +system.stateVersion = "21.05"; + +#boot.initrd.kernelModules = [ "vc4" "bcm2835_dma" "i2c_bcm2835" ]; + +nix.nixPath = lib.mkForce []; +nix.gc.automatic = true; +nix.package = lib.mkForce pkgs.nixUnstable; + +boot.enableContainers = false; +documentation.enable = false; +documentation.doc.enable = false; +documentation.info.enable = false; +documentation.nixos.enable = false; +programs.command-not-found.enable = false; +} diff --git a/hosts/carotte/users.nix b/hosts/carotte/users.nix new file mode 100644 index 0000000..9446bd6 --- /dev/null +++ b/hosts/carotte/users.nix @@ -0,0 +1,61 @@ +{ inputs, pkgs, lib, config, ... }: +let + inherit (config.security) gnupg; + inherit (config.users) users; +in +{ +imports = [ + ../../members/julm.nix +]; + +nix.trustedUsers = [ + users."julm".name +]; + +users = { + mutableUsers = false; + users = { + root = { + openssh.authorizedKeys.keys = + users."julm".openssh.authorizedKeys.keys; + hashedPassword = "!"; + }; + /* + gnupg = { + openssh.authorizedKeys.keys = + users."root".openssh.authorizedKeys.keys; + }; + */ + }; + groups = { + /* + adbusers.members = [ users."julm".name ]; + dialout.members = [ users."julm".name ]; + gpg-agent.members = [ users."julm".name ]; + tor.members = [ users."julm".name ]; + */ + wheel.members = [ users."julm".name ]; + }; +}; + +#security.gnupg.secrets."/root/.ssh/id_ed25519" = { +# gpg = "${gnupg.store}/ssh/root.ssh-ed25519.gpg"; +#}; + +/* +networking.nftables.ruleset = lib.concatMapStringsSep "\n" + (rule: "add rule inet filter fw2net meta skuid ${users.julm.name} " + rule) [ + ''tcp dport {25,465} counter accept comment "SMTP"'' + ''tcp dport 43 counter accept comment "Whois"'' + ''tcp dport 993 counter accept comment "IMAPS"'' + ''tcp dport 6697 counter accept comment "IRCS"'' + ''tcp dport 2222 counter accept comment "SSH(boot)"'' + ''tcp dport 5222 counter accept comment "XMPP"'' + ''tcp dport 11371 counter accept comment "HKP"'' + ''tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"'' + ''udp dport 33434-33523 counter accept comment "traceroute"'' + ''udp dport 60000-61000 counter accept comment "Mosh"'' + #''ip protocol tcp counter accept comment "all"'' +]; +*/ +} diff --git a/hosts/carotte/xserver.nix b/hosts/carotte/xserver.nix new file mode 100644 index 0000000..867fefe --- /dev/null +++ b/hosts/carotte/xserver.nix @@ -0,0 +1,50 @@ +{ pkgs, lib, config, hostName, ... }: +let inherit (config.users) users; in +{ +services.xserver = { + enable = true; + layout = "fr,us(altgr-intl)"; + xkbOptions = "eurosign:e, compose:menu, grp:alt_space_toggle"; + libinput.enable = true; + exportConfiguration = true; # link /usr/share/X11/ properly + desktopManager = { + session = [ + # Let the session be generated by home-manager + { name = "home-manager"; + start = '' + ${pkgs.runtimeShell} $HOME/.hm-xsession & + waitPID=$! + ''; + bgSupport = true; + } + ]; + }; + displayManager = { + defaultSession = "home-manager"; + #defaultSession = "none+xmonad"; + startx.enable = true; + #lightdm.enable = true; + #lightdm.greeter.enable = false; + #lightdm.greeters.tiny.enable = true; + autoLogin = { + enable = true; + user = users.julm.name; + }; + }; +}; +environment.systemPackages = [ + pkgs.arandr +]; +console.useXkbConfig = true; +sound.enable = true; +hardware.pulseaudio.enable = true; +/* +services.x2goserver = { + enable = true; +}; +environment.sessionVariables = { + PATH = [ "/usr/local/bin" ]; +}; +services.xserver.displayManager.xserverArgs = [ "+iglx" ]; +*/ +} diff --git a/nixos/defaults.nix b/nixos/defaults.nix index 5a8f54b..c4272f1 100644 --- a/nixos/defaults.nix +++ b/nixos/defaults.nix @@ -88,8 +88,8 @@ services = { environment.systemPackages = with pkgs; [ binutils bmon + config.boot.kernelPackages.cpupower conntrack-tools - #dnsutils dstat gnupg htop @@ -97,20 +97,16 @@ environment.systemPackages = with pkgs; [ inetutils iotop ldns - linuxPackages.cpupower lsof - mailutils + #mailutils # builds guile multitail ncdu nethogs nload nmon - #ntop pv rdfind smem - #stress - stress-ng swaplist tcpdump tmux @@ -118,6 +114,9 @@ environment.systemPackages = with pkgs; [ usbutils vim which + #dnsutils + #ntop + #stress ]; environment.variables.SYSTEMD_LESS = "FKMRX"; environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc; @@ -168,8 +167,8 @@ programs = { }; }; gnupg.agent.pinentryFlavor = "curses"; - mosh.enable = true; - mtr.enable = true; - traceroute.enable = true; + mosh.enable = lib.mkDefault true; + mtr.enable = lib.mkDefault true; + traceroute.enable = lib.mkDefault true; }; } diff --git a/nixos/defaults/security.nix b/nixos/defaults/security.nix index 83234bc..fc7ce29 100644 --- a/nixos/defaults/security.nix +++ b/nixos/defaults/security.nix @@ -1,11 +1,11 @@ { inputs, pkgs, lib, config, ... }: { -boot.kernelPackages = pkgs.linuxPackages_hardened; +boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened; #environment.memoryAllocator.provider = "libc"; nix.allowedUsers = [ "@users" ]; networking.firewall.pingLimit = "--limit 60/minute --limit-burst 5"; security.allowSimultaneousMultithreading = false; -security.apparmor.enable = true; +security.apparmor.enable = lib.mkDefault true; security.forcePageTableIsolation = true; security.lockKernelModules = lib.mkDefault true; security.protectKernelImage = true; diff --git a/nixos/profiles/hardware/cubieboard2.nix b/nixos/profiles/hardware/cubieboard2.nix new file mode 100644 index 0000000..25f469d --- /dev/null +++ b/nixos/profiles/hardware/cubieboard2.nix @@ -0,0 +1,431 @@ +{ pkgs, lib, config, modulesPath, ... }: +{ +imports = [ + "${modulesPath}/installer/sd-card/sd-image-armv7l-multiplatform.nix" +]; +#nixpkgs.config.allowUnfree = true; +nixpkgs.crossSystem = lib.systems.examples.armv7l-hf-multiplatform; +nixpkgs.overlays = [ + (final: super: { + # https://linux-sunxi.org/Mali_Open_Source_Driver#Configuration_and_Build + mesa = super.mesa.override { + driDrivers = []; + eglPlatforms = ["x11"]; + enableGalliumNine = false; + galliumDrivers = ["lima" "panfrost" "kmsro" "swrast"]; + vulkanDrivers = []; + }; + }) +]; +boot.cleanTmpDir = true; +boot.tmpOnTmpfs = lib.mkForce false; +# TODO: is that needed? +hardware.enableRedistributableFirmware = true; +sdImage = { + postBuildCommands = '' + dd if=${pkgs.ubootCubieboard2}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc + ''; + compressImage = true; + expandOnBoot = true; + firmwareSize = 1; + populateFirmwareCommands = lib.mkForce ""; +}; +boot.initrd.availableKernelModules = lib.mkForce [ + "mmc_block" + "usbhid" + "hid_generic" + "hid_microsoft" +]; +# nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile +boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2; +nixpkgs.overlays = [ + (final: super: { + linuxPackages_latest_Cubieboard2 = super.linuxPackages_latest.extend (kself: ksuper: { + kernel = ksuper.kernel.override { + defconfig = "sunxi_defconfig"; + structuredExtraConfig = with lib.kernel; { + # + # File systems + # + PSTORE = yes; + VFAT_FS = yes; + EXT4_FS = yes; + EXT4_USE_FOR_EXT2 = yes; + + # + # Networking options + # + TCP_CONG_BBR = module; + IPV6 = yes; + IPV6_ROUTER_PREF = yes; + IPV6_ROUTE_INFO = yes; + IPV6_OPTIMISTIC_DAD = yes; + INET6_AH = module; + INET6_ESP = module; + INET6_ESP_OFFLOAD = module; + INET6_ESPINTCP = yes; + INET6_IPCOMP = module; + IPV6_MIP6 = module; + IPV6_ILA = module; + INET6_XFRM_TUNNEL = module; + INET6_TUNNEL = module; + IPV6_VTI = module; + IPV6_SIT = module; + IPV6_SIT_6RD = yes; + IPV6_NDISC_NODETYPE = yes; + IPV6_TUNNEL = module; + IPV6_MULTIPLE_TABLES = yes; + IPV6_SUBTREES = yes; + IPV6_MROUTE = yes; + IPV6_MROUTE_MULTIPLE_TABLES = yes; + IPV6_PIMSM_V2 = yes; + IPV6_SEG6_LWTUNNEL = yes; + IPV6_SEG6_HMAC = yes; + IPV6_RPL_LWTUNNEL = yes; + # CONFIG_MPTCP is not set + # CONFIG_NETWORK_SECMARK is not set + NET_PTP_CLASSIFY = yes; + # CONFIG_NETWORK_PHY_TIMESTAMPING is not set + NETFILTER = yes; + NETFILTER_ADVANCED = yes; + + # + # Core Netfilter Configuration + # + NETFILTER_INGRESS = yes; + NETFILTER_NETLINK = module; + NETFILTER_FAMILY_ARP = yes; + NETFILTER_NETLINK_HOOK = module; + NETFILTER_NETLINK_ACCT = module; + NETFILTER_NETLINK_QUEUE = module; + NETFILTER_NETLINK_LOG = module; + NETFILTER_NETLINK_OSF = module; + NF_CONNTRACK = module; + NF_LOG_SYSLOG = module; + NETFILTER_CONNCOUNT = module; + NF_CONNTRACK_MARK = yes; + NF_CONNTRACK_ZONES = yes; + NF_CONNTRACK_PROCFS = yes; + NF_CONNTRACK_EVENTS = yes; + NF_CONNTRACK_TIMEOUT = yes; + NF_CONNTRACK_TIMESTAMP = yes; + NF_CONNTRACK_LABELS = yes; + NF_CT_PROTO_DCCP = yes; + NF_CT_PROTO_SCTP = yes; + NF_CT_PROTO_UDPLITE = yes; + # CONFIG_NF_CONNTRACK_AMANDA is not set + # CONFIG_NF_CONNTRACK_FTP is not set + # CONFIG_NF_CONNTRACK_H323 is not set + # CONFIG_NF_CONNTRACK_IRC is not set + # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set + # CONFIG_NF_CONNTRACK_SNMP is not set + # CONFIG_NF_CONNTRACK_PPTP is not set + # CONFIG_NF_CONNTRACK_SANE is not set + # CONFIG_NF_CONNTRACK_SIP is not set + # CONFIG_NF_CONNTRACK_TFTP is not set + NF_CT_NETLINK = module; + NF_CT_NETLINK_TIMEOUT = module; + NF_CT_NETLINK_HELPER = module; + NETFILTER_NETLINK_GLUE_CT = yes; + NF_NAT = module; + NF_NAT_REDIRECT = yes; + NF_NAT_MASQUERADE = yes; + NETFILTER_SYNPROXY = module; + NF_TABLES = module; + NF_TABLES_INET = yes; + NF_TABLES_NETDEV = yes; + NFT_NUMGEN = module; + NFT_CT = module; + NFT_COUNTER = module; + NFT_CONNLIMIT = module; + NFT_LOG = module; + NFT_LIMIT = module; + NFT_MASQ = module; + NFT_REDIR = module; + NFT_NAT = module; + NFT_TUNNEL = module; + NFT_OBJREF = module; + NFT_QUEUE = module; + NFT_QUOTA = module; + NFT_REJECT = module; + NFT_REJECT_INET = module; + NFT_COMPAT = module; + NFT_HASH = module; + NFT_FIB = module; + NFT_FIB_INET = module; + NFT_XFRM = module; + NFT_SOCKET = module; + NFT_OSF = module; + NFT_TPROXY = module; + NFT_SYNPROXY = module; + NF_DUP_NETDEV = module; + NFT_DUP_NETDEV = module; + NFT_FWD_NETDEV = module; + NFT_FIB_NETDEV = module; + NFT_REJECT_NETDEV = module; + # CONFIG_NF_FLOW_TABLE is not set + NETFILTER_XTABLES = module; + + # + # Xtables combined modules + # + NETFILTER_XT_MARK = module; + NETFILTER_XT_CONNMARK = module; + NETFILTER_XT_SET = module; + + # + # Xtables targets + # + NETFILTER_XT_TARGET_CHECKSUM = module; + NETFILTER_XT_TARGET_CLASSIFY = module; + NETFILTER_XT_TARGET_CONNMARK = module; + NETFILTER_XT_TARGET_CT = module; + NETFILTER_XT_TARGET_DSCP = module; + NETFILTER_XT_TARGET_HL = module; + NETFILTER_XT_TARGET_HMARK = module; + NETFILTER_XT_TARGET_IDLETIMER = module; + NETFILTER_XT_TARGET_LED = module; + NETFILTER_XT_TARGET_LOG = module; + NETFILTER_XT_TARGET_MARK = module; + NETFILTER_XT_NAT = module; + NETFILTER_XT_TARGET_NETMAP = module; + NETFILTER_XT_TARGET_NFLOG = module; + NETFILTER_XT_TARGET_NFQUEUE = module; + NETFILTER_XT_TARGET_NOTRACK = module; + NETFILTER_XT_TARGET_RATEEST = module; + NETFILTER_XT_TARGET_REDIRECT = module; + NETFILTER_XT_TARGET_MASQUERADE = module; + NETFILTER_XT_TARGET_TEE = module; + NETFILTER_XT_TARGET_TPROXY = module; + NETFILTER_XT_TARGET_TRACE = module; + NETFILTER_XT_TARGET_TCPMSS = module; + NETFILTER_XT_TARGET_TCPOPTSTRIP = module; + + # + # Xtables matches + # + NETFILTER_XT_MATCH_ADDRTYPE = module; + NETFILTER_XT_MATCH_BPF = module; + NETFILTER_XT_MATCH_CGROUP = module; + NETFILTER_XT_MATCH_CLUSTER = module; + NETFILTER_XT_MATCH_COMMENT = module; + NETFILTER_XT_MATCH_CONNBYTES = module; + NETFILTER_XT_MATCH_CONNLABEL = module; + NETFILTER_XT_MATCH_CONNLIMIT = module; + NETFILTER_XT_MATCH_CONNMARK = module; + NETFILTER_XT_MATCH_CONNTRACK = module; + NETFILTER_XT_MATCH_CPU = module; + NETFILTER_XT_MATCH_DCCP = module; + NETFILTER_XT_MATCH_DEVGROUP = module; + NETFILTER_XT_MATCH_DSCP = module; + NETFILTER_XT_MATCH_ECN = module; + NETFILTER_XT_MATCH_ESP = module; + NETFILTER_XT_MATCH_HASHLIMIT = module; + NETFILTER_XT_MATCH_HELPER = module; + NETFILTER_XT_MATCH_HL = module; + NETFILTER_XT_MATCH_IPCOMP = module; + NETFILTER_XT_MATCH_IPRANGE = module; + NETFILTER_XT_MATCH_L2TP = module; + NETFILTER_XT_MATCH_LENGTH = module; + NETFILTER_XT_MATCH_LIMIT = module; + NETFILTER_XT_MATCH_MAC = module; + NETFILTER_XT_MATCH_MARK = module; + NETFILTER_XT_MATCH_MULTIPORT = module; + NETFILTER_XT_MATCH_NFACCT = module; + NETFILTER_XT_MATCH_OSF = module; + NETFILTER_XT_MATCH_OWNER = module; + # CONFIG_NETFILTER_XT_MATCH_POLICY is not set + NETFILTER_XT_MATCH_PKTTYPE = module; + NETFILTER_XT_MATCH_QUOTA = module; + NETFILTER_XT_MATCH_RATEEST = module; + NETFILTER_XT_MATCH_REALM = module; + NETFILTER_XT_MATCH_RECENT = module; + NETFILTER_XT_MATCH_SCTP = module; + NETFILTER_XT_MATCH_SOCKET = module; + NETFILTER_XT_MATCH_STATE = module; + NETFILTER_XT_MATCH_STATISTIC = module; + NETFILTER_XT_MATCH_STRING = module; + NETFILTER_XT_MATCH_TCPMSS = module; + NETFILTER_XT_MATCH_TIME = module; + NETFILTER_XT_MATCH_U32 = module; + # end of Core Netfilter Configuration + + IP_SET = module; + IP_SET_MAX.freeform = "256"; + IP_SET_BITMAP_IP = module; + IP_SET_BITMAP_IPMAC = module; + IP_SET_BITMAP_PORT = module; + IP_SET_HASH_IP = module; + IP_SET_HASH_IPMARK = module; + IP_SET_HASH_IPPORT = module; + IP_SET_HASH_IPPORTIP = module; + IP_SET_HASH_IPPORTNET = module; + IP_SET_HASH_IPMAC = module; + IP_SET_HASH_MAC = module; + IP_SET_HASH_NETPORTNET = module; + IP_SET_HASH_NET = module; + IP_SET_HASH_NETNET = module; + IP_SET_HASH_NETPORT = module; + IP_SET_HASH_NETIFACE = module; + IP_SET_LIST_SET = module; + # CONFIG_IP_VS is not set + + # + # IP: Netfilter Configuration + # + NF_DEFRAG_IPV4 = module; + NF_SOCKET_IPV4 = module; + NF_TPROXY_IPV4 = module; + NF_TABLES_IPV4 = yes; + NFT_REJECT_IPV4 = module; + NFT_DUP_IPV4 = module; + NFT_FIB_IPV4 = module; + # CONFIG_NF_TABLES_ARP is not set + NF_DUP_IPV4 = module; + # CONFIG_NF_LOG_ARP is not set + # CONFIG_NF_LOG_IPV4 is not set + NF_REJECT_IPV4 = module; + IP_NF_IPTABLES = module; + IP_NF_MATCH_AH = module; + IP_NF_MATCH_ECN = module; + IP_NF_MATCH_RPFILTER = module; + IP_NF_MATCH_TTL = module; + IP_NF_FILTER = module; + IP_NF_TARGET_REJECT = module; + IP_NF_TARGET_SYNPROXY = module; + IP_NF_NAT = module; + IP_NF_TARGET_MASQUERADE = module; + IP_NF_TARGET_NETMAP = module; + IP_NF_TARGET_REDIRECT = module; + IP_NF_MANGLE = module; + IP_NF_TARGET_CLUSTERIP = module; + IP_NF_TARGET_ECN = module; + IP_NF_TARGET_TTL = module; + # CONFIG_IP_NF_RAW is not set + # CONFIG_IP_NF_ARPTABLES is not set + # end of IP: Netfilter Configuration + + # + # IPv6: Netfilter Configuration + # + NF_SOCKET_IPV6 = module; + NF_TPROXY_IPV6 = module; + NF_TABLES_IPV6 = yes; + NFT_REJECT_IPV6 = module; + NFT_DUP_IPV6 = module; + NFT_FIB_IPV6 = module; + NF_DUP_IPV6 = module; + NF_REJECT_IPV6 = module; + NF_LOG_IPV6 = module; + IP6_NF_IPTABLES = module; + IP6_NF_MATCH_AH = module; + IP6_NF_MATCH_EUI64 = module; + IP6_NF_MATCH_FRAG = module; + IP6_NF_MATCH_OPTS = module; + IP6_NF_MATCH_HL = module; + IP6_NF_MATCH_IPV6HEADER = module; + IP6_NF_MATCH_MH = module; + IP6_NF_MATCH_RPFILTER = module; + IP6_NF_MATCH_RT = module; + IP6_NF_MATCH_SRH = module; + IP6_NF_TARGET_HL = module; + IP6_NF_FILTER = module; + IP6_NF_TARGET_REJECT = module; + IP6_NF_TARGET_SYNPROXY = module; + IP6_NF_MANGLE = module; + IP6_NF_RAW = module; + IP6_NF_NAT = module; + IP6_NF_TARGET_MASQUERADE = module; + IP6_NF_TARGET_NPT = module; + # end of IPv6: Netfilter Configuration + + NF_DEFRAG_IPV6 = module; + + # + # Disabling + # + ADFS_FS = no; + AFFS_FS = no; + BEFS_FS = no; + BFS_FS = no; + BTRFS = no; + BTRFS_FS = no; + CEPH_FS = no; + CIFS = no; + CRAMFS = no; + ECRYPT_FS = no; + EFS_FS = no; + EROFS_FS = no; + EXT2_FS = no; + EXT3_FS = no; + F2FS_FS = lib.mkForce no; + GFS2_FS = no; + HFSPLUS_FS = no; + HFS_FS = no; + HPFS_FS = no; + JFS_FS = no; + MINIX_FS = no; + NET_9P = no; + NFSD = no; + NFS_FS = no; + NILFS2_FS = no; + OMFS_FS = no; + ORANGEFS_FS = no; + QNX4FS_FS = no; + QNX6FS_FS = no; + REISERFS_FS = no; + ROMFS_FS = no; + SQUASHFS = no; + SYSV_FS = no; + UFS_FS = no; + VXFS_FS = no; + XFS_FS = no; + + MISC_FILESYSTEMS = no; + + DECNET = no; + SCTP = no; + RDS = no; + DCCP = no; + TIPC = no; + CAIF = no; + CEPH = no; + VMW_SOCK = no; + HSR = no; + QRTR = no; + MPI = no; + RAID6 = no; + STAGING = lib.mkForce no; + + "6LOWPAN" = no; + ARCNET = no; + B53 = no; + BATMAN_ADV = no; + BT = no; + CAN = no; + COMEDI = no; + DRM_STM = lib.mkForce no; + INFINIBAND = no; + INPUT_TOUCHSCREEN = no; + MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no; + MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no; + MEDIA_TUNER = no; + MPLS = no; + MPTCP = lib.mkForce no; + NFC = no; + NF_TABLES_BRIDGE = lib.mkForce no; + NVME = no; + OPENVSWITCH = no; + PARAVIRT = lib.mkForce no; + POWER_SUPPLY = no; + USB_GSPCA = lib.mkForce no; + VIDEO_STK1160_COMMON = lib.mkForce no; + XEN = lib.mkForce no; + #NVME_CORE = no; + }; + #ignoreConfigErrors = true; + }; + }); + }) +]; +} diff --git a/nixos/profiles/systems/crossCompilation.nix b/nixos/profiles/systems/crossCompilation.nix new file mode 100644 index 0000000..4ea06f8 --- /dev/null +++ b/nixos/profiles/systems/crossCompilation.nix @@ -0,0 +1,53 @@ +{ pkgs, lib, config, ... }: +{ +nixpkgs.overlays = [ + (final: super: { + # TODO: remove after liburing-2.1 + liburing = super.liburing.overrideAttrs (old: { + src = super.fetchgit { + url = "http://git.kernel.dk/${old.pname}"; + rev = "cb350a8989adbd65db574325d9a86d5437d800da"; + sha256 = "sha256-ZMev2RjiswuR9seVwHbnVUtnpaPW/XJbelBgvIuYiGg="; + }; + }); + gnupg = super.gnupg.override { + # Wants polkit which wants spidermonkey (slow to compile) + pcsclite = null; + }; + systemd = super.systemd.override { + # Wants tpm2-tss which does not cross-compile + withTpm2Tss = false; + # Does not cross-compile :( + withEfi = false; + }; + # https://logs.nix.samueldr.com/nixos/2019-07-23#2416964; + xorg = super.xorg.overrideScope' (ofinal: osuper: { + fontadobe100dpi = final.hello; + fontadobe75dpi = final.hello; + fontcursormisc = final.hello; + fontmiscmisc = final.hello; + }); + # Perl's ModuleBuild does not cross-compile + # https://github.com/NixOS/nixpkgs/issues/66741#issuecomment-944831760 + xdg-utils = final.hello; + procmail = final.hello; + noto-fonts-emoji = final.hello; + x11_ssh_askpass = final.hello; + dconf = super.dconf.overrideAttrs (old: { + doCheck = false; + }); + # Need gobject-instrospection which does not cross-compile + arandr = final.hello; + # Depends on judy which does not cross-compile + stress-ng = final.hello; + }) +]; +#environment.noXlibs = true; +fonts.fontconfig.enable = false; +# lesspipe does not cross-compile +programs.less.enable = lib.mkForce false; +programs.mosh.enable = false; +programs.traceroute.enable = false; +security.apparmor.enable = false; +services.udisks2.enable = false; +} diff --git a/nixpkgs/patches.nix b/nixpkgs/patches.nix index 6fde2df..9d4613d 100644 --- a/nixpkgs/patches.nix +++ b/nixpkgs/patches.nix @@ -31,4 +31,34 @@ url = "https://github.com/NixOS/nixpkgs/pull/128014.diff"; sha256 = "sha256-1iJ46NXslDxsP/uO0cSaCzO3A5VF338M6d027G7sK3o="; } +{ + meta.description = "xorg.xinit: fix cross-compiling"; + url = "https://github.com/NixOS/nixpkgs/pull/141903.diff"; + sha256 = "sha256-1Bv7UwoYkWSNQ6MlSnm9ZmUV4wZQwEL6zM3JDoAauoo="; +} +{ + meta.description = "nmon: fix cross-compiling"; + url = "https://github.com/NixOS/nixpkgs/pull/142242.diff"; + sha256 = "sha256-5Rsuhzup2a4v7OrQRGOeyO2LMQfBCWS7ei5ZD57p0Wk="; +} +{ + meta.description = "nethogs: fix cross-compiling"; + url = "https://github.com/NixOS/nixpkgs/pull/142268.diff"; + sha256 = "sha256-jJ+wpGoFhvoGI7eyVz+7jZbnjqC6WYeL2M/0RSdG1s4="; +} +{ + meta.description = "nixos/console: fix cross-compiling"; + url = "https://github.com/NixOS/nixpkgs/pull/142272.diff"; + sha256 = "sha256-Hwld3JxZ+D1Pz1xcwfBy0zR8WoQluUKsbG0kdiDNDK4="; +} +{ + meta.description = "nixos/display-managers: fix cross-compiling"; + url = "https://github.com/NixOS/nixpkgs/pull/142273.diff"; + sha256 = "sha256-M8PyGa7cweRkUFauVf4t5Jf2IHynesV5MnDXXzjCvKY="; +} +{ + meta.description = "uboot: add Cubieboard2 target"; + url = "https://github.com/NixOS/nixpkgs/pull/142274.diff"; + sha256 = "sha256-vB9aComj3ldlkPTX84xKdUrhY64l7ZRnJJAIxdqNrRs="; +} ] -- 2.49.0 From d52ff137f1274777b5f765d872f7b123dd84afb5 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 22 Oct 2021 04:15:47 +0200 Subject: [PATCH 10/16] networking: move wg-intra config to julm-nix --- flake.lock | 20 ++++---- flake.nix | 5 +- hosts/carotte/networking.nix | 11 +++++ .../carotte/networking/wireguard/intranet.nix | 26 +++++++++++ hosts/carotte/security.nix | 4 +- hosts/losurdo/fail2ban.nix | 3 -- .../losurdo/networking/wireguard/intranet.nix | 9 ++-- hosts/losurdo/transmission.nix | 4 +- hosts/mermet/networking/wireguard.nix | 6 +-- networking/wireguard/wg-intra.nix | 24 ---------- networking/wireguard/wg-intra/hosts.nix | 46 ------------------- 11 files changed, 62 insertions(+), 96 deletions(-) create mode 100644 hosts/carotte/networking/wireguard/intranet.nix delete mode 100644 networking/wireguard/wg-intra.nix delete mode 100644 networking/wireguard/wg-intra/hosts.nix diff --git a/flake.lock b/flake.lock index 781f12a..e2d6a83 100644 --- a/flake.lock +++ b/flake.lock @@ -147,6 +147,7 @@ "home-manager": { "inputs": { "nixpkgs": [ + "julm-nix", "nixpkgs" ] }, @@ -178,11 +179,11 @@ ] }, "locked": { - "lastModified": 1631105556, - "narHash": "sha256-fxmlGjrE3/kNpW26nTRvPrR4aYsHgjhZUX67SkggGgA=", + "lastModified": 1634868304, + "narHash": "sha256-3EGKKQb+o2k/5SAaQaBpA7b/IoaUSGZOtIQe+Lgj8G8=", "ref": "main", - "rev": "e3c76241c52395f78899c911269807c4715392c3", - "revCount": 217, + "rev": "4ac801d7ebb047489a4620053ae007b9a6cf4772", + "revCount": 226, "type": "git", "url": "https://git.hut.sourcephile.fr/~julm/julm-nix" }, @@ -197,6 +198,7 @@ "doom-emacs": "doom-emacs", "doom-snippets": "doom-snippets", "emacs-overlay": [ + "julm-nix", "emacs-overlay" ], "emacs-so-long": "emacs-so-long", @@ -205,10 +207,12 @@ "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", "flake-utils": [ + "julm-nix", "flake-utils" ], "nix-straight": "nix-straight", "nixpkgs": [ + "julm-nix", "nixpkgs" ], "nose": "nose", @@ -252,17 +256,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1633089619, - "narHash": "sha256-XFjDdiOvnkaaOhUCnjtvz6Kig9WjwYVjoNDlXDNgI1Y=", + "lastModified": 1634858817, + "narHash": "sha256-Us0ib717a7Qt3DE2RA8K0wNjofFoWMTM3UtYWaxh9XM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62ca4a425ab112e5d8a75682ee76c069cdb42d4b", + "rev": "2b24fa4db8e5f4e3b3873d020b9cd2d3111005af", "type": "github" }, "original": { "owner": "NixOS", "repo": "nixpkgs", - "rev": "62ca4a425ab112e5d8a75682ee76c069cdb42d4b", + "rev": "2b24fa4db8e5f4e3b3873d020b9cd2d3111005af", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 033c568..5019f0d 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { # Pin down nixpkgs from github, instead of using global, system or user registries. -inputs.nixpkgs.url = "github:NixOS/nixpkgs/62ca4a425ab112e5d8a75682ee76c069cdb42d4b"; +inputs.nixpkgs.url = "github:NixOS/nixpkgs/2b24fa4db8e5f4e3b3873d020b9cd2d3111005af"; #inputs.nixpkgs.url = "flake:nixpkgs"; inputs.flake-utils.url = "github:numtide/flake-utils"; inputs.home-manager.follows = "julm-nix/home-manager"; @@ -32,12 +32,13 @@ outputs = inputs: let }; lib = originPkgs.lib; hosts = builtins.mapAttrs (hostName: hostConfig: - let cfg = import hostConfig { inherit inputs; }; in + let cfg = import hostConfig { inherit inputs hostName; }; in import (nixpkgs + "/nixos/lib/eval-config.nix") (cfg // { extraArgs = { inherit hostName inputs; hosts = inputs.self.nixosConfigurations; host = inputs.self.nixosConfigurations.${hostName}.extraArgs; + private = "/root/private"; # Kept out of /nix/store } // (cfg.extraArgs or {}); modules = cfg.modules ++ [ inputs.home-manager.nixosModules.home-manager diff --git a/hosts/carotte/networking.nix b/hosts/carotte/networking.nix index ac1fa0f..18ac997 100644 --- a/hosts/carotte/networking.nix +++ b/hosts/carotte/networking.nix @@ -1,5 +1,8 @@ { pkgs, lib, config, hostName, ... }: { +imports = [ + networking/wireguard/intranet.nix +]; networking = { hostName = hostName; domain = "sourcephile.fr"; @@ -9,4 +12,12 @@ networking = { useDHCP = true; #networkmanager.enable = true; }; +services.openssh = { + forwardX11 = true; +}; +programs.ssh = { + extraConfig = '' + Compression = yes + ''; +}; } diff --git a/hosts/carotte/networking/wireguard/intranet.nix b/hosts/carotte/networking/wireguard/intranet.nix new file mode 100644 index 0000000..eaca0af --- /dev/null +++ b/hosts/carotte/networking/wireguard/intranet.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, config, hostName, inputs, ... }: +let + inherit (config.security) gnupg; + iface = "wg-intra"; +in +{ +imports = [ + (inputs.julm-nix + "/networking/wireguard/wg-intra.nix") +]; +networking.wireguard.interfaces.${iface} = { + privateKeyFile = gnupg.secrets."wireguard/${iface}/privateKey".path; +}; +security.gnupg.secrets."wireguard/${iface}/privateKey" = { +/* + systemdConfig.serviceConfig = { + before = [ "wireguard-${iface}.service" ]; + wantedBy = [ "wireguard-${iface}.service" ]; + requiredBy = [ "wireguard-${iface}.service" ]; + }; +*/ +}; +systemd.services."wireguard-${iface}" = { + after = [ gnupg.secrets."wireguard/${iface}/privateKey".service ]; + requires = [ gnupg.secrets."wireguard/${iface}/privateKey".service ]; +}; +} diff --git a/hosts/carotte/security.nix b/hosts/carotte/security.nix index 1674b5e..bbd39fd 100644 --- a/hosts/carotte/security.nix +++ b/hosts/carotte/security.nix @@ -2,14 +2,14 @@ { security.lockKernelModules = false; security.virtualisation.flushL1DataCache = lib.mkForce null; -/* security.gnupg.agent = { - keyring."9AA84E6F6D71F9163C46BF396B141A0806219077" = {}; + keyring."00B1DD47EA6B7BEF92FFEA66922C6249D6336C94" = {}; }; services.openssh.extraConfig = '' # This is for removing remote gpg-agent's socket StreamLocalBindUnlink yes ''; +/* environment.systemPackages = [ pkgs.tshark ]; diff --git a/hosts/losurdo/fail2ban.nix b/hosts/losurdo/fail2ban.nix index c150e83..32d7e71 100644 --- a/hosts/losurdo/fail2ban.nix +++ b/hosts/losurdo/fail2ban.nix @@ -1,7 +1,4 @@ { pkgs, lib, config, hosts, ... }: -let - wg-intra = import ../../networking/wireguard/wg-intra.nix; -in { services.openssh.logLevel = "VERBOSE"; services.postgresql.logLinePrefix = "%h "; diff --git a/hosts/losurdo/networking/wireguard/intranet.nix b/hosts/losurdo/networking/wireguard/intranet.nix index f7cccae..3a1f58a 100644 --- a/hosts/losurdo/networking/wireguard/intranet.nix +++ b/hosts/losurdo/networking/wireguard/intranet.nix @@ -1,18 +1,16 @@ -{ pkgs, lib, config, hosts, ... }: +{ pkgs, lib, config, hosts, inputs, ... }: let - inherit (builtins) hasAttr removeAttrs; inherit (config.security) gnupg; inherit (config.boot) initrd; iface = "wg-intra"; wg = config.networking.wireguard.interfaces.${iface}; - wg-intra-hosts = import ../../../../networking/wireguard/wg-intra/hosts.nix; + wg-intra-hosts = import (inputs.julm-nix + "/networking/wireguard/wg-intra/hosts.nix"); relay = wg-intra-hosts.mermet; in { imports = [ - ../../../../networking/wireguard/wg-intra.nix + (inputs.julm-nix + "/networking/wireguard/wg-intra.nix") ]; -config = { networking.wireguard.interfaces.${iface} = { privateKeyFile = gnupg.secrets."wireguard/${iface}/privateKey".path; }; @@ -92,5 +90,4 @@ boot.initrd.network.postCommands = '' boot.initrd.postMountCommands = lib.mkIf initrd.network.flushBeforeStage2 '' ip link del dev ${iface} ''; -}; } diff --git a/hosts/losurdo/transmission.nix b/hosts/losurdo/transmission.nix index 56f1831..5c38a39 100644 --- a/hosts/losurdo/transmission.nix +++ b/hosts/losurdo/transmission.nix @@ -1,10 +1,10 @@ -{ pkgs, lib, config, hostName, ... }: +{ pkgs, lib, config, hostName, inputs, ... }: let inherit (config.services) transmission; inherit (config.users) users; inherit (config.security) gnupg; netns = "riseup"; - wg-intra-hosts = import ../../networking/wireguard/wg-intra/hosts.nix; + wg-intra-hosts = import (inputs.julm-nix + "/networking/wireguard/wg-intra/hosts.nix"); in { users.groups.transmission.members = [ diff --git a/hosts/mermet/networking/wireguard.nix b/hosts/mermet/networking/wireguard.nix index b917ffb..9f4b584 100644 --- a/hosts/mermet/networking/wireguard.nix +++ b/hosts/mermet/networking/wireguard.nix @@ -1,13 +1,13 @@ -{ pkgs, lib, config, hostName, wireguard, ... }: +{ pkgs, lib, config, hostName, inputs, ... }: let inherit (config.security.gnupg) secrets; iface = "wg-intra"; wg = config.networking.wireguard.interfaces.${iface}; - wg-intra-hosts = import ../../../networking/wireguard/wg-intra/hosts.nix; + wg-intra-hosts = import (inputs.julm-nix + "/networking/wireguard/wg-intra/hosts.nix"); in { imports = [ - ../../../networking/wireguard/wg-intra.nix + (inputs.julm-nix + "/networking/wireguard/wg-intra.nix") ]; config = { networking.wireguard.interfaces.${iface} = { diff --git a/networking/wireguard/wg-intra.nix b/networking/wireguard/wg-intra.nix deleted file mode 100644 index 3c0b214..0000000 --- a/networking/wireguard/wg-intra.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, lib, config, hostName, ... }: -let hosts = import wg-intra/hosts.nix; in -{ -networking.wireguard.interfaces.wg-intra = lib.recursiveUpdate - (removeAttrs hosts.${hostName} ["ipv4" "persistentKeepalive" "peer"]) - { - peers = - lib.mapAttrsToList (peerName: peer: lib.recursiveUpdate - { persistentKeepalive = hosts.${hostName}.persistentKeepalive or null; } - peer.peer - ) (removeAttrs hosts [hostName]); - }; -networking.hosts = lib.mkMerge [ - (lib.mapAttrs' (hostName: host: - lib.nameValuePair host.ipv4 [ "${hostName}.wg" ]) hosts) - { "${hosts.losurdo.ipv4}" = [ - "nix-extracache.losurdo.wg" - "nix-localcache.losurdo.wg" - ]; } -]; -services.fail2ban.ignoreIP = lib.concatMap - (host: host.peer.allowedIPs) - (lib.attrValues hosts); -} diff --git a/networking/wireguard/wg-intra/hosts.nix b/networking/wireguard/wg-intra/hosts.nix deleted file mode 100644 index d0cf3bf..0000000 --- a/networking/wireguard/wg-intra/hosts.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - mermet = rec { - ipv4 = "192.168.42.1"; - ips = ["${ipv4}/24"]; - listenPort = 43642; - peersAnnouncing.enable = true; - peer = { - publicKey = "XbTEP2X71LBTjmdmySdiOpQJ+uIomcXvg1aiQGUtWBI="; - allowedIPs = [ "${ipv4}/32" ]; - endpoint = "80.67.180.129:${toString listenPort}"; - endpointsUpdater.enable = true; - }; - }; - losurdo = rec { - ipv4 = "192.168.42.2"; - ips = ["${ipv4}/24"]; - listenPort = 43643; - persistentKeepalive = 5; - peer = { - publicKey = "xsFFep3k8z0pXgUOz4aryOF8l/KPBSOd4WQA26BkXy0="; - allowedIPs = [ "${ipv4}/32" ]; - }; - }; - oignon = rec { - ipv4 = "192.168.42.3"; - ips = ["${ipv4}/24"]; - #persistentKeepalive = 10; - peer = { - publicKey = "tE4fzqDrr7BgfOo9tWgGnpu3v0JRDEUZbJnm9e2F/GA="; - allowedIPs = [ "${ipv4}/32" ]; - #persistentKeepalive = 25; - #dynamicEndpointRefreshSeconds = 60; - }; - }; - patate = rec { - ipv4 = "192.168.42.4"; - ips = ["${ipv4}/24"]; - #persistentKeepalive = 10; - peer = { - publicKey = "gaEz7nvJTk4h3DGOpeZXSWmYDDrc5xQkuJ28sGrksx4="; - allowedIPs = [ "${ipv4}/32" ]; - #persistentKeepalive = 25; - #dynamicEndpointRefreshSeconds = 60; - }; - }; -} -- 2.49.0 From d86c17ccb7d13c555cc553dc754d0617f4de6148 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 22 Oct 2021 04:18:26 +0200 Subject: [PATCH 11/16] carotte: prepare switch install --- flake.nix | 36 +++++++++++++++----- nixos/profiles/hardware/cubieboard2.nix | 44 ++++++++++++------------- 2 files changed, 49 insertions(+), 31 deletions(-) diff --git a/flake.nix b/flake.nix index 5019f0d..b66069d 100644 --- a/flake.nix +++ b/flake.nix @@ -74,6 +74,10 @@ outputs = inputs: let else throw "Refusing to build from a dirty Git tree!"; */ programs.ssh.knownHosts = { + carotte = { + hostNames = [ "carotte" "carotte.sourcephile.fr" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnnS0w9zm5KuWwlfJu+qEXC0asESQySPp76szyMTE3J"; + }; mermet = { hostNames = [ "mermet" "mermet.sourcephile.fr" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvKN2sIpH782MFjaOpcty1Hs/T/TPNJpXI08H3O3oxl"; @@ -91,6 +95,7 @@ outputs = inputs: let # Example: nix -L build .#nixosConfigurations.losurdo.config.system.build.toplevel # Example: nix eval .#nixosConfigurations.losurdo.config.networking.hostName nixosConfigurations = hosts { + carotte = hosts/carotte.nix; losurdo = hosts/losurdo.nix; mermet = hosts/mermet.nix; }; @@ -109,8 +114,8 @@ outputs = inputs: let legacyPackages = pkgs; devShell = import ./shell.nix { inherit inputs pkgs; }; apps = builtins.mapAttrs (hostName: { config, ... }: let - system = config.system.build.toplevel; - target = "root@${config.networking.hostName}.${config.networking.domain}"; + build = config.system.build; + target = "\"\${TARGET:-root@${config.networking.hostName}.${config.networking.domain}}\""; profile = "/nix/var/nix/profiles/system"; in rec { # Example: nix run .#losurdo.switch @@ -119,20 +124,35 @@ outputs = inputs: let program = (pkgs.writeShellScript "switch" '' set -eux set -o pipefail - nix-store --add-root hosts/${hostName}.root --indirect --realise ${system} - nix copy --to ssh://'${target}' --substitute-on-destination ${system} + nix-store --add-root hosts/${hostName}.root --indirect --realise ${build.toplevel} + nix copy --to ssh://${target} --substitute-on-destination ${build.toplevel} ${sendkeys.program} # Send the SSH key of the initrd + test ! -e '${config.security.gnupg.store}/initrd/ssh.key.gpg' || gpg --decrypt '${config.security.gnupg.store}/initrd/ssh.key.gpg' | - ssh '${target}' install -D -m 400 -o root -g root /dev/stdin /root/initrd/ssh.key + ssh ${target} install -D -m 400 -o root -g root /dev/stdin /root/initrd/ssh.key # Send the Wireguard key of the initrd + test ! -e '${config.security.gnupg.store}/wireguard/wg-intra/privateKey.gpg' || gpg --decrypt '${config.security.gnupg.store}/wireguard/wg-intra/privateKey.gpg' | - ssh '${target}' install -D -m 400 -o root -g root /dev/stdin /root/initrd/wg-intra.key - ssh '${target}' \ - nix-env --profile '${profile}' --set '${system}' '&&' \ + ssh ${target} install -D -m 400 -o root -g root /dev/stdin /root/initrd/wg-intra.key + ssh ${target} \ + nix-env --profile '${profile}' --set '${build.toplevel}' '&&' \ '${profile}'/bin/switch-to-configuration switch '').outPath; }; + # Example: nix run .#carotte.install-sd + "install-sd" = { + type = "app"; + program = (pkgs.writeShellScript "install-sd" '' + export PATH="$PATH:${with pkgs; lib.makeBinPath [coreutils zstd]}" + set -eux + set -o pipefail + nix-store --add-root hosts/${hostName}.root --indirect --realise ${build.sdImage} + unzstd --stdout ${build.sdImage}/sd-image/*.img.zst | + sudo -k dd conv=notrunc oflag=direct,sync status=progress of="''${1:-/dev/mmcblk0}" + + '').outPath; + }; # Example: nix run .#losurdo.sendkeys "sendkeys" = { type = "app"; diff --git a/nixos/profiles/hardware/cubieboard2.nix b/nixos/profiles/hardware/cubieboard2.nix index 25f469d..00ba17b 100644 --- a/nixos/profiles/hardware/cubieboard2.nix +++ b/nixos/profiles/hardware/cubieboard2.nix @@ -16,29 +16,6 @@ nixpkgs.overlays = [ vulkanDrivers = []; }; }) -]; -boot.cleanTmpDir = true; -boot.tmpOnTmpfs = lib.mkForce false; -# TODO: is that needed? -hardware.enableRedistributableFirmware = true; -sdImage = { - postBuildCommands = '' - dd if=${pkgs.ubootCubieboard2}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc - ''; - compressImage = true; - expandOnBoot = true; - firmwareSize = 1; - populateFirmwareCommands = lib.mkForce ""; -}; -boot.initrd.availableKernelModules = lib.mkForce [ - "mmc_block" - "usbhid" - "hid_generic" - "hid_microsoft" -]; -# nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile -boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2; -nixpkgs.overlays = [ (final: super: { linuxPackages_latest_Cubieboard2 = super.linuxPackages_latest.extend (kself: ksuper: { kernel = ksuper.kernel.override { @@ -428,4 +405,25 @@ nixpkgs.overlays = [ }); }) ]; +boot.cleanTmpDir = true; +boot.tmpOnTmpfs = lib.mkForce false; +# TODO: is that needed? +hardware.enableRedistributableFirmware = true; +sdImage = { + postBuildCommands = '' + dd if=${pkgs.ubootCubieboard2}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc + ''; + compressImage = true; + expandOnBoot = true; + firmwareSize = 1; + populateFirmwareCommands = lib.mkForce ""; +}; +boot.initrd.availableKernelModules = lib.mkForce [ + "mmc_block" + "usbhid" + "hid_generic" + "hid_microsoft" +]; +# nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile +boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2; } -- 2.49.0 From f63c4d25613f74abdd9599f6fd4246907bc4ccff Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 22 Oct 2021 04:18:41 +0200 Subject: [PATCH 12/16] sourcehut: update patch --- nixpkgs/patches/sourcehut.diff | 98 ++++++++++++++++++---------------- 1 file changed, 53 insertions(+), 45 deletions(-) diff --git a/nixpkgs/patches/sourcehut.diff b/nixpkgs/patches/sourcehut.diff index e408863..3511278 100644 --- a/nixpkgs/patches/sourcehut.diff +++ b/nixpkgs/patches/sourcehut.diff @@ -1,5 +1,5 @@ diff --git a/nixos/lib/make-options-doc/options-to-docbook.xsl b/nixos/lib/make-options-doc/options-to-docbook.xsl -index 18d19fddaca..304698a51ad 100644 +index da4cd164bf2..30190788f33 100644 --- a/nixos/lib/make-options-doc/options-to-docbook.xsl +++ b/nixos/lib/make-options-doc/options-to-docbook.xsl @@ -20,7 +20,7 @@ @@ -12,7 +12,7 @@ index 18d19fddaca..304698a51ad 100644 diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix -index 1b9358c81a1..16159e62d9d 100644 +index 578d9d9ec8d..e7ca0d4e34c 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -5,17 +5,18 @@ with lib; @@ -85,7 +85,7 @@ index 1b9358c81a1..16159e62d9d 100644 package = mkOption { type = types.package; default = pkgs.redis; -@@ -51,177 +61,227 @@ in { +@@ -51,176 +61,226 @@ in { description = "Which Redis derivation to use."; }; @@ -175,7 +175,6 @@ index 1b9358c81a1..16159e62d9d 100644 - type = with types; listOf (listOf int); - default = [ [900 1] [300 10] [60 10000] ]; - description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes."; -- example = [ [900 1] [300 10] [60 10000] ]; - }; - - slaveOf = mkOption { @@ -280,7 +279,6 @@ index 1b9358c81a1..16159e62d9d 100644 + type = with types; listOf (listOf int); + default = [ [900 1] [300 10] [60 10000] ]; + description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes."; -+ example = [ [900 1] [300 10] [60 10000] ]; + }; + + slaveOf = mkOption { @@ -365,7 +363,7 @@ index 1b9358c81a1..16159e62d9d 100644 + + for details on supported values. + ''; -+ example = literalExample '' ++ example = literalExpression '' + { + loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ]; + } @@ -466,7 +464,7 @@ index 1b9358c81a1..16159e62d9d 100644 - - for details on supported values. - ''; -- example = literalExample '' +- example = literalExpression '' - { - loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ]; - } @@ -474,7 +472,7 @@ index 1b9358c81a1..16159e62d9d 100644 }; }; -@@ -230,78 +290,61 @@ in { +@@ -229,78 +289,61 @@ in { ###### implementation @@ -591,7 +589,7 @@ index 1b9358c81a1..16159e62d9d 100644 StateDirectoryMode = "0700"; # Access write directories UMask = "0077"; -@@ -310,7 +353,7 @@ in { +@@ -309,7 +352,7 @@ in { # Security NoNewPrivileges = true; # Process Properties @@ -600,7 +598,7 @@ index 1b9358c81a1..16159e62d9d 100644 # Sandboxing ProtectSystem = "strict"; ProtectHome = true; -@@ -323,7 +366,9 @@ in { +@@ -322,7 +365,9 @@ in { ProtectKernelModules = true; ProtectKernelTunables = true; ProtectControlGroups = true; @@ -611,7 +609,7 @@ index 1b9358c81a1..16159e62d9d 100644 RestrictNamespaces = true; LockPersonality = true; MemoryDenyWriteExecute = true; -@@ -334,6 +379,7 @@ in { +@@ -333,6 +378,7 @@ in { SystemCallArchitectures = "native"; SystemCallFilter = "~@cpu-emulation @debug @keyring @memlock @mount @obsolete @privileged @resources @setuid"; }; @@ -622,7 +620,7 @@ index 1b9358c81a1..16159e62d9d 100644 } diff --git a/nixos/modules/services/misc/sourcehut/builds.nix b/nixos/modules/services/misc/sourcehut/builds.nix deleted file mode 100644 -index e446f08284f..00000000000 +index f806e8c51b9..00000000000 --- a/nixos/modules/services/misc/sourcehut/builds.nix +++ /dev/null @@ -1,234 +0,0 @@ @@ -682,7 +680,7 @@ index e446f08284f..00000000000 - images = mkOption { - type = types.attrsOf (types.attrsOf (types.attrsOf types.package)); - default = { }; -- example = lib.literalExample ''(let +- example = lib.literalExpression ''(let - # Pinning unstable to allow usage with flakes and limit rebuilds. - pkgs_unstable = builtins.fetchGit { - url = "https://github.com/NixOS/nixpkgs"; @@ -861,7 +859,7 @@ index e446f08284f..00000000000 - }; -} diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix -index 9c812d6b043..6cea2ce6490 100644 +index 9c812d6b043..e6565e292f7 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -1,14 +1,90 @@ @@ -1611,7 +1609,7 @@ index 9c812d6b043..6cea2ce6490 100644 + images = mkOption { + type = with types; attrsOf (attrsOf (attrsOf package)); + default = { }; -+ example = lib.literalExample ''(let ++ example = lib.literalExpression ''(let + # Pinning unstable to allow usage with flakes and limit rebuilds. + pkgs_unstable = builtins.fetchGit { + url = "https://github.com/NixOS/nixpkgs"; @@ -1643,7 +1641,7 @@ index 9c812d6b043..6cea2ce6490 100644 + package = mkOption { + type = types.package; + default = pkgs.git; -+ example = literalExample "pkgs.gitFull"; ++ example = literalExpression "pkgs.gitFull"; + description = '' + Git package for git.sr.ht. This can help silence collisions. + ''; @@ -2474,10 +2472,10 @@ index a9db17bebe8..00000000000 -} diff --git a/nixos/modules/services/misc/sourcehut/git.nix b/nixos/modules/services/misc/sourcehut/git.nix deleted file mode 100644 -index 99b9aec0612..00000000000 +index 2653d77876d..00000000000 --- a/nixos/modules/services/misc/sourcehut/git.nix +++ /dev/null -@@ -1,214 +0,0 @@ +@@ -1,215 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; @@ -2529,7 +2527,8 @@ index 99b9aec0612..00000000000 - package = mkOption { - type = types.package; - default = pkgs.git; -- example = literalExample "pkgs.gitFull"; +- defaultText = literalExpression "pkgs.git"; +- example = literalExpression "pkgs.gitFull"; - description = '' - Git package for git.sr.ht. This can help silence collisions. - ''; @@ -4322,10 +4321,10 @@ index aec773b0669..00000000000 - }; -} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix -index dab99dd8d04..2b6ba687fe8 100644 +index a6eb2c03258..eb0238c0ca1 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix -@@ -408,6 +408,7 @@ in +@@ -412,6 +412,7 @@ in solanum = handleTest ./solanum.nix {}; solr = handleTest ./solr.nix {}; sonarr = handleTest ./sonarr.nix {}; @@ -4363,10 +4362,10 @@ index b56a14ebf85..6492250bd57 100644 }; diff --git a/pkgs/applications/version-management/sourcehut/builds.nix b/pkgs/applications/version-management/sourcehut/builds.nix -index c8163caf8ea..7ea2fef54bb 100644 +index c8163caf8ea..4192d7f54b6 100644 --- a/pkgs/applications/version-management/sourcehut/builds.nix +++ b/pkgs/applications/version-management/sourcehut/builds.nix -@@ -11,26 +11,55 @@ +@@ -11,26 +11,54 @@ , python }: let @@ -4392,7 +4391,7 @@ index c8163caf8ea..7ea2fef54bb 100644 + sha256 = "sha256-c2xp2uIP8+WeRMz0efA1H58Nkot65bc03e7rrrZk3jo="; }; -+ worker = buildGoModule rec { ++ worker = buildGoModule { + inherit src version; + sourceRoot = "source/worker"; + pname = "buildsrht-worker"; @@ -4406,7 +4405,6 @@ index c8163caf8ea..7ea2fef54bb 100644 + # while it hasn't been merged upstream. + + overrideModAttrs = old: { -+ inherit patches patchFlags; + preBuild = '' + go get github.com/go-redis/redis/v8 + go get github.com/go-redis/redis@none @@ -4422,7 +4420,7 @@ index c8163caf8ea..7ea2fef54bb 100644 + # Update go-redis to support Unix sockets + patches/redis-socket/build/v3-0001-worker-update-go-redis-to-support-Unix-sockets.patch + ]; -+ patchFlags = "-p2"; ++ patchFlags = ["-p2"]; + postConfigure = '' + cp -v vendor/go.{mod,sum} . + ''; @@ -4435,7 +4433,7 @@ index c8163caf8ea..7ea2fef54bb 100644 nativeBuildInputs = srht.nativeBuildInputs; propagatedBuildInputs = [ -@@ -53,13 +82,17 @@ buildPythonPackage rec { +@@ -53,13 +81,17 @@ buildPythonPackage rec { cp -r images $out/lib cp contrib/submit_image_build $out/bin/builds.sr.ht @@ -4560,10 +4558,10 @@ index 637c6f9c1df..9456d0c998c 100644 }; } diff --git a/pkgs/applications/version-management/sourcehut/git.nix b/pkgs/applications/version-management/sourcehut/git.nix -index e44fb9cd6c6..2aed7b4a5fe 100644 +index e44fb9cd6c6..ce1a6f461a7 100644 --- a/pkgs/applications/version-management/sourcehut/git.nix +++ b/pkgs/applications/version-management/sourcehut/git.nix -@@ -6,42 +6,111 @@ +@@ -6,42 +6,109 @@ , srht , pygit2 , scmsrht @@ -4592,18 +4590,19 @@ index e44fb9cd6c6..2aed7b4a5fe 100644 - buildDispatcher = src: buildGoModule { + gitsrht-dispatch = buildGoModule { inherit src version; +- pname = "gitsrht-dispatcher"; + sourceRoot = "source/gitsrht-dispatch"; - pname = "gitsrht-dispatcher"; ++ pname = "gitsrht-dispatch"; vendorSha256 = "sha256-qWXPHo86s6iuRBhRMtmD5jxnAWKdrWHtA/iSUkdw89M="; + patches = [ + # Add support for supplementary groups + patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch + ]; -+ patchFlags = "-p2"; ++ patchFlags = ["-p2"]; }; - buildKeys = src: buildGoModule { -+ gitsrht-keys = buildGoModule rec { ++ gitsrht-keys = buildGoModule { inherit src version; + sourceRoot = "source/gitsrht-keys"; pname = "gitsrht-keys"; @@ -4617,7 +4616,6 @@ index e44fb9cd6c6..2aed7b4a5fe 100644 + # while it hasn't been merged upstream. + + overrideModAttrs = old: { -+ inherit patches patchFlags; + preBuild = '' + # This is a fixed-output derivation so it is not allowed to reference other derivations, + # but here srht-keys will be copied to vendor/ by go mod vendor @@ -4637,14 +4635,14 @@ index e44fb9cd6c6..2aed7b4a5fe 100644 + # Update go-redis to support Unix sockets + patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch + ]; -+ patchFlags = "-p2"; ++ patchFlags = ["-p2"]; + postConfigure = '' + cp -v vendor/go.{mod,sum} . + ''; }; - buildUpdateHook = src: buildGoModule { -+ gitsrht-update-hook = buildGoModule rec { ++ gitsrht-update-hook = buildGoModule { inherit src version; + sourceRoot = "source/gitsrht-update-hook"; pname = "gitsrht-update-hook"; @@ -4657,7 +4655,6 @@ index e44fb9cd6c6..2aed7b4a5fe 100644 + # and thus also using a patched srht-keys. + + overrideModAttrs = old: { -+ inherit patches patchFlags; + preBuild = '' + # This is a fixed-output derivation so it is not allowed to reference other derivations, + # but here srht-keys will be copied to vendor/ by go mod vendor @@ -4677,7 +4674,7 @@ index e44fb9cd6c6..2aed7b4a5fe 100644 + # Update go-redis to support Unix sockets + patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch + ]; -+ patchFlags = "-p2"; ++ patchFlags = ["-p2"]; + postConfigure = '' + cp -v vendor/go.{mod,sum} . + ''; @@ -4685,7 +4682,7 @@ index e44fb9cd6c6..2aed7b4a5fe 100644 in buildPythonPackage rec { -@@ -63,19 +132,21 @@ buildPythonPackage rec { +@@ -63,19 +130,21 @@ buildPythonPackage rec { postInstall = '' mkdir -p $out/bin @@ -5943,10 +5940,10 @@ index 00000000000..c5407a26491 +2.32.0 + diff --git a/pkgs/applications/version-management/sourcehut/scm.nix b/pkgs/applications/version-management/sourcehut/scm.nix -index 1f385265360..257f8deaf90 100644 +index 1f385265360..0d7a0cdc782 100644 --- a/pkgs/applications/version-management/sourcehut/scm.nix +++ b/pkgs/applications/version-management/sourcehut/scm.nix -@@ -1,22 +1,58 @@ +@@ -1,22 +1,57 @@ { lib , fetchFromSourcehut +, buildGoModule @@ -5973,7 +5970,7 @@ index 1f385265360..257f8deaf90 100644 + }; + + passthru = { -+ srht-keys = buildGoModule rec { ++ srht-keys = buildGoModule { + inherit src version; + sourceRoot = "source/srht-keys"; + pname = "srht-keys"; @@ -5985,7 +5982,6 @@ index 1f385265360..257f8deaf90 100644 + # while it hasn't been merged upstream. + + overrideModAttrs = old: { -+ inherit patches patchFlags; + preBuild = '' + go get github.com/go-redis/redis/v8 + go get github.com/go-redis/redis@none @@ -6001,7 +5997,7 @@ index 1f385265360..257f8deaf90 100644 + # Update go-redis to support Unix sockets + patches/redis-socket/scm/v3-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch + ]; -+ patchFlags = "-p2"; ++ patchFlags = ["-p2"]; + postInstall = '' + cp --reflink=auto *.go vendor/go.* $out + ''; @@ -6009,7 +6005,7 @@ index 1f385265360..257f8deaf90 100644 }; nativeBuildInputs = srht.nativeBuildInputs; -@@ -25,7 +61,6 @@ buildPythonPackage rec { +@@ -25,7 +60,6 @@ buildPythonPackage rec { srht redis pyyaml @@ -6017,7 +6013,7 @@ index 1f385265360..257f8deaf90 100644 ]; preBuild = '' -@@ -33,11 +68,12 @@ buildPythonPackage rec { +@@ -33,11 +67,12 @@ buildPythonPackage rec { ''; dontUseSetuptoolsCheck = true; @@ -6152,3 +6148,15 @@ index 156d4cc35e4..6733046d000 100755 +for service in "${services[@]}"; do + update_version "$service" +done +diff --git a/pkgs/development/go-modules/generic/default.nix b/pkgs/development/go-modules/generic/default.nix +index 3b645f9ce8b..f00ca1984ec 100644 +--- a/pkgs/development/go-modules/generic/default.nix ++++ b/pkgs/development/go-modules/generic/default.nix +@@ -71,6 +71,7 @@ let + inherit (go) GOOS GOARCH; + + patches = args.patches or []; ++ patchFlags = args.patchFlags or []; + preBuild = args.preBuild or ""; + sourceRoot = args.sourceRoot or ""; + -- 2.49.0 From 26806a3962d6b97effc3148ea3ea956273e244ed Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 22 Oct 2021 04:19:29 +0200 Subject: [PATCH 13/16] nixpkgs: remove merged patches --- hosts/carotte/security.nix | 4 +++- hosts/losurdo/security.nix | 4 +++- hosts/mermet/security.nix | 4 +++- nixpkgs/patches.nix | 29 ++--------------------------- shell/gnupg.nix | 2 +- 5 files changed, 12 insertions(+), 31 deletions(-) diff --git a/hosts/carotte/security.nix b/hosts/carotte/security.nix index bbd39fd..8fd4749 100644 --- a/hosts/carotte/security.nix +++ b/hosts/carotte/security.nix @@ -3,7 +3,9 @@ security.lockKernelModules = false; security.virtualisation.flushL1DataCache = lib.mkForce null; security.gnupg.agent = { - keyring."00B1DD47EA6B7BEF92FFEA66922C6249D6336C94" = {}; + keyring."00B1DD47EA6B7BEF92FFEA66922C6249D6336C94" = { + passwordGpg = "gnupg/root.gpg"; + }; }; services.openssh.extraConfig = '' # This is for removing remote gpg-agent's socket diff --git a/hosts/losurdo/security.nix b/hosts/losurdo/security.nix index 1befae9..ec10f9c 100644 --- a/hosts/losurdo/security.nix +++ b/hosts/losurdo/security.nix @@ -2,7 +2,9 @@ { security.lockKernelModules = false; security.gnupg.agent = { - keyring."9AA84E6F6D71F9163C46BF396B141A0806219077" = {}; + keyring."9AA84E6F6D71F9163C46BF396B141A0806219077" = { + passwordGpg = "gnupg/root.gpg"; + }; }; services.openssh.extraConfig = '' # This is for removing remote gpg-agent's socket diff --git a/hosts/mermet/security.nix b/hosts/mermet/security.nix index 37fcdcc..959204f 100644 --- a/hosts/mermet/security.nix +++ b/hosts/mermet/security.nix @@ -1,7 +1,9 @@ { inputs, pkgs, lib, config, ... }: { security.gnupg.agent = { - keyring."89F52A879E0019A966503AFFDE72EEA84CDFA3A7" = {}; + keyring."89F52A879E0019A966503AFFDE72EEA84CDFA3A7" = { + passwordGpg = "gnupg/root.gpg"; + }; }; services.openssh.extraConfig = '' # This is for removing remote gpg-agent's socket diff --git a/nixpkgs/patches.nix b/nixpkgs/patches.nix index 9d4613d..3a707ea 100644 --- a/nixpkgs/patches.nix +++ b/nixpkgs/patches.nix @@ -9,12 +9,7 @@ { meta.description = "nixos/security.gnupg: provisioning GnuPG-protected secrets through the Nix store"; url = "https://github.com/NixOS/nixpkgs/pull/93659.diff"; - sha256 = "sha256-rMAaoFSC97ANp6upZl7WLCDHGXSwU0yTiKBphfZcpkA="; -} -{ - meta.description = "transmission: use freeformType on settings"; - url = "https://github.com/NixOS/nixpkgs/pull/96655.diff"; - sha256 = "sha256-gkZO+mcPj4VoxKD4EwgYw7eEAuHtUwt2Fs2AaypIj6g="; + sha256 = "sha256-4Yt6c+3hJyLr71aiAw/gfp2rZNAk9vU2CVG0WJN8gbA="; } { meta.description = "Update public-inbox to 1.6.1 and add systemd services"; @@ -31,21 +26,6 @@ url = "https://github.com/NixOS/nixpkgs/pull/128014.diff"; sha256 = "sha256-1iJ46NXslDxsP/uO0cSaCzO3A5VF338M6d027G7sK3o="; } -{ - meta.description = "xorg.xinit: fix cross-compiling"; - url = "https://github.com/NixOS/nixpkgs/pull/141903.diff"; - sha256 = "sha256-1Bv7UwoYkWSNQ6MlSnm9ZmUV4wZQwEL6zM3JDoAauoo="; -} -{ - meta.description = "nmon: fix cross-compiling"; - url = "https://github.com/NixOS/nixpkgs/pull/142242.diff"; - sha256 = "sha256-5Rsuhzup2a4v7OrQRGOeyO2LMQfBCWS7ei5ZD57p0Wk="; -} -{ - meta.description = "nethogs: fix cross-compiling"; - url = "https://github.com/NixOS/nixpkgs/pull/142268.diff"; - sha256 = "sha256-jJ+wpGoFhvoGI7eyVz+7jZbnjqC6WYeL2M/0RSdG1s4="; -} { meta.description = "nixos/console: fix cross-compiling"; url = "https://github.com/NixOS/nixpkgs/pull/142272.diff"; @@ -54,11 +34,6 @@ { meta.description = "nixos/display-managers: fix cross-compiling"; url = "https://github.com/NixOS/nixpkgs/pull/142273.diff"; - sha256 = "sha256-M8PyGa7cweRkUFauVf4t5Jf2IHynesV5MnDXXzjCvKY="; -} -{ - meta.description = "uboot: add Cubieboard2 target"; - url = "https://github.com/NixOS/nixpkgs/pull/142274.diff"; - sha256 = "sha256-vB9aComj3ldlkPTX84xKdUrhY64l7ZRnJJAIxdqNrRs="; + sha256 = "sha256-ZCDQ7SpGhH8JvAwWzdcyrc68RFEWHxxAj0M2+AvEzIg="; } ] diff --git a/shell/gnupg.nix b/shell/gnupg.nix index d4f774c..7f1b15b 100644 --- a/shell/gnupg.nix +++ b/shell/gnupg.nix @@ -34,7 +34,7 @@ gnupg.keys = { algo = "rsa4096"; expire = "0"; usage = ["cert" "sign"]; - passPath = "hosts/${host}/root/key.pass"; + passPath = "hosts/${host}/gnupg/root"; subKeys = [ { algo = "rsa4096"; expire = "0"; usage = ["encrypt"]; } ]; -- 2.49.0 From 432cdd6033cdacbe57796fe987c81a56a4a85031 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 22 Oct 2021 19:38:23 +0200 Subject: [PATCH 14/16] zfs: enable periodic manual TRIM and disable hibernate --- nixos/profiles/systems/zfs.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/nixos/profiles/systems/zfs.nix b/nixos/profiles/systems/zfs.nix index 6b4dd10..634c1ad 100644 --- a/nixos/profiles/systems/zfs.nix +++ b/nixos/profiles/systems/zfs.nix @@ -10,6 +10,11 @@ services.udev.extraRules = '' boot.supportedFilesystems = [ "zfs" ]; +# Using ZFS together with hibernation (suspend to disk) +# may cause filesystem corruption. +# See https://github.com/openzfs/zfs/issues/260 +boot.kernelParams = [ "nohibernate" ]; + # Ensure extra safeguards are active that zfs uses to protect zfs pools. boot.zfs.forceImportAll = false; boot.zfs.forceImportRoot = false; @@ -21,6 +26,11 @@ boot.zfs.requestEncryptionCredentials = lib.mkDefault true; # Enables periodic scrubbing of ZFS pools. services.zfs.autoScrub.enable = true; +# According to zpool(8), for consumer hardware +# periodic manual TRIM is preferred over the automatic TRIM +# that ZFS implements. +services.zfs.trim.enable = true; + # Add tools useful with zfs send/receive environment.systemPackages = [ pkgs.lzop -- 2.49.0 From 2ada105f66c9036120eac0ca40d93c6dc99528ee Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 22 Oct 2021 22:47:24 +0200 Subject: [PATCH 15/16] nix: avoid sending nixpkgs on non-builder target --- flake.nix | 10 +++++----- hosts/losurdo.nix | 1 + .../losurdo/networking/wireguard/intranet.nix | 2 +- nixos/defaults.nix | 19 +++---------------- nixos/profiles/systems/builder.nix | 19 +++++++++++++++++++ 5 files changed, 29 insertions(+), 22 deletions(-) create mode 100644 nixos/profiles/systems/builder.nix diff --git a/flake.nix b/flake.nix index b66069d..d0532c1 100644 --- a/flake.nix +++ b/flake.nix @@ -34,11 +34,13 @@ outputs = inputs: let hosts = builtins.mapAttrs (hostName: hostConfig: let cfg = import hostConfig { inherit inputs hostName; }; in import (nixpkgs + "/nixos/lib/eval-config.nix") (cfg // { - extraArgs = { + specialArgs = { inherit hostName inputs; + private = "/root/private"; # Kept out of /nix/store + }; + extraArgs = { hosts = inputs.self.nixosConfigurations; host = inputs.self.nixosConfigurations.${hostName}.extraArgs; - private = "/root/private"; # Kept out of /nix/store } // (cfg.extraArgs or {}); modules = cfg.modules ++ [ inputs.home-manager.nixosModules.home-manager @@ -51,10 +53,8 @@ outputs = inputs: let inherit hostName; }; } - ({pkgs, ...}: { - nix.registry.nixpkgs.flake = nixpkgs; + ({ pkgs, ... }: { nix.package = pkgs.nixUnstable; - nix.extraOptions = "experimental-features = nix-command flakes"; nixpkgs.overlays = import nixpkgs/overlays.nix ++ import (inputs.julm-nix + "/nixpkgs/overlays.nix"); diff --git a/hosts/losurdo.nix b/hosts/losurdo.nix index 67d009e..6ac30c3 100644 --- a/hosts/losurdo.nix +++ b/hosts/losurdo.nix @@ -10,6 +10,7 @@ extraArgs = { }; modules = [ ../nixos/defaults.nix + ../nixos/profiles/systems/builder.nix losurdo/acme.nix losurdo/apc.nix losurdo/debug.nix diff --git a/hosts/losurdo/networking/wireguard/intranet.nix b/hosts/losurdo/networking/wireguard/intranet.nix index 3a1f58a..2976140 100644 --- a/hosts/losurdo/networking/wireguard/intranet.nix +++ b/hosts/losurdo/networking/wireguard/intranet.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, hosts, inputs, ... }: +{ pkgs, lib, config, inputs, ... }: let inherit (config.security) gnupg; inherit (config.boot) initrd; diff --git a/nixos/defaults.nix b/nixos/defaults.nix index c4272f1..f185ff0 100644 --- a/nixos/defaults.nix +++ b/nixos/defaults.nix @@ -1,4 +1,4 @@ -{ inputs, pkgs, lib, config, ... }: +{ pkgs, lib, config, ... }: let inherit (lib) types; inherit (config.networking) hostName domain; in @@ -18,20 +18,7 @@ nix = { dates = lib.mkDefault "weekly"; options = lib.mkDefault "--delete-older-than 30d"; }; - nixPath = [ - "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix" - ]; }; -# WARNING: this is a hack to avoid copying Nixpkgs -# a second time into the Nix store. -# It makes only sense when Nixpkgs is already in the Nix store, -# and is registered. -environment.etc."nixpkgs".source = pkgs.path; -environment.etc."nixpkgs-overlays".source = - pkgs.writeTextDir "overlays.nix" '' - import ${inputs.self + "/nixpkgs/overlays.nix"} ++ - import ${inputs.julm-nix + "/nixpkgs/overlays.nix"} - ''; documentation.nixos = { enable = false; # NOTE: useless on a server, and CPU intensive. @@ -56,8 +43,8 @@ systemd.enableEmergencyMode = false; # sets this up as soon as the initrd. boot.kernelParams = [ "panic=10" ]; -boot.cleanTmpDir = true; -boot.tmpOnTmpfs = true; +boot.cleanTmpDir = lib.mkDefault true; +boot.tmpOnTmpfs = lib.mkDefault true; networking = { # Fix hostname --fqdn diff --git a/nixos/profiles/systems/builder.nix b/nixos/profiles/systems/builder.nix new file mode 100644 index 0000000..1bf493e --- /dev/null +++ b/nixos/profiles/systems/builder.nix @@ -0,0 +1,19 @@ +{ inputs, pkgs, lib, config, ... }: +{ +nix.nixPath = [ + "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix" +]; +nix.extraOptions = "experimental-features = nix-command flakes"; +# Note that this will make the target system download Nixpkgs. +nix.registry.nixpkgs.flake = pkgs.path; +# WARNING: this is a hack to avoid copying Nixpkgs +# a second time into the Nix store. +# It makes only sense when Nixpkgs is already in the Nix store, +# and is registered. +environment.etc."nixpkgs".source = pkgs.path; +environment.etc."nixpkgs-overlays".source = + pkgs.writeTextDir "overlays.nix" '' + import ${inputs.self + "/nixpkgs/overlays.nix"} ++ + import ${inputs.julm-nix + "/nixpkgs/overlays.nix"} + ''; +} -- 2.49.0 From dc3a21fd8eeccbc6e641a79f464ad95ecf50b717 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 22 Oct 2021 22:48:23 +0200 Subject: [PATCH 16/16] carotte: avoid compiling zfs-kernel, and enable gpg-agent --- hosts/carotte.nix | 1 + hosts/carotte/security.nix | 2 +- nixos/defaults/security.nix | 3 +- nixos/profiles/hardware/cubieboard2.nix | 42 ++++++++++++++++++++++--- 4 files changed, 42 insertions(+), 6 deletions(-) diff --git a/hosts/carotte.nix b/hosts/carotte.nix index 6d6bb2f..e915825 100644 --- a/hosts/carotte.nix +++ b/hosts/carotte.nix @@ -14,6 +14,7 @@ modules = [ carotte/system.nix carotte/users.nix (inputs.secrets + "/hosts/${hostName}/users.nix") + (inputs.secrets + "/hosts/${hostName}/security.nix") carotte/xserver.nix ]; } diff --git a/hosts/carotte/security.nix b/hosts/carotte/security.nix index 8fd4749..7f1af3e 100644 --- a/hosts/carotte/security.nix +++ b/hosts/carotte/security.nix @@ -3,7 +3,7 @@ security.lockKernelModules = false; security.virtualisation.flushL1DataCache = lib.mkForce null; security.gnupg.agent = { - keyring."00B1DD47EA6B7BEF92FFEA66922C6249D6336C94" = { + keyring."C7BCEA3D090956E7D51E94ADFF53191D9FA89552" = { passwordGpg = "gnupg/root.gpg"; }; }; diff --git a/nixos/defaults/security.nix b/nixos/defaults/security.nix index fc7ce29..863e0ab 100644 --- a/nixos/defaults/security.nix +++ b/nixos/defaults/security.nix @@ -1,6 +1,7 @@ { inputs, pkgs, lib, config, ... }: { -boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened; +#boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened; +boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; #environment.memoryAllocator.provider = "libc"; nix.allowedUsers = [ "@users" ]; networking.firewall.pingLimit = "--limit 60/minute --limit-burst 5"; diff --git a/nixos/profiles/hardware/cubieboard2.nix b/nixos/profiles/hardware/cubieboard2.nix index 00ba17b..e222ba3 100644 --- a/nixos/profiles/hardware/cubieboard2.nix +++ b/nixos/profiles/hardware/cubieboard2.nix @@ -1,8 +1,36 @@ { pkgs, lib, config, modulesPath, ... }: { imports = [ - "${modulesPath}/installer/sd-card/sd-image-armv7l-multiplatform.nix" + "${modulesPath}/installer/sd-card/sd-image.nix" ]; + +boot.supportedFilesystems = [ + #"btrfs" + #"reiserfs" + "vfat" + #"f2fs" + #"xfs" + #"zfs" + #"ntfs" + #"cifs" +]; + +# The serial ports listed here are: +# - ttyS0: for Tegra (Jetson TK1) +# - ttymxc0: for i.MX6 (Wandboard) +# - ttyAMA0: for Allwinner (pcDuino3 Nano) and QEMU's -machine virt +# - ttyO0: for OMAP (BeagleBone Black) +# - ttySAC2: for Exynos (ODROID-XU3) +boot.consoleLogLevel = lib.mkDefault 7; +boot.kernelParams = [ + "console=ttyS0,115200n8" + "console=ttymxc0,115200n8" + "console=ttyAMA0,115200n8" + "console=ttyO0,115200n8" + "console=ttySAC2,115200n8" + "console=tty0" +]; + #nixpkgs.config.allowUnfree = true; nixpkgs.crossSystem = lib.systems.examples.armv7l-hf-multiplatform; nixpkgs.overlays = [ @@ -416,14 +444,20 @@ sdImage = { compressImage = true; expandOnBoot = true; firmwareSize = 1; - populateFirmwareCommands = lib.mkForce ""; + populateFirmwareCommands = ""; + populateRootCommands = '' + mkdir -p ./files/boot + ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot + ''; }; +boot.loader.grub.enable = false; +boot.loader.generic-extlinux-compatible.enable = true; +# nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile +boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2; boot.initrd.availableKernelModules = lib.mkForce [ "mmc_block" "usbhid" "hid_generic" "hid_microsoft" ]; -# nix -L build .#nixosConfigurations.${hostName}.config.boot.kernelPackages.kernel.configfile -boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest_Cubieboard2; } -- 2.49.0