Merge staging-next into staging

NixOS · Dec 16, 2024 · 5dfaa2c · 5dfaa2c
2 parents 973b829 + f80693a
commit 5dfaa2c
Show file tree

Hide file tree

Showing 144 changed files with 4,786 additions and 3,135 deletions.
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
@@ -24515,6 +24515,12 @@
     github = "peterablehmann";
     githubId = 36541313;
   };
+  xiaoxiangmoe = {
+    name = "ZHAO JinXiang";
+    email = "[email protected]";
+    github = "xiaoxiangmoe";
+    githubId = 8111351;
+  };
   xinyangli = {
     email = "[email protected]";
     matrix = "@me:xinyang.life";

diff --git a/...oc/manual/installation/building-images-via-nixos-rebuild-build-image.chapter.md b/...oc/manual/installation/building-images-via-nixos-rebuild-build-image.chapter.md
@@ -0,0 +1,16 @@
+# Building Images with `nixos-rebuild build-image` {#sec-image-nixos-rebuild-build-image}
+
+Nixpkgs contains a variety of modules to build custom images for different virtualization platforms and cloud providers, such as e.g. `amazon-image.nix` and `proxmox-lxc.nix`.
+
+While those can be imported individually, `system.build.images` provides an attribute set mapping variant names to image derivations. Available variants are defined - end extendable - in `image.modules`, an attribute set mapping variant names to a list of NixOS modules.
+
+All of those images can be built via both, their `system.build.image` attribute, and the CLI `nixos-rebuild build-image`. To build i.e. an Amazon image from your existing NixOS configuration:
+
+```ShellSession
+$ nixos-rebuild build-image --image-variant amazon
+$ ls result
+nixos-image-amazon-25.05pre-git-x86_64-linux.vhd  nix-support
+```
+
+To get a list of all variants available, run `nixos-rebuild build-image` without arguments.
+
diff --git a/nixos/doc/manual/installation/building-nixos.chapter.md b/nixos/doc/manual/installation/building-nixos.chapter.md
@@ -1,7 +1,7 @@
 # Building a NixOS (Live) ISO {#sec-building-image}
 
 Default live installer configurations are available inside `nixos/modules/installer/cd-dvd`.
-For building other system images, [nixos-generators] is a good place to start looking at.
+For building other system images, see [Building Images with `nixos-rebuild build-image`](#sec-image-nixos-rebuild-build-image).
 
 You have two options:
 
@@ -14,8 +14,6 @@ on which they immediately depend in order to work correctly.
 However, if you are confident, you can opt to override those
 enforced values with `mkForce`.
 
-[nixos-generators]: https://github.com/nix-community/nixos-generators
-
 ## Practical Instructions {#sec-building-image-instructions}
 
 To build an ISO image for the channel `nixos-unstable`:
@@ -30,7 +28,7 @@ $ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd
 To check the content of an ISO image, mount it like so:
 
 ```ShellSession
-# mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso
+# mount -o loop -t iso9660 ./result/iso/nixos-image-25.05pre-git-x86_64-linux.iso /mnt/iso
 ```
 
 ## Additional drivers or firmware {#sec-building-image-drivers}

diff --git a/nixos/doc/manual/installation/installation.md b/nixos/doc/manual/installation/installation.md
@@ -8,5 +8,6 @@ installing.chapter.md
 changing-config.chapter.md
 upgrading.chapter.md
 building-nixos.chapter.md
+building-images-via-nixos-rebuild-build-image.chapter.md
 building-images-via-systemd-repart.chapter.md
 ```
diff --git a/nixos/doc/manual/redirects.json b/nixos/doc/manual/redirects.json
@@ -167,6 +167,9 @@
   "sec-building-image-tech-notes": [
     "index.html#sec-building-image-tech-notes"
   ],
+  "sec-image-nixos-rebuild-build-image": [
+    "index.html#sec-image-nixos-rebuild-build-image"
+  ],
   "sec-image-repart": [
     "index.html#sec-image-repart"
   ],

diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md
@@ -19,6 +19,10 @@
 - The default PHP version has been updated to 8.3.
 
 - `nixos-rebuild-ng`, a full rewrite of `nixos-rebuild` in Python, is available for testing. You can enable it by setting [system.rebuild.enableNg](options.html#opt-system.rebuild.enableNg) in your configuration (this will replace the old `nixos-rebuild`), or by adding `nixos-rebuild-ng` to your `environment.systemPackages` (in this case, it will live side-by-side with `nixos-rebuild` as `nixos-rebuild-ng`). It is expected that the next major version of NixOS (25.11) will enable `system.rebuild.enableNg` by default.
+- A `nixos-rebuild build-image` sub-command has been added.
+
+  It allows users to build platform-specific (disk) images from their NixOS configurations. `nixos-rebuild build-image` works similar to the popular [nix-community/nixos-generators](https://github.com/nix-community/nixos-generators) project. See new [section on image building in the nixpkgs manual](https://nixos.org/manual/nixpkgs/unstable/#sec-image-nixos-rebuild-build-image).
+
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
 
 ## New Modules {#sec-release-25.05-new-modules}
@@ -143,6 +147,32 @@
 
 - `python3Packages.opentracing` has been removed due to being unmaintained upstream. [OpenTelemetry](https://opentelemetry.io/) is the recommended replacement.
 
+- Default file names of images generated by several builders in `system.build` have been changed as outlined in the table below.
+
+  Names are now known at evaluation time and customizable via the new options `image.baseName`, `image.extension`, `image.fileName` and `image.filePath` with the latter returning a path relative to the derivations out path (e.g. `iso/${image.fileName` for iso images).
+
+  | `system.build` Option    | Old Filename                                               | New Filename                                                    |
+  |--------------------------+------------------------------------------------------------+-----------------------------------------------------------------|
+  | amazonImage              | nixos-amazon-image-25.05pre-git-x86_64-linux.vhd           | nixos-image-amazon-25.05pre-git-x86_64-linux.vhd                |
+  | azureImage               | disk.vhd                                                   | nixos-image-azure-25.05pre-git-x86_64-linux.vhd                 |
+  | digitalOceanImage        | nixos.qcow2.gz                                             | nixos-image-digital-ocean-25.05pre-git-x86_64-linux.qcow2.gz    |
+  | googleComputeImage       | nixos-image-25.05pre-git-x86_64-linux.raw.tar.gz           | nixos-image-google-compute-25.05pre-git-x86_64-linux.raw.tar.gz |
+  | hypervImage              | nixos-25.05pre-git-x86_64-linux.vhdx                       | nixos-image-hyperv-25.05pre-git-x86_64-linux.vhdx               |
+  | isoImage (installer)     | nixos-25.05pre-git-x86_64-linux.iso                        | nixos-image-25.05pre-git-x86_64-linux.iso                       |
+  | isoImage                 | nixos.iso                                                  | nixos-image-25.05pre-git-x86_64-linux.iso                       |
+  | kubevirtImage            | nixos.qcow2                                                | nixos-image-kubevirt-25.05pre-git-x86_64-linux.qcow2            |
+  | linodeImage              | nixos-image-25.05pre-git-x86_64-linux.img.gz               | nixos-image-linode-25.05pre-git-x86_64-linux.img.gz             |
+  | metadata (lxc-container) | nixos-system-x86_64-linux.tar.xz                           | nixos-image-lxc-metadata-25.05pre-git-x86_64-linux.tar.xz       |
+  | OCIImage                 | nixos.qcow2                                                | nixos-image-oci-25.05pre-git-x86_64-linux.qcow2                 |
+  | openstackImage (zfs)     | nixos-openstack-image-25.05pre-git-x86_64-linux.root.qcow2 | nixos-image-openstack-zfs-25.05pre-git-x86_64-linux.root.qcow2  |
+  | openstackImage           | nixos.qcow2                                                | nixos-image-openstack-25.05pre-git-x86_64-linux.qcow2           |
+  | sdImage                  | nixos-sd-image-25.05pre-git-x86_64-linux.img.zst           | nixos-image-sd-card-25.05pre-git-x86_64-linux.img.zst           |
+  | tarball (lxc-container)  | nixos-system-x86_64-linux.tar.xz                           | nixos-image-lxc-25.05pre-git-x86_64-linux.tar.xz                |
+  | tarball (proxmox-lxc)    | nixos-system-x86_64-linux.tar.xz                           | nixos-image-lxc-proxmox-25.05pre-git-x86_64-linux.tar.xz        |
+  | vagrantVirtualbox        | nixos-25.05pre-git-x86_64-linux.ova                        | nixos-image-virtualbox-25.05pre-git-x86_64-linux.ova            |
+  | virtualBoxOVA            | virtualbox-vagrant.box                                     | nixos-image-vagrant-virtualbox-25.05pre-git-x86_64-linux.ova    |
+  | vmwareImage              | nixos-25.05pre-git-x86_64-linux.vmdk                       | nixos-image-vmware-25.05pre-git-x86_64-linux.vmdk               |
+
 - the notmuch vim plugin now lives in a separate output of the `notmuch`
   package. Installing `notmuch` will not bring the notmuch vim package anymore,
   add `vimPlugins.notmuch-vim` to your (Neo)vim configuration if you want the

diff --git a/nixos/maintainers/scripts/ec2/README.md b/nixos/maintainers/scripts/ec2/README.md
@@ -18,10 +18,10 @@ nix run nixpkgs#upload-ami -- --image-info ./result/nix-support/image-info.json
 
 ## How to build your own NixOS config into an AMI
 
-I suggest looking at https://github.com/nix-community/nixos-generators for a user-friendly interface.
+Use `nixos-rebuild build-image` as follows:
 
 ```bash
-nixos-generate -c ./my-config.nix -f amazon
+NIXOS_CONFIG="$(pwd)/my-config.nix" nixos-rebuild build-image --image-variant amazon
 
 export AWS_REGION=us-west-2
 export AWS_PROFILE=my-profile

diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix
@@ -162,7 +162,7 @@ let
     '';
 
   compressFirmware = firmware:
-    if config.hardware.firmwareCompression == "none" || (firmware.compressFirmware or false) == false then firmware
+    if config.hardware.firmwareCompression == "none" || (firmware.compressFirmware or true) == false then firmware
     else if config.hardware.firmwareCompression == "zstd" then pkgs.compressFirmwareZstd firmware
     else pkgs.compressFirmwareXz firmware;
 

diff --git a/pkgs/applications/audio/tageditor/default.nix b/pkgs/applications/audio/tageditor/default.nix
@@ -18,13 +18,13 @@
 
 stdenv.mkDerivation rec {
   pname = "tageditor";
-  version = "3.9.3";
+  version = "3.9.4";
 
   src = fetchFromGitHub {
     owner = "martchus";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-KAtOnTf3foOILDfTjVpkCOG6jsyS5fv0/Wv9Zcut2oE=";
+    hash = "sha256-VRQV4bTPG4VFhRHFJamUnYd04ZCaNpaxU27Jcl6Chc4=";
   };
 
   nativeBuildInputs = [

diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix
@@ -3246,8 +3246,8 @@ let
         mktplcRef = {
           name = "compare-folders";
           publisher = "moshfeu";
-          version = "0.24.3";
-          hash = "sha256-eaumF2BIqEYoyL7LQ0Wx3+gkkFGpWKQoN3AisI8wTQY=";
+          version = "0.25.1";
+          hash = "sha256-axNTdnSkMkFs7LSZCc7VinjbrDncsRHlRtDG9+eh2qQ=";
         };
 
         meta = {
@@ -5333,8 +5333,8 @@ let
         mktplcRef = {
           name = "vscode-icons";
           publisher = "vscode-icons-team";
-          version = "12.9.0";
-          hash = "sha256-ULjZlbGcVbPiokfnx7d4z7cmVVEfy2d+SUch80rZRA4=";
+          version = "12.10.0";
+          hash = "sha256-GNDLuszuJN3P0V25F4gm7yUJsFEQgFMMPMTFLWLIvSo=";
         };
         meta = {
           description = "Bring real icons to your Visual Studio Code";

diff --git a/pkgs/applications/networking/browsers/qutebrowser/default.nix b/pkgs/applications/networking/browsers/qutebrowser/default.nix
@@ -36,7 +36,7 @@ let
       stripRoot = false;
     };
 
-  version = "3.3.1";
+  version = "3.4.0";
 in
 
 python3.pkgs.buildPythonApplication {
@@ -46,7 +46,7 @@ python3.pkgs.buildPythonApplication {
 
   src = fetchurl {
     url = "https://github.com/qutebrowser/qutebrowser/releases/download/v${version}/qutebrowser-${version}.tar.gz";
-    hash = "sha256-qttkrMxzC8mhXONByaBYCx82OD7Uh09U0xzh2r6U4Xo=";
+    hash = "sha256-gUEkwO0zdDDmE6HaNm1eOJBMsgSa+xUFlxRWylymIj4=";
   };
 
   # Needs tox

diff --git a/pkgs/applications/networking/cluster/helm/plugins/helm-dt.nix b/pkgs/applications/networking/cluster/helm/plugins/helm-dt.nix
@@ -5,16 +5,16 @@
 }:
 buildGoModule rec {
   pname = "helm-dt";
-  version = "0.4.1";
+  version = "0.4.3";
 
   src = fetchFromGitHub {
     owner = "vmware-labs";
     repo = "distribution-tooling-for-helm";
     rev = "refs/tags/v${version}";
-    hash = "sha256-KrQAlB0ORNzKIG2vxych3gVBytTh3Hhnjsyn1ia1ZQM=";
+    hash = "sha256-m+XTR+LYTXeDTqo/deFAIQjbUqGn6yD/n5cQvJ+jKPc=";
   };
 
-  vendorHash = "sha256-T8Kk+9NAhYOvSq94HOEE53BT7Xh9tU1gJ420o/tiVEo=";
+  vendorHash = "sha256-rovAY4G4ew6JhehyXMz7cDKSEsHu0IQwaNYvClDog2s=";
 
   ldflags = [
     "-s"

diff --git a/pkgs/applications/networking/cluster/k3s/1_28/chart-versions.nix b/pkgs/applications/networking/cluster/k3s/1_28/chart-versions.nix
diff --git a/pkgs/applications/networking/cluster/k3s/1_28/images-versions.json b/pkgs/applications/networking/cluster/k3s/1_28/images-versions.json
diff --git a/pkgs/applications/networking/cluster/k3s/1_28/versions.nix b/pkgs/applications/networking/cluster/k3s/1_28/versions.nix
diff --git a/pkgs/applications/networking/cluster/k3s/default.nix b/pkgs/applications/networking/cluster/k3s/default.nix
@@ -12,17 +12,6 @@ let
   extraArgs = builtins.removeAttrs args [ "callPackage" ];
 in
 {
-  # 1_28 can be built with the same builder as 1_30
-  k3s_1_28 = common (
-    (import ./1_28/versions.nix)
-    // {
-      updateScript = [
-        ./update-script.sh
-        "28"
-      ];
-    }
-  ) extraArgs;
-
   # 1_29 can be built with the same builder as 1_30
   k3s_1_29 = common (
     (import ./1_29/versions.nix)

diff --git a/pkgs/applications/system/coolercontrol/coolercontrol-gui.nix b/pkgs/applications/system/coolercontrol/coolercontrol-gui.nix
@@ -24,7 +24,7 @@ rustPlatform.buildRustPackage {
   inherit version src;
   sourceRoot = "${src.name}/coolercontrol-ui/src-tauri";
 
-  cargoHash = "sha256-nS67ABuI2/C08X+TWWoOx7bptIPF1fsvBC1Ucoky1/4=";
+  cargoHash = "sha256-gjR54dZjVonyznfBGb3iNNdmPalE+a53MmkOEZj3+sY=";
 
   buildFeatures = [ "custom-protocol" ];
 

diff --git a/pkgs/applications/system/coolercontrol/coolercontrol-ui-data.nix b/pkgs/applications/system/coolercontrol/coolercontrol-ui-data.nix
@@ -11,7 +11,7 @@ buildNpmPackage {
   inherit version src;
   sourceRoot = "${src.name}/coolercontrol-ui";
 
-  npmDepsHash = "sha256-j+bGOGIG9H/1z0dN8BfvWSi6gPvYmCV7l0ZNH8h3yeU=";
+  npmDepsHash = "sha256-t+QShKaXpQuEzeeu/ljBBEzeYsxqvMpx5waDZ2gyPAI=";
 
   preBuild = ''
     autoPatchelf node_modules/sass-embedded-linux-x64/dart-sass/src/dart

diff --git a/pkgs/applications/system/coolercontrol/coolercontrold.nix b/pkgs/applications/system/coolercontrol/coolercontrold.nix
@@ -18,7 +18,7 @@ rustPlatform.buildRustPackage {
   sourceRoot = "${src.name}/coolercontrold";
 
   useFetchCargoVendor = true;
-  cargoHash = "sha256-ZAjaegUgNkKygXqskyeUkWpcqi1Jt7pE8GtqWlaP6/I=";
+  cargoHash = "sha256-5gqtSZs/unFobEl1MHec2uhGDrWnO6ITlYbB78VasZg=";
 
   buildInputs = [ libdrm ];
 

diff --git a/pkgs/applications/system/coolercontrol/default.nix b/pkgs/applications/system/coolercontrol/default.nix
@@ -5,13 +5,13 @@
 }:
 
 let
-  version = "1.4.4";
+  version = "1.4.5";
 
   src = fetchFromGitLab {
     owner = "coolercontrol";
     repo = "coolercontrol";
     rev = version;
-    hash = "sha256-9l10X4uDv3KJz582QQMhqh38bwDtQVHm9HdAVNC6Kfg=";
+    hash = "sha256-lRw5IcSrLM6aUajt2Ny1IUuGYcAjY1oUDZENyz0wVJI=";
   };
 
   meta = {

diff --git a/pkgs/build-support/node/fetch-npm-deps/src/util.rs b/pkgs/build-support/node/fetch-npm-deps/src/util.rs
@@ -1,12 +1,10 @@
-use anyhow::bail;
 use backoff::{retry, ExponentialBackoff};
 use data_encoding::BASE64;
 use digest::Digest;
 use isahc::{
     config::{CaCertificate, Configurable, RedirectPolicy, SslOption},
     Body, Request, RequestExt,
 };
-use log::info;
 use nix_nar::{Encoder, NarError};
 use serde_json::{Map, Value};
 use sha2::Sha256;
@@ -17,7 +15,7 @@ use std::{
 };
 use url::Url;
 
-pub fn get_url(url: &Url) -> Result<Body, anyhow::Error> {
+pub fn get_url(url: &Url) -> Result<Body, isahc::Error> {
     let mut request = Request::get(url.as_str()).redirect_policy(RedirectPolicy::Limit(10));
 
     // Respect SSL_CERT_FILE if environment variable exists
@@ -39,27 +37,16 @@ pub fn get_url(url: &Url) -> Result<Body, anyhow::Error> {
         if let Ok(npm_tokens) = env::var("NIX_NPM_TOKENS") {
             if let Ok(tokens) = serde_json::from_str::<Map<String, Value>>(&npm_tokens) {
                 if let Some(token) = tokens.get(host).and_then(serde_json::Value::as_str) {
-                    info!("Found NPM token for {}. Adding authorization header to request.", host);
                     request = request.header("Authorization", format!("Bearer {token}"));
                 }
             }
         }
     }
 
-    let res = request.body(())?.send()?;
-    if !res.status().is_success() {
-        if res.status().is_client_error() {
-            bail!("Client error: {}", res.status());
-        }
-        if res.status().is_server_error() {
-            bail!("Server error: {}", res.status());
-        }
-        bail!("{}", res.status());
-    }
-    Ok(res.into_body())
+    Ok(request.body(())?.send()?.into_body())
 }
 
-pub fn get_url_body_with_retry(url: &Url) -> Result<Vec<u8>, anyhow::Error> {
+pub fn get_url_body_with_retry(url: &Url) -> Result<Vec<u8>, isahc::Error> {
     retry(ExponentialBackoff::default(), || {
         get_url(url)
             .and_then(|mut body| {
@@ -69,15 +56,12 @@ pub fn get_url_body_with_retry(url: &Url) -> Result<Vec<u8>, anyhow::Error> {
 
                 Ok(buf)
             })
-            .map_err(|err| match err.downcast_ref::<isahc::Error>() {
-                Some(isahc_err) => {
-                    if isahc_err.is_network() || isahc_err.is_timeout() {
-                        backoff::Error::transient(err)
-                    } else {
-                        backoff::Error::permanent(err)
-                    }
+            .map_err(|err| {
+                if err.is_network() || err.is_timeout() {
+                    backoff::Error::transient(err)
+                } else {
+                    backoff::Error::permanent(err)
                 }
-                None => backoff::Error::permanent(err),
             })
     })
     .map_err(|backoff_err| match backoff_err {