Merge master into haskell-updates

NixOS · Jun 11, 2024 · 8a0c494 · 8a0c494
2 parents e160c2a + a53f8b3
commit 8a0c494
Show file tree

Hide file tree

Showing 300 changed files with 8,785 additions and 2,605 deletions.
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
@@ -6700,6 +6700,16 @@
  githubId = 9959940;
  name = "Andreas Fehn";
  };
+ felbinger = {
+ name = "Nico Felbinger";
+ email = "[email protected]";
+ matrix = "@nico:felbinger.eu";
+ github = "felbinger";
+ githubId = 26925347;
+ keys = [{
+ fingerprint = "0797 D238 9769 CA1E 57B7 2ED9 2BA7 8116 87C9 0DE4";
+ }];
+ };
  felipeqq2 = {
  name = "Felipe Silva";
  email = "[email protected]";
@@ -12893,6 +12903,12 @@
  githubId = 427866;
  name = "Matthias Beyer";
  };
+ matthiasq = {
+ email = "[email protected]";
+ github = "matthias-Q";
+ githubId = 35303817;
+ name = "Matthias Queitsch";
+ };
  MatthieuBarthel = {
  email = "[email protected]";
  name = "Matthieu Barthel";
@@ -12926,6 +12942,16 @@
  githubId = 11810057;
  name = "Matt Snider";
  };
+ MattSturgeon = {
+ email = "[email protected]";
+ github = "MattSturgeon";
+ githubId = 5046562;
+ matrix = "@mattsturg:matrix.org";
+ name = "Matt Sturgeon";
+ keys = [{
+ fingerprint = "7082 22EA 1808 E39A 83AC 8B18 4F91 844C ED1A 8299";
+ }];
+ };
  matusf = {
  email = "[email protected]";
  github = "matusf";
@@ -16937,6 +16963,12 @@
  githubId = 22085373;
  name = "Luis Hebendanz";
  };
+ qubitnano = {
+ name = "qubitnano";
+ email = "[email protected]";
+ github = "qubitnano";
+ githubId = 146656568;
+ };
  queezle = {
  email = "[email protected]";
  github = "queezle42";
@@ -16976,6 +17008,12 @@
  githubId = 2141853;
  name = "Bang Lee";
  };
+ qwqawawow = {
+ email = "[email protected]";
+ github = "qwqawawow";
+ githubId = 40905037;
+ name = "qwqawawow";
+ };
  qyliss = {
  email = "[email protected]";
  github = "alyssais";
@@ -22755,6 +22793,11 @@
  githubId = 40352765;
  name = "Yoctocell";
  };
+ yomaq = {
+ name = "yomaq";
+ github = "yomaq";
+ githubId = 112864332;
+ };
  yorickvp = {
  email = "[email protected]";
  matrix = "@yorickvp:matrix.org";

diff --git a/maintainers/scripts/luarocks-packages.csv b/maintainers/scripts/luarocks-packages.csv
@@ -76,6 +76,7 @@ lualdap,,,,,,aanderse
 lualogging,,,,,,
 luaossl,,,,,5.1,
 luaposix,,,,34.1.1-1,,vyp lblasc
+luaprompt,,,,,,Freed-Wu
 luarepl,,,,,,
 luarocks,,,,,,mrcjkb teto
 luarocks-build-rust-mlua,,,,,,mrcjkb

diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix
@@ -206,6 +206,19 @@ in
  option is supported is used
  '';
 
+ prime.reverseSync.setupCommands.enable =
+ (lib.mkEnableOption ''
+ configure the display manager to be able to use the outputs
+ attached to the NVIDIA GPU.
+ Disable in order to configure the NVIDIA GPU outputs manually using xrandr.
+ Note that this configuration will only be successful when a display manager
+ for which the {option}`services.xserver.displayManager.setupCommands`
+ option is supported is used
+ '')
+ // {
+ default = true;
+ };
+
  nvidiaSettings =
  (lib.mkEnableOption ''
  nvidia-settings, NVIDIA's GUI configuration tool
@@ -275,7 +288,7 @@ in
  softdep nvidia post: nvidia-uvm
  '';
  };
- systemd.tmpfiles.rules = lib.optional config.virtualisation.docker.enableNvidia "L+ /run/nvidia-docker/bin - - - - ${nvidia_x11.bin}/origBin";
+ systemd.tmpfiles.rules = lib.mkIf config.virtualisation.docker.enableNvidia "L+ /run/nvidia-docker/bin - - - - ${nvidia_x11.bin}/origBin";
  services.udev.extraRules = ''
  # Create /dev/nvidia-uvm when the nvidia-uvm module is loaded.
  KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidiactl c 195 255'"
@@ -290,6 +303,7 @@ in
  };
  environment.systemPackages = [ nvidia_x11.bin ];
  })
+
  # X11
  (lib.mkIf nvidiaEnabled {
  assertions = [
@@ -436,11 +450,13 @@ in
  providerCmdParams =
  if syncCfg.enable then "\"${gpuProviderName}\" NVIDIA-0" else "NVIDIA-G0 \"${gpuProviderName}\"";
  in
- lib.optionalString (syncCfg.enable || reverseSyncCfg.enable) ''
- # Added by nvidia configuration module for Optimus/PRIME.
- ${lib.getExe pkgs.xorg.xrandr} --setprovideroutputsource ${providerCmdParams}
- ${lib.getExe pkgs.xorg.xrandr} --auto
- '';
+ lib.optionalString
+ (syncCfg.enable || (reverseSyncCfg.enable && reverseSyncCfg.setupCommands.enable))
+ ''
+ # Added by nvidia configuration module for Optimus/PRIME.
+ ${lib.getExe pkgs.xorg.xrandr} --setprovideroutputsource ${providerCmdParams}
+ ${lib.getExe pkgs.xorg.xrandr} --auto
+ '';
 
  environment.etc = {
  "nvidia/nvidia-application-profiles-rc" = lib.mkIf nvidia_x11.useProfiles {
@@ -455,6 +471,7 @@ in
  extraPackages = [ pkgs.nvidia-vaapi-driver ];
  extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ];
  };
+
  environment.systemPackages =
  lib.optional cfg.nvidiaSettings nvidia_x11.settings
  ++ lib.optional cfg.nvidiaPersistenced nvidia_x11.persistenced
@@ -527,16 +544,12 @@ in
  };
  })
  ];
+
  services.acpid.enable = true;
 
  services.dbus.packages = lib.optional cfg.dynamicBoost.enable nvidia_x11.bin;
 
- hardware.firmware =
- let
- isOpen = cfg.open;
- isNewUnfree = lib.versionAtLeast nvidia_x11.version "555";
- in
- lib.optional (isOpen || isNewUnfree) nvidia_x11.firmware;
+ hardware.firmware = lib.optional (cfg.open || lib.versionAtLeast nvidia_x11.version "555") nvidia_x11.firmware;
 
  systemd.tmpfiles.rules =
  [

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -779,6 +779,7 @@
  ./services/misc/paperless.nix
  ./services/misc/parsoid.nix
  ./services/misc/persistent-evdev.nix
+ ./services/misc/pghero.nix
  ./services/misc/pinnwand.nix
  ./services/misc/plex.nix
  ./services/misc/plikd.nix
@@ -835,6 +836,7 @@
  ./services/misc/zoneminder.nix
  ./services/misc/zookeeper.nix
  ./services/monitoring/alerta.nix
+ ./services/monitoring/alloy.nix
  ./services/monitoring/apcupsd.nix
  ./services/monitoring/arbtt.nix
  ./services/monitoring/below.nix

diff --git a/nixos/modules/services/desktops/espanso.nix b/nixos/modules/services/desktops/espanso.nix
@@ -15,7 +15,6 @@ in {
  };
 
  config = mkIf cfg.enable {
- services.espanso.package = mkIf cfg.wayland pkgs.espanso-wayland;
  systemd.user.services.espanso = {
  description = "Espanso daemon";
  serviceConfig = {

diff --git a/nixos/modules/services/logging/journalwatch.nix b/nixos/modules/services/logging/journalwatch.nix
@@ -56,6 +56,8 @@ in {
  '';
  };
 
+ package = mkPackageOption pkgs "journalwatch" { };
+
  priority = mkOption {
  type = types.int;
  default = 6;
@@ -240,7 +242,7 @@ in {
  # requires a relative directory name to create beneath /var/lib
  StateDirectory = user;
  StateDirectoryMode = "0750";
- ExecStart = "${pkgs.python3Packages.journalwatch}/bin/journalwatch mail";
+ ExecStart = "${getExe cfg.package} mail";
  # lowest CPU and IO priority, but both still in best-effort class to prevent starvation
  Nice=19;
  IOSchedulingPriority=7;

diff --git a/nixos/modules/services/misc/mqtt2influxdb.nix b/nixos/modules/services/misc/mqtt2influxdb.nix
@@ -125,6 +125,7 @@ in {
  options = {
  services.mqtt2influxdb = {
  enable = mkEnableOption "BigClown MQTT to InfluxDB bridge.";
+ package = mkPackageOption pkgs ["python3Packages" "mqtt2influxdb"] {};
  environmentFiles = mkOption {
  type = types.listOf types.path;
  default = [];
@@ -245,7 +246,7 @@ in {
  '';
  serviceConfig = {
  EnvironmentFile = cfg.environmentFiles;
- ExecStart = "${cfg.package}/bin/mqtt2influxdb -dc ${finalConfig}";
+ ExecStart = "${lib.getExe cfg.package} -dc ${finalConfig}";
  RuntimeDirectory = "mqtt2influxdb";
  };
  };

diff --git a/nixos/modules/services/misc/pghero.nix b/nixos/modules/services/misc/pghero.nix
@@ -0,0 +1,142 @@
+{ config, pkgs, lib, utils, ... }:
+let
+ cfg = config.services.pghero;
+ settingsFormat = pkgs.formats.yaml { };
+ settingsFile = settingsFormat.generate "pghero.yaml" cfg.settings;
+in
+{
+ options.services.pghero = {
+ enable = lib.mkEnableOption "PgHero service";
+ package = lib.mkPackageOption pkgs "pghero" { };
+
+ listenAddress = lib.mkOption {
+ type = lib.types.str;
+ example = "[::1]:3000";
+ description = ''
+ `hostname:port` to listen for HTTP traffic.
+
+ This is bound using the systemd socket activation.
+ '';
+ };
+
+ extraArgs = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [ ];
+ description = ''
+ Additional command-line arguments for the systemd service.
+
+ Refer to the [Puma web server documentation] for available arguments.
+
+ [Puma web server documentation]: https://puma.io/puma#configuration
+ '';
+ };
+
+ settings = lib.mkOption {
+ type = settingsFormat.type;
+ default = { };
+ example = {
+ databases = {
+ primary = {
+ url = "<%= ENV['PRIMARY_DATABASE_URL'] %>";
+ };
+ };
+ };
+ description = ''
+ PgHero configuration. Refer to the [PgHero documentation] for more
+ details.
+
+ [PgHero documentation]: https://github.com/ankane/pghero/blob/master/guides/Linux.md#multiple-databases
+ '';
+ };
+
+ environment = lib.mkOption {
+ type = lib.types.attrsOf lib.types.str;
+ default = { };
+ description = ''
+ Environment variables to set for the service. Secrets should be
+ specified using {option}`environmentFile`.
+ '';
+ };
+
+ environmentFiles = lib.mkOption {
+ type = lib.types.listOf lib.types.path;
+ default = [ ];
+ description = ''
+ File to load environment variables from. Loaded variables override
+ values set in {option}`environment`.
+ '';
+ };
+
+ extraGroups = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [ ];
+ example = [ "tlskeys" ];
+ description = ''
+ Additional groups for the systemd service.
+ '';
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ systemd.sockets.pghero = {
+ unitConfig.Description = "PgHero HTTP socket";
+ wantedBy = [ "sockets.target" ];
+ listenStreams = [ cfg.listenAddress ];
+ };
+
+ systemd.services.pghero = {
+ description = "PgHero performance dashboard for PostgreSQL";
+ wantedBy = [ "multi-user.target" ];
+ requires = [ "pghero.socket" ];
+ after = [ "pghero.socket" "network.target" ];
+
+ environment = {
+ RAILS_ENV = "production";
+ PGHERO_CONFIG_PATH = settingsFile;
+ } // cfg.environment;
+
+ serviceConfig = {
+ Type = "notify";
+ WatchdogSec = "10";
+
+ ExecStart = utils.escapeSystemdExecArgs ([
+ (lib.getExe cfg.package)
+ "--bind-to-activated-sockets"
+ "only"
+ ] ++ cfg.extraArgs);
+ Restart = "always";
+
+ WorkingDirectory = "${cfg.package}/share/pghero";
+
+ EnvironmentFile = cfg.environmentFiles;
+ SupplementaryGroups = cfg.extraGroups;
+
+ DynamicUser = true;
+ UMask = "0077";
+
+ ProtectHome = true;
+ ProtectProc = "invisible";
+ ProcSubset = "pid";
+ ProtectClock = true;
+ ProtectHostname = true;
+ ProtectControlGroups = true;
+ ProtectKernelLogs = true;
+ ProtectKernelModules = true;
+ ProtectKernelTunables = true;
+ PrivateUsers = true;
+ PrivateDevices = true;
+ RestrictRealtime = true;
+ RestrictNamespaces = true;
+ RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
+ DeviceAllow = [ "" ];
+ DevicePolicy = "closed";
+ CapabilityBoundingSet = [ "" ];
+ MemoryDenyWriteExecute = true;
+ LockPersonality = true;
+ SystemCallArchitectures = "native";
+ SystemCallErrorNumber = "EPERM";
+ SystemCallFilter = [ "@system-service" ];
+ };
+ };
+ };
+}