From b9657ead1056450fea5532e60a51daf740c07f1b Mon Sep 17 00:00:00 2001
From: catvayor <catvayor@katvayor.net>
Date: Mon, 16 Sep 2024 14:57:08 +0200
Subject: [PATCH] npins update

---
 hive.nix                         |  9 ++--
 machines/kat-probook/default.nix |  1 +
 npins/sources.json               | 24 +++++------
 patches/default.nix              | 11 +++--
 patches/wordpress.patch          | 41 ++++++++++++++++++
 patches/zathura.patch            | 72 --------------------------------
 6 files changed, 68 insertions(+), 90 deletions(-)
 create mode 100644 patches/wordpress.patch
 delete mode 100644 patches/zathura.patch

diff --git a/hive.nix b/hive.nix
index 3a4ca01..698ef7f 100644
--- a/hive.nix
+++ b/hive.nix
@@ -52,9 +52,12 @@ in
           settings.nix-path = config.nix.nixPath;
           package = pkgs.lix;
         };
-        services.openssh.settings = {
-          ClientAliveInterval = 60;
-          ClientAliveCountMax = 1;
+        services = {
+          resolved.enable = true;
+          openssh.settings = {
+            ClientAliveInterval = 60;
+            ClientAliveCountMax = 1;
+          };
         };
         system.build.anywhere = pkgs.writeShellApplication {
           name = "anywhere-deploy_${name}.sh";
diff --git a/machines/kat-probook/default.nix b/machines/kat-probook/default.nix
index f8b9d93..beb81ed 100644
--- a/machines/kat-probook/default.nix
+++ b/machines/kat-probook/default.nix
@@ -19,6 +19,7 @@
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
   networking.networkmanager.enable = true;
+  networking.nftables.enable = true;
   time.timeZone = "Europe/Paris";
 
   i18n.defaultLocale = "en_US.UTF-8";
diff --git a/npins/sources.json b/npins/sources.json
index f027614..07beed3 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -22,10 +22,10 @@
       "pre_releases": false,
       "version_upper_bound": null,
       "release_prefix": null,
-      "version": "v1.6.1",
-      "revision": "4677f6c53482a8b01ee93957e3bdd569d51261d6",
-      "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.6.1",
-      "hash": "1p9vsml07bm3riw703dv83ihlmgyc11qv882qa6bqzqdgn86y8z4"
+      "version": "v1.7.0",
+      "revision": "e55f9a8678adc02024a4877c2a403e3f6daf24fe",
+      "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.7.0",
+      "hash": "16zjxysjhk3sgd8b4x5mvx9ilnq35z3zfpkv1la33sqkr8xh1amn"
     },
     "home-manager": {
       "type": "Git",
@@ -35,9 +35,9 @@
         "repo": "home-manager"
       },
       "branch": "master",
-      "revision": "5dc25356567119127f046b347c3060a8dd607365",
-      "url": "https://github.com/nix-community/home-manager/archive/5dc25356567119127f046b347c3060a8dd607365.tar.gz",
-      "hash": "0v4p23ammia3zfafdxc4cz0b7bprffkkszq99w8snyyrd9yy5p4p"
+      "revision": "a9c9cc6e50f7cbd2d58ccb1cd46a1e06e9e445ff",
+      "url": "https://github.com/nix-community/home-manager/archive/a9c9cc6e50f7cbd2d58ccb1cd46a1e06e9e445ff.tar.gz",
+      "hash": "1cxp9rgczr4rhhx1klwcr7a61khizq8hv63gvmy9gfsx7fp4h60a"
     },
     "nix-patches": {
       "type": "GitRelease",
@@ -61,9 +61,9 @@
         "repo": "nixos-images"
       },
       "branch": "main",
-      "revision": "b733f0680a42cc01d6ad53896fb5ca40a66d5e79",
-      "url": "https://github.com/nix-community/nixos-images/archive/b733f0680a42cc01d6ad53896fb5ca40a66d5e79.tar.gz",
-      "hash": "1f6p04y2f66k9hn65f4vh50bd55pzzim7dggmjgh4v6l5slmvknq"
+      "revision": "770a010bb738cd1bfdda39ec78941624f4bd986b",
+      "url": "https://github.com/nix-community/nixos-images/archive/770a010bb738cd1bfdda39ec78941624f4bd986b.tar.gz",
+      "hash": "02klkvp2vi10klcap9pd18lvcpi4lwzrw0hqwz3v0125aggn1vv1"
     },
     "nixos-mailserver": {
       "type": "GitRelease",
@@ -83,8 +83,8 @@
     "nixpkgs": {
       "type": "Channel",
       "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre670424.5de1564aed41/nixexprs.tar.xz",
-      "hash": "1m31bsq9mawjgbxzg4mihk9blfm419451vdsk30llbrj4w4s159w"
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre681909.039b72d0c738/nixexprs.tar.xz",
+      "hash": "0c3q85wfgp0v7hhbv7yv7g9xhijrfi6167lkdli6wqkp66v7fw7r"
     }
   },
   "version": 3
diff --git a/patches/default.nix b/patches/default.nix
index bf8cf11..1ba8dea 100644
--- a/patches/default.nix
+++ b/patches/default.nix
@@ -1,4 +1,4 @@
-{
+rec {
   unstable = [
     {
       _type = "static";
@@ -6,10 +6,15 @@
     }
     {
       _type = "static";
-      path = ./zathura.patch;
+      path = ./wordpress.patch;
+    }
+    {
+      _type = "commit";
+      sha = "94c62f5036e7744247309cf5a11847e1168ac289";
+      hash = "sha256-KcL2mHLea+xmRBE+clDzeAOo66hq5wr9EcN3ox/MnFg=";
     }
   ];
-  betamail = [
+  betamail = unstable ++ [
     {
       _type = "static";
       path = ./procmail_322.patch;
diff --git a/patches/wordpress.patch b/patches/wordpress.patch
new file mode 100644
index 0000000..73b3ff3
--- /dev/null
+++ b/patches/wordpress.patch
@@ -0,0 +1,41 @@
+From 17adba609667be944255ca358fa97964589894ae Mon Sep 17 00:00:00 2001
+From: catvayor <catvayor@katvayor.net>
+Date: Thu, 19 Sep 2024 16:55:46 +0200
+Subject: [PATCH] =?UTF-8?q?wordpress:=20don=E2=80=99t=20use=20lib.escapeSh?=
+ =?UTF-8?q?ellArg?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ nixos/modules/services/web-apps/wordpress.nix | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/nixos/modules/services/web-apps/wordpress.nix b/nixos/modules/services/web-apps/wordpress.nix
+index ea771c358814..700bee191b9d 100644
+--- a/nixos/modules/services/web-apps/wordpress.nix
++++ b/nixos/modules/services/web-apps/wordpress.nix
+@@ -73,15 +73,17 @@ let
+     checkPhase = "${pkgs.php}/bin/php --syntax-check $target";
+   };
+ 
++  toPhpString = s: "'${escape [ "'" "\\" ] s}'";
++
+   mkPhpValue = v: let
+     isHasAttr = s: isAttrs v && hasAttr s v;
+   in
+-    if isString v then escapeShellArg v
++    if isString v then toPhpString v
+     # NOTE: If any value contains a , (comma) this will not get escaped
+-    else if isList v && any lib.strings.isCoercibleToString v then escapeShellArg (concatMapStringsSep "," toString v)
++    else if isList v && any lib.strings.isCoercibleToString v then toPhpString (concatMapStringsSep "," toString v)
+     else if isInt v then toString v
+     else if isBool v then boolToString v
+-    else if isHasAttr "_file" then "trim(file_get_contents(${lib.escapeShellArg v._file}))"
++    else if isHasAttr "_file" then "trim(file_get_contents(${lib.toPhpString v._file}))"
+     else if isHasAttr "_raw" then v._raw
+     else abort "The Wordpress config value ${lib.generators.toPretty {} v} can not be encoded."
+   ;
+-- 
+2.46.0
+
diff --git a/patches/zathura.patch b/patches/zathura.patch
deleted file mode 100644
index 0c27fdb..0000000
--- a/patches/zathura.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 0e44c983a42028aa46b7e4602ce26f71bda74d87 Mon Sep 17 00:00:00 2001
-From: catvayor <catvayor@katvayor.net>
-Date: Fri, 2 Aug 2024 10:49:38 +0200
-Subject: [PATCH] zathura-mupdf 0.4.2 -> 0.4.3
-
----
- pkgs/applications/misc/mupdf/default.nix             | 10 ++++++----
- pkgs/applications/misc/zathura/pdf-mupdf/default.nix |  4 ++--
- 2 files changed, 8 insertions(+), 6 deletions(-)
-
-diff --git a/pkgs/applications/misc/mupdf/default.nix b/pkgs/applications/misc/mupdf/default.nix
-index 0f2ec9f39f23..c3beca98aecf 100644
---- a/pkgs/applications/misc/mupdf/default.nix
-+++ b/pkgs/applications/misc/mupdf/default.nix
-@@ -60,15 +60,15 @@ let
- 
- in
- stdenv.mkDerivation rec {
--  version = "1.23.6";
-+  version = "1.24.8";
-   pname = "mupdf";
- 
-   src = fetchurl {
-     url = "https://mupdf.com/downloads/archive/${pname}-${version}-source.tar.gz";
--    sha256 = "sha256-rBHrhZ3UBEiOUVPNyWUbtDQeW6r007Pyfir8gvmq3Ck=";
-+    sha256 = "sha256-pRjZvpds2yAG1FOC1/+xubjWS8P9PLc8picNdS+n9Eg=";
-   };
- 
--  patches = [ ./0001-Use-command-v-in-favor-of-which.patch
-+  patches = [
-               ./0002-Add-Darwin-deps.patch
-               ./0003-Fix-cpp-build.patch
-             ];
-@@ -165,6 +165,8 @@ stdenv.mkDerivation rec {
-     Cflags: -I\''${includedir}
-     EOF
- 
-+    cp $out/lib/libmupdf.so* $out/lib/libmupdf.so
-+
-     moveToOutput "bin" "$bin"
-   '' + (lib.optionalString (stdenv.isDarwin) ''
-     for exe in $bin/bin/*; do
-@@ -172,7 +174,7 @@ stdenv.mkDerivation rec {
-     done
-   '') + (lib.optionalString (enableX11 || enableGL) ''
-     mkdir -p $bin/share/icons/hicolor/48x48/apps
--    cp docs/logo/mupdf.png $bin/share/icons/hicolor/48x48/apps
-+    cp docs/logo/mupdf-icon-48.png $bin/share/icons/hicolor/48x48/apps
-   '') + (if enableGL then ''
-     ln -s "$bin/bin/mupdf-gl" "$bin/bin/mupdf"
-   '' else lib.optionalString (enableX11) ''
-diff --git a/pkgs/applications/misc/zathura/pdf-mupdf/default.nix b/pkgs/applications/misc/zathura/pdf-mupdf/default.nix
-index b3b5d514a84c..7c59616e4ff3 100644
---- a/pkgs/applications/misc/zathura/pdf-mupdf/default.nix
-+++ b/pkgs/applications/misc/zathura/pdf-mupdf/default.nix
-@@ -21,12 +21,12 @@
- }:
- 
- stdenv.mkDerivation rec {
--  version = "0.4.2";
-+  version = "0.4.3";
-   pname = "zathura-pdf-mupdf";
- 
-   src = fetchurl {
-     url = "https://pwmt.org/projects/${pname}/download/${pname}-${version}.tar.xz";
--    hash = "sha256-fFC+z9mJX9ccExsV336Ut+zJJa8UdfUz/qVp9YgcnhM=";
-+    hash = "sha256-jM+E7gh+pyqOiLsvJanAELrqJhzrUsw/cyq60l93Z3Y=";
-   };
- 
-   nativeBuildInputs = [
--- 
-2.45.2