Merge remote-tracking branch 'upstream/master' into HEAD

15 files changed, 251 insertions, 114 deletions

diff --git a/pkgs/tools/filesystems/bindfs/default.nix b/pkgs/tools/filesystems/bindfs/default.nix
index 834aa7290abc..f13439482db4 100644
--- a/pkgs/tools/filesystems/bindfs/default.nix
+++ b/pkgs/tools/filesystems/bindfs/default.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchurl, fuse, pkgconfig }:
 
 stdenv.mkDerivation rec {
-  version = "1.14.3";
+  version = "1.14.4";
   pname = "bindfs";
 
   src = fetchurl {
     url    = "https://bindfs.org/downloads/${pname}-${version}.tar.gz";
-    sha256 = "09csi8brp6v98gy9xcl6lkbz1wgs796wch1qviw2wa1n16wd91vw";
+    sha256 = "1vk42bq8y13gv4yvajf65qsh59lscwcaw3xv94qpjxld3786i8c7";
   };
 
   dontStrip = true;
diff --git a/pkgs/tools/misc/parallel-rust/default.nix b/pkgs/tools/misc/parallel-rust/default.nix
deleted file mode 100644
index 213e8c8e378a..000000000000
--- a/pkgs/tools/misc/parallel-rust/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ stdenv, fetchFromGitHub, rustPlatform }:
-
-rustPlatform.buildRustPackage rec {
-  pname = "parallel-rust";
-  version = "0.11.3";
-
-  src = fetchFromGitHub {
-    owner = "mmstick";
-    repo = "parallel";
-    rev = version;
-    sha256 = "1bb1m3ckkrxlnw9w24ig70bd1zwyrbaw914q3xz5yv43c0l6pn9c";
-  };
-
-  cargoSha256 = "1r5chjhmy6ivhsvgqf75ph1qxa4x7n20f7rb3b6maqpbsc64km9n";
-
-  patches = [ ./fix_cargo_lock_version.patch ];
-
-  meta = with stdenv.lib; {
-    description = "A command-line CPU load balancer written in Rust";
-    homepage = https://github.com/mmstick/parallel;
-    license = licenses.mit;
-    maintainers = [];
-    platforms = platforms.all;
-  };
-}
diff --git a/pkgs/tools/misc/parallel-rust/fix_cargo_lock_version.patch b/pkgs/tools/misc/parallel-rust/fix_cargo_lock_version.patch
deleted file mode 100644
index 75a1ba35e129..000000000000
--- a/pkgs/tools/misc/parallel-rust/fix_cargo_lock_version.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/Cargo.lock b/Cargo.lock
-index c01308d..dba3927 100644
---- a/Cargo.lock
-+++ b/Cargo.lock
-@@ -1,6 +1,6 @@
- [root]
- name = "parallel"
--version = "0.11.2"
-+version = "0.11.3"
- dependencies = [
-  "arrayvec 0.3.23 (registry+https://github.com/rust-lang/crates.io-index)",
-  "itoa 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
diff --git a/pkgs/tools/misc/tensorman/default.nix b/pkgs/tools/misc/tensorman/default.nix
index eca80cbcadf3..85091a41b126 100644
--- a/pkgs/tools/misc/tensorman/default.nix
+++ b/pkgs/tools/misc/tensorman/default.nix
@@ -11,7 +11,8 @@ rustPlatform.buildRustPackage rec {
     sha256 = "0ywb53snvymmwh10hm6whckz7dwmpqa4rxiggd24y178jdfrm2ns";
   };
 
-  buildInputs = [ pkgconfig openssl ];
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [ openssl ];
   cargoSha256 = "0vckay4jhg02xg68mvh7ys0yjj0p30m6wsjriqc8k24wjsrhiw9k";
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/misc/uutils-coreutils/default.nix b/pkgs/tools/misc/uutils-coreutils/default.nix
index 9c58785e84ea..09c29a0af1fb 100644
--- a/pkgs/tools/misc/uutils-coreutils/default.nix
+++ b/pkgs/tools/misc/uutils-coreutils/default.nix
@@ -20,8 +20,8 @@ rustPlatform.buildRustPackage {
     [ "CARGO=${cargo}/bin/cargo" "PREFIX=$(out)" "PROFILE=release" "INSTALLDIR_MAN=$(out)/share/man/man1" ]
     ++ lib.optional (prefix != null) [ "PROG_PREFIX=${prefix}" ];
 
-  nativeBuildInputs = [ cmake ];
-  buildInputs = [ cargo sphinx ] ++ lib.optional stdenv.isDarwin Security;
+  nativeBuildInputs = [ cmake cargo sphinx ];
+  buildInputs = lib.optional stdenv.isDarwin Security;
 
   # empty {build,install}Phase to use defaults of `stdenv.mkDerivation` rather than rust defaults
   buildPhase = "";
diff --git a/pkgs/tools/misc/vdirsyncer/default.nix b/pkgs/tools/misc/vdirsyncer/default.nix
index 52eec555b165..3ee7787a8a45 100644
--- a/pkgs/tools/misc/vdirsyncer/default.nix
+++ b/pkgs/tools/misc/vdirsyncer/default.nix
@@ -20,7 +20,8 @@ python3Packages.buildPythonApplication rec {
     inherit src;
     sourceRoot = "source/rust";
     cargoSha256 = "0cqy0s55pkg6hww86h7qip4xaidh6g8lcypdj84n2x374jq38c5d";
-    buildInputs = [ pkgconfig openssl ] ++ stdenv.lib.optionals stdenv.isDarwin [ CoreServices Security ];
+    nativeBuildInputs = [ pkgconfig ];
+    buildInputs = [ openssl ] ++ stdenv.lib.optionals stdenv.isDarwin [ CoreServices Security ];
   };
 
   propagatedBuildInputs = with python3Packages; [
diff --git a/pkgs/tools/misc/vector/default.nix b/pkgs/tools/misc/vector/default.nix
index 17e764698d52..c441242885e6 100644
--- a/pkgs/tools/misc/vector/default.nix
+++ b/pkgs/tools/misc/vector/default.nix
@@ -21,7 +21,8 @@ rustPlatform.buildRustPackage rec {
   };
 
   cargoSha256 = "1al8jzjxjhxwb5n1d52pvl59d11g0bdg2dcw8ir2nclya1w68f2w";
-  buildInputs = [ openssl pkg-config protobuf rdkafka ]
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs = [ openssl protobuf rdkafka ]
                 ++ stdenv.lib.optional stdenv.isDarwin [ Security libiconv ];
 
   # needed for internal protobuf c wrapper library
diff --git a/pkgs/tools/networking/bgpq3/default.nix b/pkgs/tools/networking/bgpq3/default.nix
new file mode 100644
index 000000000000..e3d2218b0c97
--- /dev/null
+++ b/pkgs/tools/networking/bgpq3/default.nix
@@ -0,0 +1,24 @@
+{ stdenv, fetchFromGitHub }:
+
+stdenv.mkDerivation rec {
+  pname = "bgpq3";
+  version = "0.1.35";
+
+  src = fetchFromGitHub {
+    owner = "snar";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0fd5a3krq0i906m0iivgphiqq88cw6c0w1q4n7lmzyq9201mb8wj";
+  };
+
+  # Fix binary install location. Remove with next upstream release.
+  preInstall = "mkdir -p $out/bin";
+
+  meta = with stdenv.lib; {
+    description = "bgp filtering automation tool";
+    homepage = "https://github.com/snar/bgpq3";
+    license = licenses.bsd2;
+    maintainers = with maintainers; [ b4dm4n ];
+    platforms = with platforms; unix;
+  };
+}
diff --git a/pkgs/tools/networking/connman/connman.nix b/pkgs/tools/networking/connman/connman.nix
new file mode 100644
index 000000000000..512194872205
--- /dev/null
+++ b/pkgs/tools/networking/connman/connman.nix
@@ -0,0 +1,171 @@
+{ stdenv
+, fetchurl
+, pkgconfig
+, file
+, glib
+# always required runtime dependencies
+, dbus
+, libmnl
+, gnutls
+, readline
+# configureable options
+, firewallType ? "iptables" # or "nftables"
+, iptables ? null
+, libnftnl ? null # for nftables
+, dnsType ? "internal" # or "systemd-resolved"
+# optional features which are turned *on* by default
+, enableOpenconnect ? true
+, openconnect ? null
+, enableOpenvpn ? true
+, openvpn ? null
+, enableVpnc ? true
+, vpnc ? true
+, enablePolkit ? true
+, polkit ? null
+, enablePptp ? true
+, pptp ? null
+, ppp ? null
+, enableLoopback ? true
+, enableEthernet ? true
+, enableWireguard ? true
+, enableGadget ? true
+, enableWifi ? true
+, enableBluetooth ? true
+, enableOfono ? true
+, enableDundee ? true
+, enablePacrunner ? true
+, enableNeard ? true
+, enableWispr ? true
+, enableTools ? true
+, enableStats ? true
+, enableClient ? true
+, enableDatafiles ? true
+# optional features which are turned *off* by default
+, enableNetworkManager ? false
+, enableHh2serialGps ? false
+, enableL2tp ? false
+, enableIospm ? false
+, enableTist ? false
+}:
+
+assert stdenv.lib.asserts.assertOneOf "firewallType" firewallType [ "iptables" "nftables" ];
+assert stdenv.lib.asserts.assertOneOf "dnsType" dnsType [ "internal" "systemd-resolved" ];
+
+let inherit (stdenv.lib) optionals; in
+
+stdenv.mkDerivation rec {
+  pname = "connman";
+  version = "1.38";
+  src = fetchurl {
+    url = "mirror://kernel/linux/network/connman/${pname}-${version}.tar.xz";
+    sha256 = "0awkqigvhwwxiapw0x6yd4whl465ka8a4al0v2pcqy9ggjlsqc6b";
+  };
+
+  buildInputs = [
+    glib
+    dbus
+    libmnl
+    gnutls
+    readline
+  ];
+
+  nativeBuildInputs = [
+    pkgconfig
+    file
+  ]
+    ++ optionals (enablePolkit) [ polkit ]
+    ++ optionals (enablePptp) [ pptp ppp ]
+    ++ optionals (firewallType == "iptables") [ iptables ]
+    ++ optionals (firewallType == "nftables") [ libnftnl ]
+  ;
+
+  # fix invalid path to 'file'
+  postPatch = ''
+    sed -i "s/\/usr\/bin\/file/file/g" ./configure
+  '';
+
+  configureFlags = [
+    # directories flags
+    "--sysconfdir=${placeholder "out"}/etc"
+    "--localstatedir=/var"
+    "--with-dbusconfdir=${placeholder "out"}/share"
+    "--with-dbusdatadir=${placeholder "out"}/share"
+    "--with-tmpfilesdir=${placeholder "out"}/lib/tmpfiles.d"
+    "--with-systemdunitdir=${placeholder "out"}/lib/systemd/system"
+    "--with-dns-backend=${dnsType}"
+    "--with-firewall=${firewallType}"
+    # production build flags
+    "--disable-maintainer-mode"
+    "--enable-session-policy-local=builtin"
+    # for building and running tests
+    # "--enable-tests" # installs the tests, we don't want that
+    "--enable-tools"
+  ]
+    ++ optionals (!enableLoopback) [ "--disable-loopback" ]
+    ++ optionals (!enableEthernet) [ "--disable-ethernet" ]
+    ++ optionals (!enableWireguard) [ "--disable-wireguard" ]
+    ++ optionals (!enableGadget) [ "--disable-gadget" ]
+    ++ optionals (!enableWifi) [ "--disable-wifi" ]
+    # enable IWD support for wifi as it doesn't require any new dependencies
+    # and it's easier for the NixOS module to use only one connman package when
+    # IWD is requested
+    ++ optionals (enableWifi) [ "--enable-iwd" ]
+    ++ optionals (!enableBluetooth) [ "--disable-bluetooth" ]
+    ++ optionals (!enableOfono) [ "--disable-ofono" ]
+    ++ optionals (!enableDundee) [ "--disable-dundee" ]
+    ++ optionals (!enablePacrunner) [ "--disable-pacrunner" ]
+    ++ optionals (!enableNeard) [ "--disable-neard" ]
+    ++ optionals (!enableWispr) [ "--disable-wispr" ]
+    ++ optionals (!enableTools) [ "--disable-tools" ]
+    ++ optionals (!enableStats) [ "--disable-stats" ]
+    ++ optionals (!enableClient) [ "--disable-client" ]
+    ++ optionals (!enableDatafiles) [ "--disable-datafiles" ]
+    ++ optionals (enableOpenconnect) [
+      "--enable-openconnect=builtin"
+      "--with-openconnect=${openconnect}/sbin/openconnect"
+    ]
+    ++ optionals (enableOpenvpn) [
+      "--enable-openvpn=builtin"
+      "--with-openvpn=${openvpn}/sbin/openvpn"
+    ]
+    ++ optionals (enableVpnc) [
+      "--enable-vpnc=builtin"
+      "--with-vpnc=${vpnc}/sbin/vpnc"
+    ]
+    ++ optionals (enablePolkit) [
+      "--enable-polkit"
+    ]
+    ++ optionals (enablePptp) [
+      "--enable-pptp"
+      "--with-pptp=${pptp}/sbin/pptp"
+    ]
+    ++ optionals (!enableWireguard) [
+      "--disable-wireguard"
+    ]
+    ++ optionals (enableNetworkManager) [
+      "--enable-nmcompat"
+    ]
+    ++ optionals (enableHh2serialGps) [
+      "--enable-hh2serial-gps"
+    ]
+    ++ optionals (enableL2tp) [
+      "--enable-l2tp"
+    ]
+    ++ optionals (enableIospm) [
+      "--enable-iospm"
+    ]
+    ++ optionals (enableTist) [
+      "--enable-tist"
+    ]
+  ;
+
+  doCheck = true;
+
+  meta = with stdenv.lib; {
+    description = "A daemon for managing internet connections";
+    homepage = "https://01.org/connman";
+    maintainers = [ maintainers.matejc ];
+    platforms = platforms.linux;
+    license = licenses.gpl2;
+  };
+}
diff --git a/pkgs/tools/networking/connman/default.nix b/pkgs/tools/networking/connman/default.nix
index e58b8362f951..ccceaa30b043 100644
--- a/pkgs/tools/networking/connman/default.nix
+++ b/pkgs/tools/networking/connman/default.nix
@@ -1,61 +1,40 @@
-{ stdenv, fetchurl, pkgconfig, openconnect, file, gawk,
-  openvpn, vpnc, glib, dbus, iptables, gnutls, polkit,
-  wpa_supplicant, readline6, pptp, ppp }:
+{ callPackage }:
 
-stdenv.mkDerivation rec {
-  pname = "connman";
-  version = "1.37";
-  src = fetchurl {
-    url = "mirror://kernel/linux/network/connman/${pname}-${version}.tar.xz";
-    sha256 = "05kfjiqhqfmbbwc4snnyvi5hc4zxanac62f6gcwaf5mvn0z9pqkc";
-  };
-
-  buildInputs = [ openconnect polkit
-                  openvpn vpnc glib dbus iptables gnutls
-                  wpa_supplicant readline6 pptp ppp ];
-
-  nativeBuildInputs = [ pkgconfig file gawk ];
+{
+  # All the defaults
+  connman = callPackage ./connman.nix { };
 
-  preConfigure = ''
-    export WPASUPPLICANT=${wpa_supplicant}/sbin/wpa_supplicant
-    export PPPD=${ppp}/sbin/pppd
-    export AWK=${gawk}/bin/gawk
-    sed -i "s/\/usr\/bin\/file/file/g" ./configure
-  '';
-
-  configureFlags = [
-    "--sysconfdir=\${out}/etc"
-    "--localstatedir=/var"
-    "--with-dbusconfdir=${placeholder "out"}/share"
-    "--with-dbusdatadir=${placeholder "out"}/share"
-    "--disable-maintainer-mode"
-    "--enable-openconnect=builtin"
-    "--with-openconnect=${openconnect}/sbin/openconnect"
-    "--enable-openvpn=builtin"
-    "--with-openvpn=${openvpn}/sbin/openvpn"
-    "--enable-vpnc=builtin"
-    "--with-vpnc=${vpnc}/sbin/vpnc"
-    "--enable-session-policy-local=builtin"
-    "--enable-client"
-    "--enable-bluetooth"
-    "--enable-wifi"
-    "--enable-polkit"
-    "--enable-tools"
-    "--enable-datafiles"
-    "--enable-pptp"
-    "--with-pptp=${pptp}/sbin/pptp"
-    "--enable-iwd"
-  ];
-
-  postInstall = ''
-    cp ./client/connmanctl $out/sbin/connmanctl
-  '';
+  connmanFull = callPackage ./connman.nix {
+    # TODO: Why is this in `connmanFull` and not the default build? See TODO in
+    # nixos/modules/services/networking/connman.nix (near the assertions)
+    enableNetworkManager = true;
+    enableHh2serialGps = true;
+    enableL2tp = true;
+    enableIospm = true;
+    enableTist = true;
+  };
 
-  meta = with stdenv.lib; {
-    description = "A daemon for managing internet connections";
-    homepage = https://01.org/connman;
-    maintainers = [ maintainers.matejc ];
-    platforms = platforms.linux;
-    license = licenses.gpl2;
+  connmanMinimal = callPackage ./connman.nix {
+    enableOpenconnect = false;
+    enableOpenvpn = false;
+    enableVpnc = false;
+    vpnc = false;
+    enablePolkit = false;
+    enablePptp = false;
+    enableLoopback = false;
+    # enableEthernet = false; # If disabled no ethernet connection can be performed
+    enableWireguard = false;
+    enableGadget = false;
+    # enableWifi = false; # If disabled no WiFi connection can be performed
+    enableBluetooth = false;
+    enableOfono = false;
+    enableDundee = false;
+    enablePacrunner = false;
+    enableNeard = false;
+    enableWispr = false;
+    enableTools = false;
+    enableStats = false;
+    enableClient = false;
+    # enableDatafiles = false; # If disabled, configuration and data files are not installed
   };
 }
diff --git a/pkgs/tools/networking/findomain/default.nix b/pkgs/tools/networking/findomain/default.nix
index c78a6ad55267..d5e801a6f920 100644
--- a/pkgs/tools/networking/findomain/default.nix
+++ b/pkgs/tools/networking/findomain/default.nix
@@ -9,16 +9,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "findomain";
-  version = "1.4.2";
+  version = "1.4.5";
 
   src = fetchFromGitHub {
     owner = "Edu4rdSHL";
     repo = pname;
     rev = version;
-    sha256 = "0c6jjr1343lqwggvpxdhbjyi1far4f7f3yzq1y0nj1j952j7a36x";
+    sha256 = "1p4ddyqg1v27hf19n1ksmfvj5s6z2c8i13syb0anhlyzqy576hwb";
   };
 
-  cargoSha256 = "1cyfxfhbc2xhavnkhva1xdcw8vy9i5pqhfbiwn6idpfy6hm1w0bx";
+  cargoSha256 = "0mdcj4almwziq1ph3imfdx41a96xq19sbjm7wsm9lxlzhvv256br";
 
   nativeBuildInputs = [ installShellFiles perl ];
   buildInputs = lib.optional stdenv.isDarwin Security;
diff --git a/pkgs/tools/networking/httplz/default.nix b/pkgs/tools/networking/httplz/default.nix
index 5d59010ac1ef..c4f003f884fc 100644
--- a/pkgs/tools/networking/httplz/default.nix
+++ b/pkgs/tools/networking/httplz/default.nix
@@ -12,10 +12,8 @@ rustPlatform.buildRustPackage rec {
     sha256 = "0i41hqig8v6w1qb6498239iix1rss0lznm5lcl9m3i439c2zv7pw";
   };
 
-  nativeBuildInputs = [ makeWrapper ];
-  buildInputs = [
-    openssl pkgconfig
-  ] ++ lib.optionals stdenv.isDarwin [
+  nativeBuildInputs = [ makeWrapper pkgconfig ];
+  buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [
     libiconv darwin.apple_sdk.frameworks.Security
   ];
 
diff --git a/pkgs/tools/package-management/cargo-update/default.nix b/pkgs/tools/package-management/cargo-update/default.nix
index c0a1e8edc0f4..8dc07d287d2d 100644
--- a/pkgs/tools/package-management/cargo-update/default.nix
+++ b/pkgs/tools/package-management/cargo-update/default.nix
@@ -23,8 +23,8 @@ rustPlatform.buildRustPackage rec {
   cargoPatches = [ ./0001-Generate-lockfile-for-cargo-update-v3.0.0.patch ];
   cargoSha256 = "034v1ql5k3n3rgi3aqszkybvv3vc80v263c9nlwxcwbswsh9jpp1";
 
-  nativeBuildInputs = [ cmake ];
-  buildInputs = [ libgit2 libssh2 openssl pkg-config zlib ]
+  nativeBuildInputs = [ cmake pkg-config ];
+  buildInputs = [ libgit2 libssh2 openssl zlib ]
     ++ stdenv.lib.optional stdenv.isDarwin curl;
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/security/ripasso/cursive.nix b/pkgs/tools/security/ripasso/cursive.nix
index 70c4ee864b64..c8a55d3f397f 100644
--- a/pkgs/tools/security/ripasso/cursive.nix
+++ b/pkgs/tools/security/ripasso/cursive.nix
@@ -16,9 +16,9 @@ buildRustPackage rec {
 
   cargoBuildFlags = [ "-p ripasso-cursive -p ripasso-man" ];
 
-  nativeBuildInputs = [ pkgconfig ];
+  nativeBuildInputs = [ pkgconfig gpgme python3 ];
   buildInputs = [
-    ncurses python3 openssl libgpgerror gpgme xorg.libxcb
+    ncurses openssl libgpgerror gpgme xorg.libxcb
   ] ++ stdenv.lib.optionals stdenv.isDarwin [ AppKit Security ];
 
   preFixup = ''
diff --git a/pkgs/tools/security/sequoia/default.nix b/pkgs/tools/security/sequoia/default.nix
index fe0b13bbb973..d1a24f49d802 100644
--- a/pkgs/tools/security/sequoia/default.nix
+++ b/pkgs/tools/security/sequoia/default.nix
@@ -28,6 +28,7 @@ rustPlatform.buildRustPackage rec {
     llvmPackages.libclang
     llvmPackages.clang
     ensureNewerSourcesForZipFilesHook
+    capnproto
   ] ++
     lib.optionals pythonSupport [ pythonPackages.setuptools ]
   ;
@@ -41,9 +42,7 @@ rustPlatform.buildRustPackage rec {
     openssl
     sqlite
     nettle
-    capnproto
-  ]
-    ++ lib.optionals pythonSupport [ pythonPackages.python pythonPackages.cffi ]
+  ] ++ lib.optionals pythonSupport [ pythonPackages.python pythonPackages.cffi ]
     ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security ]
   ;