diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md index 77bdf0b9bdaf..68af70fe5783 100644 --- a/doc/release-notes/rl-2511.section.md +++ b/doc/release-notes/rl-2511.section.md @@ -294,6 +294,8 @@ - `forgejo-runner`: The upgrade to version 11 brings a license change from MIT to GPLv3-or-later. +- `waydroid-nftables`: New variant of `waydroid` that supports nftables instead of iptables. + - `lisp-modules` were brought in sync with the [June 2025 Quicklisp release](http://blog.quicklisp.org/2025/07/june-2025-quicklisp-dist-now-available.html). - `ffmpeg_8`, `ffmpeg_8-headless`, and `ffmpeg_8-full` have been added. The default version of FFmpeg remains ffmpeg_7 for now, though this may change before release. diff --git a/nixos/doc/manual/release-notes/rl-2511.section.md b/nixos/doc/manual/release-notes/rl-2511.section.md index 0974d2b8a026..4c32943f3e3f 100644 --- a/nixos/doc/manual/release-notes/rl-2511.section.md +++ b/nixos/doc/manual/release-notes/rl-2511.section.md @@ -305,6 +305,8 @@ and [release notes for v18](https://goteleport.com/docs/changelog/#1800-070325). - `vmalert` now supports multiple instances with the option `services.vmalert.instances."".enable` +- [`virtualisation.waydroid.package`](#opt-virtualisation.waydroid.package) now defaults to `waydroid-nftables` on systems with nftables enabled. + - [`services.victorialogs.package`](#opt-services.victorialogs.package) now defaults to `victorialogs`, as `victoriametrics` no longer contains the VictoriaLogs binaries. - The `services.traccar.settings` attribute has been reworked. Instead of the previous flat attribute set the new implementation uses nested attribute sets. You need to update you configuration manually. For instance, `services.traccar.settings.loggerConsole` becomes `services.traccar.settings.logger.console`. diff --git a/nixos/modules/virtualisation/waydroid.nix b/nixos/modules/virtualisation/waydroid.nix index a26bddc393ae..706ee115ba8c 100644 --- a/nixos/modules/virtualisation/waydroid.nix +++ b/nixos/modules/virtualisation/waydroid.nix @@ -25,7 +25,10 @@ in options.virtualisation.waydroid = { enable = lib.mkEnableOption "Waydroid"; - package = lib.mkPackageOption pkgs "waydroid" { }; + package = lib.mkPackageOption pkgs "waydroid" { } // { + default = if config.networking.nftables.enable then pkgs.waydroid-nftables else pkgs.waydroid; + defaultText = lib.literalExpression ''if config.networking.nftables.enable then pkgs.waydroid-nftables else pkgs.waydroid''; + }; }; config = lib.mkIf cfg.enable { diff --git a/pkgs/by-name/wa/waydroid/package.nix b/pkgs/by-name/wa/waydroid/package.nix index 7c69c637fe9c..4d6920f37407 100644 --- a/pkgs/by-name/wa/waydroid/package.nix +++ b/pkgs/by-name/wa/waydroid/package.nix @@ -12,11 +12,13 @@ lxc, iproute2, iptables, + nftables, util-linux, wrapGAppsHook3, wl-clipboard, runtimeShell, nix-update-script, + withNftables ? false, }: python3Packages.buildPythonApplication rec { @@ -65,6 +67,10 @@ python3Packages.buildPythonApplication rec { "USE_SYSTEMD=0" "SYSCONFDIR=$(out)/etc" ]; + postInstall = lib.optionalString withNftables '' + substituteInPlace $out/lib/waydroid/data/scripts/waydroid-net.sh \ + --replace-fail 'LXC_USE_NFT="false"' 'LXC_USE_NFT="true"' + ''; preFixup = '' makeWrapperArgs+=("''${gappsWrapperArgs[@]}") @@ -76,7 +82,7 @@ python3Packages.buildPythonApplication rec { dnsmasq getent iproute2 - iptables + (if withNftables then nftables else iptables) ] } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9eb2367827e8..e474e7028100 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1133,6 +1133,8 @@ with pkgs; vprof = with python3Packages; toPythonApplication vprof; + waydroid-nftables = waydroid.override { withNftables = true; }; + winbox = winbox3; winbox3 = callPackage ../tools/admin/winbox { wine = wineWowPackages.stable;