Merge #328673: staging-next 2024-07-20

NixOS · Jul 28, 2024 · a5b2fe7 · a5b2fe7
2 parents 4ca52fd + ca0d8e5
commit a5b2fe7
Show file tree

Hide file tree

Showing 942 changed files with 15,030 additions and 11,841 deletions.
diff --git a/doc/languages-frameworks/rust.section.md b/doc/languages-frameworks/rust.section.md
@@ -46,19 +46,24 @@ rustPlatform.buildRustPackage rec {
 }
 ```
 
-`buildRustPackage` requires either a `cargoHash` (preferred) or a
-`cargoSha256` attribute, computed over all crate sources of this package.
-`cargoHash` supports [SRI](https://www.w3.org/TR/SRI/) hashes and should be
-preferred over `cargoSha256` which was used for traditional Nix SHA-256 hashes.
-For example:
+`buildRustPackage` requires a `cargoHash` attribute, computed over all crate sources of this package.
+
+::: {.warning}
+`cargoSha256` is already deprecated, and is subject to removal in favor of
+`cargoHash` which supports [SRI](https://www.w3.org/TR/SRI/) hashes.
+
+If you are still using `cargoSha256`, you can simply replace it with
+`cargoHash` and recompute the hash, or convert the original sha256 to SRI
+hash using `nix-hash --to-sri --type sha256 "<original sha256>"`.
+:::
 
 ```nix
 {
  cargoHash = "sha256-l1vL2ZdtDRxSGvP0X/l3nMw8+6WF67KPutJEzUROjg8=";
 }
 ```
 
-Exception: If the application has cargo `git` dependencies, the `cargoHash`/`cargoSha256`
+Exception: If the application has cargo `git` dependencies, the `cargoHash`
 approach will not work, and you will need to copy the `Cargo.lock` file of the application
 to nixpkgs and continue with the next section for specifying the options of the `cargoLock`
 section.
@@ -76,14 +81,6 @@ then be taken from the failed build. A fake hash can be used for
 }
 ```
 
-For `cargoSha256` you can use:
-
-```nix
-{
- cargoSha256 = lib.fakeSha256;
-}
-```
-
 Per the instructions in the [Cargo Book](https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html)
 best practices guide, Rust applications should always commit the `Cargo.lock`
 file in git to ensure a reproducible build. However, a few packages do not, and
@@ -98,7 +95,7 @@ directory into a tar.gz archive.
 The tarball with vendored dependencies contains a directory with the
 package's `name`, which is normally composed of `pname` and
 `version`. This means that the vendored dependencies hash
-(`cargoHash`/`cargoSha256`) is dependent on the package name and
+(`cargoHash`) is dependent on the package name and
 version. The `cargoDepsName` attribute can be used to use another name
 for the directory of vendored dependencies. For example, the hash can
 be made invariant to the version by setting `cargoDepsName` to
@@ -123,7 +120,7 @@ rustPlatform.buildRustPackage rec {
 
 ### Importing a `Cargo.lock` file {#importing-a-cargo.lock-file}
 
-Using a vendored hash (`cargoHash`/`cargoSha256`) is tedious when using
+Using a vendored hash (`cargoHash`) is tedious when using
 `buildRustPackage` within a project, since it requires that the hash
 is updated after every change to `Cargo.lock`. Therefore,
 `buildRustPackage` also supports vendoring dependencies directly from

diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -252,6 +252,9 @@
 - The `services.mxisd` module has been removed as both [mxisd](https://github.com/kamax-matrix/mxisd) and [ma1sd](https://github.com/ma1uta/ma1sd) are not maintained any longer.
  Consequently the package `pkgs.ma1sd` has also been removed.
 
+- `ffmpeg_5` has been removed. Please use the unversioned `ffmpeg`,
+ pin a newer version, or if necessary pin `ffmpeg_4` for compatibility.
+
 ## Other Notable Changes {#sec-release-24.11-notable-changes}
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@@ -260,6 +263,11 @@
 
 - The `stackclashprotection` hardening flag has been added, though disabled by default.
 
+- `cargoSha256` in `rustPlatform.buildRustPackage` has been deprecated in favor
+ of `cargoHash` which supports SRI hashes. See
+ [buildRustPackage: Compiling Rust applications with Cargo](https://nixos.org/manual/nixpkgs/unstable/#compiling-rust-applications-with-cargo)
+ for more information.
+
 - `hareHook` has been added as the language framework for Hare. From now on, it,
  not the `hare` package, should be added to `nativeBuildInputs` when building
  Hare programs.
@@ -293,6 +301,8 @@
  {option}`services.gitlab-runner.services.<name>.authenticationTokenConfigFile` instead of the former
  {option}`services.gitlab-runner.services.<name>.registrationConfigFile` option.
 
+- `iproute2` now has libbpf support.
+
 - `nix.channel.enable = false` no longer implies `nix.settings.nix-path = []`.
  Since Nix 2.13, a `nix-path` set in `nix.conf` cannot be overriden by the `NIX_PATH` configuration variable.
 

diff --git a/nixos/lib/systemd-lib.nix b/nixos/lib/systemd-lib.nix
@@ -169,6 +169,10 @@ in rec {
  optional (attr ? ${name} && !isInt attr.${name})
  "Systemd ${group} field `${name}' is not an integer";
 
+ assertRemoved = name: see: group: attr:
+ optional (attr ? ${name})
+ "Systemd ${group} field `${name}' has been removed. See ${see}";
+
  checkUnitConfig = group: checks: attrs: let
  # We're applied at the top-level type (attrsOf unitOption), so the actual
  # unit options might contain attributes from mkOverride and mkIf that we need to

diff --git a/nixos/lib/systemd-types.nix b/nixos/lib/systemd-types.nix
@@ -45,12 +45,61 @@ let
 
  inherit (lib.types)
  attrsOf
+ coercedTo
+ enum
  lines
  listOf
  nullOr
+ oneOf
+ package
  path
+ singleLineStr
  submodule
  ;
+
+ initrdStorePathModule = { config, ... }: {
+ options = {
+ enable = (mkEnableOption "copying of this file and symlinking it") // { default = true; };
+
+ target = mkOption {
+ type = nullOr path;
+ description = ''
+ Path of the symlink.
+ '';
+ default = null;
+ };
+
+ source = mkOption {
+ type = path;
+ description = "Path of the source file.";
+ };
+
+ dlopen = {
+ usePriority = mkOption {
+ type = enum [ "required" "recommended" "suggested" ];
+ default = "recommended";
+ description = ''
+ Priority of dlopen ELF notes to include. "required" is
+ minimal, "recommended" includes "required", and
+ "suggested" includes "recommended".
+
+ See: https://systemd.io/ELF_DLOPEN_METADATA/
+ '';
+ };
+
+ features = mkOption {
+ type = listOf singleLineStr;
+ default = [ ];
+ description = ''
+ Features to enable via dlopen ELF notes. These will be in
+ addition to anything included via 'usePriority',
+ regardless of their priority.
+ '';
+ };
+ };
+ };
+ };
+
 in
 
 {
@@ -86,31 +135,23 @@ in
  automounts = listOf (submodule [ stage2AutomountOptions unitConfig automountConfig ]);
  initrdAutomounts = attrsOf (submodule [ stage1AutomountOptions unitConfig automountConfig ]);
 
+ initrdStorePath = listOf (coercedTo
+ (oneOf [ singleLineStr package ])
+ (source: { inherit source; })
+ (submodule initrdStorePathModule));
+
  initrdContents = attrsOf (submodule ({ config, options, name, ... }: {
+ imports = [ initrdStorePathModule ];
  options = {
- enable = (mkEnableOption "copying of this file and symlinking it") // { default = true; };
-
- target = mkOption {
- type = path;
- description = ''
- Path of the symlink.
- '';
- default = name;
- };
-
  text = mkOption {
  default = null;
  type = nullOr lines;
  description = "Text of the file.";
  };
-
- source = mkOption {
- type = path;
- description = "Path of the source file.";
- };
  };
 
  config = {
+ target = mkDefault name;
  source = mkIf (config.text != null) (
  let name' = "initrd-" + baseNameOf name;
  in mkDerivedConfig options.text (pkgs.writeText name')

diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix
@@ -33,7 +33,6 @@ with lib;
  fastfetch = super.fastfetch.override { vulkanSupport = false; waylandSupport = false; x11Support = false; };
  ffmpeg = super.ffmpeg.override { ffmpegVariant = "headless"; };
  ffmpeg_4 = super.ffmpeg_4.override { ffmpegVariant = "headless"; };
- ffmpeg_5 = super.ffmpeg_5.override { ffmpegVariant = "headless"; };
  ffmpeg_6 = super.ffmpeg_6.override { ffmpegVariant = "headless"; };
  ffmpeg_7 = super.ffmpeg_7.override { ffmpegVariant = "headless"; };
  # dep of graphviz, libXpm is optional for Xpm support

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -356,6 +356,7 @@
  ./security/systemd-confinement.nix
  ./security/tpm2.nix
  ./security/wrappers/default.nix
+ ./services/accessibility/speechd.nix
  ./services/admin/docuum.nix
  ./services/admin/meshcentral.nix
  ./services/admin/oxidized.nix

diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix
@@ -126,5 +126,15 @@ with lib;
 
  # allow nix-copy to live system
  nix.settings.trusted-users = [ "root" "nixos" ];
+
+ # Install less voices for speechd to save some space
+ services.speechd.package = pkgs.speechd.override {
+ mbrola = pkgs.mbrola.override {
+ mbrola-voices = pkgs.mbrola-voices.override {
+ # only ship with one voice per language
+ languages = [ "*1" ];
+ };
+ };
+ };
  };
 }
diff --git a/nixos/modules/programs/nix-required-mounts.nix b/nixos/modules/programs/nix-required-mounts.nix
@@ -47,7 +47,7 @@ let
  );
 
  driverPaths = [
- pkgs.addOpenGLRunpath.driverLink
+ pkgs.addDriverRunpath.driverLink
 
  # mesa:
  config.hardware.opengl.package
@@ -84,7 +84,7 @@ in
  {
  opengl.paths = config.hardware.opengl.extraPackages ++ [
  config.hardware.opengl.package
- pkgs.addOpenGLRunpath.driverLink
+ pkgs.addDriverRunpath.driverLink
  "/dev/dri"
  ];
  }

diff --git a/nixos/modules/services/accessibility/speechd.nix b/nixos/modules/services/accessibility/speechd.nix
@@ -0,0 +1,32 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+let
+ cfg = config.services.speechd;
+ inherit (lib)
+ getExe
+ mkEnableOption
+ mkIf
+ mkPackageOption
+ ;
+in
+{
+ options.services.speechd = {
+ # FIXME: figure out how to deprecate this EXTREMELY CAREFULLY
+ # default guessed conservatively in ../misc/graphical-desktop.nix
+ enable = mkEnableOption "speech-dispatcher speech synthesizer daemon";
+ package = mkPackageOption pkgs "speechd" { };
+ };
+
+ # FIXME: speechd 0.12 (or whatever the next version is)
+ # will support socket activation, so switch to that once it's out.
+ config = mkIf cfg.enable {
+ environment = {
+ systemPackages = [ cfg.package ];
+ sessionVariables.SPEECHD_CMD = getExe cfg.package;
+ };
+ };
+}
diff --git a/nixos/modules/services/misc/graphical-desktop.nix b/nixos/modules/services/misc/graphical-desktop.nix
@@ -42,6 +42,8 @@ in
 
  programs.gnupg.agent.pinentryPackage = lib.mkOverride 1100 pkgs.pinentry-gnome3;
 
+ services.speechd.enable = lib.mkDefault true;
+
  systemd.defaultUnit = lib.mkIf (xcfg.autorun || dmcfg.enable) "graphical.target";
 
  xdg = {

diff --git a/nixos/modules/services/video/frigate.nix b/nixos/modules/services/video/frigate.nix
@@ -403,7 +403,7 @@ in
  path = with pkgs; [
  # unfree:
  # config.boot.kernelPackages.nvidiaPackages.latest.bin
- ffmpeg_5-headless
+ ffmpeg-headless
  libva-utils
  procps
  radeontop

diff --git a/nixos/modules/services/web-apps/akkoma.nix b/nixos/modules/services/web-apps/akkoma.nix
@@ -452,9 +452,9 @@ in {
 
  extraPackages = mkOption {
  type = with types; listOf package;
- default = with pkgs; [ exiftool ffmpeg_5-headless graphicsmagick-imagemagick-compat ];
- defaultText = literalExpression "with pkgs; [ exiftool graphicsmagick-imagemagick-compat ffmpeg_5-headless ]";
- example = literalExpression "with pkgs; [ exiftool imagemagick ffmpeg_5-full ]";
+ default = with pkgs; [ exiftool ffmpeg-headless graphicsmagick-imagemagick-compat ];
+ defaultText = literalExpression "with pkgs; [ exiftool ffmpeg-headless graphicsmagick-imagemagick-compat ]";
+ example = literalExpression "with pkgs; [ exiftool ffmpeg-full imagemagick ]";
  description = ''
  List of extra packages to include in the executable search path of the service unit.
  These are needed by various configurable components such as:

diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix
@@ -18,12 +18,16 @@ let
  "ManageForeignRoutes"
  "RouteTable"
  "IPv6PrivacyExtensions"
+ "IPv4Forwarding"
+ "IPv6Forwarding"
  ])
  (assertValueOneOf "SpeedMeter" boolValues)
  (assertInt "SpeedMeterIntervalSec")
  (assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues)
  (assertValueOneOf "ManageForeignRoutes" boolValues)
  (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"]))
+ (assertValueOneOf "IPv4Forwarding" boolValues)
+ (assertValueOneOf "IPv6Forwarding" boolValues)
  ];
 
  sectionDHCPv4 = checkUnitConfig "DHCPv4" [
@@ -652,6 +656,8 @@ let
  "DNSDefaultRoute"
  "NTP"
  "IPForward"
+ "IPv4Forwarding"
+ "IPv6Forwarding"
  "IPMasquerade"
  "IPv6PrivacyExtensions"
  "IPv6AcceptRA"
@@ -700,7 +706,9 @@ let
  (assertValueOneOf "LLDP" (boolValues ++ ["routers-only"]))
  (assertValueOneOf "EmitLLDP" (boolValues ++ ["nearest-bridge" "non-tpmr-bridge" "customer-bridge"]))
  (assertValueOneOf "DNSDefaultRoute" boolValues)
- (assertValueOneOf "IPForward" (boolValues ++ ["ipv4" "ipv6"]))
+ (assertRemoved "IPForward" "IPv4Forwarding and IPv6Forwarding in systemd.network(5) and networkd.conf(5)")
+ (assertValueOneOf "IPv4Forwarding" boolValues)
+ (assertValueOneOf "IPv6Forwarding" boolValues)
  (assertValueOneOf "IPMasquerade" (boolValues ++ ["ipv4" "ipv6" "both"]))
  (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"]))
  (assertValueOneOf "IPv6AcceptRA" boolValues)
@@ -2835,6 +2843,7 @@ let
  "systemd-networkd-wait-online.service"
  "systemd-networkd.service"
  "systemd-networkd.socket"
+ "systemd-networkd-persistent-storage.service"
  ];
 
  environment.etc."systemd/networkd.conf" = renderConfig cfg.config;

diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix
@@ -131,6 +131,7 @@ let
 
  # Copy udev.
  copy_bin_and_libs ${udev}/bin/udevadm
+ cp ${lib.getLib udev.kmod}/lib/libkmod.so* $out/lib
  copy_bin_and_libs ${udev}/lib/systemd/systemd-sysctl
  for BIN in ${udev}/lib/udev/*_id; do
  copy_bin_and_libs $BIN