18 files changed, 166 insertions, 91 deletions

diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
index 5a7f52d338f..de2cd7bef6d 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@@ -133,6 +133,13 @@
           <link linkend="opt-services.prometheus.exporters.influxdb.enable">services.prometheus.exporters.influxdb</link>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/matrix-discord/mx-puppet-discord">mx-puppet-discord</link>,
+          a discord puppeting bridge for matrix. Available as
+          <link linkend="opt-services.mx-puppet-discord.enable">services.mx-puppet-discord</link>.
+        </para>
+      </listitem>
     </itemizedlist>
   </section>
   <section xml:id="sec-release-21.11-incompatibilities">
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md
index 89a3e6398c6..1ce78a4d774 100644
--- a/nixos/doc/manual/release-notes/rl-2111.section.md
+++ b/nixos/doc/manual/release-notes/rl-2111.section.md
@@ -41,6 +41,8 @@ pt-services.clipcat.enable).
 
 - [influxdb-exporter](https://github.com/prometheus/influxdb_exporter) a Prometheus exporter that exports metrics received on an InfluxDB compatible endpoint is now available as [services.prometheus.exporters.influxdb](#opt-services.prometheus.exporters.influxdb.enable).
 
+- [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord), a discord puppeting bridge for matrix. Available as [services.mx-puppet-discord](#opt-services.mx-puppet-discord.enable).
+
 ## Backward Incompatibilities {#sec-release-21.11-incompatibilities}
 
 - The `staticjinja` package has been upgraded from 1.0.4 to 3.0.1
diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
index d94af0b5bf7..f0384513247 100644
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -654,7 +654,11 @@ in
       ];
 
     fileSystems."/" =
-      { fsType = "tmpfs";
+      # This module is often over-layed onto an existing host config
+      # that defines `/`. We use mkOverride 60 to override standard
+      # values, but at the same time leave room for mkForce values
+      # targeted at the image build.
+      { fsType = mkOverride 60 "tmpfs";
         options = [ "mode=0755" ];
       };
 
diff --git a/nixos/modules/installer/netboot/netboot.nix b/nixos/modules/installer/netboot/netboot.nix
index 238ab6d0617..f7543fdf4a2 100644
--- a/nixos/modules/installer/netboot/netboot.nix
+++ b/nixos/modules/installer/netboot/netboot.nix
@@ -30,7 +30,11 @@ with lib;
           else [ pkgs.grub2 pkgs.syslinux ]);
 
     fileSystems."/" =
-      { fsType = "tmpfs";
+      # This module is often over-layed onto an existing host config
+      # that defines `/`. We use mkOverride 60 to override standard
+      # values, but at the same time leave room for mkForce values
+      # targeted at the image build.
+      { fsType = mkOverride 60 "tmpfs";
         options = [ "mode=0755" ];
       };
 
diff --git a/nixos/modules/installer/tools/nix-fallback-paths.nix b/nixos/modules/installer/tools/nix-fallback-paths.nix
index e3576074a5b..15c76287e34 100644
--- a/nixos/modules/installer/tools/nix-fallback-paths.nix
+++ b/nixos/modules/installer/tools/nix-fallback-paths.nix
@@ -1,7 +1,7 @@
 {
-  x86_64-linux = "/nix/store/qsgz2hhn6mzlzp53a7pwf9z2pq3l5z6h-nix-2.3.14";
-  i686-linux = "/nix/store/1yw40bj04lykisw2jilq06lir3k9ga4a-nix-2.3.14";
-  aarch64-linux = "/nix/store/32yzwmynmjxfrkb6y6l55liaqdrgkj4a-nix-2.3.14";
-  x86_64-darwin = "/nix/store/06j0vi2d13w4l0p3jsigq7lk4x6gkycj-nix-2.3.14";
-  aarch64-darwin = "/nix/store/77wi7vpbrghw5rgws25w30bwb8yggnk9-nix-2.3.14";
+  x86_64-linux = "/nix/store/jhbxh1jwjc3hjhzs9y2hifdn0rmnfwaj-nix-2.3.15";
+  i686-linux = "/nix/store/9pspwnkdrgzma1l4xlv7arhwa56y16di-nix-2.3.15";
+  aarch64-linux = "/nix/store/72aqi5g7f4fhgvgafbcqwcpqjgnczj48-nix-2.3.15";
+  x86_64-darwin = "/nix/store/6p6qwp73dgfkqhynmxrzbx1lcfgfpqal-nix-2.3.15";
+  aarch64-darwin = "/nix/store/dmq2vksdhssgfl822shd0ky3x5x0klh4-nix-2.3.15";
 }
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 4d1700ed99a..0bd789b5911 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -529,6 +529,7 @@
   ./services/misc/mediatomb.nix
   ./services/misc/metabase.nix
   ./services/misc/mwlib.nix
+  ./services/misc/mx-puppet-discord.nix
   ./services/misc/n8n.nix
   ./services/misc/nix-daemon.nix
   ./services/misc/nix-gc.nix
diff --git a/nixos/modules/services/misc/mx-puppet-discord.nix b/nixos/modules/services/misc/mx-puppet-discord.nix
new file mode 100644
index 00000000000..11116f7c348
--- /dev/null
+++ b/nixos/modules/services/misc/mx-puppet-discord.nix
@@ -0,0 +1,120 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  dataDir = "/var/lib/mx-puppet-discord";
+  registrationFile = "${dataDir}/discord-registration.yaml";
+  cfg = config.services.mx-puppet-discord;
+  settingsFormat = pkgs.formats.json {};
+  settingsFile = settingsFormat.generate "mx-puppet-discord-config.json" cfg.settings;
+
+in {
+  options = {
+    services.mx-puppet-discord = {
+      enable = mkEnableOption ''
+        mx-puppet-discord is a discord puppeting bridge for matrix.
+        It handles bridging private and group DMs, as well as Guilds (servers)
+      '';
+
+      settings = mkOption rec {
+        apply = recursiveUpdate default;
+        inherit (settingsFormat) type;
+        default = {
+          bridge.port = 8434;
+          presence = {
+            enabled = true;
+            interval = 500;
+          };
+          provisioning.whitelist = [ ];
+          relay.whitelist = [ ];
+
+          # variables are preceded by a colon.
+          namePatterns = {
+            user = ":name";
+            userOverride = ":displayname";
+            room = ":name";
+            group = ":name";
+          };
+
+          #defaults to sqlite but can be configured to use postgresql with
+          #connstring
+          database.filename = "${dataDir}/mx-puppet-discord/database.db";
+          logging = {
+            console = "info";
+            lineDateFormat = "MMM-D HH:mm:ss.SSS";
+          };
+        };
+        example = literalExample ''
+          {
+            bridge = {
+              bindAddress = "localhost";
+              domain = "example.com";
+              homeserverUrl = "https://example.com";
+            };
+
+            provisioning.whitelist = [ "@admin:example.com" ];
+            relay.whitelist = [ "@.*:example.com" ];
+          }
+        '';
+        description = ''
+          <filename>config.yaml</filename> configuration as a Nix attribute set.
+          Configuration options should match those described in
+          <link xlink:href="https://github.com/matrix-discord/mx-puppet-discord/blob/master/sample.config.yaml">
+          sample.config.yaml</link>.
+        '';
+      };
+      serviceDependencies = mkOption {
+        type = with types; listOf str;
+        default = optional config.services.matrix-synapse.enable "matrix-synapse.service";
+        description = ''
+          List of Systemd services to require and wait for when starting the application service.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.mx-puppet-discord = {
+      description = ''
+        mx-puppet-discord is a discord puppeting bridge for matrix.
+        It handles bridging private and group DMs, as well as Guilds (servers).
+      '';
+
+      wantedBy = [ "multi-user.target" ];
+      wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
+      after = [ "network-online.target" ] ++ cfg.serviceDependencies;
+
+      preStart = ''
+        # generate the appservice's registration file if absent
+        if [ ! -f '${registrationFile}' ]; then
+          ${pkgs.mx-puppet-discord}/bin/mx-puppet-discord -r -c ${settingsFile} \
+          -f ${registrationFile}
+        fi
+      '';
+
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ProtectKernelTunables = true;
+        ProtectKernelModules = true;
+        ProtectControlGroups = true;
+
+        DynamicUser = true;
+        PrivateTmp = true;
+        WorkingDirectory = pkgs.mx-puppet-discord;
+        StateDirectory = baseNameOf dataDir;
+        UMask = 0027;
+
+        ExecStart = ''
+          ${pkgs.mx-puppet-discord}/bin/mx-puppet-discord -c ${settingsFile}
+        '';
+      };
+    };
+  };
+
+  meta.maintainers = with maintainers; [ govanify ];
+}
diff --git a/pkgs/os-specific/linux/jool/source.nix b/pkgs/os-specific/linux/jool/source.nix
index abf7b0dac45..a90482a58d3 100644
--- a/pkgs/os-specific/linux/jool/source.nix
+++ b/pkgs/os-specific/linux/jool/source.nix
@@ -1,11 +1,11 @@
 { fetchFromGitHub }:
 
 rec {
-  version = "4.0.9";
+  version = "4.1.5";
   src = fetchFromGitHub {
     owner = "NICMx";
     repo = "Jool";
     rev = "v${version}";
-    sha256 = "0zhdpk1sbsv1iyr9rvj94wk853684avz3zzn4cv2k4254d7n25m7";
+    sha256 = "05dwz4q6v6azgpyj9dzwihnw1lalhhym116q2ya7spvgxzxi04ax";
   };
 }
diff --git a/pkgs/tools/misc/trash-cli/default.nix b/pkgs/tools/misc/trash-cli/default.nix
index 301f6163d76..5824e9cc495 100644
--- a/pkgs/tools/misc/trash-cli/default.nix
+++ b/pkgs/tools/misc/trash-cli/default.nix
@@ -2,13 +2,13 @@
 
 python3Packages.buildPythonApplication rec {
   pname = "trash-cli";
-  version = "0.21.7.23";
+  version = "0.21.7.24";
 
   src = fetchFromGitHub {
     owner = "andreafrancia";
     repo = "trash-cli";
     rev = version;
-    sha256 = "1kdkzs9mbyac8ndc6r0wa39z8d3fj8zglqp149id4j37aydxb10l";
+    sha256 = "082mfl4mza4xkm3fdn5aka9rsbd8c149qj3cqqk62idrnszmgzg5";
   };
 
   propagatedBuildInputs = [ python3Packages.psutil ];
diff --git a/pkgs/tools/networking/mu/default.nix b/pkgs/tools/networking/mu/default.nix
index 4553063929f..da7ef58f199 100644
--- a/pkgs/tools/networking/mu/default.nix
+++ b/pkgs/tools/networking/mu/default.nix
@@ -7,13 +7,13 @@
 
 stdenv.mkDerivation rec {
   pname = "mu";
-  version = "1.4.15";
+  version = "1.6.0";
 
   src = fetchFromGitHub {
     owner  = "djcb";
     repo   = "mu";
     rev    = version;
-    sha256 = "sha256-VIUA0W+AmEbvGWatv4maBGILvUTGhBgO3iQtjIc3vG8=";
+    sha256 = "d2REyoSbznMhqV4PNntvg8uQmU66Bsi4OwH2Gj7gQ10=";
   };
 
   postPatch = lib.optionalString (batchSize != null) ''
diff --git a/pkgs/tools/security/b3sum/default.nix b/pkgs/tools/security/b3sum/default.nix
index 1d9b2f66deb..9238ba06b1f 100644
--- a/pkgs/tools/security/b3sum/default.nix
+++ b/pkgs/tools/security/b3sum/default.nix
@@ -2,14 +2,14 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "b3sum";
-  version = "0.3.8";
+  version = "1.0.0";
 
   src = fetchCrate {
     inherit version pname;
-    sha256 = "1a42kwbl886yymm3v7h6y957x5f4yi9j40jy4szg9k0iy8bsdfmh";
+    sha256 = "sha256-eWsvCpMG3iWB2cYIKaaP6h9QwKQQrpFNliHTqBtdzVw=";
   };
 
-  cargoSha256 = "0v7ric12agicppg5ax5q0vwbslw7kmxpinafvdjj5sc2ysinw1zm";
+  cargoSha256 = "sha256-YglKiEz/D5+Dz6CIzWIpoc33bhMSdGTM4MP/uJCxe7E=";
 
   meta = {
     description = "BLAKE3 cryptographic hash function";
diff --git a/pkgs/tools/security/nmap-unfree/default.nix b/pkgs/tools/security/nmap-unfree/default.nix
deleted file mode 100644
index 1e6ed42bae4..00000000000
--- a/pkgs/tools/security/nmap-unfree/default.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ lib
-, stdenv
-, fetchurl
-, libpcap
-, pkg-config
-, openssl
-, lua5_3
-, pcre
-, liblinear
-, libssh2
-, zlib
-, withLua ? true
-}:
-
-stdenv.mkDerivation rec {
-  pname = "nmap-unfree";
-  version = "7.91";
-
-  src = fetchurl {
-    url = "https://nmap.org/dist/nmap-${version}.tar.bz2";
-    sha256 = "001kb5xadqswyw966k2lqi6jr6zz605jpp9w4kmm272if184pk0q";
-  };
-
-  prePatch = lib.optionalString stdenv.isDarwin ''
-    substituteInPlace libz/configure \
-        --replace /usr/bin/libtool ar \
-        --replace 'AR="libtool"' 'AR="ar"' \
-        --replace 'ARFLAGS="-o"' 'ARFLAGS="-r"'
-  '';
-
-  configureFlags = [
-    (if withLua then "--with-liblua=${lua5_3}" else "--without-liblua")
-  ];
-
-  makeFlags = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
-    "AR=${stdenv.cc.bintools.targetPrefix}ar"
-    "RANLIB=${stdenv.cc.bintools.targetPrefix}ranlib"
-    "CC=${stdenv.cc.targetPrefix}gcc"
-  ];
-
-  nativeBuildInputs = [ pkg-config ];
-
-  buildInputs = [
-    pcre
-    liblinear
-    libssh2
-    libpcap
-    openssl
-    zlib
-  ];
-
-  enableParallelBuilding = true;
-
-  # Tests require network access
-  doCheck = false;
-
-  meta = with lib; {
-    description = "Open source utility for network discovery and security auditing";
-    homepage = "http://www.nmap.org";
-    # Nmap Public Source License Version 0.93
-    # https://github.com/nmap/nmap/blob/master/LICENSE
-    license = licenses.unfree;
-    maintainers = with maintainers; [ fab SuperSandro2000 ];
-  };
-}
diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix
index 531eb6eae4a..a6d2ab14362 100644
--- a/pkgs/tools/security/nmap/default.nix
+++ b/pkgs/tools/security/nmap/default.nix
@@ -12,11 +12,11 @@ with lib;
 
 stdenv.mkDerivation rec {
   name = "nmap${optionalString graphicalSupport "-graphical"}-${version}";
-  version = "7.80";
+  version = "7.91";
 
   src = fetchurl {
     url = "https://nmap.org/dist/nmap-${version}.tar.bz2";
-    sha256 = "1aizfys6l9f9grm82bk878w56mg0zpkfns3spzj157h98875mypw";
+    sha256 = "001kb5xadqswyw966k2lqi6jr6zz605jpp9w4kmm272if184pk0q";
   };
 
   patches = [ ./zenmap.patch ]
diff --git a/pkgs/tools/system/stress/default.nix b/pkgs/tools/system/stress/default.nix
index 33fbd15c5e6..10aa285085f 100644
--- a/pkgs/tools/system/stress/default.nix
+++ b/pkgs/tools/system/stress/default.nix
@@ -1,10 +1,11 @@
 { lib, stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "stress-1.0.4";
+  pname = "stress";
+  version = "1.0.4";
 
   src = fetchurl {
-    url = "https://people.seas.harvard.edu/~apw/stress/${name}.tar.gz";
+    url = "https://people.seas.harvard.edu/~apw/stress/stress-${version}.tar.gz";
     sha256 = "0nw210jajk38m3y7h8s130ps2qsbz7j75wab07hi2r3hlz14yzh5";
   };
 
diff --git a/pkgs/tools/system/ts/default.nix b/pkgs/tools/system/ts/default.nix
index b954b1adc01..df19955b607 100644
--- a/pkgs/tools/system/ts/default.nix
+++ b/pkgs/tools/system/ts/default.nix
@@ -3,8 +3,8 @@
 }:
 
 stdenv.mkDerivation rec {
-
-  name = "ts-1.0";
+  pname = "ts";
+  version = "1.0";
 
   installPhase=''make install "PREFIX=$out"'';
 
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
   '';
 
   src = fetchurl {
-    url = "http://viric.name/~viric/soft/ts/${name}.tar.gz";
+    url = "https://viric.name/~viric/soft/ts/ts-${version}.tar.gz";
     sha256 = "15dkzczx10fhl0zs9bmcgkxfbwq2znc7bpscljm4rchbzx7y6lsg";
   };
 
diff --git a/pkgs/tools/system/undaemonize/default.nix b/pkgs/tools/system/undaemonize/default.nix
index 45e7a8d6d62..50ae366d10b 100644
--- a/pkgs/tools/system/undaemonize/default.nix
+++ b/pkgs/tools/system/undaemonize/default.nix
@@ -1,7 +1,9 @@
 { lib, stdenv, fetchFromGitHub }:
 
 stdenv.mkDerivation {
-  name = "undaemonize-2017-07-11";
+  pname = "undaemonize";
+  version = "unstable-2017-07-11";
+
   src = fetchFromGitHub {
     repo = "undaemonize";
     owner = "nickstenning";
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index a148788c35b..88d289a8379 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -526,6 +526,7 @@ mapAliases ({
   nix-review = nixpkgs-review; # added 2019-12-22
   nixFlakes = nixUnstable; # added 2021-05-21
   nmap_graphical = nmap-graphical;  # added 2017-01-19
+  nmap-unfree = nmap; # added 2021-04-06
   nologin = shadow; # added 2018-04-25
   nordic-polar = throw "nordic-polar was removed on 2021-05-27, now integrated in nordic"; # added 2021-05-27
   nxproxy = nx-libs; # added 2019-02-15
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e78e27a41eb..a4b8dbf0af0 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7495,8 +7495,6 @@ in
     graphicalSupport = true;
   };
 
-  nmap-unfree = callPackage ../tools/security/nmap-unfree { };
-
   nmapsi4 = libsForQt514.callPackage ../tools/security/nmap/qt.nix { };
 
   nnn = callPackage ../applications/misc/nnn { };