Merge master into haskell-updates

NixOS · Jun 6, 2024 · bd4363d · bd4363d
2 parents 6f29411 + 8b79deb
commit bd4363d
Show file tree

Hide file tree

Showing 241 changed files with 10,393 additions and 2,155 deletions.
diff --git a/doc/languages-frameworks/dart.section.md b/doc/languages-frameworks/dart.section.md
@@ -98,10 +98,12 @@ The function `buildFlutterApplication` builds Flutter applications.
 
 See the [Dart documentation](#ssec-dart-applications) for more details on required files and arguments.
 
+`flutter` in Nixpkgs always points to `flutterPackages.stable`, which is the latest packaged version. To avoid unforeseen breakage during upgrade, packages in Nixpkgs should use a specific flutter version, such as `flutter319` and `flutter322`, instead of using `flutter` directly.
+
 ```nix
 {  flutter, fetchFromGitHub }:
 
-flutter.buildFlutterApplication {
+flutter322.buildFlutterApplication {
   pname = "firmware-updater";
   version = "0-unstable-2023-04-30";
 

diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
@@ -12825,6 +12825,12 @@
     githubId = 952712;
     name = "Matt Christ";
   };
+  matteopacini = {
+    email = "[email protected]";
+    github = "matteo-pacini";
+    githubId = 3139724;
+    name = "Matteo Pacini";
+  };
   matthewbauer = {
     email = "[email protected]";
     github = "matthewbauer";
@@ -15212,6 +15218,12 @@
     githubId = 30825096;
     name = "Ning Zhang";
   };
+  o0th = {
+    email = "[email protected]";
+    name = "Sabato Luca Guadagno";
+    github = "o0th";
+    githubId = 22490354;
+  };
   oaksoaj = {
     email = "[email protected]";
     name = "Oaksoaj";

diff --git a/nixos/doc/manual/development/bootspec.chapter.md b/nixos/doc/manual/development/bootspec.chapter.md
@@ -1,17 +1,17 @@
-# Experimental feature: Bootspec {#sec-experimental-bootspec}
+# Bootspec {#sec-bootspec}
 
-Bootspec is a experimental feature, introduced in the [RFC-0125 proposal](https://github.com/NixOS/rfcs/pull/125), the reference implementation can be found [there](https://github.com/NixOS/nixpkgs/pull/172237) in order to standardize bootloader support
-and advanced boot workflows such as SecureBoot and potentially more.
+Bootspec is a feature introduced in [RFC-0125](https://github.com/NixOS/rfcs/pull/125) in order to standardize bootloader support and advanced boot workflows such as SecureBoot and potentially more.
+The reference implementation can be found [here](https://github.com/NixOS/nixpkgs/pull/172237).
 
-You can enable the creation of bootspec documents through [`boot.bootspec.enable = true`](options.html#opt-boot.bootspec.enable), which will prompt a warning until [RFC-0125](https://github.com/NixOS/rfcs/pull/125) is officially merged.
+The creation of bootspec documents is enabled by default.
 
-## Schema {#sec-experimental-bootspec-schema}
+## Schema {#sec-bootspec-schema}
 
 The bootspec schema is versioned and validated against [a CUE schema file](https://cuelang.org/) which should considered as the source of truth for your applications.
 
 You will find the current version [here](../../../modules/system/activation/bootspec.cue).
 
-## Extensions mechanism {#sec-experimental-bootspec-extensions}
+## Extensions mechanism {#sec-bootspec-extensions}
 
 Bootspec cannot account for all usecases.
 
@@ -29,8 +29,9 @@ An example for SecureBoot is to get the Nix store path to `/etc/os-release` in o
 
 To reduce incompatibility and prevent names from clashing between applications, it is **highly recommended** to use a unique namespace for your extensions.
 
-## External bootloaders {#sec-experimental-bootspec-external-bootloaders}
+## External bootloaders {#sec-bootspec-external-bootloaders}
 
 It is possible to enable your own bootloader through [`boot.loader.external.installHook`](options.html#opt-boot.loader.external.installHook) which can wrap an existing bootloader.
 
-Currently, there is no good story to compose existing bootloaders to enrich their features, e.g. SecureBoot, etc. It will be necessary to reimplement or reuse existing parts.
+Currently, there is no good story to compose existing bootloaders to enrich their features, e.g. SecureBoot, etc.
+It will be necessary to reimplement or reuse existing parts.
diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -8,16 +8,26 @@
 
 ## New Services {#sec-release-24.11-new-services}
 
-- Create the first release note entry in this section!
+- [Open-WebUI](https://github.com/open-webui/open-webui), a user-friendly WebUI
+  for LLMs. Available as [services.open-webui](#opt-services.open-webui.enable)
+  service.
 
 ## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
 
 - `nginx` package no longer includes `gd` and `geoip` dependencies. For enabling it, override `nginx` package with the optionals `withImageFilter` and `withGeoIP`.
 
+- `openssh` and `openssh_hpn` are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components for the majority of users. Users needing this support can
+  use the new `opensshWithKerberos` and `openssh_hpnWithKerberos` flavors (e.g. `programs.ssh.package = pkgs.openssh_gssapi`).
+
 - `nvimpager` was updated to version 0.13.0, which changes the order of user and
   nvimpager settings: user commands in `-c` and `--cmd` now override the
   respective default settings because they are executed later.
 
+- `services.forgejo.mailerPasswordFile` has been deprecated by the drop-in replacement `services.forgejo.secrets.mailer.PASSWD`,
+  which is part of the new free-form `services.forgejo.secrets` option.
+  `services.forgejo.secrets` is a small wrapper over systemd's `LoadCredential=`. It has the same structure (sections/keys) as
+  `services.forgejo.settings` but takes file paths that will be read before service startup instead of some plaintext value.
+
 - The Invoiceplane module now only accepts the structured `settings` option.
   `extraConfig` is now removed.
 

diff --git a/nixos/modules/programs/wayland/hyprland.nix b/nixos/modules/programs/wayland/hyprland.nix
@@ -69,7 +69,8 @@ in
 
     (import ./wayland-session.nix {
       inherit lib pkgs;
-      xwayland = cfg.xwayland.enable;
+      enableXWayland = cfg.xwayland.enable;
+      enableWlrPortal = false; # Hyprland has its own portal, wlr is not needed
     })
   ]);
 
@@ -87,4 +88,6 @@ in
       "Nvidia patches are no longer needed"
     )
   ];
+
+  meta.maintainers = with lib.maintainers; [ fufexan ];
 }
diff --git a/nixos/modules/programs/wayland/river.nix b/nixos/modules/programs/wayland/river.nix
@@ -57,7 +57,7 @@ in
 
     (import ./wayland-session.nix {
       inherit lib pkgs;
-      xwayland = cfg.xwayland.enable;
+      enableXWayland = cfg.xwayland.enable;
     })
   ]);
 

diff --git a/nixos/modules/programs/wayland/sway.nix b/nixos/modules/programs/wayland/sway.nix
@@ -140,7 +140,7 @@ in
 
     (import ./wayland-session.nix {
       inherit lib pkgs;
-      xwayland = cfg.xwayland.enable;
+      enableXWayland = cfg.xwayland.enable;
     })
   ]);
 

diff --git a/nixos/modules/programs/wayland/wayland-session.nix b/nixos/modules/programs/wayland/wayland-session.nix
@@ -1,4 +1,9 @@
-{ lib, pkgs, xwayland ? true }:
+{
+  lib,
+  pkgs,
+  enableXWayland ? true,
+  enableWlrPortal ? true,
+}:
 
 {
   security = {
@@ -11,8 +16,12 @@
 
   programs = {
     dconf.enable = lib.mkDefault true;
-    xwayland.enable = lib.mkDefault xwayland;
+    xwayland.enable = lib.mkDefault enableXWayland;
   };
 
-  xdg.portal.wlr.enable = lib.mkDefault true;
+  xdg.portal.wlr.enable = enableWlrPortal;
+
+  # Window manager only sessions (unlike DEs) don't handle XDG
+  # autostart files, so force them to run the service
+  services.xserver.desktopManager.runXdgAutostartIfNone = lib.mkDefault true;
 }