Merge remote-tracking branch 'origin/master' into staging-next

.github/workflows/eval.yml

@@ -222,6 +222,7 @@ jobs:
     if: needs.process.outputs.baseRunId
     permissions:
       pull-requests: write
+      statuses: write
     steps:
       - name: Download process result
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
@@ -261,3 +262,23 @@ jobs:
           GH_TOKEN: ${{ github.token }}
           REPOSITORY: ${{ github.repository }}
           NUMBER: ${{ github.event.number }}
+
+      - name: Add eval summary to commit statuses
+        if: ${{ github.event_name == 'pull_request_target' }}
+        run: |
+          description=$(jq -r '
+          "Package: added " + (.attrdiff.added | length | tostring) +
+          ", removed " + (.attrdiff.removed | length | tostring) +
+          ", changed " + (.attrdiff.changed | length | tostring) +
+          ", Rebuild: linux " + (.rebuildCountByKernel.linux | tostring) +
+          ", darwin " + (.rebuildCountByKernel.darwin | tostring)
+          ' <comparison/changed-paths.json)
+          target_url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID?pr=$NUMBER"
+          gh api --method POST \
+            -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \
+            "/repos/$GITHUB_REPOSITORY/statuses/$PR_HEAD_SHA" \
+            -f "context=Eval / Summary" -f "state=success" -f "description=$description" -f "target_url=$target_url"
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          NUMBER: ${{ github.event.number }}

maintainers/maintainer-list.nix

@@ -10524,6 +10524,12 @@
     githubId = 1058504;
     name = "José Luis Lafuente";
   };
+  jljox = {
+    email = "[email protected]";
+    github = "jljox";
+    githubId = 3665886;
+    name = "Jean-Luc Jox";
+  };
   jloyet = {
     email = "[email protected]";
     github = "fatpat";

nixos/doc/manual/release-notes/rl-2505.section.md

@@ -27,6 +27,8 @@
 
 - [Omnom](https://github.com/asciimoo/omnom), a webpage bookmarking and snapshotting service. Available as [services.omnom](options.html#opt-services.omnom.enable).
 
+- [Traccar](https://www.traccar.org/), a modern GPS Tracking Platform. Available as [services.traccar](#opt-services.traccar.enable).
+
 - [Amazon CloudWatch Agent](https://github.com/aws/amazon-cloudwatch-agent), the official telemetry collector for AWS CloudWatch and AWS X-Ray. Available as [services.amazon-cloudwatch-agent](#opt-services.amazon-cloudwatch-agent.enable).
 
 - [agorakit](https://github.com/agorakit/agorakit), an organization tool for citizens' collectives. Available with [services.agorakit](#opt-services.agorakit.enable).
@@ -53,8 +55,12 @@
 
 - `zammad` has had its support for MySQL removed, since it was never working correctly and is now deprecated upstream. Check the [migration guide](https://docs.zammad.org/en/latest/appendix/migrate-to-postgresql.html) for how to convert your database to PostgreSQL.
 
+- `nodePackages.insect` has been removed, as it's deprecated by upstream. The suggested replacement is `numbat`.
+
 - The behavior of the `networking.nat.externalIP` and `networking.nat.externalIPv6` options has been changed. `networking.nat.forwardPorts` now only forwards packets destined for the specified IP addresses.
 
+- `nodePackages.meshcommander` has been removed, as the package was deprecated by Intel.
+
 - `kanata` was updated to v1.7.0, which introduces several breaking changes.
   See the release notes of
   [v1.7.0](https://github.com/jtroo/kanata/releases/tag/v1.7.0)
@@ -77,6 +83,8 @@
   2.0](https://github.com/containerd/containerd/blob/main/docs/containerd-2.0.md) documentation for more
   details.
 
+- `nodePackages.stackdriver-statsd-backend` has been removed, as the StackDriver service has been discontinued by Google, and therefore the package no longer works.
+
 - the notmuch vim plugin now lives in a separate output of the `notmuch`
   package. Installing `notmuch` will not bring the notmuch vim package anymore,
   add `vimPlugins.notmuch-vim` to your (Neo)vim configuration if you want the

nixos/modules/module-list.nix

@@ -947,6 +947,7 @@
   ./services/monitoring/telegraf.nix
   ./services/monitoring/thanos.nix
   ./services/monitoring/todesk.nix
+  ./services/monitoring/traccar.nix
   ./services/monitoring/tremor-rs.nix
   ./services/monitoring/tuptime.nix
   ./services/monitoring/unpoller.nix

nixos/modules/programs/fish.nix

@@ -313,5 +313,5 @@ in
     '';
 
   };
-
+  meta.maintainers = with lib.maintainers; [ sigmasquadron ];
 }

nixos/modules/services/misc/pykms.nix

@@ -69,9 +69,9 @@ in
       serviceConfig = with pkgs; {
         DynamicUser = true;
         StateDirectory = baseNameOf libDir;
-        ExecStartPre = "${getBin pykms}/libexec/create_pykms_db.sh ${libDir}/clients.db";
+        ExecStartPre = "${lib.getBin pykms}/libexec/create_pykms_db.sh ${libDir}/clients.db";
         ExecStart = lib.concatStringsSep " " ([
-          "${getBin pykms}/bin/server"
+          "${lib.getBin pykms}/bin/server"
           "--logfile=STDOUT"
           "--loglevel=${cfg.logLevel}"
           "--sqlite=${libDir}/clients.db"

nixos/modules/services/monitoring/statsd.nix

@@ -87,7 +87,6 @@ in
         "console"
         "repeater"
         "statsd-librato-backend"
-        "stackdriver-statsd-backend"
         "statsd-influxdb-backend"
       ];
       type = lib.types.listOf lib.types.str;

nixos/modules/services/monitoring/traccar.nix

@@ -0,0 +1,125 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.traccar;
+  stateDirectory = "/var/lib/traccar";
+  configFilePath = "${stateDirectory}/config.xml";
+  expandCamelCase = lib.replaceStrings lib.upperChars (map (s: ".${s}") lib.lowerChars);
+  mkConfigEntry = key: value: "<entry key='${expandCamelCase key}'>${value}</entry>";
+  mkConfig =
+    configurationOptions:
+    pkgs.writeText "traccar.xml" ''
+      <?xml version='1.0' encoding='UTF-8'?>
+      <!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
+      <properties>
+          ${builtins.concatStringsSep "\n" (lib.mapAttrsToList mkConfigEntry configurationOptions)}
+      </properties>
+    '';
+
+  defaultConfig = {
+    databaseDriver = "org.h2.Driver";
+    databasePassword = "";
+    databaseUrl = "jdbc:h2:${stateDirectory}/traccar";
+    databaseUser = "sa";
+    loggerConsole = "true";
+    mediaPath = "${stateDirectory}/media";
+    templatesRoot = "${stateDirectory}/templates";
+  };
+in
+{
+  options.services.traccar = {
+    enable = lib.mkEnableOption "Traccar, an open source GPS tracking system";
+    settings = lib.mkOption {
+      apply = lib.recursiveUpdate defaultConfig;
+      default = defaultConfig;
+      description = ''
+        {file}`config.xml` configuration as a Nix attribute set.
+        Attribute names are translated from camelCase to dot-separated strings. For instance:
+        {option}`mailSmtpPort = "25"`
+        would result in the following configuration property:
+        `<entry key='mail.smtp.port'>25</entry>`
+        Configuration options should match those described in
+        [Traccar - Configuration File](https://www.traccar.org/configuration-file/).
+        Secret tokens should be specified using {option}`environmentFile`
+        instead of this world-readable attribute set.
+      '';
+    };
+    environmentFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      description = ''
+        File containing environment variables to substitute in the configuration before starting Traccar.
+
+        Can be used for storing the secrets without making them available in the world-readable Nix store.
+
+        For example, you can set {option}`services.traccar.settings.databasePassword = "$TRACCAR_DB_PASSWORD"`
+        and then specify `TRACCAR_DB_PASSWORD="<secret>"` in the environment file.
+        This value will get substituted in the configuration file.
+      '';
+    };
+  };
+
+  config =
+    let
+      configuration = mkConfig cfg.settings;
+    in
+    lib.mkIf cfg.enable {
+      systemd.services.traccar = {
+        enable = true;
+        description = "Traccar";
+
+        after = [ "network-online.target" ];
+        wantedBy = [ "multi-user.target" ];
+        wants = [ "network-online.target" ];
+
+        preStart = ''
+          # Copy new templates into our state directory.
+          cp -a --update=none ${pkgs.traccar}/templates ${stateDirectory}
+          test -f '${configFilePath}' && rm -f '${configFilePath}'
+
+          # Substitute the configFile from Envvars read from EnvironmentFile
+          old_umask=$(umask)
+          umask 0177
+          ${lib.getExe pkgs.envsubst} \
+            -i ${configuration} \
+            -o ${configFilePath}
+          umask $old_umask
+        '';
+
+        serviceConfig = {
+          DynamicUser = true;
+          EnvironmentFile = cfg.environmentFile;
+          ExecStart = "${lib.getExe pkgs.traccar} ${configFilePath}";
+          LockPersonality = true;
+          NoNewPrivileges = true;
+          PrivateDevices = true;
+          PrivateTmp = true;
+          PrivateUsers = true;
+          ProtectClock = true;
+          ProtectControlGroups = true;
+          ProtectHome = true;
+          ProtectHostname = true;
+          ProtectKernelLogs = true;
+          ProtectKernelModules = true;
+          ProtectKernelTunables = true;
+          ProtectSystem = "strict";
+          Restart = "on-failure";
+          RestartSec = 10;
+          RestrictRealtime = true;
+          RestrictSUIDSGID = true;
+          StateDirectory = "traccar";
+          SuccessExitStatus = 143;
+          Type = "simple";
+          # Set the working directory to traccar's package.
+          # Traccar only searches for the DB migrations relative to it's WorkingDirectory and nothing worked to
+          # work around this. To avoid copying the migrations over to the state directory, we use the package as
+          # WorkingDirectory.
+          WorkingDirectory = "${pkgs.traccar}";
+        };
+      };
+    };
+}

nixos/modules/system/boot/unl0kr.nix

@@ -15,6 +15,8 @@ in
       description = ''Whether to enable the unl0kr on-screen keyboard in initrd to unlock LUKS.'';
     };
 
+    package = lib.mkPackageOption pkgs "unl0kr" { };
+
     allowVendorDrivers = lib.mkEnableOption "load optional drivers" // {
       description = ''Whether to load additional drivers for certain vendors (I.E: Wacom, Intel, etc.)'';
     };
@@ -85,7 +87,7 @@ in
         libinput
         xkeyboard_config
         "${config.boot.initrd.systemd.package}/lib/systemd/systemd-reply-password"
-        "${pkgs.unl0kr}/bin/unl0kr"
+        (lib.getExe' cfg.package "unl0kr")
       ];
       services = {
         unl0kr-ask-password = {
@@ -112,7 +114,7 @@ in
             do
               for file in `ls $DIR/ask.*`; do
                 socket="$(cat "$file" | ${pkgs.gnugrep}/bin/grep "Socket=" | cut -d= -f2)"
-                ${pkgs.unl0kr}/bin/unl0kr -v -C "/etc/unl0kr.conf" | ${config.boot.initrd.systemd.package}/lib/systemd/systemd-reply-password 1 "$socket"
+                ${lib.getExe' cfg.package "unl0kr"} -v -C "/etc/unl0kr.conf" | ${config.boot.initrd.systemd.package}/lib/systemd/systemd-reply-password 1 "$socket"
               done
             done
           '';

pkgs/applications/editors/nano/default.nix

@@ -76,7 +76,7 @@ in stdenv.mkDerivation rec {
     homepage = "https://www.nano-editor.org/";
     description = "Small, user-friendly console text editor";
     license = licenses.gpl3Plus;
-    maintainers = with maintainers; [ joachifm nequissimus ];
+    maintainers = with maintainers; [ joachifm nequissimus sigmasquadron ];
     platforms = platforms.all;
     mainProgram = "nano";
   };

pkgs/applications/misc/keepassxc/default.nix

@@ -154,7 +154,7 @@ stdenv.mkDerivation rec {
     homepage = "https://keepassxc.org/";
     license = licenses.gpl2Plus;
     mainProgram = "keepassxc";
-    maintainers = with maintainers; [ blankparticle ];
+    maintainers = with maintainers; [ blankparticle sigmasquadron ];
     platforms = platforms.linux ++ platforms.darwin;
   };
 }

pkgs/applications/video/obs-studio/plugins/obs-ndi/default.nix

@@ -47,6 +47,8 @@ stdenv.mkDerivation rec {
 
   cmakeFlags = [ "-DENABLE_QT=ON" ];
 
+  env.NIX_CFLAGS_COMPILE = "-Wno-deprecated-declarations";
+
   dontWrapQtApps = true;
 
   meta = with lib; {

pkgs/applications/virtualization/OVMF/default.nix

@@ -205,7 +205,7 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
     homepage = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF";
     license = lib.licenses.bsd2;
     platforms = metaPlatforms;
-    maintainers = with lib.maintainers; [ adamcstephens raitobezarius mjoerg ];
+    maintainers = with lib.maintainers; [ adamcstephens raitobezarius mjoerg sigmasquadron ];
     broken = stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64;
   };
 })

pkgs/by-name/an/angular-language-server/package.nix

@@ -9,16 +9,17 @@
   writeShellApplication,
   curl,
   common-updater-scripts,
+  jq,
   unzip,
 }:
 
 stdenvNoCC.mkDerivation (finalAttrs: {
   pname = "angular-language-server";
-  version = "18.2.0";
+  version = "19.0.3";
   src = fetchurl {
     name = "angular-language-server-${finalAttrs.version}.zip";
     url = "https://github.com/angular/vscode-ng-language-service/releases/download/v${finalAttrs.version}/ng-template.vsix";
-    hash = "sha256-rl04nqSSBMjZfPW8Y+UtFLFLDFd5FSxJs3S937mhDWE=";
+    hash = "sha256-QVvXwzSaj5wMYEwMMXGJwRwg7v6HdB0JKLkQiUNR0y4=";
   };
 
   nativeBuildInputs = [
@@ -56,6 +57,7 @@ stdenvNoCC.mkDerivation (finalAttrs: {
       runtimeInputs = [
         curl
         common-updater-scripts
+        jq
       ];
       text = ''
         if [ -z "''${GITHUB_TOKEN:-}" ]; then

pkgs/by-name/as/asciiquarium/package.nix

@@ -26,6 +26,6 @@ in stdenv.mkDerivation {
     homepage = "https://robobunny.com/projects/asciiquarium/html/";
     license = licenses.gpl2;
     platforms = platforms.unix;
-    maintainers = [ maintainers.utdemir ];
+    maintainers = with maintainers; [ sigmasquadron utdemir ];
   };
 }

pkgs/by-name/ba/bat/package.nix

@@ -75,6 +75,6 @@ rustPlatform.buildRustPackage rec {
     changelog = "https://github.com/sharkdp/bat/raw/v${version}/CHANGELOG.md";
     license = with licenses; [ asl20 /* or */ mit ];
     mainProgram = "bat";
-    maintainers = with maintainers; [ dywedir zowoq SuperSandro2000 ];
+    maintainers = with maintainers; [ dywedir zowoq SuperSandro2000 sigmasquadron ];
   };
 }

pkgs/by-name/ca/cargo-sort/package.nix

@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "cargo-sort";
-  version = "1.1.0";
+  version = "1.0.9";
 
   src = fetchFromGitHub {
     owner = "devinr528";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-AUtue1xkhrhlF7PtqsCQ9rdhV0/0i85DWrp7YL9SAYk=";
+    sha256 = "sha256-fqmyL4ZSz+nKfUIrcrfLRT9paEas5d00Y/kvEqyz2vw=";
   };
 
-  cargoHash = "sha256-y6lLwk40hmFQKDU7sYz3+QQzdn5eGoEX7izmloK22dg=";
+  cargoHash = "sha256-JON6cE1ZHeI+0vU9AJp0e1TIbiH3AWjHyn0jd9PNqQU=";
 
   meta = with lib; {
     description = "Tool to check that your Cargo.toml dependencies are sorted alphabetically";