waydroid-nftables: init (#455257)
This commit is contained in:
Marcus Ramberg
@@ -294,6 +294,8 @@
|
|||||||
|
|
||||||
- `forgejo-runner`: The upgrade to version 11 brings a license change from MIT to GPLv3-or-later.
|
- `forgejo-runner`: The upgrade to version 11 brings a license change from MIT to GPLv3-or-later.
|
||||||
|
|
||||||
|
- `waydroid-nftables`: New variant of `waydroid` that supports nftables instead of iptables.
|
||||||
|
|
||||||
- `lisp-modules` were brought in sync with the [June 2025 Quicklisp release](http://blog.quicklisp.org/2025/07/june-2025-quicklisp-dist-now-available.html).
|
- `lisp-modules` were brought in sync with the [June 2025 Quicklisp release](http://blog.quicklisp.org/2025/07/june-2025-quicklisp-dist-now-available.html).
|
||||||
|
|
||||||
- `ffmpeg_8`, `ffmpeg_8-headless`, and `ffmpeg_8-full` have been added. The default version of FFmpeg remains ffmpeg_7 for now, though this may change before release.
|
- `ffmpeg_8`, `ffmpeg_8-headless`, and `ffmpeg_8-full` have been added. The default version of FFmpeg remains ffmpeg_7 for now, though this may change before release.
|
||||||
|
|||||||
@@ -305,6 +305,8 @@ and [release notes for v18](https://goteleport.com/docs/changelog/#1800-070325).
|
|||||||
|
|
||||||
- `vmalert` now supports multiple instances with the option `services.vmalert.instances."".enable`
|
- `vmalert` now supports multiple instances with the option `services.vmalert.instances."".enable`
|
||||||
|
|
||||||
|
- [`virtualisation.waydroid.package`](#opt-virtualisation.waydroid.package) now defaults to `waydroid-nftables` on systems with nftables enabled.
|
||||||
|
|
||||||
- [`services.victorialogs.package`](#opt-services.victorialogs.package) now defaults to `victorialogs`, as `victoriametrics` no longer contains the VictoriaLogs binaries.
|
- [`services.victorialogs.package`](#opt-services.victorialogs.package) now defaults to `victorialogs`, as `victoriametrics` no longer contains the VictoriaLogs binaries.
|
||||||
|
|
||||||
- The `services.traccar.settings` attribute has been reworked. Instead of the previous flat attribute set the new implementation uses nested attribute sets. You need to update you configuration manually. For instance, `services.traccar.settings.loggerConsole` becomes `services.traccar.settings.logger.console`.
|
- The `services.traccar.settings` attribute has been reworked. Instead of the previous flat attribute set the new implementation uses nested attribute sets. You need to update you configuration manually. For instance, `services.traccar.settings.loggerConsole` becomes `services.traccar.settings.logger.console`.
|
||||||
|
|||||||
@@ -25,7 +25,10 @@ in
|
|||||||
|
|
||||||
options.virtualisation.waydroid = {
|
options.virtualisation.waydroid = {
|
||||||
enable = lib.mkEnableOption "Waydroid";
|
enable = lib.mkEnableOption "Waydroid";
|
||||||
package = lib.mkPackageOption pkgs "waydroid" { };
|
package = lib.mkPackageOption pkgs "waydroid" { } // {
|
||||||
|
default = if config.networking.nftables.enable then pkgs.waydroid-nftables else pkgs.waydroid;
|
||||||
|
defaultText = lib.literalExpression ''if config.networking.nftables.enable then pkgs.waydroid-nftables else pkgs.waydroid'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|||||||
@@ -12,11 +12,13 @@
|
|||||||
lxc,
|
lxc,
|
||||||
iproute2,
|
iproute2,
|
||||||
iptables,
|
iptables,
|
||||||
|
nftables,
|
||||||
util-linux,
|
util-linux,
|
||||||
wrapGAppsHook3,
|
wrapGAppsHook3,
|
||||||
wl-clipboard,
|
wl-clipboard,
|
||||||
runtimeShell,
|
runtimeShell,
|
||||||
nix-update-script,
|
nix-update-script,
|
||||||
|
withNftables ? false,
|
||||||
}:
|
}:
|
||||||
|
|
||||||
python3Packages.buildPythonApplication rec {
|
python3Packages.buildPythonApplication rec {
|
||||||
@@ -65,6 +67,10 @@ python3Packages.buildPythonApplication rec {
|
|||||||
"USE_SYSTEMD=0"
|
"USE_SYSTEMD=0"
|
||||||
"SYSCONFDIR=$(out)/etc"
|
"SYSCONFDIR=$(out)/etc"
|
||||||
];
|
];
|
||||||
|
postInstall = lib.optionalString withNftables ''
|
||||||
|
substituteInPlace $out/lib/waydroid/data/scripts/waydroid-net.sh \
|
||||||
|
--replace-fail 'LXC_USE_NFT="false"' 'LXC_USE_NFT="true"'
|
||||||
|
'';
|
||||||
|
|
||||||
preFixup = ''
|
preFixup = ''
|
||||||
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
|
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
|
||||||
@@ -76,7 +82,7 @@ python3Packages.buildPythonApplication rec {
|
|||||||
dnsmasq
|
dnsmasq
|
||||||
getent
|
getent
|
||||||
iproute2
|
iproute2
|
||||||
iptables
|
(if withNftables then nftables else iptables)
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1133,6 +1133,8 @@ with pkgs;
|
|||||||
|
|
||||||
vprof = with python3Packages; toPythonApplication vprof;
|
vprof = with python3Packages; toPythonApplication vprof;
|
||||||
|
|
||||||
|
waydroid-nftables = waydroid.override { withNftables = true; };
|
||||||
|
|
||||||
winbox = winbox3;
|
winbox = winbox3;
|
||||||
winbox3 = callPackage ../tools/admin/winbox {
|
winbox3 = callPackage ../tools/admin/winbox {
|
||||||
wine = wineWowPackages.stable;
|
wine = wineWowPackages.stable;
|
||||||
|
|||||||
Reference in New Issue
Block a user