Merge staging-next into staging

2025-07-13 13:40:28 +03:00 · 2025-03-24 12:07:10 +00:00 · 2025-03-24 12:07:10 +00:00 · d5f30d9d8a
commit d5f30d9d8a
parent 824b47e774 00e3c78710
77 changed files with 3868 additions and 2727 deletions
--- a/nixos/modules/services/misc/snapper.nix
+++ b/nixos/modules/services/misc/snapper.nix
@ -55,10 +55,15 @@ let
    };

    FSTYPE = lib.mkOption {
-      type = lib.types.enum [ "btrfs" ];
+      type = lib.types.enum [
+        "btrfs"
+        "bcachefs"
+      ];
      default = "btrfs";
      description = ''
        Filesystem type. Only btrfs is stable and tested.
+
+        bcachefs support is experimental.
      '';
    };

--- a/nixos/modules/services/web-apps/dokuwiki.nix
+++ b/nixos/modules/services/web-apps/dokuwiki.nix
@ -128,10 +128,29 @@ let

  siteOpts = { options, config, lib, name, ... }:
    {
+      # TODO: Remove in time for 25.11 and/or simplify once https://github.com/NixOS/nixpkgs/issues/96006 is fixed
+      imports = [
+        ({config, options, ... }: let
+          removalNote = "The option has had no effect for 3+ years. There is no replacement available.";
+          optPath = lib.options.showOption [ "services" "dokuwiki" "sites" name "enable" ];
+        in {
+          options.enable = mkOption {
+            visible = false;
+            apply = x: throw "The option `${optPath}' can no longer be used since it's been removed. ${removalNote}";
+          };
+          config.assertions = [
+            {
+              assertion = !options.enable.isDefined;
+              message = ''
+                The option definition `${optPath}' in ${showFiles options.enable.files} no longer has any effect; please remove it.
+              ${removalNote}
+              '';
+            }
+          ];
+        })
+      ];

      options = {
-        enable = mkEnableOption "DokuWiki web application";
-
        package = mkPackageOption pkgs "dokuwiki" { };

        stateDir = mkOption {
@ -342,6 +361,13 @@ let
          '';
        };

+        # TODO: Remove when no submodule-level assertions are needed anymore
+        assertions = mkOption {
+          type = types.listOf types.unspecified;
+          default = [ ];
+          visible = false;
+          internal = true;
+        };
    };
  };
 in
@ -374,6 +400,8 @@ in

  # implementation
  config = mkIf (eachSite != {}) (mkMerge [{
+    # TODO: Remove when no submodule-level assertions are needed anymore
+    assertions = flatten (mapAttrsToList (_: cfg: cfg.assertions) eachSite);

    services.phpfpm.pools = mapAttrs' (hostName: cfg: (
      nameValuePair "dokuwiki-${hostName}" {
--- a/nixos/modules/services/web-apps/grav.nix
+++ b/nixos/modules/services/web-apps/grav.nix
@ -102,24 +102,12 @@ in
        phpPackage = cfg.phpPackage.buildEnv {
          extensions =
            { all, enabled }:
-            with all;
-            [
+            enabled
+            ++ (with all; [
              apcu
-              ctype
-              curl
-              dom
-              exif
-              filter
-              gd
-              mbstring
-              opcache
-              openssl
-              session
-              simplexml
              xml
              yaml
-              zip
-            ];
+            ]);

          extraConfig = generators.toKeyValue { mkKeyValue = generators.mkKeyValueDefault { } " = "; } {
            output_buffering = "0";
--- a/nixos/modules/services/web-apps/keycloak.nix
+++ b/nixos/modules/services/web-apps/keycloak.nix
@ -90,6 +90,7 @@ in
        enum
        package
        port
+        listOf
        ;

      assertStringPath =
@ -288,6 +289,25 @@ in
        '';
      };

+      realmFiles = mkOption {
+        type = listOf path;
+        example = lib.literalExpression ''
+          [
+            ./some/realm.json
+            ./another/realm.json
+          ]
+        '';
+        default = [ ];
+        description = ''
+          Realm files that the server is going to import during startup.
+          If a realm already exists in the server, the import operation is
+          skipped. Importing the master realm is not supported. All files are
+          expected to be in `json` format. See the
+          [documentation](https://www.keycloak.org/server/importExport) for
+          further information.
+        '';
+      };
+
      settings = mkOption {
        type = lib.types.submodule {
          freeformType = attrsOf (
@ -644,6 +664,24 @@ in
        '';
      };

+      systemd.tmpfiles.settings."10-keycloak" =
+        let
+          mkTarget =
+            file:
+            let
+              baseName = builtins.baseNameOf file;
+              name = if lib.hasSuffix ".json" baseName then baseName else "${baseName}.json";
+            in
+            "/run/keycloak/data/import/${name}";
+          settingsList = map (f: {
+            name = mkTarget f;
+            value = {
+              "L+".argument = "${f}";
+            };
+          }) cfg.realmFiles;
+        in
+        builtins.listToAttrs settingsList;
+
      systemd.services.keycloak =
        let
          databaseServices =
@ -725,7 +763,7 @@ in
              cp $CREDENTIALS_DIRECTORY/ssl_{cert,key} /run/keycloak/ssl/
            ''
            + ''
-              kc.sh --verbose start --optimized
+              kc.sh --verbose start --optimized ${lib.optionalString (cfg.realmFiles != [ ]) "--import-realm"}
            '';
        };

--- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
+++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
@ -277,7 +277,7 @@ def get_profiles() -> list[str]:
 def install_bootloader(args: argparse.Namespace) -> None:
    try:
        with open("/etc/machine-id") as machine_file:
-            machine_id = machine_file.readlines()[0]
+            machine_id = machine_file.readlines()[0].strip()
    except IOError as e:
        if e.errno != errno.ENOENT:
            raise