Merge staging-next into staging

maintainers/maintainer-list.nix

@@ -8666,6 +8666,12 @@
     githubId = 621759;
     name = "Lassulus";
   };
+  laurent-f1z1 = {
+    email = "laurent.nixpkgs@fainsin.bzh";
+    github = "Laurent2916";
+    githubId = 21087104;
+    name = "Laurent Fainsin";
+  };
   layus = {
     email = "layus.on@gmail.com";
     github = "layus";
@@ -14462,6 +14468,15 @@
     githubId = 12828415;
     name = "Michel Weitbrecht";
   };
+  slwst = {
+    email = "email@slw.st";
+    github = "slwst";
+    githubId = 11047377;
+    name = "slwst";
+    keys = [{
+      fingerprint = "6CEB 4A2F E6DC C345 1B2B  4733 AD52 C5FB 3EFE CC7A";
+    }];
+  };
   smakarov = {
     email = "setser200018@gmail.com";
     github = "SeTSeR";

maintainers/team-list.nix

@@ -149,6 +149,15 @@ with lib.maintainers; {
     enableFeatureFreezePing = true;
   };
 
+  cuda = {
+    members = [
+      SomeoneSerge
+    ];
+    scope = "Maintain CUDA-enabled packages";
+    shortName = "Cuda";
+    githubTeams = [ "cuda-maintainers" ];
+  };
+
   darwin = {
     members = [
       toonn

nixos/modules/services/monitoring/grafana-agent.nix

@@ -13,12 +13,7 @@ in
   options.services.grafana-agent = {
     enable = mkEnableOption (lib.mdDoc "grafana-agent");
 
-    package = mkOption {
-      type = types.package;
-      default = pkgs.grafana-agent;
-      defaultText = lib.literalExpression "pkgs.grafana-agent";
-      description = lib.mdDoc "The grafana-agent package to use.";
-    };
+    package = mkPackageOptionMD pkgs "grafana-agent" { };
 
     credentials = mkOption {
       description = lib.mdDoc ''
@@ -37,11 +32,22 @@ in
       };
     };
 
+    extraFlags = mkOption {
+      type = with types; listOf str;
+      default = [ ];
+      example = [ "-enable-features=integrations-next" "-disable-reporting" ];
+      description = lib.mdDoc ''
+        Extra command-line flags passed to {command}`grafana-agent`.
+
+        See <https://grafana.com/docs/agent/latest/static/configuration/flags/>
+      '';
+    };
+
     settings = mkOption {
       description = lib.mdDoc ''
-        Configuration for `grafana-agent`.
+        Configuration for {command}`grafana-agent`.
 
-        See https://grafana.com/docs/agent/latest/configuration/
+        See <https://grafana.com/docs/agent/latest/configuration/>
       '';
 
       type = types.submodule {
@@ -140,7 +146,7 @@ in
         # We can't use Environment=HOSTNAME=%H, as it doesn't include the domain part.
         export HOSTNAME=$(< /proc/sys/kernel/hostname)
 
-        exec ${lib.getExe cfg.package} -config.expand-env -config.file ${configFile}
+        exec ${lib.getExe cfg.package} -config.expand-env -config.file ${configFile} ${escapeShellArgs cfg.extraFlags}
       '';
       serviceConfig = {
         Restart = "always";

nixos/modules/system/boot/stage-1-init.sh

@@ -410,6 +410,11 @@ mountFS() {
         n=$((n + 1))
     done
 
+    # For bind mounts, busybox has a tendency to ignore options, which can be a
+    # security issue (e.g. "nosuid"). Remounting the partition seems to fix the
+    # issue.
+    mount "/mnt-root$mountPoint" -o "remount,$optionsPrefixed"
+
     [ "$mountPoint" == "/" ] &&
         [ -f "/mnt-root/etc/NIXOS_LUSTRATE" ] &&
         lustrateRoot "/mnt-root"

nixos/modules/virtualisation/qemu-vm.nix

@@ -272,7 +272,7 @@ let
   suggestedRootDevice = {
     "efi_bootloading_with_default_fs" = "${cfg.bootLoaderDevice}2";
     "legacy_bootloading_with_default_fs" = "${cfg.bootLoaderDevice}1";
-    "direct_boot_with_default_fs" = cfg.bootLoaderDevice;
+    "direct_boot_with_default_fs" = lookupDriveDeviceName "root" cfg.qemu.drives;
     # This will enforce a NixOS module type checking error
     # to ask explicitly the user to set a rootDevice.
     # As it will look like `rootDevice = lib.mkDefault null;` after
@@ -344,14 +344,14 @@ in
 
     virtualisation.bootLoaderDevice =
       mkOption {
-        type = types.path;
-        default = lookupDriveDeviceName "root" cfg.qemu.drives;
-        defaultText = literalExpression ''lookupDriveDeviceName "root" cfg.qemu.drives'';
+        type = types.nullOr types.path;
+        default = if cfg.useBootLoader then lookupDriveDeviceName "root" cfg.qemu.drives else null;
+        defaultText = literalExpression ''if cfg.useBootLoader then lookupDriveDeviceName "root" cfg.qemu.drives else null;'';
         example = "/dev/vda";
         description =
           lib.mdDoc ''
             The disk to be used for the boot filesystem.
-            By default, it is the same disk as the root filesystem.
+            By default, it is the same disk as the root filesystem if you use a bootloader, otherwise it's null.
           '';
         };
 
@@ -862,6 +862,16 @@ in
                 Invalid virtualisation.forwardPorts.<entry ${toString i}>.guest.address:
                   The address must be in the default VLAN (10.0.2.0/24).
               '';
+            }
+          { assertion = cfg.useBootLoader -> cfg.diskImage != null;
+            message =
+              ''
+                Currently, bootloaders cannot be used with a tmpfs disk image.
+                It would require some rework in the boot configuration mechanism
+                to detect the proper boot partition in UEFI scenarios for example.
+
+                If you are interested into this feature, please open an issue or open a pull request.
+              '';
           }
         ]));
 
@@ -889,21 +899,22 @@ in
     # legacy and UEFI. In order to avoid this, we have to put "nodev" to force UEFI-only installs.
     # Otherwise, we set the proper bootloader device for this.
     # FIXME: make a sense of this mess wrt to multiple ESP present in the system, probably use boot.efiSysMountpoint?
-    boot.loader.grub.device = mkVMOverride (if cfg.useEFIBoot then "nodev" else cfg.bootLoaderDevice);
+    boot.loader.grub.enable = cfg.useBootLoader;
+    boot.loader.grub.device = mkIf cfg.useBootLoader (mkVMOverride (if cfg.useEFIBoot then "nodev" else cfg.bootLoaderDevice));
     boot.loader.grub.gfxmodeBios = with cfg.resolution; "${toString x}x${toString y}";
     virtualisation.rootDevice = mkDefault suggestedRootDevice;
 
     boot.initrd.kernelModules = optionals (cfg.useNixStoreImage && !cfg.writableStore) [ "erofs" ];
 
     boot.loader.supportsInitrdSecrets = mkIf (!cfg.useBootLoader) (mkVMOverride false);
 
-    boot.initrd.extraUtilsCommands = lib.mkIf (cfg.useDefaultFilesystems && !config.boot.initrd.systemd.enable)
+    boot.initrd.extraUtilsCommands = lib.mkIf (cfg.useDefaultFilesystems && !config.boot.initrd.systemd.enable && cfg.diskImage != null)
       ''
         # We need mke2fs in the initrd.
         copy_bin_and_libs ${pkgs.e2fsprogs}/bin/mke2fs
       '';
 
-    boot.initrd.postDeviceCommands = lib.mkIf (cfg.useDefaultFilesystems && !config.boot.initrd.systemd.enable)
+    boot.initrd.postDeviceCommands = lib.mkIf (cfg.useDefaultFilesystems && !config.boot.initrd.systemd.enable && cfg.diskImage != null)
       ''
         # If the disk image appears to be empty, run mke2fs to
         # initialise.

nixos/tests/all-tests.nix

@@ -206,6 +206,7 @@ in {
   dovecot = handleTest ./dovecot.nix {};
   drbd = handleTest ./drbd.nix {};
   earlyoom = handleTestOn ["x86_64-linux"] ./earlyoom.nix {};
+  early-mount-options = handleTest ./early-mount-options.nix {};
   ec2-config = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-config or {};
   ec2-nixops = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-nixops or {};
   ecryptfs = handleTest ./ecryptfs.nix {};

nixos/tests/early-mount-options.nix

@@ -0,0 +1,19 @@
+# Test for https://github.com/NixOS/nixpkgs/pull/193469
+import ./make-test-python.nix {
+  name = "early-mount-options";
+
+  nodes.machine = {
+    virtualisation.fileSystems."/var" = {
+      options = [ "bind" "nosuid" "nodev" "noexec" ];
+      device = "/var";
+    };
+  };
+
+  testScript = ''
+    machine.wait_for_unit("multi-user.target")
+
+    var_mount_info = machine.succeed("findmnt /var -n -o OPTIONS")
+    options = var_mount_info.strip().split(",")
+    assert "nosuid" in options and "nodev" in options and "noexec" in options
+  '';
+}

pkgs/applications/editors/openvi/default.nix

@@ -0,0 +1,47 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, fetchpatch
+, ncurses
+}:
+
+stdenv.mkDerivation rec {
+  pname = "openvi";
+  version = "7.3.22";
+
+  src = fetchFromGitHub {
+    owner = "johnsonjh";
+    repo = "OpenVi";
+    rev = version;
+    hash = "sha256-yXYiH2FCT7ffRPmb28V54+KO1RLs8L9KHk3remkMWmA=";
+  };
+
+  patches = [
+    # do not attempt to install to /var/tmp/vi.recover
+    (fetchpatch {
+      url = "https://github.com/johnsonjh/OpenVi/commit/5205f0234369963c443e83ca5028ca63feaaac91.patch";
+      hash = "sha256-hoKzQLnpdRbc48wffWbzFtivr20VqEPs4WRPXuDa/88=";
+    })
+  ];
+
+  buildInputs = [ ncurses ];
+
+  makeFlags = [
+    "PREFIX=$(out)"
+    # command -p will yield command not found error
+    "PAWK=awk"
+    # silently fail the chown command
+    "IUSGR=$(USER)"
+  ];
+
+  enableParallelBuilding = true;
+
+  meta = with lib; {
+    homepage = "https://github.com/johnsonjh/OpenVi";
+    description = "Portable OpenBSD vi for UNIX systems";
+    license = licenses.bsd3;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ aleksana ];
+    mainProgram = "ovi";
+  };
+}

pkgs/applications/editors/tiled/default.nix

@@ -10,6 +10,7 @@
 , qttools
 , qtsvg
 , zlib
+, zstd
 , libGL
 }:
 
@@ -29,7 +30,7 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [ pkg-config qbs wrapQtAppsHook ];
-  buildInputs = [ qtEnv zlib libGL ];
+  buildInputs = [ qtEnv zlib zstd libGL ];
 
   outputs = [ "out" "dev" ];