diff --git a/doc/languages-frameworks/python.section.md b/doc/languages-frameworks/python.section.md
index fe28f94c069d..9cb9d2ba7bfd 100644
--- a/doc/languages-frameworks/python.section.md
+++ b/doc/languages-frameworks/python.section.md
@@ -982,12 +982,13 @@ in python.withPackages(ps: [ps.blaze])).env
#### Optional extra dependencies
Some packages define optional dependencies for additional features. With
-`setuptools` this is called `extras_require` and `flit` calls it `extras-require`. A
+`setuptools` this is called `extras_require` and `flit` calls it
+`extras-require`, while PEP 621 calls these `optional-dependencies`. A
method for supporting this is by declaring the extras of a package in its
`passthru`, e.g. in case of the package `dask`
```nix
-passthru.extras-require = {
+passthru.optional-dependencies = {
complete = [ distributed ];
};
```
@@ -997,7 +998,7 @@ and letting the package requiring the extra add the list to its dependencies
```nix
propagatedBuildInputs = [
...
-] ++ dask.extras-require.complete;
+] ++ dask.optional-dependencies.complete;
```
Note this method is preferred over adding parameters to builders, as that can
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 0083993e7ef3..d8eaff4a0d8d 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -1412,6 +1412,12 @@
githubId = 916366;
name = "Brandon Elam Barker";
};
+ bbenno = {
+ email = "nix@bbenno.com";
+ github = "bbenno";
+ githubId = 32938211;
+ name = "Benno Bielmeier";
+ };
bbigras = {
email = "bigras.bruno@gmail.com";
github = "bbigras";
@@ -4248,6 +4254,13 @@
fingerprint = "2F93 661D AC17 EA98 A104 F780 ECC7 55EE 583C 1672";
}];
};
+ fleaz = {
+ email = "mail@felixbreidenstein.de";
+ matrix = "@fleaz:rainbownerds.de";
+ github = "fleaz";
+ githubId = 2489598;
+ name = "Felix Breidenstein";
+ };
flexagoon = {
email = "flexagoon@pm.me";
github = "flexagoon";
@@ -5445,6 +5458,12 @@
githubId = 510202;
name = "Ismaƫl Bouya";
};
+ imsofi = {
+ email = "sofi+git@mailbox.org";
+ github = "imsofi";
+ githubId = 20756843;
+ name = "Sofi";
+ };
imuli = {
email = "i@imu.li";
github = "imuli";
@@ -12168,6 +12187,12 @@
githubId = 12984845;
name = "Subhrajyoti Sen";
};
+ sudosubin = {
+ email = "sudosubin@gmail.com";
+ github = "sudosubin";
+ githubId = 32478597;
+ name = "Subin Kim";
+ };
suhr = {
email = "suhr@i2pmail.org";
github = "suhr";
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index aafa9b831b66..a660e28af04a 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -231,6 +231,14 @@
services.snowflake-proxy.
+
+
+ r53-ddns,
+ a small tool to run your own DDNS service via AWS Route53.
+ Available as
+ services.r53-ddns.
+
+
ergochat, a modern
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 52bcc2e80d99..96b138aa82e2 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -75,6 +75,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [snowflake-proxy](https://snowflake.torproject.org/), a system to defeat internet censorship. Available as [services.snowflake-proxy](options.html#opt-services.snowflake-proxy.enable).
+- [r53-ddns](https://github.com/fleaz/r53-ddns), a small tool to run your own DDNS service via AWS Route53. Available as [services.r53-ddns](options.html#opt-services.r53-ddns.enable).
+
- [ergochat](https://ergo.chat), a modern IRC with IRCv3 features. Available as [services.ergochat](options.html#opt-services.ergochat.enable).
- [Snipe-IT](https://snipeitapp.com), a free open source IT asset/license management system. Available as [services.snipe-it](options.html#opt-services.snipe-it.enable).
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 35de34aac10c..2607e99d8459 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -877,6 +877,7 @@
./services/networking/quassel.nix
./services/networking/quorum.nix
./services/networking/quicktun.nix
+ ./services/networking/r53-ddns.nix
./services/networking/radicale.nix
./services/networking/radvd.nix
./services/networking/rdnssd.nix
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix
index da14b6eef7ed..de00c87b95a5 100644
--- a/nixos/modules/services/mail/postfix.nix
+++ b/nixos/modules/services/mail/postfix.nix
@@ -725,6 +725,7 @@ in
systemd.services.postfix-setup =
{ description = "Setup for Postfix mail server";
+ serviceConfig.RemainAfterExit = true;
serviceConfig.Type = "oneshot";
script = ''
# Backwards compatibility
diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix
index 0811b34156e4..24eefb7bf302 100644
--- a/nixos/modules/services/misc/gitlab.nix
+++ b/nixos/modules/services/misc/gitlab.nix
@@ -17,8 +17,8 @@ let
gitalySocket = "${cfg.statePath}/tmp/sockets/gitaly.socket";
pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url;
- databaseConfig = {
- production = {
+ databaseConfig = let
+ val = {
adapter = "postgresql";
database = cfg.databaseName;
host = cfg.databaseHost;
@@ -26,6 +26,10 @@ let
encoding = "utf8";
pool = cfg.databasePool;
} // cfg.extraDatabaseConfig;
+ in if lib.versionAtLeast (lib.getVersion cfg.packages.gitlab) "15.0" then {
+ production.main = val;
+ } else {
+ production = val;
};
# We only want to create a database if we're actually going to connect to it.
@@ -1184,7 +1188,7 @@ in {
fi
jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \
- '.production.password = $ENV.db_password' \
+ '.${if lib.versionAtLeast (lib.getVersion cfg.packages.gitlab) "15.0" then "production.main" else "production"}.password = $ENV.db_password' \
>'${cfg.statePath}/config/database.yml'
''
else ''
diff --git a/nixos/modules/services/misc/gollum.nix b/nixos/modules/services/misc/gollum.nix
index cad73a871ba6..354278fad226 100644
--- a/nixos/modules/services/misc/gollum.nix
+++ b/nixos/modules/services/misc/gollum.nix
@@ -44,6 +44,12 @@ in
description = "Enable uploads of external files";
};
+ user-icons = mkOption {
+ type = types.nullOr (types.enum [ "gravatar" "identicon" ]);
+ default = null;
+ description = "User icons for history view";
+ };
+
emoji = mkOption {
type = types.bool;
default = false;
@@ -56,6 +62,12 @@ in
description = "Use the first h1 as page title";
};
+ no-edit = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Disable editing pages";
+ };
+
branch = mkOption {
type = types.str;
default = "master";
@@ -110,12 +122,14 @@ in
${optionalString cfg.mathjax "--mathjax"} \
${optionalString cfg.emoji "--emoji"} \
${optionalString cfg.h1-title "--h1-title"} \
+ ${optionalString cfg.no-edit "--no-edit"} \
${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \
+ ${optionalString (cfg.user-icons != null) "--user-icons ${cfg.user-icons}"} \
${cfg.stateDir}
'';
};
};
};
- meta.maintainers = with lib.maintainers; [ erictapen ];
+ meta.maintainers = with lib.maintainers; [ erictapen bbenno ];
}
diff --git a/nixos/modules/services/networking/r53-ddns.nix b/nixos/modules/services/networking/r53-ddns.nix
new file mode 100644
index 000000000000..a8839762d530
--- /dev/null
+++ b/nixos/modules/services/networking/r53-ddns.nix
@@ -0,0 +1,72 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.r53-ddns;
+ pkg = pkgs.r53-ddns;
+in
+{
+ options = {
+ services.r53-ddns = {
+
+ enable = mkEnableOption "r53-ddyns";
+
+ interval = mkOption {
+ type = types.str;
+ default = "15min";
+ description = "How often to update the entry";
+ };
+
+ zoneID = mkOption {
+ type = types.str;
+ description = "The ID of your zone in Route53";
+ };
+
+ domain = mkOption {
+ type = types.str;
+ description = "The name of your domain in Route53";
+ };
+
+ hostname = mkOption {
+ type = types.str;
+ description = ''
+ Manually specify the hostname. Otherwise the tool will try to use the name
+ returned by the OS (Call to gethostname)
+ '';
+ };
+
+ environmentFile = mkOption {
+ type = types.str;
+ description = ''
+ File containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
+ in the format of an EnvironmentFile as described by systemd.exec(5)
+ '';
+ };
+
+ };
+ };
+
+ config = mkIf cfg.enable {
+
+ systemd.timers.r53-ddns = {
+ description = "r53-ddns timer";
+ wantedBy = [ "timers.target" ];
+ timerConfig = {
+ OnBootSec = cfg.interval;
+ OnUnitActiveSec = cfg.interval;
+ };
+ };
+
+ systemd.services.r53-ddns = {
+ description = "r53-ddns service";
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/r53-ddns -zone-id ${cfg.zoneID} -domain ${cfg.domain}"
+ + lib.optionalString (cfg.hostname != null) " -hostname ${cfg.hostname}";
+ EnvironmentFile = "${cfg.environmentFile}";
+ DynamicUser = true;
+ };
+ };
+
+ };
+}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 84433806b48c..0de71030c4fb 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -365,6 +365,7 @@ in
nginx = handleTest ./nginx.nix {};
nginx-auth = handleTest ./nginx-auth.nix {};
nginx-etag = handleTest ./nginx-etag.nix {};
+ nginx-http3 = handleTest ./nginx-http3.nix {};
nginx-modsecurity = handleTest ./nginx-modsecurity.nix {};
nginx-pubhtml = handleTest ./nginx-pubhtml.nix {};
nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {};
diff --git a/nixos/tests/nginx-http3.nix b/nixos/tests/nginx-http3.nix
new file mode 100644
index 000000000000..edd0759464c8
--- /dev/null
+++ b/nixos/tests/nginx-http3.nix
@@ -0,0 +1,90 @@
+import ./make-test-python.nix ({lib, pkgs, ...}:
+let
+ hosts = ''
+ 192.168.2.101 acme.test
+ '';
+
+in
+{
+ name = "nginx-http3";
+ meta.maintainers = with pkgs.lib.maintainers; [ izorkin ];
+
+ nodes = {
+ server = { pkgs, ... }: {
+ networking = {
+ interfaces.eth1 = {
+ ipv4.addresses = [
+ { address = "192.168.2.101"; prefixLength = 24; }
+ ];
+ };
+ extraHosts = hosts;
+ firewall.allowedTCPPorts = [ 443 ];
+ firewall.allowedUDPPorts = [ 443 ];
+ };
+
+ security.pki.certificates = [
+ (builtins.readFile ./common/acme/server/ca.cert.pem)
+ ];
+
+ services.nginx = {
+ enable = true;
+ package = pkgs.nginxQuic;
+
+ virtualHosts."acme.test" = {
+ onlySSL = true;
+ sslCertificate = ./common/acme/server/acme.test.cert.pem;
+ sslCertificateKey = ./common/acme/server/acme.test.key.pem;
+ http2 = true;
+ http3 = true;
+ reuseport = true;
+ root = lib.mkForce (pkgs.runCommandLocal "testdir2" {} ''
+ mkdir "$out"
+ cat > "$out/index.html" <Hello World!