From 69bba9c0c0eef278ae42d568b3340dcb7694d1e2 Mon Sep 17 00:00:00 2001 From: Eric Yen Date: Mon, 8 Dec 2025 15:42:27 -0800 Subject: [PATCH 01/40] neo4j: 5.26.1 -> 2025.10.1 --- pkgs/by-name/ne/neo4j/package.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/by-name/ne/neo4j/package.nix b/pkgs/by-name/ne/neo4j/package.nix index 6d70883fe9d6..275488067af1 100644 --- a/pkgs/by-name/ne/neo4j/package.nix +++ b/pkgs/by-name/ne/neo4j/package.nix @@ -4,7 +4,7 @@ fetchurl, nixosTests, makeWrapper, - openjdk17, + openjdk21, which, gawk, bashNonInteractive, @@ -12,11 +12,11 @@ stdenv.mkDerivation rec { pname = "neo4j"; - version = "5.26.1"; + version = "2025.10.1"; src = fetchurl { url = "https://neo4j.com/artifact.php?name=neo4j-community-${version}-unix.tar.gz"; - hash = "sha256-RiCUpsUxUaMSz1a4ptNQ8rp99ffj0r4DPggt8RgSj7U="; + hash = "sha256-aa3hZeM0ehMt6mZk/Of9qG85GnrvsasA8hzpQOppLwk="; }; nativeBuildInputs = [ makeWrapper ]; @@ -35,12 +35,12 @@ stdenv.mkDerivation rec { "$out/bin/$NEO4J_SCRIPT" \ --prefix PATH : "${ lib.makeBinPath [ - openjdk17 + openjdk21 which gawk ] }" \ - --set JAVA_HOME "${openjdk17}" + --set JAVA_HOME "${openjdk21}" done patchShebangs $out/share/neo4j/bin/neo4j-admin From 7b4d26bf861200a0466a5a7684a41adc32875529 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 10 Dec 2025 01:04:26 +0100 Subject: [PATCH 02/40] nixos/modular-services: add systemd.mainExecStart option Provide indirection for ExecStart to enable control over systemd specifier and variable substitution, while escaping process.argv by default for literal arguments. --- .../system/service/systemd/service.nix | 61 ++++++++++++++++++- nixos/modules/system/service/systemd/test.nix | 51 ++++++++++++++++ 2 files changed, 111 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/service/systemd/service.nix b/nixos/modules/system/service/systemd/service.nix index 30c2335b81e3..5fdf70c53b08 100644 --- a/nixos/modules/system/service/systemd/service.nix +++ b/nixos/modules/system/service/systemd/service.nix @@ -58,6 +58,61 @@ in (lib.mkAliasOptionModule [ "systemd" "socket" ] [ "systemd" "sockets" "" ]) ]; options = { + systemd.lib = mkOption { + description = '' + Library functions for working with systemd services. + + Available functions: + + - `escapeSystemdExecArgs`: Escapes a list of arguments for use in ExecStart. + Prevents systemd's specifier (%) and variable ($) substitution by escaping + them to %% and $$ respectively. + + Example: `escapeSystemdExecArgs [ "/bin/echo" "Unit %n" ]` + produces `"/bin/echo" "Unit %%n"` + ''; + type = types.lazyAttrsOf types.raw; + readOnly = true; + }; + + systemd.mainExecStart = mkOption { + description = '' + Main command line for systemd's ExecStart with systemd's specifier and + environment variable substitution enabled. + + This option sets the primary ExecStart entry. Additional ExecStart entries + can be added via `systemd.service.serviceConfig.ExecStart` with `lib.mkBefore` + or `lib.mkAfter`. + + This option allows you to use systemd specifiers like `%n` (unit name), + `%i` (instance), `%t` (runtime directory), and environment variables using + `''${VAR}` syntax in your command line. + + By default, this is set to the escaped version of {option}`process.argv` + to prevent systemd substitution. Set this option explicitly to enable + systemd's substitution features. + + To extend {option}`process.argv` with systemd specifiers, you can append + to the escaped arguments: + + ```nix + systemd.mainExecStart = + config.systemd.lib.escapeSystemdExecArgs config.process.argv + " --systemd-unit %n"; + ``` + + This pattern allows you to pass the unit name (or other systemd specifiers) + as additional arguments while keeping the base command from {option}`process.argv` + properly escaped. + + See {manpage}`systemd.service(5)` (section "COMMAND LINES") for details on + variable substitution and {manpage}`systemd.unit(5)` (section "SPECIFIERS") + for available specifiers like `%n`, `%i`, `%t`. + ''; + type = types.str; + default = config.systemd.lib.escapeSystemdExecArgs config.process.argv; + defaultText = lib.literalExpression "config.systemd.lib.escapeSystemdExecArgs config.process.argv"; + }; + systemd.services = mkOption { description = '' This module configures systemd services, with the notable difference that their unit names will be prefixed with the abstract service name. @@ -106,6 +161,10 @@ in }; }; config = { + systemd.lib = { + inherit escapeSystemdExecArgs; + }; + # Note that this is the systemd.services option above, not the system one. systemd.services."" = { # TODO description; @@ -115,7 +174,7 @@ in Restart = lib.mkDefault "always"; RestartSec = lib.mkDefault "5"; ExecStart = [ - (escapeSystemdExecArgs config.process.argv) + config.systemd.mainExecStart ]; }; }; diff --git a/nixos/modules/system/service/systemd/test.nix b/nixos/modules/system/service/systemd/test.nix index 70d1b17d1a6d..17e38536b08d 100644 --- a/nixos/modules/system/service/systemd/test.nix +++ b/nixos/modules/system/service/systemd/test.nix @@ -52,6 +52,45 @@ let }; }; + # Test that systemd.mainExecStart overrides process.argv + # and allows systemd's specifier and variable substitution + system.services.argv-with-subst = { + process = { + argv = [ + hello' + "--greeting" + "This should be ignored" + ]; + }; + systemd.mainExecStart = ''/bin/sh -c "echo %n and ''${HOME}"''; + }; + + # Test that process.argv escapes % and $ by default + system.services.argv-escaped = { + process = { + argv = [ + "/bin/sh" + "-c" + "echo %n and \${HOME}" + ]; + }; + }; + + # Test extending process.argv with systemd specifiers + system.services.argv-extended = + { config, ... }: + { + process = { + argv = [ + hello' + "--greeting" + "Fun $1 fact, remainder is often expressed as m%n" + ]; + }; + systemd.mainExecStart = + config.systemd.lib.escapeSystemdExecArgs config.process.argv + " --systemd-unit %n"; + }; + # irrelevant stuff system.stateVersion = "25.05"; fileSystems."/".device = "/test/dummy"; @@ -83,6 +122,18 @@ runCommand "test-modular-service-systemd-units" grep 'ExecStart="${hello}/bin/hello" "--greeting" ".*database.*"' ${toplevel}/etc/systemd/system/bar-db.service >/dev/null grep -F 'RestartSec=42' ${toplevel}/etc/systemd/system/bar-db.service >/dev/null + # Test that systemd.mainExecStart overrides process.argv + # Note: %n and $HOME are NOT escaped, allowing systemd to substitute them + grep -F 'ExecStart=/bin/sh -c "echo %n and ''${HOME}"' ${toplevel}/etc/systemd/system/argv-with-subst.service >/dev/null + + # Test that process.argv escapes % as %% and $ as $$ + # This prevents systemd from performing specifier/variable substitution + grep -F 'ExecStart="/bin/sh" "-c" "echo %%n and $${HOME}"' ${toplevel}/etc/systemd/system/argv-escaped.service >/dev/null + + # Test extending process.argv with systemd specifiers + # The base command should be escaped ($1 -> $$1, m%n -> m%%n), but the appended --systemd-unit %n should not be + grep -F 'ExecStart="${hello}/bin/hello" "--greeting" "Fun $$1 fact, remainder is often expressed as m%%n" --systemd-unit %n' ${toplevel}/etc/systemd/system/argv-extended.service >/dev/null + [[ ! -e ${toplevel}/etc/systemd/system/foo.socket ]] [[ ! -e ${toplevel}/etc/systemd/system/bar.socket ]] [[ ! -e ${toplevel}/etc/systemd/system/bar-db.socket ]] From b1caac95aa8ae78f2f7d9ce21edc347b7a8a5e0c Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 11 Dec 2025 10:35:57 +0100 Subject: [PATCH 03/40] ghostunnel: simplify service using systemd.mainExecStart --- pkgs/by-name/gh/ghostunnel/package.nix | 6 +- pkgs/by-name/gh/ghostunnel/service.nix | 106 ++++++++++++------------- 2 files changed, 51 insertions(+), 61 deletions(-) diff --git a/pkgs/by-name/gh/ghostunnel/package.nix b/pkgs/by-name/gh/ghostunnel/package.nix index 6b90c1acb688..ae3525d3315a 100644 --- a/pkgs/by-name/gh/ghostunnel/package.nix +++ b/pkgs/by-name/gh/ghostunnel/package.nix @@ -5,8 +5,6 @@ lib, nixosTests, ghostunnel, - writeScript, - runtimeShell, }: buildGoModule rec { @@ -37,9 +35,7 @@ buildGoModule rec { passthru.services.default = { imports = [ - (lib.modules.importApply ./service.nix { - inherit writeScript runtimeShell; - }) + (lib.modules.importApply ./service.nix { }) ]; ghostunnel.package = ghostunnel; # FIXME: finalAttrs.finalPackage }; diff --git a/pkgs/by-name/gh/ghostunnel/service.nix b/pkgs/by-name/gh/ghostunnel/service.nix index 4fb7db2c3150..52a2f4016e79 100644 --- a/pkgs/by-name/gh/ghostunnel/service.nix +++ b/pkgs/by-name/gh/ghostunnel/service.nix @@ -1,5 +1,5 @@ # Non-module dependencies (`importApply`) -{ writeScript, runtimeShell }: +{ }: # Service module { @@ -185,62 +185,56 @@ in # TODO assertions process = { - argv = - # Use a shell if credentials need to be pulled from the environment. - optional - (builtins.any (v: v != null) [ - cfg.keystore - cfg.cert - cfg.key - cfg.cacert - ]) - ( - writeScript "load-credentials" '' - #!${runtimeShell} - exec $@ ${ - concatStringsSep " " ( - optional (cfg.keystore != null) "--keystore=$CREDENTIALS_DIRECTORY/keystore" - ++ optional (cfg.cert != null) "--cert=$CREDENTIALS_DIRECTORY/cert" - ++ optional (cfg.key != null) "--key=$CREDENTIALS_DIRECTORY/key" - ++ optional (cfg.cacert != null) "--cacert=$CREDENTIALS_DIRECTORY/cacert" - ) - } - '' - ) - ++ [ - (getExe cfg.package) - "server" - "--listen" - cfg.listen - "--target" - cfg.target - ] - ++ optional cfg.allowAll "--allow-all" - ++ map (v: "--allow-cn=${v}") cfg.allowCN - ++ map (v: "--allow-ou=${v}") cfg.allowOU - ++ map (v: "--allow-dns=${v}") cfg.allowDNS - ++ map (v: "--allow-uri=${v}") cfg.allowURI - ++ optional cfg.disableAuthentication "--disable-authentication" - ++ optional cfg.unsafeTarget "--unsafe-target" - ++ cfg.extraArguments; + argv = [ + (getExe cfg.package) + "server" + "--listen" + cfg.listen + "--target" + cfg.target + ] + ++ optional cfg.allowAll "--allow-all" + ++ map (v: "--allow-cn=${v}") cfg.allowCN + ++ map (v: "--allow-ou=${v}") cfg.allowOU + ++ map (v: "--allow-dns=${v}") cfg.allowDNS + ++ map (v: "--allow-uri=${v}") cfg.allowURI + ++ optional cfg.disableAuthentication "--disable-authentication" + ++ optional cfg.unsafeTarget "--unsafe-target" + ++ cfg.extraArguments; }; } - // lib.optionalAttrs (options ? systemd) { - # refine the service - systemd.service = { - after = [ "network.target" ]; - wants = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Restart = "always"; - AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; - DynamicUser = true; - LoadCredential = - optional (cfg.keystore != null) "keystore:${cfg.keystore}" - ++ optional (cfg.cert != null) "cert:${cfg.cert}" - ++ optional (cfg.key != null) "key:${cfg.key}" - ++ optional (cfg.cacert != null) "cacert:${cfg.cacert}"; + # Refine the service for systemd + // lib.optionalAttrs (options ? systemd) ( + let + # Build credential flags with systemd variable substitution + credentialFlags = concatStringsSep " " ( + optional (cfg.keystore != null) "--keystore=\${CREDENTIALS_DIRECTORY}/keystore" + ++ optional (cfg.cert != null) "--cert=\${CREDENTIALS_DIRECTORY}/cert" + ++ optional (cfg.key != null) "--key=\${CREDENTIALS_DIRECTORY}/key" + ++ optional (cfg.cacert != null) "--cacert=\${CREDENTIALS_DIRECTORY}/cacert" + ); + in + { + # Use mainExecStart to add credential flags with systemd variable substitution + systemd.mainExecStart = + config.systemd.lib.escapeSystemdExecArgs config.process.argv + + lib.optionalString (credentialFlags != "") " ${credentialFlags}"; + + systemd.service = { + after = [ "network.target" ]; + wants = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + DynamicUser = true; + LoadCredential = + optional (cfg.keystore != null) "keystore:${cfg.keystore}" + ++ optional (cfg.cert != null) "cert:${cfg.cert}" + ++ optional (cfg.key != null) "key:${cfg.key}" + ++ optional (cfg.cacert != null) "cacert:${cfg.cacert}"; + }; }; - }; - }; + } + ); } From 030e2797323d4f24d335be2c659ec3c1376e4f63 Mon Sep 17 00:00:00 2001 From: Simon Gardling Date: Fri, 12 Dec 2025 14:43:32 -0500 Subject: [PATCH 04/40] nix-prefetch: fix compatibility with extendMkDerivation-based fetchers --- .../fix-extendMkDerivation-overlay.patch | 23 ++++++++++++ .../fix-extendMkDerivation-prelude.patch | 37 +++++++++++++++++++ pkgs/by-name/ni/nix-prefetch/package.nix | 5 +++ 3 files changed, 65 insertions(+) create mode 100644 pkgs/by-name/ni/nix-prefetch/fix-extendMkDerivation-overlay.patch create mode 100644 pkgs/by-name/ni/nix-prefetch/fix-extendMkDerivation-prelude.patch diff --git a/pkgs/by-name/ni/nix-prefetch/fix-extendMkDerivation-overlay.patch b/pkgs/by-name/ni/nix-prefetch/fix-extendMkDerivation-overlay.patch new file mode 100644 index 000000000000..d578b4d354ad --- /dev/null +++ b/pkgs/by-name/ni/nix-prefetch/fix-extendMkDerivation-overlay.patch @@ -0,0 +1,23 @@ +--- a/lib/overlay.nix 2025-12-12 14:17:10.585262065 -0500 ++++ b/lib/overlay.nix 2025-12-12 14:17:31.567341843 -0500 +@@ -35,9 +35,17 @@ + ]; + }; + +- curlFetcher = fetcher: setFunctionArgs (args: fetcher (args // { +- curlOpts = (args.curlOpts or "") + " --no-insecure --cacert ${cacert}/etc/ssl/certs/ca-bundle.crt "; +- })) (functionArgs fetcher); ++ # Handle both attrset and function arguments for extendMkDerivation compatibility ++ curlFetcher = fetcher: setFunctionArgs (args: ++ let ++ modifyArgs = a: a // { ++ curlOpts = (a.curlOpts or "") + " --no-insecure --cacert ${cacert}/etc/ssl/certs/ca-bundle.crt "; ++ }; ++ in ++ if isFunction args ++ then fetcher (final: modifyArgs (args final)) ++ else fetcher (modifyArgs args) ++ ) (functionArgs fetcher); + + unsafeFetcher = name: reason: throw "The fetcher ${name} is deemed unsafe: ${reason}."; + diff --git a/pkgs/by-name/ni/nix-prefetch/fix-extendMkDerivation-prelude.patch b/pkgs/by-name/ni/nix-prefetch/fix-extendMkDerivation-prelude.patch new file mode 100644 index 000000000000..34474335e136 --- /dev/null +++ b/pkgs/by-name/ni/nix-prefetch/fix-extendMkDerivation-prelude.patch @@ -0,0 +1,37 @@ +--- a/lib/prelude.nix ++++ b/lib/prelude.nix +@@ -108,9 +108,24 @@ + + primitiveFetchers = listFetchers builtinsOverlay true ++ [ "fetchurlBoot" ]; + ++ # Helper to merge args, handling both attrsets and functions (for extendMkDerivation) ++ mergeArgsWithRequired = requiredArgs: args: ++ if isFunction args ++ then final: requiredArgs // args final ++ else requiredArgs // args; ++ ++ # Helper to safely intersect args with oldArgs, handling function args ++ safeIntersectArgs = args: oldArgs: ++ if isFunction args ++ then {} # When args is a function, we can't know the keys at evaluation time ++ else builtins.intersectAttrs args oldArgs; ++ + markFetcher = { type, name, fetcher }: + let +- customFetcher = args: markFetcherDrv { inherit type name fetcher args; drv = fetcher (requiredFetcherArgs // args); }; ++ customFetcher = args: markFetcherDrv { ++ inherit type name fetcher args; ++ drv = fetcher (mergeArgsWithRequired requiredFetcherArgs args); ++ }; + + # The required fetcher arguments are assumed to be of type string, + # because requiring a complex value, e.g. a derivation attrset, is very unlikely, +@@ -132,7 +147,7 @@ + if !(elem origPassthru.__fetcher.name primitiveFetchers) then functionArgs origPassthru.__fetcher + else throw "Fetcher ${name} is build on top of the primitive fetcher ${origPassthru.__fetcher.name}, which is not supported." + else {}; +- newArgs = oldArgs // functionArgs fetcher // mapAttrs (_: _: true) (builtins.intersectAttrs args oldArgs); ++ newArgs = oldArgs // functionArgs fetcher // mapAttrs (_: _: true) (safeIntersectArgs args oldArgs); + in { + passthru = origPassthru // { + __fetcher = setFunctionArgs fetcher newArgs // { inherit type name args; drv = drvOverriden; }; diff --git a/pkgs/by-name/ni/nix-prefetch/package.nix b/pkgs/by-name/ni/nix-prefetch/package.nix index 4a58d1905095..a1ee9754a661 100644 --- a/pkgs/by-name/ni/nix-prefetch/package.nix +++ b/pkgs/by-name/ni/nix-prefetch/package.nix @@ -47,6 +47,11 @@ stdenv.mkDerivation (finalAttrs: { url = "https://github.com/msteen/nix-prefetch/commit/508237f48f7e2d8496ce54f38abbe57f44d0cbca.patch"; hash = "sha256-9SYPcRFZaVyNjMUVdXbef5eGvLp/kr379eU9lG5GgE0="; }) + # Fix compatibility with extendMkDerivation-based fetchers (fetchzip, fetchgit, etc.) + # The curlFetcher and markFetcher functions assumed fetcher arguments are always + # attribute sets, but extendMkDerivation can pass functions for the finalAttrs pattern. + ./fix-extendMkDerivation-overlay.patch + ./fix-extendMkDerivation-prelude.patch ]; postPatch = '' From 5c13ef0f43af576f59d2a47b5840e1ddf04620d6 Mon Sep 17 00:00:00 2001 From: Simon Gardling Date: Sun, 2 Nov 2025 23:15:07 -0500 Subject: [PATCH 05/40] nixos/jellyfin: add hardware transcode options to module --- nixos/modules/services/misc/jellyfin.nix | 324 ++++++++++++++++++++++- nixos/tests/jellyfin.nix | 152 ++++++++++- 2 files changed, 464 insertions(+), 12 deletions(-) diff --git a/nixos/modules/services/misc/jellyfin.nix b/nixos/modules/services/misc/jellyfin.nix index 89640b9a3211..2bca8ef432f9 100644 --- a/nixos/modules/services/misc/jellyfin.nix +++ b/nixos/modules/services/misc/jellyfin.nix @@ -8,14 +8,80 @@ let inherit (lib) mkIf + mkDefault getExe maintainers mkEnableOption mkOption mkPackageOption + boolToString + escapeXML + nameValuePair + optionalString + concatMapStringsSep + escapeShellArg + literalExpression + ; + inherit (lib.types) + bool + enum + ints + nullOr + path + str + submodule ; - inherit (lib.types) str path bool; cfg = config.services.jellyfin; + filteredDecodingCodecs = builtins.filter ( + c: c != "hevcRExt10bit" && c != "hevcRExt12bit" && cfg.transcoding.hardwareDecodingCodecs.${c} + ) (builtins.attrNames cfg.transcoding.hardwareDecodingCodecs); + encodingXmlText = '' + + + ${cfg.hardwareAcceleration.type} + ${optionalString ( + cfg.hardwareAcceleration.type == "vaapi" && cfg.hardwareAcceleration.device != null + ) "${escapeXML cfg.hardwareAcceleration.device}"} + ${optionalString ( + cfg.hardwareAcceleration.type == "qsv" && cfg.hardwareAcceleration.device != null + ) "${escapeXML cfg.hardwareAcceleration.device}"} + ${ + if cfg.transcoding.threadCount != null then toString cfg.transcoding.threadCount else "-1" + } + ${boolToString cfg.transcoding.throttleTranscoding} + ${boolToString cfg.transcoding.enableToneMapping} + ${boolToString cfg.transcoding.enableSubtitleExtraction} + ${toString cfg.transcoding.h264Crf} + ${toString cfg.transcoding.h265Crf} + ${boolToString cfg.transcoding.enableHardwareEncoding} + ${boolToString cfg.transcoding.hardwareEncodingCodecs.hevc} + ${boolToString cfg.transcoding.hardwareEncodingCodecs.av1} + ${boolToString cfg.transcoding.enableIntelLowPowerEncoding} + ${boolToString cfg.transcoding.enableIntelLowPowerEncoding} + ${boolToString cfg.transcoding.hardwareDecodingCodecs.hevcRExt10bit} + ${boolToString cfg.transcoding.hardwareDecodingCodecs.hevcRExt12bit} + + ${concatMapStringsSep "\n " ( + codec: "${escapeXML codec}" + ) filteredDecodingCodecs} + + + ''; + encodingXmlFile = pkgs.writeText "encoding.xml" encodingXmlText; + codecListToType = + desc: list: + submodule { + options = builtins.listToAttrs ( + map ( + name: + nameValuePair name (mkOption { + type = bool; + default = false; + description = "Enable ${desc} for ${name} codec."; + }) + ) list + ); + }; in { options = { @@ -48,7 +114,7 @@ in configDir = mkOption { type = path; default = "${cfg.dataDir}/config"; - defaultText = "\${cfg.dataDir}/config"; + defaultText = literalExpression ''"''${cfg.dataDir}/config"''; description = '' Directory containing the server configuration files, passed with `--configdir` see [configuration-directory](https://jellyfin.org/docs/general/administration/configuration/#configuration-directory) @@ -67,7 +133,7 @@ in logDir = mkOption { type = path; default = "${cfg.dataDir}/log"; - defaultText = "\${cfg.dataDir}/log"; + defaultText = literalExpression ''"''${cfg.dataDir}/log"''; description = '' Directory where the Jellyfin logs will be stored, passed with `--logdir` see [#log-directory](https://jellyfin.org/docs/general/administration/configuration/#log-directory) @@ -83,10 +149,216 @@ in only be used if they are unchanged, see [Port Bindings](https://jellyfin.org/docs/general/networking/#port-bindings). ''; }; + + hardwareAcceleration = { + enable = mkEnableOption "hardware acceleration for video transcoding"; + + device = mkOption { + type = nullOr path; + default = null; + example = "/dev/dri/renderD128"; + description = '' + Path to the hardware acceleration device that Jellyfin should use. + For obscure configurations, additional devices can be added via + {option}`systemd.services.jellyfin.serviceConfig.DeviceAllow`. + ''; + }; + + # see MediaBrowser.Model/Entities/HardwareAccelerationType.cs in jellyfin source + type = mkOption { + type = enum [ + "none" + "amf" + "qsv" + "nvenc" + "v4l2m2m" + "vaapi" + # videotoolbox is MacOS-only + "rkmpp" + ]; + default = "none"; + description = '' + The method of hardware acceleration. See [Hardware Acceleration](https://jellyfin.org/docs/general/post-install/transcoding/hardware-acceleration) for more details. + ''; + }; + }; + + forceEncodingConfig = mkOption { + type = bool; + default = false; + description = '' + Whether to overwrite Jellyfin's `encoding.xml` configuration file on each service start. + + When enabled, the encoding configuration specified in {option}`services.jellyfin.transcoding` + and {option}`services.jellyfin.hardwareAcceleration` will be applied on every service restart. + A backup of the existing `encoding.xml` will be created at `encoding.xml.backup-$timestamp`. + + ::: {.warning} + Enabling this option means that any changes made to transcoding settings through + Jellyfin's web dashboard will be lost on the next service restart. The NixOS configuration + becomes the single source of truth for encoding settings. + ::: + + When disabled (the default), the encoding configuration is only written if no `encoding.xml` + exists yet. This allows settings to be changed through Jellyfin's web dashboard and persist + across restarts, but means the NixOS configuration options will be ignored after the initial setup. + ''; + }; + + transcoding = { + maxConcurrentStreams = mkOption { + type = nullOr ints.positive; + default = null; + example = 2; + description = '' + Maximum number of concurrent transcoding streams. + Set to null for unlimited (limited by hardware capabilities). + ''; + }; + + enableToneMapping = mkOption { + type = bool; + default = true; + description = '' + Enable tone mapping when transcoding HDR content. + ''; + }; + + enableSubtitleExtraction = mkOption { + type = bool; + default = true; + description = '' + Embedded subtitles can be extracted from videos and delivered to clients in plain text, in order to help prevent video transcoding. On some systems this can take a long time and cause video playback to stall during the extraction process. Disable this to have embedded subtitles burned in with video transcoding when they are not natively supported by the client device. + ''; + }; + + throttleTranscoding = mkOption { + type = bool; + default = false; + description = '' + When a transcode or remux gets far enough ahead from the current playback position, pause the process so it will consume fewer resources. This is most useful when watching without seeking often. Turn this off if you experience playback issues. + ''; + }; + + threadCount = mkOption { + type = nullOr ints.positive; + default = null; + example = 4; + description = '' + Number of threads to use when transcoding. + Set to null to use automatic detection. + ''; + }; + + hardwareDecodingCodecs = mkOption { + type = codecListToType "hardware decoding" [ + "h264" + "hevc" + "mpeg2" + "vc1" + "vp8" + "vp9" + "av1" + "hevc10bit" + "hevcRExt10bit" + "hevcRExt12bit" + ]; + default = { }; + example = { + vp9 = true; + h264 = true; + }; + description = '' + Which codecs to enable for hardware decoding. + ''; + }; + + hardwareEncodingCodecs = mkOption { + type = codecListToType "hardware encoding" [ + "hevc" + "av1" + ]; + default = { }; + example = { + av1 = true; + }; + description = '' + Which codecs to enable for hardware encoding. h264 is always enabled. + ''; + }; + + encodingPreset = mkOption { + type = enum [ + "auto" + "veryslow" + "slower" + "slow" + "medium" + "fast" + "faster" + "veryfast" + "superfast" + "ultrafast" + ]; + default = "auto"; + description = '' + Encoder preset for transcoding. + Lower presets sacrifice quality for speed, higher presets optimize quality. + ''; + }; + + deleteSegments = mkOption { + type = bool; + default = true; + description = '' + Delete transcoding segments when finished. + ''; + }; + + h264Crf = mkOption { + type = ints.between 0 51; + default = 23; + description = '' + Constant Rate Factor (CRF) for H.264 encoding. Lower values result in better quality. Range: 0-51. + ''; + }; + + h265Crf = mkOption { + type = ints.between 0 51; + default = 28; + description = '' + Constant Rate Factor (CRF) for H.265 encoding. Lower values result in better quality. Range: 0-51. + ''; + }; + + enableHardwareEncoding = mkOption { + type = bool; + default = false; + description = '' + Enable hardware encoding for video transcoding. + ''; + }; + + enableIntelLowPowerEncoding = mkOption { + type = bool; + default = false; + description = '' + Enable low-power encoding mode for Intel Quick Sync Video. + Requires i915 HuC firmware to be configured. + ''; + }; + }; }; }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.hardwareAcceleration.enable -> cfg.hardwareAcceleration.device != null; + message = "services.jellyfin.hardwareAcceleration.device cannot be null when hardware acceleration is enabled."; + } + ]; + systemd = { tmpfiles.settings.jellyfinDirs = { "${cfg.dataDir}"."d" = { @@ -112,6 +384,47 @@ in wants = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; + preStart = mkIf cfg.hardwareAcceleration.enable ( + '' + configDir=${escapeShellArg cfg.configDir} + encodingXml="$configDir/encoding.xml" + '' + + ( + if cfg.forceEncodingConfig then + '' + if [[ -e $encodingXml ]]; then + # this intentionally removes trailing newlines + currentText="$(<"$encodingXml")" + configuredText="$(<${encodingXmlFile})" + if [[ $currentText == "$configuredText" ]]; then + # don't need to do anything + exit 0 + else + encodingXmlBackup="$configDir/encoding.xml.backup-$(date -u +"%FT%H_%M_%SZ")" + mv --update=none-fail -T "$encodingXml" "$encodingXmlBackup" + fi + fi + cp --update=none-fail -T ${encodingXmlFile} "$encodingXml" + chmod u+w "$encodingXml" + '' + else + '' + if [[ -e $encodingXml ]]; then + # this intentionally removes trailing newlines + currentText="$(<"$encodingXml")" + configuredText="$(<${encodingXmlFile})" + if [[ $currentText != "$configuredText" ]]; then + echo "WARN: $encodingXml already exists and is different from the configured settings. transcoding options NOT applied." >&2 + echo "WARN: Set config.services.jellyfin.forceEncodingConfig = true to override." >&2 + fi + else + cp --update=none-fail -T ${encodingXmlFile} "$encodingXml" + chmod u+w "$encodingXml" + fi + '' + ) + ); + # This is mostly follows: https://github.com/jellyfin/jellyfin/blob/master/fedora/jellyfin.service # Upstream also disable some hardenings when running in LXC, we do the same with the isContainer option serviceConfig = { @@ -149,7 +462,10 @@ in LockPersonality = true; PrivateTmp = !config.boot.isContainer; # needed for hardware acceleration - PrivateDevices = false; + # PrivateDevices defaults to false for backwards compatibility - users may have + # hardware acceleration set up outside of NixOS configuration + PrivateDevices = mkDefault false; + DeviceAllow = mkIf cfg.hardwareAcceleration.enable [ "${cfg.hardwareAcceleration.device} rw" ]; PrivateUsers = true; RemoveIPC = true; diff --git a/nixos/tests/jellyfin.nix b/nixos/tests/jellyfin.nix index e8fb233bccd5..646a08b7e829 100644 --- a/nixos/tests/jellyfin.nix +++ b/nixos/tests/jellyfin.nix @@ -4,11 +4,65 @@ name = "jellyfin"; meta.maintainers = with lib.maintainers; [ minijackson ]; - nodes.machine = { - services.jellyfin.enable = true; - environment.systemPackages = with pkgs; [ ffmpeg ]; - # Jellyfin fails to start if the data dir doesn't have at least 2GiB of free space - virtualisation.diskSize = 3 * 1024; + nodes = { + machine = { + services.jellyfin.enable = true; + environment.systemPackages = with pkgs; [ ffmpeg ]; + # Jellyfin fails to start if the data dir doesn't have at least 2GiB of free space + virtualisation.diskSize = 3 * 1024; + }; + + machineWithTranscoding = { + services.jellyfin = { + enable = true; + hardwareAcceleration = { + enable = true; + type = "vaapi"; + device = "/dev/dri/renderD128"; + }; + transcoding = { + enableToneMapping = false; + threadCount = 4; + enableHardwareEncoding = true; + enableSubtitleExtraction = false; + deleteSegments = true; + h264Crf = 23; + h265Crf = 26; + throttleTranscoding = false; + enableIntelLowPowerEncoding = true; + hardwareDecodingCodecs = { + h264 = true; + hevc = true; + vp9 = true; + hevcRExt10bit = true; + hevcRExt12bit = true; + }; + hardwareEncodingCodecs = { + hevc = true; + av1 = true; + }; + }; + }; + environment.systemPackages = with pkgs; [ ffmpeg ]; + virtualisation.diskSize = 3 * 1024; + }; + + machineWithForceConfig = { + services.jellyfin = { + enable = true; + forceEncodingConfig = true; + hardwareAcceleration = { + enable = true; + type = "vaapi"; + device = "/dev/dri/renderD128"; + }; + transcoding = { + threadCount = 2; + }; + }; + environment.systemPackages = with pkgs; [ ffmpeg ]; + virtualisation.diskSize = 3 * 1024; + }; }; # Documentation of the Jellyfin API: https://api.jellyfin.org/ @@ -28,13 +82,46 @@ import json from urllib.parse import urlencode - machine.wait_for_unit("jellyfin.service") - machine.wait_for_open_port(8096) - machine.wait_until_succeeds("journalctl --since -1m --unit jellyfin --grep 'Startup complete'") + def wait_for_jellyfin(machine): + machine.wait_for_unit("jellyfin.service") + machine.wait_for_open_port(8096) + machine.wait_until_succeeds("journalctl --since -1m --unit jellyfin --grep 'Startup complete'") + + wait_for_jellyfin(machine) machine.succeed("curl --fail http://localhost:8096/") machine.wait_until_succeeds("curl --fail http://localhost:8096/health | grep Healthy") + # Test hardware acceleration configuration + with subtest("Hardware acceleration configuration"): + wait_for_jellyfin(machineWithTranscoding) + + # Check device access + machineWithTranscoding.succeed("systemctl show jellyfin.service --property=DeviceAllow | grep '/dev/dri/renderD128 rw'") + + # Test forceEncodingConfig backup functionality + with subtest("Force encoding config creates backup"): + wait_for_jellyfin(machineWithForceConfig) + + # Verify encoding.xml exists + machineWithForceConfig.succeed("test -f /var/lib/jellyfin/config/encoding.xml") + + # Stop service before modifying config + machineWithForceConfig.succeed("systemctl stop jellyfin.service") + + # Create a marker in the current encoding.xml to verify backup works + machineWithForceConfig.succeed("echo '' > /var/lib/jellyfin/config/encoding.xml") + + # Restart the service to trigger the backup + machineWithForceConfig.succeed("systemctl restart jellyfin.service") + wait_for_jellyfin(machineWithForceConfig) + + # Verify backup was created with the marker (uses glob pattern for timestamped backup) + machineWithForceConfig.succeed("grep -q 'MARKER' /var/lib/jellyfin/config/encoding.xml.backup-*") + + # Verify the new encoding.xml does not have the marker (was overwritten) + machineWithForceConfig.fail("grep -q 'MARKER' /var/lib/jellyfin/config/encoding.xml") + auth_header = 'MediaBrowser Client="NixOS Integration Tests", DeviceId="1337", Device="Apple II", Version="20.09"' @@ -48,6 +135,55 @@ else: return f"curl --fail -X post 'http://localhost:8096{path}' -H 'X-Emby-Authorization:{auth_header}'" + # Test dashboard-based configuration verification + with subtest("Dashboard configuration verification"): + # Complete setup and get admin token + machineWithTranscoding.wait_until_succeeds(api_get("/Startup/Configuration")) + machineWithTranscoding.succeed(api_get("/Startup/FirstUser")) + machineWithTranscoding.succeed(api_post("/Startup/Complete")) + + auth_result = json.loads(machineWithTranscoding.succeed( + api_post("/Users/AuthenticateByName", "${payloads.auth}") + )) + token = auth_result["AccessToken"] + + def api_get_with_token(path): + return f"curl --fail 'http://localhost:8096{path}' -H 'X-Emby-Authorization:MediaBrowser Client=\"Test\", DeviceId=\"test\", Token={token}'" + + # Get encoding config and verify key settings + config = json.loads(machineWithTranscoding.succeed(api_get_with_token("/System/Configuration/encoding"))) + + # Main hardware acceleration settings verification + assert config.get("HardwareAccelerationType") == "vaapi", f"Hardware acceleration type: expected 'vaapi', got '{config.get('HardwareAccelerationType')}'" + assert config.get("VaapiDevice") == "/dev/dri/renderD128", f"VAAPI device: expected '/dev/dri/renderD128', got '{config.get('VaapiDevice')}'" + assert config.get("EncodingThreadCount") == 4, f"Thread count: expected 4, got '{config.get('EncodingThreadCount')}'" + assert config.get("EnableHardwareEncoding") == True, f"Hardware encoding: expected True, got '{config.get('EnableHardwareEncoding')}'" + + # Transcoding settings verification + assert config.get("H264Crf") == 23, f"H264 CRF: expected 23, got '{config.get('H264Crf')}'" + assert config.get("H265Crf") == 26, f"H265 CRF: expected 26, got '{config.get('H265Crf')}'" + assert config.get("EnableTonemapping") == False, f"Tone mapping: expected False, got '{config.get('EnableTonemapping')}'" + assert config.get("EnableThrottling") == False, f"Throttling: expected False, got '{config.get('EnableThrottling')}'" + assert config.get("EnableSubtitleExtraction") == False, f"Subtitle extraction: expected False, got '{config.get('EnableSubtitleExtraction')}'" + + # Hardware encoding codecs verification + assert config.get("AllowHevcEncoding") == True, f"Allow HEVC encoding: expected True, got '{config.get('AllowHevcEncoding')}'" + assert config.get("AllowAv1Encoding") == True, f"Allow AV1 encoding: expected True, got '{config.get('AllowAv1Encoding')}'" + + # Intel low power encoding verification + assert config.get("EnableIntelLowPowerH264HwEncoder") == True, f"Intel low power H264: expected True, got '{config.get('EnableIntelLowPowerH264HwEncoder')}'" + assert config.get("EnableIntelLowPowerHevcHwEncoder") == True, f"Intel low power HEVC: expected True, got '{config.get('EnableIntelLowPowerHevcHwEncoder')}'" + + # HEVC RExt color depth verification + assert config.get("EnableDecodingColorDepth10HevcRext") == True, f"HEVC RExt 10bit: expected True, got '{config.get('EnableDecodingColorDepth10HevcRext')}'" + assert config.get("EnableDecodingColorDepth12HevcRext") == True, f"HEVC RExt 12bit: expected True, got '{config.get('EnableDecodingColorDepth12HevcRext')}'" + + # Hardware decoding codecs verification + decoding_codecs = config.get("HardwareDecodingCodecs", []) + assert "h264" in decoding_codecs, f"h264 should be in HardwareDecodingCodecs, got {decoding_codecs}" + assert "hevc" in decoding_codecs, f"hevc should be in HardwareDecodingCodecs, got {decoding_codecs}" + assert "vp9" in decoding_codecs, f"vp9 should be in HardwareDecodingCodecs, got {decoding_codecs}" + with machine.nested("Wizard completes"): machine.wait_until_succeeds(api_get("/Startup/Configuration")) From 3478176f4b1e67e96371a535edb6c97beb5954b3 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 17 Dec 2025 08:24:43 +1000 Subject: [PATCH 06/40] go_1_26: init at 1.26rc1 --- pkgs/development/compilers/go/1.26.nix | 204 ++++++++++++++++++ .../development/compilers/go/bootstrap124.nix | 27 +++ .../go/go_no_vendor_checks-1.26.patch | 26 +++ pkgs/top-level/all-packages.nix | 5 + 4 files changed, 262 insertions(+) create mode 100644 pkgs/development/compilers/go/1.26.nix create mode 100644 pkgs/development/compilers/go/bootstrap124.nix create mode 100644 pkgs/development/compilers/go/go_no_vendor_checks-1.26.patch diff --git a/pkgs/development/compilers/go/1.26.nix b/pkgs/development/compilers/go/1.26.nix new file mode 100644 index 000000000000..ae9f4bb890a8 --- /dev/null +++ b/pkgs/development/compilers/go/1.26.nix @@ -0,0 +1,204 @@ +{ + lib, + stdenv, + fetchurl, + tzdata, + replaceVars, + iana-etc, + mailcap, + buildPackages, + pkgsBuildTarget, + targetPackages, + # for testing + buildGo126Module, + callPackage, +}: + +let + goBootstrap = buildPackages.callPackage ./bootstrap124.nix { }; + + # We need a target compiler which is still runnable at build time, + # to handle the cross-building case where build != host == target + targetCC = pkgsBuildTarget.targetPackages.stdenv.cc; + + isCross = stdenv.buildPlatform != stdenv.targetPlatform; +in +stdenv.mkDerivation (finalAttrs: { + pname = "go"; + version = "1.26rc1"; + + src = fetchurl { + url = "https://go.dev/dl/go${finalAttrs.version}.src.tar.gz"; + hash = "sha256-ZeM0BQb0uhJaV5nsx4etSdTJ9NJX4sLBXT4pXlACtoQ="; + }; + + strictDeps = true; + buildInputs = + [ ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ stdenv.cc.libc.out ] + ++ lib.optionals (stdenv.hostPlatform.libc == "glibc") [ stdenv.cc.libc.static ]; + + depsBuildTarget = lib.optional isCross targetCC; + + depsTargetTarget = lib.optional stdenv.targetPlatform.isMinGW targetPackages.threads.package; + + postPatch = '' + patchShebangs . + ''; + + patches = [ + (replaceVars ./iana-etc-1.25.patch { + iana = iana-etc; + }) + # Patch the mimetype database location which is missing on NixOS. + # but also allow static binaries built with NixOS to run outside nix + (replaceVars ./mailcap-1.17.patch { + inherit mailcap; + }) + # prepend the nix path to the zoneinfo files but also leave the original value for static binaries + # that run outside a nix server + (replaceVars ./tzdata-1.19.patch { + inherit tzdata; + }) + ./remove-tools-1.11.patch + ./go_no_vendor_checks-1.26.patch + ./go-env-go_ldso.patch + ]; + + env = { + inherit (stdenv.targetPlatform.go) GOOS GOARCH GOARM; + # GOHOSTOS/GOHOSTARCH must match the building system, not the host system. + # Go will nevertheless build a for host system that we will copy over in + # the install phase. + GOHOSTOS = stdenv.buildPlatform.go.GOOS; + GOHOSTARCH = stdenv.buildPlatform.go.GOARCH; + + GO386 = "softfloat"; # from Arch: don't assume sse2 on i686 + # Wasi does not support CGO + # ppc64/linux CGO is incomplete/borked, and will likely not receive any further improvements + # https://github.com/golang/go/issues/8912 + # https://github.com/golang/go/issues/13192 + CGO_ENABLED = + if + ( + stdenv.targetPlatform.isWasi + || (stdenv.targetPlatform.isPower64 && stdenv.targetPlatform.isBigEndian) + ) + then + 0 + else + 1; + + GOROOT_BOOTSTRAP = "${goBootstrap}/share/go"; + } + // lib.optionalAttrs isCross { + # {CC,CXX}_FOR_TARGET must be only set for cross compilation case as go expect those + # to be different from CC/CXX + CC_FOR_TARGET = "${targetCC}/bin/${targetCC.targetPrefix}cc"; + CXX_FOR_TARGET = "${targetCC}/bin/${targetCC.targetPrefix}c++"; + }; + + buildPhase = '' + runHook preBuild + export GOCACHE=$TMPDIR/go-cache + if [ -f "$NIX_CC/nix-support/dynamic-linker" ]; then + export GO_LDSO=$(cat $NIX_CC/nix-support/dynamic-linker) + fi + + export PATH=$(pwd)/bin:$PATH + + ${lib.optionalString isCross '' + # Independent from host/target, CC should produce code for the building system. + # We only set it when cross-compiling. + export CC=${buildPackages.stdenv.cc}/bin/cc + # Prefer external linker for cross when CGO is supported, since + # we haven't taught go's internal linker to pick the correct ELF + # interpreter for cross + # When CGO is not supported we rely on static binaries being built + # since they don't need an ELF interpreter + export GO_EXTLINK_ENABLED=${toString finalAttrs.env.CGO_ENABLED} + ''} + ulimit -a + + pushd src + ./make.bash + popd + runHook postBuild + ''; + + preInstall = '' + # Contains the wrong perl shebang when cross compiling, + # since it is not used for anything we can deleted as well. + rm src/regexp/syntax/make_perl_groups.pl + '' + + ( + if (stdenv.buildPlatform.system != stdenv.hostPlatform.system) then + '' + mv bin/*_*/* bin + rmdir bin/*_* + ${lib.optionalString + ( + !( + finalAttrs.env.GOHOSTARCH == finalAttrs.env.GOARCH && finalAttrs.env.GOOS == finalAttrs.env.GOHOSTOS + ) + ) + '' + rm -rf pkg/${finalAttrs.env.GOHOSTOS}_${finalAttrs.env.GOHOSTARCH} pkg/tool/${finalAttrs.env.GOHOSTOS}_${finalAttrs.env.GOHOSTARCH} + '' + } + '' + else + lib.optionalString (stdenv.hostPlatform.system != stdenv.targetPlatform.system) '' + rm -rf bin/*_* + ${lib.optionalString + ( + !( + finalAttrs.env.GOHOSTARCH == finalAttrs.env.GOARCH && finalAttrs.env.GOOS == finalAttrs.env.GOHOSTOS + ) + ) + '' + rm -rf pkg/${finalAttrs.env.GOOS}_${finalAttrs.env.GOARCH} pkg/tool/${finalAttrs.env.GOOS}_${finalAttrs.env.GOARCH} + '' + } + '' + ); + + installPhase = '' + runHook preInstall + mkdir -p $out/share/go + cp -a bin pkg src lib misc api doc go.env VERSION $out/share/go + mkdir -p $out/bin + ln -s $out/share/go/bin/* $out/bin + runHook postInstall + ''; + + disallowedReferences = [ goBootstrap ]; + + passthru = { + inherit goBootstrap; + tests = callPackage ./tests.nix { + go = finalAttrs.finalPackage; + buildGoModule = buildGo126Module; + }; + }; + + __structuredAttrs = true; + + meta = { + changelog = "https://go.dev/doc/devel/release#go${lib.versions.majorMinor finalAttrs.version}"; + description = "Go Programming language"; + homepage = "https://go.dev/"; + license = lib.licenses.bsd3; + teams = [ lib.teams.golang ]; + platforms = + lib.platforms.darwin ++ lib.platforms.linux ++ lib.platforms.wasi ++ lib.platforms.freebsd; + badPlatforms = [ + # Support for big-endian POWER < 8 was dropped in 1.9, but POWER8 users have less of a reason to run in big-endian mode than pre-POWER8 ones + # So non-LE ppc64 is effectively unsupported, and Go SIGILLs on affordable ppc64 hardware + # https://github.com/golang/go/issues/19074 - Dropped support for big-endian POWER < 8, with community pushback + # https://github.com/golang/go/issues/73349 - upstream will not accept submissions to fix this + "powerpc64-linux" + ]; + mainProgram = "go"; + }; +}) diff --git a/pkgs/development/compilers/go/bootstrap124.nix b/pkgs/development/compilers/go/bootstrap124.nix new file mode 100644 index 000000000000..e69287fa7693 --- /dev/null +++ b/pkgs/development/compilers/go/bootstrap124.nix @@ -0,0 +1,27 @@ +{ callPackage }: +callPackage ./binary.nix { + version = "1.24.11"; + hashes = { + # Use `print-hashes.sh ${version}` to generate the list below + darwin-amd64 = "c45566cf265e2083cd0324e88648a9c28d0edede7b5fd12f8dc6932155a344c5"; + darwin-arm64 = "a9c90c786e75d5d1da0547de2d1199034df6a4b163af2fa91b9168c65f229c12"; + freebsd-386 = "99229da13fd74d5cdcb81fae844bf48574c64eae0d2821137f45c848f1453771"; + freebsd-amd64 = "de6fdd4eefa06dbb2531ed601ef5f2b88e73f49f89c10bc1078f51a96a7ae88f"; + freebsd-arm = "fd7a01515c09ad190c969bd9cd277803c05acfaa7b03c496d3a9d1b8cad72d03"; + freebsd-arm64 = "eead4408b88557228fe4b30ee90aa33062d338fa5647c046a5aaca4237839f5a"; + freebsd-riscv64 = "3c192d96d57c6330e6a92d70235a4e938345c9b3a50d37cfce60c92dd7240d04"; + linux-386 = "bb702d0b67759724dccee1825828e8bae0b5199e3295cac5a98a81f3098fa64a"; + linux-amd64 = "bceca00afaac856bc48b4cc33db7cd9eb383c81811379faed3bdbc80edb0af65"; + linux-arm64 = "beaf0f51cbe0bd71b8289b2b6fa96c0b11cd86aa58672691ef2f1de88eb621de"; + linux-armv6l = "24d712a7e8ea2f429c05bc67287249e0291f2fe0ea6d6ff268f11b7343ad0f47"; + linux-loong64 = "45c3cbec9e30071ea1f3323fc30fb1b8497007c992f00ba48fcdcb729f06467c"; + linux-mips = "c006942d74a348af080aac3930c3772148761cf1de5d97c3879c30d17b72ccf5"; + linux-mips64 = "d054e2fb0873ac1d5502c4a860090bfff130b8fabdeeea311adda658fbc45ac5"; + linux-mips64le = "c0274255613b85e2ba45e210e8f07995d51a048f11c7f0b9128dc177472692b3"; + linux-mipsle = "5c787fc3ac04c4ebeaa0a6602c8a69eae557fe15d033a07cf22ac44e2489285f"; + linux-ppc64 = "3fceb9492469f2155134a834c12b4bf9c1126fbb3cbf5a5ae660648897b8076d"; + linux-ppc64le = "f770d0c5d7e7e2edb030133ac7854d9204f4e954e79a176e81362ffedf6ea34c"; + linux-riscv64 = "9db9ba8e6b60f3662f55ed78b128175edbe8b9480e657126a5b8f5043ee1e38c"; + linux-s390x = "5955ddda3445b2cbfd81b8772044084911f55d0baeb32414da0411f6a377a2d4"; + }; +} diff --git a/pkgs/development/compilers/go/go_no_vendor_checks-1.26.patch b/pkgs/development/compilers/go/go_no_vendor_checks-1.26.patch new file mode 100644 index 000000000000..e6ca14c3a881 --- /dev/null +++ b/pkgs/development/compilers/go/go_no_vendor_checks-1.26.patch @@ -0,0 +1,26 @@ +diff --git a/src/cmd/go/internal/modload/import.go b/src/cmd/go/internal/modload/import.go +index 04e95b7a8d..1ab4431d95 100644 +--- a/src/cmd/go/internal/modload/import.go ++++ b/src/cmd/go/internal/modload/import.go +@@ -350,7 +350,7 @@ func importFromModules(loaderstate *State, ctx context.Context, path string, rs + // vendor/modules.txt does not exist or the user manually added directories to the vendor directory. + // Go 1.23 and later require vendored packages to be present in modules.txt to be imported. + _, ok := vendorPkgModule[path] +- if ok || (gover.Compare(loaderstate.MainModules.GoVersion(loaderstate), gover.ExplicitModulesTxtImportVersion) < 0) { ++ if ok || (gover.Compare(loaderstate.MainModules.GoVersion(loaderstate), gover.ExplicitModulesTxtImportVersion) < 0) || os.Getenv("GO_NO_VENDOR_CHECKS") == "1" { + mods = append(mods, vendorPkgModule[path]) + dirs = append(dirs, dir) + roots = append(roots, vendorDir) +diff --git a/src/cmd/go/internal/modload/vendor.go b/src/cmd/go/internal/modload/vendor.go +index 9956bcdb12..5247daabfa 100644 +--- a/src/cmd/go/internal/modload/vendor.go ++++ b/src/cmd/go/internal/modload/vendor.go +@@ -159,7 +159,7 @@ func checkVendorConsistency(loaderstate *State, indexes []*modFileIndex, modFile + panic(fmt.Errorf("not in workspace mode but number of indexes is %v, not 1", len(indexes))) + } + index := indexes[0] +- if gover.Compare(index.goVersion, "1.14") < 0 { ++ if gover.Compare(index.goVersion, "1.14") < 0 || (os.Getenv("GO_NO_VENDOR_CHECKS") == "1" && len(vendorMeta) == 0) { + // Go versions before 1.14 did not include enough information in + // vendor/modules.txt to check for consistency. + // If we know that we're on an earlier version, relax the consistency check. diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 48dc7cff6d71..ca2385ad72c4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8634,6 +8634,11 @@ with pkgs; go = buildPackages.go_1_25; }; + go_1_26 = callPackage ../development/compilers/go/1.26.nix { }; + buildGo126Module = callPackage ../build-support/go/module.nix { + go = buildPackages.go_1_26; + }; + ### DEVELOPMENT / HARE hareHook = callPackage ../by-name/ha/hare/hook.nix { }; From 2e24f4c4f4f80df58a27bde781c7bcebd37e3950 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 18 Dec 2025 08:32:37 +0000 Subject: [PATCH 07/40] ft2-clone: 2.00 -> 2.03 --- pkgs/by-name/ft/ft2-clone/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ft/ft2-clone/package.nix b/pkgs/by-name/ft/ft2-clone/package.nix index c7ed8b4ba43d..faaf00f6d1df 100644 --- a/pkgs/by-name/ft/ft2-clone/package.nix +++ b/pkgs/by-name/ft/ft2-clone/package.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "ft2-clone"; - version = "2.00"; + version = "2.03"; src = fetchFromGitHub { owner = "8bitbubsy"; repo = "ft2-clone"; rev = "v${version}"; - hash = "sha256-Wx4dOWGyQRHgTqKZrmRIiX74UIU/ltFVAh217RYwUus="; + hash = "sha256-kOSH9jEdS3wU2XAEh7fh5XIuIU7zqqWrpcBZqKEZM84="; }; nativeBuildInputs = [ cmake ]; From 7403bb9423adab060f170585b7ad8e60efb3a09d Mon Sep 17 00:00:00 2001 From: sbe-famly Date: Fri, 19 Dec 2025 10:27:54 +0100 Subject: [PATCH 08/40] kustomize-sops: fix typo in symlink path Fixed incorrect variable name $ous -> $out in installPhase that prevented proper symlink creation. --- pkgs/development/tools/kustomize/kustomize-sops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/kustomize/kustomize-sops.nix b/pkgs/development/tools/kustomize/kustomize-sops.nix index 3bee0bbecb2a..c5da968ac230 100644 --- a/pkgs/development/tools/kustomize/kustomize-sops.nix +++ b/pkgs/development/tools/kustomize/kustomize-sops.nix @@ -23,7 +23,7 @@ buildGoModule rec { mkdir -p $out/lib/viaduct.ai/v1/ksops-exec/ mv $GOPATH/bin/kustomize-sops $out/bin/ksops ln -s $out/bin/ksops $out/lib/viaduct.ai/v1/ksops-exec/ksops-exec - ln -s $ous/bin/ksops $out/lib/viaduct.ai/v1/ksops/ksops + ln -s $out/bin/ksops $out/lib/viaduct.ai/v1/ksops/ksops ''; # Tests are broken in a nix environment From 622835076f2567b5a9936e5e160f7f7062b56803 Mon Sep 17 00:00:00 2001 From: Justin Restivo Date: Fri, 19 Dec 2025 12:07:00 -0500 Subject: [PATCH 09/40] chalk: 1.29.4 -> 1.34.9 --- pkgs/by-name/ch/chalk/package.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/by-name/ch/chalk/package.nix b/pkgs/by-name/ch/chalk/package.nix index 06543f7c1a90..fb794b4b81e9 100644 --- a/pkgs/by-name/ch/chalk/package.nix +++ b/pkgs/by-name/ch/chalk/package.nix @@ -6,7 +6,7 @@ let # This derivation is adapted from the # install script that Chalk recommends: https://api.chalk.ai/install.sh - chalkVersion = "1.29.4"; + chalkVersion = "1.34.9"; chalkPathPiecesByNixSystem = { "aarch64-darwin" = "Darwin/aarch64"; "x86_64-darwin" = "Darwin/x86_64"; @@ -14,10 +14,10 @@ let "x86_64-linux" = "Linux/x86_64"; }; chalkHashByNixSystem = { - "aarch64-darwin" = "sha256-zHPfyeHdHfbxrUhjLJHbLkeuu7WwK4jtYX7bk5wimX0="; - "x86_64-darwin" = "sha256-D6lBrnBlD+OU5kQv6b6BzK+u7vB91rTtYpz8iBUeWdA="; - "aarch64-linux" = "sha256-XHaCLxVJbXjPILczDGWLFqP0q/nBO5O2A9lghkvM474="; - "x86_64-linux" = "sha256-hlNljLJm+m7l+Djni+ATKyWKSGKSDP0YN3CuJ4fXmWg="; + "aarch64-darwin" = "sha256-owDGsT/2tU1Y3JKWAQkYNG18dOxXIST/3bfjXJf1gXU="; + "x86_64-darwin" = "sha256-lCRYekUmXFW6V/zvbvWCqzxr0bbpvQwk1wgWtAYuPuQ="; + "aarch64-linux" = "sha256-uvhjhLbVBGB5SNFbfgtpaeLULFnEm3x8fN9ffyJzSSM="; + "x86_64-linux" = "sha256-lC5SwvZzYJqomRrK42roSQr4/GZScM2VdgiQ9DOSkHQ="; }; chalkHash = chalkHashByNixSystem."${stdenv.system}"; chalkPathPieces = chalkPathPiecesByNixSystem."${stdenv.system}"; From 74087c79c94daecb988eaf6e8de0b078a155a6e8 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 20 Dec 2025 04:00:42 +0000 Subject: [PATCH 10/40] organicmaps: 2025.11.26-5 -> 2025.12.16-16 --- pkgs/applications/misc/organicmaps/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/organicmaps/default.nix b/pkgs/applications/misc/organicmaps/default.nix index 4245ff0a23b6..1782a051373e 100644 --- a/pkgs/applications/misc/organicmaps/default.nix +++ b/pkgs/applications/misc/organicmaps/default.nix @@ -33,13 +33,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "organicmaps"; - version = "2025.11.26-5"; + version = "2025.12.16-16"; src = fetchFromGitHub { owner = "organicmaps"; repo = "organicmaps"; tag = "${finalAttrs.version}-android"; - hash = "sha256-gkTZpWV3f/rNb5aDMRsbf/+uwItaTCfqODJxxLhx2hE="; + hash = "sha256-Ep+CmTT2yCimchUAxdnRU3QqtLOfJWbw0gRioB0snQI="; fetchSubmodules = true; }; From 47e05c4d85561e4e43bf186a19039e881c799998 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 20 Dec 2025 11:48:27 +0000 Subject: [PATCH 11/40] algia: 0.0.93 -> 0.0.97 --- pkgs/by-name/al/algia/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/al/algia/package.nix b/pkgs/by-name/al/algia/package.nix index 9737d8d35ecd..03fcd2003b30 100644 --- a/pkgs/by-name/al/algia/package.nix +++ b/pkgs/by-name/al/algia/package.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "algia"; - version = "0.0.93"; + version = "0.0.97"; src = fetchFromGitHub { owner = "mattn"; repo = "algia"; tag = "v${version}"; - hash = "sha256-B1win7mTU1vrdhhm8jtbemVYwUWYlEpoLN4d4FI65Is="; + hash = "sha256-vja/l0zLoqTDog32YvkSya4wnMCNj/H93xzwipP2msQ="; }; vendorHash = "sha256-JTTWVs0KwceiLy6tpyd48zORiXLc18zwgG1c+ceivKU="; From f826df47fa7f20d8a997c1ca4562959c937c56ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Wed, 10 Dec 2025 12:53:31 -0500 Subject: [PATCH 12/40] nginxMainline: 1.29.3 -> 1.29.4 --- pkgs/servers/http/nginx/mainline.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix index 160921fca63d..4de3f6c527c4 100644 --- a/pkgs/servers/http/nginx/mainline.nix +++ b/pkgs/servers/http/nginx/mainline.nix @@ -1,6 +1,6 @@ { callPackage, ... }@args: callPackage ./generic.nix args { - version = "1.29.3"; - hash = "sha256-m+/M7RLuCcL04Thdfo4hyR8aWmOxlvePiXwtBEuMkxI="; + version = "1.29.4"; + hash = "sha256-Wn037uUFhm+6tYEPqfeCR9bV2RV6WVxOenIEMUHdqyU="; } From 5e7cd9e4b8c0d5bd3d747b6067d7234f56a2bdbc Mon Sep 17 00:00:00 2001 From: Justin Restivo Date: Sat, 20 Dec 2025 19:36:46 -0500 Subject: [PATCH 13/40] shades-of-gray-theme: drop --- .../sh/shades-of-gray-theme/package.nix | 36 ------------------- pkgs/top-level/aliases.nix | 1 + 2 files changed, 1 insertion(+), 36 deletions(-) delete mode 100644 pkgs/by-name/sh/shades-of-gray-theme/package.nix diff --git a/pkgs/by-name/sh/shades-of-gray-theme/package.nix b/pkgs/by-name/sh/shades-of-gray-theme/package.nix deleted file mode 100644 index 58bad3698352..000000000000 --- a/pkgs/by-name/sh/shades-of-gray-theme/package.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - lib, - stdenv, - fetchFromGitHub, - gtk_engines, - gtk-engine-murrine, -}: - -stdenv.mkDerivation rec { - pname = "shades-of-gray-theme"; - version = "1.3.0"; - - src = fetchFromGitHub { - owner = "WernerFP"; - repo = "shades-of-gray-theme"; - rev = version; - sha256 = "13ydym0i3032g5dyrnl5wxpvxv57b43q7iaq5achpmaixgn58gs8"; - }; - - buildInputs = [ gtk_engines ]; - - propagatedUserEnvPkgs = [ gtk-engine-murrine ]; - - installPhase = '' - mkdir -p $out/share/themes - cp -a Shades-of-gray* $out/share/themes/ - ''; - - meta = { - description = "Flat dark GTK theme with ergonomic contrasts"; - homepage = "https://github.com/WernerFP/Shades-of-gray-theme"; - license = lib.licenses.gpl3Plus; - platforms = lib.platforms.unix; - maintainers = [ lib.maintainers.romildo ]; - }; -} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 6a29a1e02b88..78cd4ca6914e 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -1452,6 +1452,7 @@ mapAliases { session-desktop-appimage = throw "'session-desktop-appimage' has been renamed to/replaced by 'session-desktop'"; # Converted to throw 2025-10-27 sexp = throw "'sexp' has been renamed to/replaced by 'sexpp'"; # Converted to throw 2025-10-27 shadered = throw "shadered has been removed because it has been marked as broken since at least November 2024."; # Added 2025-10-01 + shades-of-gray-theme = throw "'shades-of-gray-theme' has been removed because upstream is a 404"; # Added 2025-12-20 shared_desktop_ontologies = throw "'shared_desktop_ontologies' has been removed as it had been abandoned upstream"; # Added 2025-11-09 shipyard = throw "'shipyard' has been renamed to/replaced by 'jumppad'"; # Converted to throw 2025-10-27 siduck76-st = throw "'siduck76-st' has been renamed to/replaced by 'st-snazzy'"; # Converted to throw 2025-10-27 From da01ef597a0a17069d5b78e6b40dd9bae3fd1120 Mon Sep 17 00:00:00 2001 From: Gliczy <129636582+Gliczy@users.noreply.github.com> Date: Sun, 21 Dec 2025 14:28:00 +0100 Subject: [PATCH 14/40] komikku: 1.97.0 -> 1.98.0 --- pkgs/by-name/ko/komikku/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ko/komikku/package.nix b/pkgs/by-name/ko/komikku/package.nix index 936b02e3b48a..8c2677519784 100644 --- a/pkgs/by-name/ko/komikku/package.nix +++ b/pkgs/by-name/ko/komikku/package.nix @@ -24,7 +24,7 @@ python3.pkgs.buildPythonApplication rec { pname = "komikku"; - version = "1.97.0"; + version = "1.98.0"; pyproject = false; src = fetchFromGitea { @@ -32,7 +32,7 @@ python3.pkgs.buildPythonApplication rec { owner = "valos"; repo = "Komikku"; tag = "v${version}"; - hash = "sha256-rwaqWf3WupTcwHz2NPBl5/UNYoFV3cwGmIMyrxHUav4="; + hash = "sha256-7UMCSqVj6eOjpuuMeOuvMtBELjkG4ayaJgFVwMDP0Ag="; }; nativeBuildInputs = [ From 57c3f012bc0a3bf137f2c9ca477cd8db7c15ae63 Mon Sep 17 00:00:00 2001 From: Mario <2067324+mariolopjr@users.noreply.github.com> Date: Sun, 21 Dec 2025 12:00:39 -0500 Subject: [PATCH 15/40] maintainers: add mariolopjr --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 638dbe9bcdcd..d9fbe97d428e 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -16110,6 +16110,12 @@ github = "marijanp"; githubId = 13599169; }; + mariolopjr = { + name = "Mario Lopez"; + email = "mario@techmunchies.net"; + github = "mariolopjr"; + githubId = 2067324; + }; marius851000 = { email = "nix@mariusdavid.fr"; name = "Marius David"; From 28ac6ee21298f965ad26789bf54fcf371e5c901c Mon Sep 17 00:00:00 2001 From: Mario <2067324+mariolopjr@users.noreply.github.com> Date: Sun, 21 Dec 2025 12:02:31 -0500 Subject: [PATCH 16/40] meta.maintainers: add mariolopjr --- pkgs/os-specific/linux/asus-ec-sensors/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/asus-ec-sensors/default.nix b/pkgs/os-specific/linux/asus-ec-sensors/default.nix index a63e198438c6..673bd579f716 100644 --- a/pkgs/os-specific/linux/asus-ec-sensors/default.nix +++ b/pkgs/os-specific/linux/asus-ec-sensors/default.nix @@ -35,7 +35,10 @@ stdenv.mkDerivation rec { homepage = "https://github.com/zeule/asus-ec-sensors"; license = lib.licenses.gpl2Only; platforms = [ "x86_64-linux" ]; - maintainers = with lib.maintainers; [ nickhu ]; + maintainers = with lib.maintainers; [ + nickhu + mariolopjr + ]; broken = kernel.kernelOlder "5.11"; }; } From 5c45455920b960407885611c96fa80afd06f46ad Mon Sep 17 00:00:00 2001 From: Mario <2067324+mariolopjr@users.noreply.github.com> Date: Sun, 21 Dec 2025 12:04:10 -0500 Subject: [PATCH 17/40] asus-ec-sensors: 0.1.0-unstable-2025-01-10 -> 0.1.0-unstable-2025-12-11 Adds additional support for newer ASUS motherboards, including the more recent B850 and X870 chipsets --- pkgs/os-specific/linux/asus-ec-sensors/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/asus-ec-sensors/default.nix b/pkgs/os-specific/linux/asus-ec-sensors/default.nix index 673bd579f716..08f3e367f8cc 100644 --- a/pkgs/os-specific/linux/asus-ec-sensors/default.nix +++ b/pkgs/os-specific/linux/asus-ec-sensors/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { name = "asus-ec-sensors-${version}-${kernel.version}"; - version = "0.1.0-unstable-2025-01-10"; + version = "0.1.0-unstable-2025-12-11"; src = fetchFromGitHub { owner = "zeule"; repo = "asus-ec-sensors"; - rev = "619d505b7055be618e9ba9d5e146fd641dbf3015"; - sha256 = "sha256-vS8wNS53m495hmsI267R5Kq/j8Mo5491PJkUKRUpqPQ="; + rev = "0e73cd165c4d1baf8ce841604722c6981b7ba9d6"; + sha256 = "sha256-qX+HmtBdm9bOJRnlpI/Ru0OCcUi8MQ29Y731yM9JEi0="; }; hardeningDisable = [ "pic" ]; From 2e63ed873a81906a187ce53a5a6b490f698943e6 Mon Sep 17 00:00:00 2001 From: qubitnano <146656568+qubitnano@users.noreply.github.com> Date: Sun, 14 Dec 2025 18:44:02 -0500 Subject: [PATCH 18/40] mariokart64recomp: 0.9.1-unstable-2025-10-02 -> 0.9.1-unstable-2025-10-15, fix fetching src --- pkgs/by-name/ma/mariokart64recomp/package.nix | 29 +++++++++---------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/pkgs/by-name/ma/mariokart64recomp/package.nix b/pkgs/by-name/ma/mariokart64recomp/package.nix index a692e9e3b3e4..cbfd0a7e7772 100644 --- a/pkgs/by-name/ma/mariokart64recomp/package.nix +++ b/pkgs/by-name/ma/mariokart64recomp/package.nix @@ -14,11 +14,9 @@ SDL2, gtk3, vulkan-loader, - graphicsmagick, makeDesktopItem, n64recomp, directx-shader-compiler, - sdl_gamecontrollerdb, forceX11 ? false, }: @@ -44,21 +42,20 @@ in llvmPackages_19.stdenv.mkDerivation (finalAttrs: { pname = "mariokart64recomp"; - version = "0.9.1-unstable-2025-10-02"; + version = "0.9.1-unstable-2025-10-15"; - src = - (fetchFromGitHub { - owner = "sonicdcer"; - repo = "MarioKart64Recomp"; - rev = "6f5791b3f4eae60bd341502b7af71372a9d531a9"; - hash = "sha256-qVAXFUJYR4Q7WfbuY0h7ZhvIsgkfpD5W0eo5mUv4TEg="; - fetchSubmodules = true; - }).overrideAttrs - (_: { - GIT_CONFIG_COUNT = 1; - GIT_CONFIG_KEY_0 = "url.https://github.com/.insteadOf"; - GIT_CONFIG_VALUE_0 = "git@github.com:"; - }); + src = fetchFromGitHub { + owner = "sonicdcer"; + repo = "MarioKart64Recomp"; + rev = "f019c3906d47cddbc8bcbea744948b9f4825f54d"; + hash = "sha256-lMN7FY9EvFbHEc3bLiTWP9LS15syo7dANxeFOpS4YaA="; + preFetch = '' + export GIT_CONFIG_COUNT=1 + export GIT_CONFIG_KEY_0=url.https://github.com/.insteadOf + export GIT_CONFIG_VALUE_0=git@github.com: + ''; + fetchSubmodules = true; + }; strictDeps = true; From a182e704428d5b537285ae920db8dad709b5807c Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 21 Dec 2025 22:21:20 +0000 Subject: [PATCH 19/40] yggdrasil-jumper: 0.4.1 -> 0.4.2 --- pkgs/by-name/yg/yggdrasil-jumper/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/yg/yggdrasil-jumper/package.nix b/pkgs/by-name/yg/yggdrasil-jumper/package.nix index 5d9cf139162e..06e8248be921 100644 --- a/pkgs/by-name/yg/yggdrasil-jumper/package.nix +++ b/pkgs/by-name/yg/yggdrasil-jumper/package.nix @@ -7,16 +7,16 @@ rustPlatform.buildRustPackage rec { pname = "yggdrasil-jumper"; - version = "0.4.1"; + version = "0.4.2"; src = fetchFromGitHub { owner = "one-d-wide"; repo = "yggdrasil-jumper"; rev = "refs/tags/v${version}"; - hash = "sha256-e/QTLWqRlEFMl3keQMeJaxfVJh28W/WbuUsmEAaLAf4="; + hash = "sha256-dElC+q76dE3SlVY4+aauNmeqcNdfj0mMjg51WRuywJI="; }; - cargoHash = "sha256-aWDeRcOV/5x0BB0aunp52en9hIuPrYr+pNgLCjiscaE="; + cargoHash = "sha256-hCKw+kmcnNF8U3KyBjPjBeeA8abZf/oYtimtUFo7t7w="; passthru.updateScript = nix-update-script { }; From 8f5143140753be37e91eb2b90bba669726261244 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Mon, 22 Dec 2025 21:04:58 +0800 Subject: [PATCH 20/40] xfce.xfce4-power-manager: Move away from mkXfceDerivation To reduce the diff when build system change comes. mkXfceDerivation is generally pointless with meson. --- .../xfce/core/xfce4-power-manager/default.nix | 37 ++++++++++++++++--- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/pkgs/desktops/xfce/core/xfce4-power-manager/default.nix b/pkgs/desktops/xfce/core/xfce4-power-manager/default.nix index 3ab492ea7d01..b32bb82307cb 100644 --- a/pkgs/desktops/xfce/core/xfce4-power-manager/default.nix +++ b/pkgs/desktops/xfce/core/xfce4-power-manager/default.nix @@ -1,7 +1,12 @@ { + stdenv, lib, - mkXfceDerivation, + fetchFromGitLab, + gettext, + pkg-config, wayland-scanner, + xfce4-dev-tools, + wrapGAppsHook3, gtk3, libnotify, libxfce4ui, @@ -12,17 +17,27 @@ wlr-protocols, xfconf, xfce4-panel, + gitUpdater, }: -mkXfceDerivation { - category = "xfce"; +stdenv.mkDerivation (finalAttrs: { pname = "xfce4-power-manager"; version = "4.20.0"; - sha256 = "sha256-qKUdrr+giLzNemhT3EQsOKTSiIx50NakmK14Ak7ZOCE="; + src = fetchFromGitLab { + domain = "gitlab.xfce.org"; + owner = "xfce"; + repo = "xfce4-power-manager"; + tag = "xfce4-power-manager-${finalAttrs.version}"; + hash = "sha256-qKUdrr+giLzNemhT3EQsOKTSiIx50NakmK14Ak7ZOCE="; + }; nativeBuildInputs = [ + gettext + pkg-config wayland-scanner + xfce4-dev-tools + wrapGAppsHook3 ]; buildInputs = [ @@ -46,8 +61,20 @@ mkXfceDerivation { substituteInPlace src/xfpm-suspend.c --replace-fail "SBINDIR" "\"/run/current-system/sw/bin\"" ''; + configureFlags = [ "--enable-maintainer-mode" ]; + enableParallelBuilding = true; + + passthru.updateScript = gitUpdater { + rev-prefix = "xfce4-power-manager-"; + odd-unstable = true; + }; + meta = { description = "Power manager for the Xfce Desktop Environment"; + homepage = "https://gitlab.xfce.org/xfce/xfce4-power-manager"; + license = lib.licenses.gpl2Plus; + mainProgram = "xfce4-power-manager"; + platforms = lib.platforms.linux; teams = [ lib.teams.xfce ]; }; -} +}) From f28844014f966780833d9056542ad7c45f4a454c Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Mon, 22 Dec 2025 21:16:35 +0800 Subject: [PATCH 21/40] xfce.xfce4-session: Move away from mkXfceDerivation To reduce the diff when build system change comes. mkXfceDerivation is generally pointless with meson. --- .../xfce/core/xfce4-session/default.nix | 44 ++++++++++++++++--- 1 file changed, 37 insertions(+), 7 deletions(-) diff --git a/pkgs/desktops/xfce/core/xfce4-session/default.nix b/pkgs/desktops/xfce/core/xfce4-session/default.nix index 5c4669f4adb5..9df164019861 100644 --- a/pkgs/desktops/xfce/core/xfce4-session/default.nix +++ b/pkgs/desktops/xfce/core/xfce4-session/default.nix @@ -1,6 +1,11 @@ { + stdenv, lib, - mkXfceDerivation, + fetchFromGitLab, + gettext, + pkg-config, + xfce4-dev-tools, + wrapGAppsHook3, polkit, exo, libxfce4util, @@ -12,15 +17,27 @@ gtk-layer-shell, glib, libwnck, - xfce4-session, + gitUpdater, }: -mkXfceDerivation { - category = "xfce"; +stdenv.mkDerivation (finalAttrs: { pname = "xfce4-session"; version = "4.20.3"; - sha256 = "sha256-HfVspmAkjuGgoI87VHNHFGZP17ZA0b31llY93gUtWxs="; + src = fetchFromGitLab { + domain = "gitlab.xfce.org"; + owner = "xfce"; + repo = "xfce4-session"; + tag = "xfce4-session-${finalAttrs.version}"; + hash = "sha256-HfVspmAkjuGgoI87VHNHFGZP17ZA0b31llY93gUtWxs="; + }; + + nativeBuildInputs = [ + gettext + pkg-config + xfce4-dev-tools + wrapGAppsHook3 + ]; buildInputs = [ exo @@ -37,14 +54,27 @@ mkXfceDerivation { ]; configureFlags = [ + "--enable-maintainer-mode" "--with-xsession-prefix=${placeholder "out"}" "--with-wayland-session-prefix=${placeholder "out"}" ]; - passthru.xinitrc = "${xfce4-session}/etc/xdg/xfce4/xinitrc"; + enableParallelBuilding = true; + + passthru = { + xinitrc = "${finalAttrs.finalPackage}/etc/xdg/xfce4/xinitrc"; + updateScript = gitUpdater { + rev-prefix = "xfce4-session-"; + odd-unstable = true; + }; + }; meta = { description = "Session manager for Xfce"; + homepage = "https://gitlab.xfce.org/xfce/xfce4-session"; + license = lib.licenses.gpl2Plus; + mainProgram = "xfce4-session"; + platforms = lib.platforms.linux; teams = [ lib.teams.xfce ]; }; -} +}) From 9384aa3e783c987fdc2f67f29ce87edaf358c566 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Mon, 22 Dec 2025 21:23:51 +0800 Subject: [PATCH 22/40] xfce.xfce4-settings: Move away from mkXfceDerivation To reduce the diff when build system change comes. mkXfceDerivation is generally pointless with meson. --- .../xfce/core/xfce4-settings/default.nix | 37 ++++++++++++++++--- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/pkgs/desktops/xfce/core/xfce4-settings/default.nix b/pkgs/desktops/xfce/core/xfce4-settings/default.nix index c4df65645e02..2fc5f5dddd95 100644 --- a/pkgs/desktops/xfce/core/xfce4-settings/default.nix +++ b/pkgs/desktops/xfce/core/xfce4-settings/default.nix @@ -1,7 +1,12 @@ { + stdenv, lib, - mkXfceDerivation, + fetchFromGitLab, + gettext, + pkg-config, + xfce4-dev-tools, wayland-scanner, + wrapGAppsHook3, exo, garcon, gtk3, @@ -23,17 +28,27 @@ xf86inputlibinput, colord, withColord ? true, + gitUpdater, }: -mkXfceDerivation { - category = "xfce"; +stdenv.mkDerivation (finalAttrs: { pname = "xfce4-settings"; version = "4.20.2"; - sha256 = "sha256-hx1ilXPcwWWDwNR/k2b+9vR5aCv9UlPR0d42OE6JxEk="; + src = fetchFromGitLab { + domain = "gitlab.xfce.org"; + owner = "xfce"; + repo = "xfce4-settings"; + tag = "xfce4-settings-${finalAttrs.version}"; + hash = "sha256-hx1ilXPcwWWDwNR/k2b+9vR5aCv9UlPR0d42OE6JxEk="; + }; nativeBuildInputs = [ + gettext + pkg-config + xfce4-dev-tools wayland-scanner + wrapGAppsHook3 ]; buildInputs = [ @@ -56,6 +71,7 @@ mkXfceDerivation { ++ lib.optionals withColord [ colord ]; configureFlags = [ + "--enable-maintainer-mode" "--enable-pluggable-dialogs" "--enable-sound-settings" (lib.enableFeature withXrandr "xrandr") @@ -63,8 +79,19 @@ mkXfceDerivation { ++ lib.optionals withUpower [ "--enable-upower-glib" ] ++ lib.optionals withColord [ "--enable-colord" ]; + enableParallelBuilding = true; + + passthru.updateScript = gitUpdater { + rev-prefix = "xfce4-settings-"; + odd-unstable = true; + }; + meta = { description = "Settings manager for Xfce"; + homepage = "https://gitlab.xfce.org/xfce/xfce4-settings"; + license = lib.licenses.gpl2Plus; + mainProgram = "xfce4-settings-manager"; + platforms = lib.platforms.linux; teams = [ lib.teams.xfce ]; }; -} +}) From 86420ef783ea0c1c9c7a8584e078ca03b0535940 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 22 Dec 2025 15:51:11 +0000 Subject: [PATCH 23/40] labwc-tweaks-gtk: 0-unstable-2025-06-14 -> 0-unstable-2025-12-16 --- pkgs/by-name/la/labwc-tweaks-gtk/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/la/labwc-tweaks-gtk/package.nix b/pkgs/by-name/la/labwc-tweaks-gtk/package.nix index cfda121f6d56..ca840c43307a 100644 --- a/pkgs/by-name/la/labwc-tweaks-gtk/package.nix +++ b/pkgs/by-name/la/labwc-tweaks-gtk/package.nix @@ -14,13 +14,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "labwc-tweaks-gtk"; - version = "0-unstable-2025-06-14"; + version = "0-unstable-2025-12-16"; src = fetchFromGitHub { owner = "labwc"; repo = "labwc-tweaks-gtk"; - rev = "394a61ed5a546c59d4e632a5a7b184aecc79166a"; - hash = "sha256-/iYe3FVIFo74XnyWeUHpWjmLCw8MsZBqXp55o0FjILA="; + rev = "553788d5be02e3dd5f0f0ba4191878d94f60f07f"; + hash = "sha256-dEdMbeGNeT7wzq+LhUnBLUlWGqXf55rwrs/58axyO+o="; }; nativeBuildInputs = [ From cf3fbe0ea96327d85b2c830530ed8427ef7621f4 Mon Sep 17 00:00:00 2001 From: schromp Date: Mon, 22 Dec 2025 23:17:16 +0100 Subject: [PATCH 24/40] deadlock-mod-manager: remove webkit environment variables --- pkgs/by-name/de/deadlock-mod-manager/package.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/by-name/de/deadlock-mod-manager/package.nix b/pkgs/by-name/de/deadlock-mod-manager/package.nix index 7d5a4e1899f9..432c08e7c040 100644 --- a/pkgs/by-name/de/deadlock-mod-manager/package.nix +++ b/pkgs/by-name/de/deadlock-mod-manager/package.nix @@ -97,8 +97,6 @@ rustPlatform.buildRustPackage (finalAttrs: { gappsWrapperArgs+=( --set FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" --set TAURI_DIST_DIR "$out/share/deadlock-modmanager/dist" - --set WEBKIT_DISABLE_COMPOSITING_MODE 1 - --set WEBKIT_DISABLE_DMABUF_RENDERER 1 --set DISABLE_UPDATE_DESKTOP_DATABASE 1 --prefix PATH : ${lib.makeBinPath [ desktop-file-utils ]} --add-flags "--disable-auto-update" From f4d0f170b43deafad68940d855e14822ae487f06 Mon Sep 17 00:00:00 2001 From: Anton Mosich Date: Tue, 23 Dec 2025 00:04:24 +0100 Subject: [PATCH 25/40] nixos/postgres: fix markup in docs --- nixos/modules/services/databases/postgresql.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/databases/postgresql.md b/nixos/modules/services/databases/postgresql.md index 7e114b0a6ce9..7ff4df971915 100644 --- a/nixos/modules/services/databases/postgresql.md +++ b/nixos/modules/services/databases/postgresql.md @@ -173,7 +173,7 @@ These instructions are also applicable to other versions. Major PostgreSQL upgrades require a downtime and a few imperative steps to be called. This is the case because each major version has some internal changes in the databases' state. Because of that, -NixOS places the state into {file}`/var/lib/postgresql/<version>` where each `version` +NixOS places the state into {file}`/var/lib/postgresql/` where each `version` can be obtained like this: ``` $ nix-instantiate --eval -A postgresql_15.psqlSchema From 7eea86e9c4edb957d3fa952f7454e6cbdf1721e5 Mon Sep 17 00:00:00 2001 From: Justin Buchanan Date: Mon, 22 Dec 2025 20:50:55 -0800 Subject: [PATCH 26/40] darktable: 5.2.1 -> 5.4.0 --- pkgs/by-name/da/darktable/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/da/darktable/package.nix b/pkgs/by-name/da/darktable/package.nix index ebd9a93d58c1..5e214aa5a5b0 100644 --- a/pkgs/by-name/da/darktable/package.nix +++ b/pkgs/by-name/da/darktable/package.nix @@ -80,12 +80,12 @@ }: stdenv.mkDerivation rec { - version = "5.2.1"; + version = "5.4.0"; pname = "darktable"; src = fetchurl { url = "https://github.com/darktable-org/darktable/releases/download/release-${version}/darktable-${version}.tar.xz"; - hash = "sha256-AvGqmuk5See8VMNO61/5LCuH+V0lR4Zd9VxgRnVk7hE="; + hash = "sha256-K/C66njSeUXPCcM9iATxeeA6g+4Z0ukn/WYOpGrKOxY="; }; nativeBuildInputs = [ From 015bb141db57de55a23c873a3f614e15d3034063 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 23 Dec 2025 08:24:09 +0000 Subject: [PATCH 27/40] libresplit: 0-unstable-2025-12-12 -> 0-unstable-2025-12-22 --- pkgs/by-name/li/libresplit/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/li/libresplit/package.nix b/pkgs/by-name/li/libresplit/package.nix index 0022cf0b6607..da5359b407d7 100644 --- a/pkgs/by-name/li/libresplit/package.nix +++ b/pkgs/by-name/li/libresplit/package.nix @@ -14,13 +14,13 @@ gcc15Stdenv.mkDerivation { pname = "libresplit"; - version = "0-unstable-2025-12-12"; + version = "0-unstable-2025-12-22"; src = fetchFromGitHub { owner = "LibreSplit"; repo = "LibreSplit"; - rev = "0d1e3f5feab571cccf761b1c1391ee7f50b5f101"; - hash = "sha256-7XmvwYlqqn/IxR0eCLhkfrsY4omjICe6S2LCn55Sqgk="; + rev = "63ed87a8eb1d8d188b613bc9b8c48d7223a37dbb"; + hash = "sha256-n8kKdv6e//v0yst6PW9PAnmB73W2lzlTdvvuELCePFY="; }; nativeBuildInputs = [ From 3d836c9d726d6cf6f813b10662583efad98895dc Mon Sep 17 00:00:00 2001 From: r-vdp Date: Tue, 23 Dec 2025 12:17:33 +0200 Subject: [PATCH 28/40] nixos/facter: enable grub uefi support based on facter report See https://github.com/nix-community/nixos-facter-modules/commit/fb9eea6bb0ac1ce07bcf7498fcff6e5f653b6091 Co-authored-by: Christian Friedow --- nixos/modules/hardware/facter/boot.nix | 16 ++++++++++++++++ nixos/modules/hardware/facter/default.nix | 1 + 2 files changed, 17 insertions(+) create mode 100644 nixos/modules/hardware/facter/boot.nix diff --git a/nixos/modules/hardware/facter/boot.nix b/nixos/modules/hardware/facter/boot.nix new file mode 100644 index 000000000000..2fa3c3573c82 --- /dev/null +++ b/nixos/modules/hardware/facter/boot.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + ... +}: + +{ + options.hardware.facter.detected.uefi.supported = lib.mkEnableOption "the facter uefi module" // { + default = config.hardware.facter.report.uefi.supported or false; + defaultText = "hardware dependent"; + }; + + config.boot.loader.grub.efiSupport = lib.mkIf config.hardware.facter.detected.uefi.supported ( + lib.mkDefault true + ); +} diff --git a/nixos/modules/hardware/facter/default.nix b/nixos/modules/hardware/facter/default.nix index e1376769a333..71720a0e0647 100644 --- a/nixos/modules/hardware/facter/default.nix +++ b/nixos/modules/hardware/facter/default.nix @@ -5,6 +5,7 @@ }: { imports = [ + ./boot.nix ./bluetooth.nix ./camera ./debug.nix From fa876358557ba628565d929adb26e3eecfe28b01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Tue, 23 Dec 2025 10:21:09 +0000 Subject: [PATCH 29/40] claude-code: 2.0.75 -> 2.0.76 --- pkgs/by-name/cl/claude-code/package-lock.json | 4 ++-- pkgs/by-name/cl/claude-code/package.nix | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/by-name/cl/claude-code/package-lock.json b/pkgs/by-name/cl/claude-code/package-lock.json index abfde5d6bcd2..9517f2ea84fd 100644 --- a/pkgs/by-name/cl/claude-code/package-lock.json +++ b/pkgs/by-name/cl/claude-code/package-lock.json @@ -1,12 +1,12 @@ { "name": "@anthropic-ai/claude-code", - "version": "2.0.75", + "version": "2.0.76", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@anthropic-ai/claude-code", - "version": "2.0.75", + "version": "2.0.76", "license": "SEE LICENSE IN README.md", "bin": { "claude": "cli.js" diff --git a/pkgs/by-name/cl/claude-code/package.nix b/pkgs/by-name/cl/claude-code/package.nix index a156594d28f7..b7b7e17bd168 100644 --- a/pkgs/by-name/cl/claude-code/package.nix +++ b/pkgs/by-name/cl/claude-code/package.nix @@ -11,14 +11,14 @@ }: buildNpmPackage (finalAttrs: { pname = "claude-code"; - version = "2.0.75"; + version = "2.0.76"; src = fetchzip { url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${finalAttrs.version}.tgz"; - hash = "sha256-3BdinltHR29yYz+celc46MoZO8qAyLnRkJYhL2b7MFU="; + hash = "sha256-46IqiGJZrZM4vVcanZj/vY4uxFH3/4LxNA+Qb6iIHDk="; }; - npmDepsHash = "sha256-mgIWUIUDryDbgmS7MBGmGMtYD46oxYPPybsnvwQVZFA="; + npmDepsHash = "sha256-mDErPWWqOe+3fKriTBLNCzXP48pmmlOMoB+kCP4FoT8="; postPatch = '' cp ${./package-lock.json} package-lock.json From 6c93455d1a681fcfd0178028fd27722c67d2f57b Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 23 Dec 2025 11:47:42 +0000 Subject: [PATCH 30/40] python3Packages.txtai: 9.2.0 -> 9.3.0 --- pkgs/development/python-modules/txtai/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/txtai/default.nix b/pkgs/development/python-modules/txtai/default.nix index 61ee3256f3ac..ae11eba70fe1 100644 --- a/pkgs/development/python-modules/txtai/default.nix +++ b/pkgs/development/python-modules/txtai/default.nix @@ -93,7 +93,7 @@ pytestCheckHook, }: let - version = "9.2.0"; + version = "9.3.0"; agent = [ mcpadapt smolagents @@ -241,7 +241,7 @@ let owner = "neuml"; repo = "txtai"; tag = "v${version}"; - hash = "sha256-OZy1pNwQa5Qqj8ejJnADAmYpniEfcIXeDxLB+Je8+88="; + hash = "sha256-dKZiyExKAIO1fEQSkmkTX0eqKgsKSurZWFWkeeiOBIE="; }; in buildPythonPackage { From 1a95292d8c8b443c496e9cfae6a4a48d10f7bb06 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 23 Dec 2025 12:32:27 +0000 Subject: [PATCH 31/40] mitra: 4.14.0 -> 4.15.0 --- pkgs/by-name/mi/mitra/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/mi/mitra/package.nix b/pkgs/by-name/mi/mitra/package.nix index c24f381eacd2..52c86feb8c44 100644 --- a/pkgs/by-name/mi/mitra/package.nix +++ b/pkgs/by-name/mi/mitra/package.nix @@ -6,17 +6,17 @@ rustPlatform.buildRustPackage rec { pname = "mitra"; - version = "4.14.0"; + version = "4.15.0"; src = fetchFromGitea { domain = "codeberg.org"; owner = "silverpill"; repo = "mitra"; rev = "v${version}"; - hash = "sha256-LYtiavRgWEH9wFLfnS4xPuZmwSBatPbzDEc3qn2rrBM="; + hash = "sha256-zEJ+fGOY69F/gF7ZFyWigAxTXP6sZMvFo7sgy36wVFk="; }; - cargoHash = "sha256-NXPhc1c8JYjAPcQfVobOQten1czD77KLpBqwyEC3AuQ="; + cargoHash = "sha256-DQAqvh17AWQt3gSRzQlP5ZL3L1Euqsl+bXoiJBGkdqo="; # require running database doCheck = false; From 893ca9bd27aa75f6069b7e890c665c22beb357ce Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Mon, 22 Dec 2025 23:12:53 +0800 Subject: [PATCH 32/40] xfce.xfconf: Move away from mkXfceDerivation To reduce the diff when build system change comes. mkXfceDerivation is generally pointless with meson. --- pkgs/desktops/xfce/core/xfconf/default.nix | 40 +++++++++++++++++++--- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/pkgs/desktops/xfce/core/xfconf/default.nix b/pkgs/desktops/xfce/core/xfconf/default.nix index dd2fdaf4b3cd..f615ff2f9ab1 100644 --- a/pkgs/desktops/xfce/core/xfconf/default.nix +++ b/pkgs/desktops/xfce/core/xfconf/default.nix @@ -1,27 +1,46 @@ { stdenv, lib, - mkXfceDerivation, + fetchFromGitLab, + gettext, gobject-introspection, perl, + pkg-config, vala, + xfce4-dev-tools, + wrapGAppsNoGuiHook, libxfce4util, glib, withIntrospection ? lib.meta.availableOn stdenv.hostPlatform gobject-introspection && stdenv.hostPlatform.emulatorAvailable buildPackages, buildPackages, + gitUpdater, }: -mkXfceDerivation { - category = "xfce"; +stdenv.mkDerivation (finalAttrs: { pname = "xfconf"; version = "4.20.0"; - sha256 = "sha256-U+Sk7ubBr1ZD1GLQXlxrx0NQdhV/WpVBbnLcc94Tjcw="; + outputs = [ + "out" + "dev" + ]; + + src = fetchFromGitLab { + domain = "gitlab.xfce.org"; + owner = "xfce"; + repo = "xfconf"; + tag = "xfconf-${finalAttrs.version}"; + hash = "sha256-U+Sk7ubBr1ZD1GLQXlxrx0NQdhV/WpVBbnLcc94Tjcw="; + }; nativeBuildInputs = [ + gettext perl + pkg-config + xfce4-dev-tools + wrapGAppsNoGuiHook ] ++ lib.optionals withIntrospection [ gobject-introspection @@ -32,9 +51,20 @@ mkXfceDerivation { propagatedBuildInputs = [ glib ]; + configureFlags = [ "--enable-maintainer-mode" ]; + enableParallelBuilding = true; + + passthru.updateScript = gitUpdater { + rev-prefix = "xfconf-"; + odd-unstable = true; + }; + meta = { description = "Simple client-server configuration storage and query system for Xfce"; + homepage = "https://gitlab.xfce.org/xfce/xfconf"; mainProgram = "xfconf-query"; + license = lib.licenses.gpl2Plus; + platforms = lib.platforms.linux; teams = [ lib.teams.xfce ]; }; -} +}) From 149ba785e073379398e09ca4be26a2f48ec52444 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Mon, 22 Dec 2025 23:18:04 +0800 Subject: [PATCH 33/40] xfce.xfdesktop: Move away from mkXfceDerivation To reduce the diff when build system change comes. mkXfceDerivation is generally pointless with meson. --- pkgs/desktops/xfce/core/xfdesktop/default.nix | 40 ++++++++++++++++--- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/pkgs/desktops/xfce/core/xfdesktop/default.nix b/pkgs/desktops/xfce/core/xfdesktop/default.nix index 9f358cc889e9..5e669868a5a8 100644 --- a/pkgs/desktops/xfce/core/xfdesktop/default.nix +++ b/pkgs/desktops/xfce/core/xfdesktop/default.nix @@ -1,6 +1,11 @@ { + stdenv, lib, - mkXfceDerivation, + fetchFromGitLab, + gettext, + pkg-config, + xfce4-dev-tools, + wrapGAppsHook3, exo, gtk3, libxfce4ui, @@ -12,14 +17,27 @@ garcon, gtk-layer-shell, thunar, + gitUpdater, }: -mkXfceDerivation { - category = "xfce"; +stdenv.mkDerivation (finalAttrs: { pname = "xfdesktop"; version = "4.20.1"; - sha256 = "sha256-QBzsHXEdTGj8PlgB+L/TJjxAVksKqf+9KrRN3YaBf44="; + src = fetchFromGitLab { + domain = "gitlab.xfce.org"; + owner = "xfce"; + repo = "xfdesktop"; + tag = "xfdesktop-${finalAttrs.version}"; + hash = "sha256-QBzsHXEdTGj8PlgB+L/TJjxAVksKqf+9KrRN3YaBf44="; + }; + + nativeBuildInputs = [ + gettext + pkg-config + xfce4-dev-tools + wrapGAppsHook3 + ]; buildInputs = [ exo @@ -35,8 +53,20 @@ mkXfceDerivation { thunar ]; + configureFlags = [ "--enable-maintainer-mode" ]; + enableParallelBuilding = true; + + passthru.updateScript = gitUpdater { + rev-prefix = "xfdesktop-"; + odd-unstable = true; + }; + meta = { description = "Xfce's desktop manager"; + homepage = "https://gitlab.xfce.org/xfce/xfdesktop"; + mainProgram = "xfdesktop"; + license = lib.licenses.gpl2Plus; + platforms = lib.platforms.linux; teams = [ lib.teams.xfce ]; }; -} +}) From 49bb1bafa2103f8161add3755e6631ade3a8b137 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Mon, 22 Dec 2025 23:22:44 +0800 Subject: [PATCH 34/40] xfce.xfwm4: Move away from mkXfceDerivation To reduce the diff when build system change comes. mkXfceDerivation is generally pointless with meson. --- pkgs/desktops/xfce/core/xfwm4/default.nix | 41 ++++++++++++++++++----- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/pkgs/desktops/xfce/core/xfwm4/default.nix b/pkgs/desktops/xfce/core/xfwm4/default.nix index 0f16ff15e32b..ed8e2fa7632b 100644 --- a/pkgs/desktops/xfce/core/xfwm4/default.nix +++ b/pkgs/desktops/xfce/core/xfwm4/default.nix @@ -1,8 +1,12 @@ { + stdenv, lib, - mkXfceDerivation, - exo, + fetchFromGitLab, + gettext, librsvg, + pkg-config, + xfce4-dev-tools, + wrapGAppsHook3, dbus-glib, libepoxy, gtk3, @@ -13,18 +17,27 @@ libwnck, libXpresent, xfconf, + gitUpdater, }: -mkXfceDerivation { - category = "xfce"; +stdenv.mkDerivation (finalAttrs: { pname = "xfwm4"; version = "4.20.0"; - sha256 = "sha256-5UZQrAH0oz+G+7cvXCLDJ4GSXNJcyl4Ap9umb7h0f5Q="; + src = fetchFromGitLab { + domain = "gitlab.xfce.org"; + owner = "xfce"; + repo = "xfwm4"; + tag = "xfwm4-${finalAttrs.version}"; + hash = "sha256-5UZQrAH0oz+G+7cvXCLDJ4GSXNJcyl4Ap9umb7h0f5Q="; + }; nativeBuildInputs = [ - exo - librsvg + gettext + librsvg # rsvg-convert + pkg-config + xfce4-dev-tools + wrapGAppsHook3 ]; buildInputs = [ @@ -40,8 +53,20 @@ mkXfceDerivation { xfconf ]; + configureFlags = [ "--enable-maintainer-mode" ]; + enableParallelBuilding = true; + + passthru.updateScript = gitUpdater { + rev-prefix = "xfwm4-"; + odd-unstable = true; + }; + meta = { description = "Window manager for Xfce"; + homepage = "https://gitlab.xfce.org/xfce/xfwm4"; + mainProgram = "xfwm4"; + license = lib.licenses.gpl2Plus; + platforms = lib.platforms.linux; teams = [ lib.teams.xfce ]; }; -} +}) From 6c61381f7b825a4b19931ef922c890b71fb81f00 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Mon, 22 Dec 2025 23:36:30 +0800 Subject: [PATCH 35/40] xfce.mkXfceDerivation: Deprecate All Xfce packages are meson-only in 4.22 and there really are no Xfce specific bits involved in packaging that worth keeping mkXfceDerivation. --- doc/release-notes/rl-2605.section.md | 5 +++++ pkgs/desktops/xfce/default.nix | 9 +++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/doc/release-notes/rl-2605.section.md b/doc/release-notes/rl-2605.section.md index 300d50e91013..a9619a1f5bb7 100644 --- a/doc/release-notes/rl-2605.section.md +++ b/doc/release-notes/rl-2605.section.md @@ -9,6 +9,11 @@ +- `xfce.mkXfceDerivation` has been deprecated, please use `stdenv.mkDerivation` + directly. You can migrate by adding `pkg-config`, `xfce4-dev-tools`, and + `wrapGAppsHook3` to your `nativeBuildInputs` and `--enable-maintainer-mode` + to your `configureFlags`. + - `corepack_latest` has been removed, as Corepack is no longer distributed with Node.js. - `spoof` has been removed, as there are many issues upstream with it working on modern OS versions, and it appears to be unmaintained. diff --git a/pkgs/desktops/xfce/default.nix b/pkgs/desktops/xfce/default.nix index c74183e49995..bceed06aff11 100644 --- a/pkgs/desktops/xfce/default.nix +++ b/pkgs/desktops/xfce/default.nix @@ -19,8 +19,6 @@ makeScopeWithSplicing' { genericUpdater = pkgs.genericUpdater; - mkXfceDerivation = callPackage ./mkXfceDerivation.nix { }; - #### CORE exo = callPackage ./core/exo { }; @@ -169,6 +167,13 @@ makeScopeWithSplicing' { automakeAddFlags = throw "xfce.automakeAddFlags has been removed: this setup-hook is no longer used in Nixpkgs"; # added 2024-03-24 + mkXfceDerivation = lib.warnOnInstantiate '' + xfce.mkXfceDerivation has been deprecated, please use stdenv.mkDerivation + directly. You can migrate by adding `pkg-config`, `xfce4-dev-tools`, and + `wrapGAppsHook3` to your nativeBuildInputs and `--enable-maintainer-mode` + to your configureFlags. + '' (callPackage ./mkXfceDerivation.nix { }); # added 2025-12-22 + xinitrc = self.xfce4-session.xinitrc; # added 2019-11-04 thunar-bare = self.thunar-unwrapped; # added 2019-11-04 From c5b770587c1c8be08930d530cad86152c4feae4b Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Mon, 22 Dec 2025 23:43:24 +0800 Subject: [PATCH 36/40] xfce.genericUpdater: Remove Not used at all. --- pkgs/desktops/xfce/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkgs/desktops/xfce/default.nix b/pkgs/desktops/xfce/default.nix index bceed06aff11..18df33389d05 100644 --- a/pkgs/desktops/xfce/default.nix +++ b/pkgs/desktops/xfce/default.nix @@ -15,10 +15,6 @@ makeScopeWithSplicing' { inherit (self) callPackage; in { - #### NixOS support - - genericUpdater = pkgs.genericUpdater; - #### CORE exo = callPackage ./core/exo { }; @@ -167,6 +163,8 @@ makeScopeWithSplicing' { automakeAddFlags = throw "xfce.automakeAddFlags has been removed: this setup-hook is no longer used in Nixpkgs"; # added 2024-03-24 + genericUpdater = throw "xfce.genericUpdater has been removed: use pkgs.genericUpdater directly"; # added 2025-12-22 + mkXfceDerivation = lib.warnOnInstantiate '' xfce.mkXfceDerivation has been deprecated, please use stdenv.mkDerivation directly. You can migrate by adding `pkg-config`, `xfce4-dev-tools`, and From f45d3d9b0a2ae758693dc7b501698decf2fd3f75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 23 Dec 2025 14:54:39 +0000 Subject: [PATCH 37/40] docs/facter: add documentation for nixos-facter --- nixos/doc/manual/redirects.json | 24 ++++++ nixos/modules/hardware/facter/default.nix | 1 + nixos/modules/hardware/facter/facter.md | 95 +++++++++++++++++++++++ 3 files changed, 120 insertions(+) create mode 100644 nixos/modules/hardware/facter/facter.md diff --git a/nixos/doc/manual/redirects.json b/nixos/doc/manual/redirects.json index 654debde8da7..e7c377b5d00e 100644 --- a/nixos/doc/manual/redirects.json +++ b/nixos/doc/manual/redirects.json @@ -1,4 +1,28 @@ { + "module-hardware-facter": [ + "index.html#module-hardware-facter" + ], + "module-hardware-facter-debugging": [ + "index.html#module-hardware-facter-debugging" + ], + "module-hardware-facter-debugging-nix-diff": [ + "index.html#module-hardware-facter-debugging-nix-diff" + ], + "module-hardware-facter-debugging-nvd": [ + "index.html#module-hardware-facter-debugging-nvd" + ], + "module-hardware-facter-features": [ + "index.html#module-hardware-facter-features" + ], + "module-hardware-facter-generating": [ + "index.html#module-hardware-facter-generating" + ], + "module-hardware-facter-options": [ + "index.html#module-hardware-facter-options" + ], + "module-hardware-facter-usage": [ + "index.html#module-hardware-facter-usage" + ], "module-security-tpm2": [ "index.html#module-security-tpm2" ], diff --git a/nixos/modules/hardware/facter/default.nix b/nixos/modules/hardware/facter/default.nix index 71720a0e0647..91bb328c508b 100644 --- a/nixos/modules/hardware/facter/default.nix +++ b/nixos/modules/hardware/facter/default.nix @@ -19,6 +19,7 @@ ./virtualisation.nix ]; + meta.doc = ./facter.md; meta.maintainers = with lib.maintainers; [ mic92 ]; options.hardware.facter = with lib; { diff --git a/nixos/modules/hardware/facter/facter.md b/nixos/modules/hardware/facter/facter.md new file mode 100644 index 000000000000..fac440d64970 --- /dev/null +++ b/nixos/modules/hardware/facter/facter.md @@ -0,0 +1,95 @@ +# NixOS Facter {#module-hardware-facter} + +*Source:* {file}`modules/hardware/facter` + +*Upstream documentation:* + +NixOS Facter provides automatic hardware detection and configuration for NixOS systems. +It generates a machine-readable JSON report capturing detailed hardware information, +which NixOS modules then use to automatically configure appropriate drivers, kernel modules, +and system settings. + +## Generating a Hardware Report {#module-hardware-facter-generating} + +To generate a hardware report, run the following command as root on the target machine: + +```console +$ sudo nix-shell -p nixos-facter --run 'nixos-facter -o facter.json' +``` + +This scans your system and produces a JSON report containing: + +- System architecture +- Virtualization environment (if any) +- Hardware details (CPU, GPU, network controllers, disks, etc.) +- SMBIOS/DMI information + +## Using the Report {#module-hardware-facter-usage} + +Add the generated report to your NixOS configuration: + +```nix +{ + hardware.facter.reportPath = ./facter.json; +} +``` + +Alternatively, you can inline the report directly: + +```nix +{ + hardware.facter.report = builtins.fromJSON (builtins.readFile ./facter.json); +} +``` + +## What Gets Configured {#module-hardware-facter-features} + +Based on the hardware report, NixOS Facter automatically configures: + +- **System**: Sets [](#opt-nixpkgs.hostPlatform) based on detected architecture +- **Firmware**: Enables [](#opt-hardware.enableRedistributableFirmware) and CPU microcode updates on bare-metal +- **Boot**: Configures UEFI support and loads initrd modules for storage controllers, disks, and input devices +- **Virtualization**: Detects VMs (QEMU/KVM, VirtualBox, Hyper-V, Parallels) and enables appropriate guest support +- **Graphics**: Enables [](#opt-hardware.graphics.enable) and loads GPU kernel modules +- **Networking**: Configures DHCP on detected interfaces and enables WiFi firmware +- **Bluetooth**: Enables [](#opt-hardware.bluetooth.enable) when hardware is detected +- **Fingerprint**: Enables [](#opt-services.fprintd.enable) for supported readers +- **Cameras**: Enables [](#opt-hardware.ipu6.enable) for Intel IPU6 webcams + +## Debugging {#module-hardware-facter-debugging} + +To understand what changes NixOS Facter makes to your system closure, use the built-in debugging tools: + +### nvd diff {#module-hardware-facter-debugging-nvd} + +Shows packages added and removed by enabling facter. + +With flakes: +```console +$ nix run .#nixosConfigurations..config.hardware.facter.debug.nvd +``` + +Without flakes: +```console +$ nix-build '' -A config.hardware.facter.debug.nvd -I nixos-config=./configuration.nix +$ ./result/bin/facter-nvd-diff +``` + +### nix-diff {#module-hardware-facter-debugging-nix-diff} + +Shows detailed derivation differences. + +With flakes: +```console +$ nix run .#nixosConfigurations..config.hardware.facter.debug.nix-diff +``` + +Without flakes: +```console +$ nix-build '' -A config.hardware.facter.debug.nix-diff -I nixos-config=./configuration.nix +$ ./result/bin/facter-nix-diff +``` + +## Options {#module-hardware-facter-options} + +A complete list of options for the facter module may be found [here](#opt-hardware.facter.report). From c3829b59b5685b9d355d0a6160a998cb0ff7346f Mon Sep 17 00:00:00 2001 From: Federico Beffa Date: Tue, 23 Dec 2025 15:48:50 +0100 Subject: [PATCH 38/40] kdePackages.okular: fix custom stamp extreme downsampling --- pkgs/kde/gear/okular/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/kde/gear/okular/default.nix b/pkgs/kde/gear/okular/default.nix index d55b5cd4bb0b..141d1dc24702 100644 --- a/pkgs/kde/gear/okular/default.nix +++ b/pkgs/kde/gear/okular/default.nix @@ -10,6 +10,7 @@ libzip, djvulibre, ebook_tools, + fetchpatch, discount, }: mkKdeDerivation { @@ -30,5 +31,12 @@ mkKdeDerivation { ebook_tools discount ]; + patches = [ + (fetchpatch { + name = "okular-extreme-downsample-fix.patch"; + url = "https://invent.kde.org/graphics/okular/-/commit/554b4c12aecd5c84c9d47b29de091af1afe8e346.patch"; + hash = "sha256-S338z+92nBYMP6uqvk7rP9AsIoZ0JJCVu9Wo4NVSufk="; + }) + ]; meta.mainProgram = "okular"; } From 410a600f3847fd200f83055341c26a68a7f307f9 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 23 Dec 2025 15:59:18 +0000 Subject: [PATCH 39/40] opengamepadui: 0.42.1 -> 0.42.2 --- pkgs/by-name/op/opengamepadui/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/op/opengamepadui/package.nix b/pkgs/by-name/op/opengamepadui/package.nix index 125fb493ba54..bb6f041a135d 100644 --- a/pkgs/by-name/op/opengamepadui/package.nix +++ b/pkgs/by-name/op/opengamepadui/package.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "opengamepadui"; - version = "0.42.1"; + version = "0.42.2"; buildType = if withDebug then "debug" else "release"; @@ -31,7 +31,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "ShadowBlip"; repo = "OpenGamepadUI"; tag = "v${finalAttrs.version}"; - hash = "sha256-v+nLluz3Zxvcvx491NxMx+obwfdRJycGLyBAhviRktU="; + hash = "sha256-POTW6qnzaVtoTo8ibCCaap0DS8VJiEGm2Mr5ZBkuLZc="; }; cargoDeps = rustPlatform.fetchCargoVendor { From a4314b2079971be847764f4103dc237bce9d5151 Mon Sep 17 00:00:00 2001 From: Ingo Reitz <9l@9lo.re> Date: Fri, 14 Nov 2025 16:01:14 +0100 Subject: [PATCH 40/40] ghidra-extensions.ghidraninja-ghidra-scripts: add useSwift overridable boolean --- .../ghidraninja-ghidra-scripts/default.nix | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/security/ghidra/extensions/ghidraninja-ghidra-scripts/default.nix b/pkgs/tools/security/ghidra/extensions/ghidraninja-ghidra-scripts/default.nix index 1e4fcefabdc3..2b80a2201d68 100644 --- a/pkgs/tools/security/ghidra/extensions/ghidraninja-ghidra-scripts/default.nix +++ b/pkgs/tools/security/ghidra/extensions/ghidraninja-ghidra-scripts/default.nix @@ -5,6 +5,7 @@ binwalk, swift, yara, + useSwift ? false, }: buildGhidraScripts { @@ -20,11 +21,20 @@ buildGhidraScripts { postPatch = '' # Replace subprocesses with store versions - substituteInPlace binwalk.py --replace-fail 'subprocess.call(["binwalk"' 'subprocess.call(["${binwalk}/bin/binwalk"' - substituteInPlace swift_demangler.py --replace-fail '"swift"' '"${swift}/bin/swift"' - substituteInPlace yara.py --replace-fail 'subprocess.check_output(["yara"' 'subprocess.check_output(["${yara}/bin/yara"' - substituteInPlace YaraSearch.py --replace-fail '"yara "' '"${yara}/bin/yara "' - ''; + substituteInPlace binwalk.py --replace-fail 'subprocess.call(["binwalk"' 'subprocess.call(["${lib.getExe binwalk}"' + substituteInPlace yara.py --replace-fail 'subprocess.check_output(["yara"' 'subprocess.check_output(["${lib.getExe yara}"' + substituteInPlace YaraSearch.py --replace-fail '"yara "' '"${lib.getExe yara} "' + '' + + ( + if useSwift then + '' + substituteInPlace swift_demangler.py --replace-fail '"swift"' '"${lib.getExe' swift "swift"}"' + '' + else + '' + rm swift_demangler.py + '' + ); meta = with lib; { description = "Scripts for the Ghidra software reverse engineering suite";