Merge branch 'master' into staging-next

NixOS · May 2, 2024 · 725f48a · 725f48a
2 parents dd897ed + 0599892
commit 725f48a
Show file tree

Hide file tree

Showing 219 changed files with 2,131 additions and 911 deletions.
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
@@ -7702,6 +7702,12 @@
     githubId = 10654650;
     name = "Guillaume Koenig";
   };
+  guitargeek = {
+    email = "jonas.rembser@cern.ch";
+    github = "guitargeek";
+    githubId = 6578603;
+    name = "Jonas Rembser";
+  };
   guserav = {
     github = "guserav";
     githubId = 28863828;
@@ -15271,6 +15277,12 @@
     githubId = 1788628;
     name = "pandaman";
   };
+  pandapip1 = {
+    email = "gavinnjohn@gmail.com";
+    github = "Pandapip1";
+    githubId = 45835846;
+    name = "Gavin John";
+  };
   panicgh = {
     email = "nbenes.gh@xandea.de";
     github = "panicgh";

diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix
@@ -47,7 +47,7 @@ with lib;
       gst_all_1 = super.gst_all_1 // {
         gst-plugins-bad = super.gst_all_1.gst-plugins-bad.override { guiSupport = false; };
         gst-plugins-base = super.gst_all_1.gst-plugins-base.override { enableWayland = false; enableX11 = false; };
-        gst-plugins-good = super.gst_all_1.gst-plugins-good.override { enableX11 = false; };
+        gst-plugins-good = super.gst_all_1.gst-plugins-good.override { enableWayland = false; enableX11 = false; gtkSupport = false; qt5Support = false; qt6Support = false; };
       };
       imagemagick = super.imagemagick.override { libX11Support = false; libXtSupport = false; };
       imagemagickBig = super.imagemagickBig.override { libX11Support = false; libXtSupport = false; };

diff --git a/nixos/modules/services/home-automation/ebusd.nix b/nixos/modules/services/home-automation/ebusd.nix
@@ -97,50 +97,50 @@ in
 
     logs = {
       main = mkOption {
-        type = types.enum [ "error" "notice" "info" "debug"];
+        type = types.enum [ "none" "error" "notice" "info" "debug"];
         default = "info";
         description = ''
-          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice].
+          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice].
         '';
       };
 
       network = mkOption {
-        type = types.enum [ "error" "notice" "info" "debug"];
+        type = types.enum [ "none" "error" "notice" "info" "debug"];
         default = "info";
         description = ''
-          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice].
+          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice].
         '';
       };
 
       bus = mkOption {
-        type = types.enum [ "error" "notice" "info" "debug"];
+        type = types.enum [ "none" "error" "notice" "info" "debug"];
         default = "info";
         description = ''
-          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice].
+          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice].
         '';
       };
 
       update = mkOption {
-        type = types.enum [ "error" "notice" "info" "debug"];
+        type = types.enum [ "none" "error" "notice" "info" "debug"];
         default = "info";
         description = ''
-          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice].
+          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice].
         '';
       };
 
       other = mkOption {
-        type = types.enum [ "error" "notice" "info" "debug"];
+        type = types.enum [ "none" "error" "notice" "info" "debug"];
         default = "info";
         description = ''
-          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice].
+          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice].
         '';
       };
 
       all = mkOption {
-        type = types.enum [ "error" "notice" "info" "debug"];
+        type = types.enum [ "none" "error" "notice" "info" "debug"];
         default = "info";
         description = ''
-          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice].
+          Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice].
         '';
       };
     };

diff --git a/nixos/modules/services/logging/logrotate.nix b/nixos/modules/services/logging/logrotate.nix
@@ -224,7 +224,7 @@ in
           and users are replaced by dummy users), so tests are complemented by a
           logrotate-checkconf service that is enabled by default.
           This extra check can be disabled by disabling it at the systemd level with the
-          {option}`services.systemd.services.logrotate-checkconf.enable` option.
+          {option}`systemd.services.logrotate-checkconf.enable` option.
 
           Conversely there are still things that might make this check fail incorrectly
           (e.g. a file path where we don't have access to intermediate directories):

diff --git a/nixos/modules/services/mail/mailman.nix b/nixos/modules/services/mail/mailman.nix
@@ -534,14 +534,11 @@ in {
               hyperkittyApiKey=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 64)
               secretKey=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 64)
 
-              mailmanWebCfgTmp=$(mktemp)
-              jq -n '.MAILMAN_ARCHIVER_KEY=$archiver_key | .SECRET_KEY=$secret_key' \
+              install -m 0440 -o root -g mailman \
+                <(jq -n '.MAILMAN_ARCHIVER_KEY=$archiver_key | .SECRET_KEY=$secret_key' \
                   --arg archiver_key "$hyperkittyApiKey" \
-                  --arg secret_key "$secretKey" \
-                  >"$mailmanWebCfgTmp"
-              chown root:mailman "$mailmanWebCfgTmp"
-              chmod 440 "$mailmanWebCfgTmp"
-              mv -n "$mailmanWebCfgTmp" "$mailmanWebCfg"
+                  --arg secret_key "$secretKey") \
+                "$mailmanWebCfg"
           fi
 
           hyperkittyApiKey="$(jq -r .MAILMAN_ARCHIVER_KEY "$mailmanWebCfg")"

diff --git a/nixos/tests/installed-tests/default.nix b/nixos/tests/installed-tests/default.nix
@@ -1,5 +1,5 @@
 # NixOS tests for gnome-desktop-testing-runner using software
-# See https://wiki.gnome.org/Initiatives/GnomeGoals/InstalledTests
+# See https://github.com/NixOS/nixpkgs/issues/34987
 
 { system ? builtins.currentSystem,
   config ? {},

diff --git a/nixos/tests/libreswan.nix b/nixos/tests/libreswan.nix
@@ -119,11 +119,11 @@ in
       with subtest("Libreswan is ready"):
           alice.wait_for_unit("ipsec")
           bob.wait_for_unit("ipsec")
-          alice.succeed("ipsec verify 1>&2")
+          alice.succeed("ipsec checkconfig")
 
       with subtest("Alice and Bob can start the tunnel"):
-          alice.execute("ipsec auto --start tunnel >&2 &")
-          bob.succeed("ipsec auto --start tunnel")
+          alice.execute("ipsec start tunnel >&2 &")
+          bob.succeed("ipsec start tunnel")
           # apparently this is needed to "wake" the tunnel
           bob.execute("ping -c1 alice")
 

diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix
@@ -1,7 +1,7 @@
 import ./make-test-python.nix ({ pkgs, ... }:
 
 let inherit (import ./ssh-keys.nix pkgs)
-      snakeOilPrivateKey snakeOilPublicKey;
+      snakeOilPrivateKey snakeOilPublicKey snakeOilEd25519PrivateKey snakeOilEd25519PublicKey;
 in {
   name = "openssh";
   meta = with pkgs.lib.maintainers; {
@@ -108,6 +108,31 @@ in {
         };
       };
 
+    server-no-openssl =
+      { ... }:
+      {
+        programs.ssh.package = pkgs.opensshPackages.openssh.override {
+          linkOpenssl = false;
+        };
+        services.openssh = {
+          enable = true;
+          hostKeys = [
+            { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+          ];
+          settings = {
+            # Must not specify the OpenSSL provided algorithms.
+            Ciphers = [ "chacha20-poly1305@openssh.com" ];
+            KexAlgorithms = [
+              "curve25519-sha256"
+              "curve25519-sha256@libssh.org"
+            ];
+          };
+        };
+        users.users.root.openssh.authorizedKeys.keys = [
+          snakeOilEd25519PublicKey
+        ];
+      };
+
     server-no-pam =
       { pkgs, ... }:
       {
@@ -139,6 +164,7 @@ in {
     server_allowed_users.wait_for_unit("sshd", timeout=30)
     server_localhost_only.wait_for_unit("sshd", timeout=30)
     server_match_rule.wait_for_unit("sshd", timeout=30)
+    server_no_openssl.wait_for_unit("sshd", timeout=30)
     server_no_pam.wait_for_unit("sshd", timeout=30)
 
     server_lazy.wait_for_unit("sshd.socket", timeout=30)
@@ -230,6 +256,16 @@ in {
             timeout=30
         )
 
+    with subtest("no-openssl"):
+        client.succeed(
+            "cat ${snakeOilEd25519PrivateKey} > privkey.snakeoil"
+        )
+        client.succeed("chmod 600 privkey.snakeoil")
+        client.succeed(
+            "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-no-openssl true",
+            timeout=30
+        )
+
     with subtest("no-pam"):
         client.succeed(
             "cat ${snakeOilPrivateKey} > privkey.snakeoil"

diff --git a/nixos/tests/ssh-keys.nix b/nixos/tests/ssh-keys.nix
@@ -12,4 +12,16 @@ pkgs:
     "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
     "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= snakeoil"
   ];
+
+  snakeOilEd25519PrivateKey = pkgs.writeText "privkey.snakeoil" ''
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACAYBTIWo1J4PkY4/7AhVyPT8xvAUI67tp+yYFFRdSm7+QAAAJC89yCivPcg
+    ogAAAAtzc2gtZWQyNTUxOQAAACAYBTIWo1J4PkY4/7AhVyPT8xvAUI67tp+yYFFRdSm7+Q
+    AAAEDJmKp3lX6Pz0unTc0QZwrHb8Eyr9fJUopE9d2/+q+eCxgFMhajUng+Rjj/sCFXI9Pz
+    G8BQjru2n7JgUVF1Kbv5AAAACnRvbUBvemRlc2sBAgM=
+    -----END OPENSSH PRIVATE KEY-----
+  '';
+
+  snakeOilEd25519PublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgFMhajUng+Rjj/sCFXI9PzG8BQjru2n7JgUVF1Kbv5 snakeoil";
 }
diff --git a/pkgs/applications/audio/easytag/default.nix b/pkgs/applications/audio/easytag/default.nix
@@ -34,7 +34,7 @@ in stdenv.mkDerivation rec {
   meta = with lib; {
     description = "View and edit tags for various audio files";
     mainProgram = "easytag";
-    homepage = "https://wiki.gnome.org/Apps/EasyTAG";
+    homepage = "https://gitlab.gnome.org/GNOME/easytag";
     license = licenses.gpl2Plus;
     maintainers = with maintainers; [ ];
     platforms = platforms.linux;

diff --git a/pkgs/applications/audio/gnome-podcasts/default.nix b/pkgs/applications/audio/gnome-podcasts/default.nix
@@ -69,7 +69,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "Listen to your favorite podcasts";
     mainProgram = "gnome-podcasts";
-    homepage = "https://wiki.gnome.org/Apps/Podcasts";
+    homepage = "https://apps.gnome.org/Podcasts/";
     license = licenses.gpl3Plus;
     maintainers = teams.gnome.members;
     platforms = platforms.unix;

diff --git a/pkgs/applications/audio/lollypop/default.nix b/pkgs/applications/audio/lollypop/default.nix
@@ -102,7 +102,7 @@ python3.pkgs.buildPythonApplication rec  {
   meta = with lib; {
     changelog = "https://gitlab.gnome.org/World/lollypop/tags/${version}";
     description = "A modern music player for GNOME";
-    homepage = "https://wiki.gnome.org/Apps/Lollypop";
+    homepage = "https://gitlab.gnome.org/World/lollypop";
     license = licenses.gpl3Plus;
     maintainers = with maintainers; [ lovesegfault ];
     platforms = platforms.linux;

diff --git a/pkgs/applications/audio/rhythmbox/default.nix b/pkgs/applications/audio/rhythmbox/default.nix
@@ -113,7 +113,7 @@ stdenv.mkDerivation rec {
   };
 
   meta = with lib; {
-    homepage = "https://wiki.gnome.org/Apps/Rhythmbox";
+    homepage = "https://gitlab.gnome.org/GNOME/rhythmbox";
     description = "A music playing application for GNOME";
     license = licenses.gpl2Plus;
     platforms = platforms.linux;

diff --git a/pkgs/applications/audio/sonic-pi/default.nix b/pkgs/applications/audio/sonic-pi/default.nix
@@ -41,13 +41,13 @@
 
 stdenv.mkDerivation rec {
   pname = "sonic-pi";
-  version = "4.5.0";
+  version = "4.5.1";
 
   src = fetchFromGitHub {
     owner = "sonic-pi-net";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-s9B3OBwiUdCJyxbeQXeidv38pzmvC442Byl+llabqp0=";
+    hash = "sha256-JMextQY0jLShWmqRQoVAbqIzDhA1mOzI7vfsG7+jjX0=";
   };
 
   mixFodDeps = beamPackages.fetchMixDeps {

diff --git a/pkgs/applications/audio/sound-juicer/default.nix b/pkgs/applications/audio/sound-juicer/default.nix
@@ -63,7 +63,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "A Gnome CD Ripper";
     mainProgram = "sound-juicer";
-    homepage = "https://wiki.gnome.org/Apps/SoundJuicer";
+    homepage = "https://gitlab.gnome.org/GNOME/sound-juicer";
     maintainers = [ maintainers.bdimcheff ];
     license = licenses.gpl2Plus;
     platforms = platforms.linux;

diff --git a/pkgs/applications/backup/deja-dup/default.nix b/pkgs/applications/backup/deja-dup/default.nix
@@ -71,7 +71,7 @@ stdenv.mkDerivation (finalAttrs: {
       of backing up the Right Way (encrypted, off-site, and regular) \
       and uses duplicity as the backend.
     '';
-    homepage = "https://wiki.gnome.org/Apps/DejaDup";
+    homepage = "https://apps.gnome.org/DejaDup/";
     license = licenses.gpl3Plus;
     maintainers = with maintainers; [ jtojnar ];
     platforms = platforms.linux;

diff --git a/pkgs/applications/editors/emacs/elisp-packages/manual-packages/tree-sitter-langs/default.nix b/pkgs/applications/editors/emacs/elisp-packages/manual-packages/tree-sitter-langs/default.nix
@@ -16,9 +16,8 @@
 let
   inherit (melpaStablePackages) tree-sitter-langs;
 
-  libSuffix = if stdenv.isDarwin then "dylib" else "so";
   langName = g: lib.removeSuffix "-grammar" (lib.removePrefix "tree-sitter-" g.pname);
-  soName = g: langName g + "." + libSuffix;
+  soName = g: langName g + stdenv.hostPlatform.extensions.sharedLibrary;
 
   grammarDir = runCommand "emacs-tree-sitter-grammars" {
     # Fake same version number as upstream language bundle to prevent triggering runtime downloads

diff --git a/pkgs/applications/editors/gnome-builder/default.nix b/pkgs/applications/editors/gnome-builder/default.nix
@@ -169,7 +169,7 @@ stdenv.mkDerivation rec {
       currently recommend running gnome-builder inside a nix-shell with
       appropriate dependencies loaded.
     '';
-    homepage = "https://wiki.gnome.org/Apps/Builder";
+    homepage = "https://apps.gnome.org/Builder/";
     license = licenses.gpl3Plus;
     maintainers = teams.gnome.members;
     platforms = platforms.linux;

diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix
@@ -3446,6 +3446,8 @@ let
         };
       };
 
+      reditorsupport.r = callPackage ./reditorsupport.r { };
+
       reloadedextensions.reloaded-cpp = buildVscodeMarketplaceExtension {
         mktplcRef = {
           name = "reloaded-cpp";
@@ -4571,6 +4573,22 @@ let
         };
       };
 
+      vue.volar = buildVscodeMarketplaceExtension {
+        mktplcRef = {
+          name = "volar";
+          publisher = "Vue";
+          version = "2.0.16";
+          hash = "sha256-RTBbF7qahYP4L7SZ/5aCM/e5crZAyyPRcgL48FVL1jk=";
+        };
+        meta = {
+          changelog = "https://github.com/vuejs/language-tools/blob/master/CHANGELOG.md";
+          description = "The official Vue VSCode extension";
+          downloadPage = "https://marketplace.visualstudio.com/items?itemName=Vue.volar";
+          homepage = "https://github.com/vuejs/language-tools";
+          license = lib.licenses.mit;
+        };
+      };
+
       vspacecode.whichkey = buildVscodeMarketplaceExtension {
         mktplcRef = {
           name = "whichkey";
@@ -4583,6 +4601,22 @@ let
         };
       };
 
+      vue.vscode-typescript-vue-plugin = buildVscodeMarketplaceExtension {
+        mktplcRef = {
+          name = "vscode-typescript-vue-plugin";
+          publisher = "Vue";
+          version = "1.8.27";
+          hash = "sha256-ym1+WPKBcn4h9lqSFVehfiDoGUEviOSEVXVLhHcYvfc=";
+        };
+        meta = {
+          changelog = "https://marketplace.visualstudio.com/items/Vue.vscode-typescript-vue-plugin/changelog";
+          description = "Vue VSCode extension for TypeScript";
+          downloadPage = "https://marketplace.visualstudio.com/items?itemName=Vue.vscode-typescript-vue-plugin";
+          homepage = "https://github.com/vuejs/language-tools";
+          license = lib.licenses.mit;
+        };
+      };
+
       waderyan.gitblame = buildVscodeMarketplaceExtension {
         mktplcRef = {
           name = "gitblame";