Merge staging-next into staging

.git-blame-ignore-revs

@@ -36,3 +36,6 @@ d08ede042b74b8199dc748323768227b88efcf7c
 
 # fix indentation in mk-python-derivation.nix
 d1c1a0c656ccd8bd3b25d3c4287f2d075faf3cf3
+
+# fix indentation in meteor default.nix
+f76b359e4a55267ddd4e9e149e7cc13ae5cad98a

nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

@@ -143,6 +143,13 @@
           <link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://komga.org/">Komga</link>, a free and
+          open source comics/mangas media server. Available as
+          <link linkend="opt-services.komga.enable">services.komga</link>.
+        </para>
+      </listitem>
       <listitem>
         <para>
           <link xlink:href="https://hbase.apache.org/">HBase

nixos/doc/manual/release-notes/rl-2211.section.md

@@ -61,6 +61,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable).
 
+- [Komga](https://komga.org/), a free and open source comics/mangas media server. Available as [services.komga](#opt-services.komga.enable).
+
 - [HBase cluster](https://hbase.apache.org/), a distributed, scalable, big data store. Available as [services.hadoop.hbase](options.html#opt-services.hadoop.hbase.enable).
 
 - [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.

nixos/modules/module-list.nix

@@ -1078,6 +1078,7 @@
   ./services/web-apps/jirafeau.nix
   ./services/web-apps/jitsi-meet.nix
   ./services/web-apps/keycloak.nix
+  ./services/web-apps/komga.nix
   ./services/web-apps/lemmy.nix
   ./services/web-apps/invidious.nix
   ./services/web-apps/invoiceplane.nix

nixos/modules/services/web-apps/komga.nix

@@ -0,0 +1,99 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.services.komga;
+
+in {
+  options = {
+    services.komga = {
+      enable = mkEnableOption "Komga, a free and open source comics/mangas media server";
+
+      port = mkOption {
+        type = types.port;
+        default = 8080;
+        description = lib.mdDoc ''
+          The port that Komga will listen on.
+        '';
+      };
+
+      user = mkOption {
+        type = types.str;
+        default = "komga";
+        description = lib.mdDoc ''
+          User account under which Komga runs.
+        '';
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = "komga";
+        description = lib.mdDoc ''
+          Group under which Komga runs.
+        '';
+      };
+
+      stateDir = mkOption {
+        type = types.str;
+        default = "/var/lib/komga";
+        description = lib.mdDoc ''
+          State and configuration directory Komga will use.
+        '';
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = lib.mdDoc ''
+          Whether to open the firewall for the port in {option}`services.komga.port`.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
+
+    users.groups = mkIf (cfg.group == "komga") {
+      komga = {};
+    };
+
+    users.users = mkIf (cfg.user == "komga") {
+      komga = {
+        group = cfg.group;
+        home = cfg.stateDir;
+        description = "Komga Daemon user";
+        isSystemUser = true;
+      };
+    };
+
+    systemd.services.komga = {
+      environment = {
+        SERVER_PORT = builtins.toString cfg.port;
+        KOMGA_CONFIGDIR = cfg.stateDir;
+      };
+
+      description = "Komga is a free and open source comics/mangas media server";
+
+      wantedBy = [ "multi-user.target" ];
+      wants = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+
+        Type = "simple";
+        Restart = "on-failure";
+        ExecStart = "${pkgs.komga}/bin/komga";
+
+        StateDirectory = mkIf (cfg.stateDir == "/var/lib/komga") "komga";
+      };
+
+    };
+  };
+
+  meta.maintainers = with maintainers; [ govanify ];
+}

nixos/modules/virtualisation/containers.nix

@@ -8,20 +8,20 @@ let
 in
 {
   meta = {
-    maintainers = [] ++ lib.teams.podman.members;
+    maintainers = [ ] ++ lib.teams.podman.members;
   };
 
 
   imports = [
     (
       lib.mkRemovedOptionModule
-      [ "virtualisation" "containers" "users" ]
-      "All users with `isNormalUser = true` set now get appropriate subuid/subgid mappings."
+        [ "virtualisation" "containers" "users" ]
+        "All users with `isNormalUser = true` set now get appropriate subuid/subgid mappings."
     )
     (
       lib.mkRemovedOptionModule
-      [ "virtualisation" "containers" "containersConf" "extraConfig" ]
-      "Use virtualisation.containers.containersConf.settings instead."
+        [ "virtualisation" "containers" "containersConf" "extraConfig" ]
+        "Use virtualisation.containers.containersConf.settings instead."
     )
   ];
 
@@ -87,7 +87,7 @@ in
       };
 
       insecure = mkOption {
-        default = [];
+        default = [ ];
         type = types.listOf types.str;
         description = lib.mdDoc ''
           List of insecure repositories.
@@ -95,7 +95,7 @@ in
       };
 
       block = mkOption {
-        default = [];
+        default = [ ];
         type = types.listOf types.str;
         description = lib.mdDoc ''
           List of blocked repositories.
@@ -104,7 +104,7 @@ in
     };
 
     policy = mkOption {
-      default = {};
+      default = { };
       type = types.attrs;
       example = literalExpression ''
         {
@@ -149,7 +149,7 @@ in
     };
 
     environment.etc."containers/policy.json".source =
-      if cfg.policy != {} then pkgs.writeText "policy.json" (builtins.toJSON cfg.policy)
+      if cfg.policy != { } then pkgs.writeText "policy.json" (builtins.toJSON cfg.policy)
       else utils.copyFile "${pkgs.skopeo.src}/default-policy.json";
   };
 

nixos/modules/virtualisation/podman/default.nix

@@ -12,10 +12,11 @@ let
   });
 
   # Provides a fake "docker" binary mapping to podman
-  dockerCompat = pkgs.runCommand "${podmanPackage.pname}-docker-compat-${podmanPackage.version}" {
-    outputs = [ "out" "man" ];
-    inherit (podmanPackage) meta;
-  } ''
+  dockerCompat = pkgs.runCommand "${podmanPackage.pname}-docker-compat-${podmanPackage.version}"
+    {
+      outputs = [ "out" "man" ];
+      inherit (podmanPackage) meta;
+    } ''
     mkdir -p $out/bin
     ln -s ${podmanPackage}/bin/podman $out/bin/docker
 
@@ -26,13 +27,14 @@ let
     done
   '';
 
-  net-conflist = pkgs.runCommand "87-podman-bridge.conflist" {
-    nativeBuildInputs = [ pkgs.jq ];
-    extraPlugins = builtins.toJSON cfg.defaultNetwork.extraPlugins;
-    jqScript = ''
-      . + { "plugins": (.plugins + $extraPlugins) }
-    '';
-  } ''
+  net-conflist = pkgs.runCommand "87-podman-bridge.conflist"
+    {
+      nativeBuildInputs = [ pkgs.jq ];
+      extraPlugins = builtins.toJSON cfg.defaultNetwork.extraPlugins;
+      jqScript = ''
+        . + { "plugins": (.plugins + $extraPlugins) }
+      '';
+    } ''
     jq <${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist \
       --argjson extraPlugins "$extraPlugins" \
       "$jqScript" \
@@ -119,7 +121,7 @@ in
 
     defaultNetwork.extraPlugins = lib.mkOption {
       type = types.listOf json.type;
-      default = [];
+      default = [ ];
       description = lib.mdDoc ''
         Extra CNI plugin configurations to add to podman's default network.
       '';
@@ -167,14 +169,15 @@ in
           grep -v 'D! /run/podman 0700 root root' \
             <$package/lib/tmpfiles.d/podman.conf \
             >$out/lib/tmpfiles.d/podman.conf
-        '') ];
+        '')
+      ];
 
       systemd.tmpfiles.rules =
         lib.optionals cfg.dockerSocket.enable [
           "L! /run/docker.sock - - - - /run/podman/podman.sock"
         ];
 
-      users.groups.podman = {};
+      users.groups.podman = { };
 
       assertions = [
         {

nixos/modules/virtualisation/podman/network-socket-ghostunnel.nix

@@ -26,7 +26,7 @@ in
         allowAll = lib.mkDefault true;
       };
     };
-    systemd.services.ghostunnel-server-podman-socket.serviceConfig.SupplementaryGroups = ["podman"];
+    systemd.services.ghostunnel-server-podman-socket.serviceConfig.SupplementaryGroups = [ "podman" ];
 
   };
 

nixos/modules/virtualisation/podman/network-socket.nix

@@ -31,7 +31,7 @@ in
     };
 
     server = mkOption {
-      type = types.enum [];
+      type = types.enum [ ];
       description = lib.mdDoc ''
         Choice of TLS proxy server.
       '';

nixos/tests/all-tests.nix

@@ -272,6 +272,7 @@ in {
   keycloak = discoverTests (import ./keycloak.nix);
   keymap = handleTest ./keymap.nix {};
   knot = handleTest ./knot.nix {};
+  komga = handleTest ./komga.nix {};
   krb5 = discoverTests (import ./krb5 {});
   ksm = handleTest ./ksm.nix {};
   kubernetes = handleTestOn ["x86_64-linux"] ./kubernetes {};

nixos/tests/komga.nix

@@ -0,0 +1,22 @@
+import ./make-test-python.nix ({ lib, ... }:
+
+with lib;
+
+{
+  name = "komga";
+  meta.maintainers = with maintainers; [ govanify ];
+
+  nodes.machine =
+    { pkgs, ... }:
+    { services.komga = {
+        enable = true;
+        port = 1234;
+      };
+    };
+
+  testScript = ''
+    machine.wait_for_unit("komga.service")
+    machine.wait_for_open_port(1234)
+    machine.succeed("curl --fail http://localhost:1234/")
+  '';
+})

pkgs/applications/networking/cluster/argocd/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "argocd";
-  version = "2.4.9";
+  version = "2.4.10";
 
   src = fetchFromGitHub {
     owner = "argoproj";
     repo = "argo-cd";
     rev = "v${version}";
-    sha256 = "sha256-/g+icvpo62iV9GmpYxwHP7bsJF770bfnsVknVHEnEzM=";
+    sha256 = "sha256-qYHLK/3InkpRjMfmwmP+TE24D3OOw+glwEvYIEbxTa0=";
   };
 
   vendorSha256 = "sha256-M1ZYooS22bntHXAMK4QpMAwuMvN4/tHtVu3WZW9V8TA=";

pkgs/applications/networking/cluster/kubernetes/default.nix

@@ -21,13 +21,13 @@
 
 buildGoModule rec {
   pname = "kubernetes";
-  version = "1.23.9";
+  version = "1.23.10";
 
   src = fetchFromGitHub {
     owner = "kubernetes";
     repo = "kubernetes";
     rev = "v${version}";
-    sha256 = "sha256-uuadINLKZ/hxewE9Qx5wBoGMWrpmTJPDgZh0djadAhc=";
+    sha256 = "sha256-ujSy6akbk4SvMIQdBJkNMwaRNEfFKJmVrN3lNtFudkA=";
   };
 
   vendorSha256 = null;
@@ -91,5 +91,5 @@ buildGoModule rec {
     platforms = platforms.linux;
   };
 
-  passthru.tests = nixosTests.kubernetes;
+  passthru.tests = nixosTests.kubernetes // { inherit kubectl; };
 }

pkgs/applications/networking/instant-messengers/dino/default.nix

@@ -73,6 +73,16 @@ stdenv.mkDerivation rec {
     libxkbcommon
   ];
 
+  cmakeFlags = ["-DBUILD_TESTS=yes"];
+
+  doCheck = true;
+  checkPhase = ''
+    runHook preCheck
+    ./xmpp-vala-test
+    ./signal-protocol-vala-test
+    runHook postCheck
+  '';
+
   # Dino looks for plugins with a .so filename extension, even on macOS where
   # .dylib is appropriate, and despite the fact that it builds said plugins with
   # that as their filename extension

pkgs/applications/version-management/git-and-tools/gitui/default.nix

@@ -12,16 +12,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "gitui";
-  version = "0.20.1";
+  version = "0.21.0";
 
   src = fetchFromGitHub {
     owner = "extrawurst";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-zYM0JVhgFnp8JDBx9iEOt029sr8azIPX5jrtvUE/Pn0=";
+    sha256 = "sha256-B/RKPYq1U40NV3AM/cQi2eQaK5vxynP3JA0DReSBuCo=";
   };
 
-  cargoSha256 = "sha256-kbLI95GzCwm2OKzzpk7jvgtm8vArf29u5BiPRTh2OmE=";
+  cargoSha256 = "sha256-r4kritS3v8GgFZfWeeyrsy6v3IlH3DByTU8Ir4FDngs=";
 
   nativeBuildInputs = [ pkg-config ];
 

pkgs/applications/virtualization/cri-o/wrapper.nix

@@ -8,7 +8,6 @@
 , crun # Container runtime (default with cgroups v2 for podman/buildah)
 , conmon # Container runtime monitor
 , util-linux # nsenter
-, cni-plugins # not added to path
 , iptables
 }:
 

pkgs/applications/virtualization/podman/wrapper.nix

@@ -12,7 +12,6 @@
 , slirp4netns # User-mode networking for unprivileged namespaces
 , fuse-overlayfs # CoW for images, much faster than default vfs
 , util-linux # nsenter
-, cni-plugins # not added to path
 , iptables
 , iproute2
 , catatonit

pkgs/development/tools/buildah/wrapper.nix

@@ -11,7 +11,6 @@
 , slirp4netns # User-mode networking for unprivileged namespaces
 , fuse-overlayfs # CoW for images, much faster than default vfs
 , util-linux # nsenter
-, cni-plugins # not added to path
 , iptables
 }:
 

pkgs/development/tools/skaffold/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "skaffold";
-  version = "1.39.1";
+  version = "1.39.2";
 
   src = fetchFromGitHub {
     owner = "GoogleContainerTools";
     repo = "skaffold";
     rev = "v${version}";
-    sha256 = "sha256-InC4cfDQCwc6+4hPUsRitP7/uuOyBgbQjZhe3lGqlDw=";
+    sha256 = "sha256-dDN/nlJiuh35VdAcMYsLLN++VjGzxdYZWAXbtAf09Fs=";
   };
 
   vendorSha256 = "sha256-RA2KgUjYB3y6sOQdnLSZjr52VosZSaRrVU0BXZvjB1M=";

pkgs/servers/komga/default.nix

@@ -3,6 +3,7 @@
 , fetchurl
 , makeWrapper
 , jdk11_headless
+, nixosTests
 }:
 
 stdenvNoCC.mkDerivation rec {
@@ -22,6 +23,10 @@ stdenvNoCC.mkDerivation rec {
     makeWrapper ${jdk11_headless}/bin/java $out/bin/komga --add-flags "-jar $src"
   '';
 
+  passthru.tests = {
+    komga = nixosTests.komga;
+  };
+
   meta = with lib; {
     description = "Free and open source comics/mangas server";
     homepage = "https://komga.org/";

pkgs/servers/meteor/default.nix

@@ -1,18 +1,18 @@
 { stdenv, lib, fetchurl, zlib, patchelf, runtimeShell }:
 
 let
-  version = "1.12";
+  version = "2.7.3";
 
   inherit (stdenv.hostPlatform) system;
 
   srcs = {
     x86_64-linux = fetchurl {
       url = "https://static-meteor.netdna-ssl.com/packages-bootstrap/${version}/meteor-bootstrap-os.linux.x86_64.tar.gz";
-      sha256 = "0l3zc76djzypvc0dm5ikv5ybb6574qd6kdbbkarzc2dxx64wkyvb";
+      sha256 = "sha256-ovsE7jUJIKf96WEoITXECUlPo+o1tEKvHzCc7Xgj614=";
     };
     x86_64-darwin = fetchurl {
       url = "https://static-meteor.netdna-ssl.com/packages-bootstrap/${version}/meteor-bootstrap-os.osx.x86_64.tar.gz";
-      sha256 = "01gn3m6qacp3ibvp0rcvm2pq7fi1xds02ws0irypldh7vz3930jl";
+      sha256 = "11206dbda50a680fdab7044def7ea68ea8f4a9bca948ca56df91fe1392b2ac16";
     };
   };
 in
@@ -59,36 +59,36 @@ stdenv.mkDerivation {
   '';
 
   postFixup = lib.optionalString stdenv.isLinux ''
-      # Patch Meteor to dynamically fixup shebangs and ELF metadata where
-      # necessary.
-      pushd $out
-      patch -p1 < ${./main.patch}
-      popd
-      substituteInPlace $out/tools/cli/main.js \
-        --replace "@INTERPRETER@" "$(cat $NIX_CC/nix-support/dynamic-linker)" \
-        --replace "@RPATH@" "${lib.makeLibraryPath [ stdenv.cc.cc zlib ]}" \
-        --replace "@PATCHELF@" "${patchelf}/bin/patchelf"
+    # Patch Meteor to dynamically fixup shebangs and ELF metadata where
+    # necessary.
+    pushd $out
+    patch -p1 < ${./main.patch}
+    popd
+    substituteInPlace $out/tools/cli/main.js \
+      --replace "@INTERPRETER@" "$(cat $NIX_CC/nix-support/dynamic-linker)" \
+      --replace "@RPATH@" "${lib.makeLibraryPath [ stdenv.cc.cc zlib ]}" \
+      --replace "@PATCHELF@" "${patchelf}/bin/patchelf"
 
-      # Patch node.
+    # Patch node.
+    patchelf \
+      --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
+      --set-rpath "$(patchelf --print-rpath $out/dev_bundle/bin/node):${stdenv.cc.cc.lib}/lib" \
+      $out/dev_bundle/bin/node
+
+    # Patch mongo.
+    for p in $out/dev_bundle/mongodb/bin/mongo{,d}; do
       patchelf \
         --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
-        --set-rpath "$(patchelf --print-rpath $out/dev_bundle/bin/node):${stdenv.cc.cc.lib}/lib" \
-        $out/dev_bundle/bin/node
+        --set-rpath "$(patchelf --print-rpath $p):${lib.makeLibraryPath [ stdenv.cc.cc zlib ]}" \
+        $p
+    done
 
-      # Patch mongo.
-      for p in $out/dev_bundle/mongodb/bin/mongo{,d}; do
-        patchelf \
-          --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
-          --set-rpath "$(patchelf --print-rpath $p):${lib.makeLibraryPath [ stdenv.cc.cc zlib ]}" \
-          $p
-      done
-
-      # Patch node dlls.
-      for p in $(find $out/packages -name '*.node'); do
-        patchelf \
-          --set-rpath "$(patchelf --print-rpath $p):${stdenv.cc.cc.lib}/lib" \
-          $p || true
-      done
+    # Patch node dlls.
+    for p in $(find $out/packages -name '*.node'); do
+      patchelf \
+        --set-rpath "$(patchelf --print-rpath $p):${stdenv.cc.cc.lib}/lib" \
+        $p || true
+    done
   '';
 
   meta = with lib; {

pkgs/tools/admin/turbovnc/default.nix

@@ -28,13 +28,13 @@
 
 stdenv.mkDerivation rec {
   pname = "turbovnc";
-  version = "3.0";
+  version = "3.0.1";
 
   src = fetchFromGitHub {
     owner = "TurboVNC";
     repo = "turbovnc";
     rev = version;
-    sha256 = "sha256-4/pfKb89ld32LvqTXjVpIJUCCDA+D7CLYMNFYytKVIE=";
+    sha256 = "sha256-GRY6aW6Kvy5sDQRiOVz2cUgKEG0IMveh80S26/rGWdM=";
   };
 
   # TODO:

pkgs/tools/security/himitsu-firefox/default.nix

@@ -27,6 +27,10 @@ stdenv.mkDerivation rec {
     himitsu
   ];
 
+  preConfigure = ''
+    export HARECACHE=$(mktemp -d)
+  '';
+
   buildFlags = [ "LIBEXECDIR=$(out)/libexec" ];
 
   # Only install the native component; per the docs:

pkgs/tools/security/himitsu/default.nix

@@ -22,6 +22,10 @@ stdenv.mkDerivation rec {
     scdoc
   ];
 
+  preConfigure = ''
+    export HARECACHE=$(mktemp -d)
+  '';
+
   installFlags = [ "PREFIX=" "DESTDIR=$(out)" ];
 
   meta = with lib; {

pkgs/tools/virtualization/kubevirt/default.nix

@@ -8,13 +8,13 @@
 
 buildGoModule rec {
   pname = "kubevirt";
-  version = "0.55.0";
+  version = "0.55.1";
 
   src = fetchFromGitHub {
     owner = "kubevirt";
     repo = "kubevirt";
     rev = "v${version}";
-    sha256 = "sha256-Nz1x1kFywMbVTPYFQFnTbx+SQs5ZY4pMijo7FFttmxg=";
+    sha256 = "sha256-aXH21dHWqSG8VxDufqh+N+heVf/jshWo1goBllOBwZ0=";
   };
 
   vendorSha256 = null;