Merge master into staging-next

ci/OWNERS

@@ -206,6 +206,12 @@ pkgs/data/misc/cacert/ @ajs124 @lukegb @mweinelt
 pkgs/development/libraries/nss/ @ajs124 @lukegb @mweinelt
 pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
 
+# Java
+/doc/languages-frameworks/java.section.md @NixOS/java
+/doc/languages-frameworks/gradle.section.md @NixOS/java
+/doc/languages-frameworks/maven.section.md @NixOS/java
+/pkgs/top-level/java-packages.nix @NixOS/java
+
 # Jetbrains
 /pkgs/applications/editors/jetbrains @edwtjo
 

maintainers/README.md

@@ -175,3 +175,54 @@ for further information.
 
 # nixpkgs-merge-bot
 To streamline autoupdates, leverage the nixpkgs-merge-bot by commenting `@NixOS/nixpkgs-merge-bot merge` if the package resides in pkgs-by-name and the commenter is among the package maintainers. The bot ensures that all ofborg checks, except for darwin, are successfully completed before merging the pull request. Should the checks still be underway, the bot patiently waits for ofborg to finish before attempting the merge again.
+
+# Guidelines for Committers
+
+When merging pull requests, care must be taken to reduce impact to the `master`
+branch. If a commit breaks evaluation, it will affect Ofborg evaluation results
+in other pull requests and block Hydra CI, thus introducing chaos to our
+workflow.
+
+One approach to avoid merging such problematic changes is to wait for
+successful Ofborg evaluation. Additionally, using tools like
+[nixpkgs-review](https://github.com/Mic92/nixpkgs-review) can help spot issues
+early, before Ofborg finishes evaluation.
+
+## Breaking changes
+
+In general breaking changes to `master` and `staging` branches are permitted,
+as long as they are documented in the release notes. Though restrictions might
+apply towards the end of a NixOS release cycle, due to our feature freeze
+mechanism. This is to avoid large-scale breakages shortly before and during
+a Zero Hydra Failures (ZHF) campaign. These restrictions also intend to
+decrease the likelihood of a delayed NixOS release. The feature freeze period
+is documented in the announcement of each release schedule.
+
+> These are some example changes and if they are considered a breaking change
+> during a freeze period:
+>
+> - `foo: 1.2.3 -> 1.2.4` - Assuming this package follows semantic versioning
+>   and none of its dependent packages fail to build because of this change, it
+>   can be safely merged. Otherwise, if it can be confirmed that there is no
+>   major change in its functionality or API, but only adding new features or
+>   fixing bugs, it
+>   can also be merged.
+> - `unmaintained-software: drop` - If this PR removes a leaf package or the
+>   removal doesn't otherwise break other packages, it can be merged.
+> - `cool-tool: rename from fancy-tool` - As long as this PR replaces all
+>   references to the old attribute name with the new name and adds an alias,
+>   it can be merged.
+> - `libpopular: 4.3.2 -> 5.0.0` - If this PR would trigger many rebuilds
+>   and/or target `staging`, it should probably be delayed until after the
+>   freeze-period is over. Alternatively, if this PR is for a popular package
+>   and doesn't cause many rebuilds, it should also be delayed to reduce risk
+>   of breakage. If a PR includes important changes, such as security fixes, it
+>   should be brought up to
+>   release managers.
+> - `nixos/transmission: refactor` - If this PR adjusts the type, default value
+>   or effect of options in the NixOS module, so that users must rewrite their
+>   configuration to keep the current behavior unchanged, it should not be
+>   merged, as we don't have enough time to collect user feedback and avoid
+>   possible breakage. However, it should be accepted if the current behavior
+>   is
+>   considered broken and is fixed by the PR.

maintainers/maintainer-list.nix

@@ -18613,6 +18613,16 @@
       { fingerprint = "C0A7 A9BB 115B C857 4D75  EA99 BBB7 A680 1DF1 E03F"; }
     ];
   };
+  ritiek = {
+    name = "Ritiek Malhotra";
+    email = "[email protected]";
+    matrix = "@ritiek:matrix.org";
+    github = "ritiek";
+    githubId = 20314742;
+    keys = [
+      { fingerprint = "66FF 6099 7B04 845F F4C0  CB4F EB6F C9F9 FC96 4257"; }
+    ];
+  };
   rixed = {
     email = "[email protected]";
     github = "rixed";

maintainers/team-list.nix

@@ -497,6 +497,19 @@ with lib.maintainers;
     shortName = "Input-Output Global employees";
   };
 
+  java = {
+    githubTeams = [ "java" ];
+    members = [
+      chayleaf
+      fliegendewurst
+      infinidoge
+      tomodachi94
+    ];
+    shortName = "Java";
+    scope = "Maintainers of the Nixpkgs Java ecosystem (JDK, JVM, Java, Gradle, Maven, Ant, and adjacent projects)";
+    enableFeatureFreezePing = true;
+  };
+
   jitsi = {
     members = [
       cleeyv

nixos/modules/security/acme/default.nix

@@ -183,7 +183,6 @@ let
   certToConfig = cert: data: let
     acmeServer = data.server;
     useDns = data.dnsProvider != null;
-    useDnsOrS3 = useDns || data.s3Bucket != null;
     destPath = "/var/lib/acme/${cert}";
     selfsignedDeps = lib.optionals (cfg.preliminarySelfsigned) [ "acme-selfsigned-${cert}.service" ];
 
@@ -367,13 +366,11 @@ let
           "/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates"
         ];
 
-        EnvironmentFile = lib.mkIf useDnsOrS3 data.environmentFile;
+        EnvironmentFile = lib.mkIf (data.environmentFile != null) data.environmentFile;
 
-        Environment = lib.mkIf useDnsOrS3
-          (lib.mapAttrsToList (k: v: ''"${k}=%d/${k}"'') data.credentialFiles);
+        Environment = lib.mapAttrsToList (k: v: ''"${k}=%d/${k}"'') data.credentialFiles;
 
-        LoadCredential = lib.mkIf useDnsOrS3
-          (lib.mapAttrsToList (k: v: "${k}:${v}") data.credentialFiles);
+        LoadCredential = lib.mapAttrsToList (k: v: "${k}:${v}") data.credentialFiles;
 
         # Run as root (Prefixed with +)
         ExecStartPost = "+" + (pkgs.writeShellScript "acme-postrun" ''

nixos/modules/services/video/frigate.nix

@@ -526,6 +526,7 @@ in
         ExecStartPre = "-rm /var/cache/frigate/*.mp4";
         ExecStart = "${cfg.package.python.interpreter} -m frigate";
         Restart = "on-failure";
+        SyslogIdentifier = "frigate";
 
         User = "frigate";
         Group = "frigate";

nixos/modules/services/web-apps/nextcloud-notify_push.nix

@@ -48,7 +48,7 @@ in
     ] (
       opt: options.services.nextcloud.config.${opt} // {
         default = config.services.nextcloud.config.${opt};
-        defaultText = "config.services.nextcloud.config.${opt}";
+        defaultText = lib.literalExpression "config.services.nextcloud.config.${opt}";
       }
     )
   );

nixos/tests/frr.nix

@@ -5,10 +5,11 @@
 #
 # All interfaces are in OSPF Area 0.
 
-import ./make-test-python.nix ({ pkgs, ... }:
+import ./make-test-python.nix (
+  { pkgs, ... }:
   let
 
-    ifAddr = node: iface: (pkgs.lib.head node.config.networking.interfaces.${iface}.ipv4.addresses).address;
+    ifAddr = node: iface: (pkgs.lib.head node.networking.interfaces.${iface}.ipv4.addresses).address;
 
     ospfConf1 = ''
       router ospf
@@ -25,87 +26,94 @@ import ./make-test-python.nix ({ pkgs, ... }:
     '';
 
   in
-    {
-      name = "frr";
-
-      meta = with pkgs.lib.maintainers; {
-        maintainers = [ ];
-      };
-
-      nodes = {
-
-        client =
-          { nodes, ... }:
-          {
-            virtualisation.vlans = [ 1 ];
-            services.frr = {
-              config = ''
-                ip route 192.168.0.0/16 ${ifAddr nodes.router1 "eth1"}
-              '';
-            };
-          };
+  {
+    name = "frr";
 
-        router1 =
-          { ... }:
-          {
-            virtualisation.vlans = [ 1 2 ];
-            boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
-            networking.firewall.extraCommands = "iptables -A nixos-fw -i eth2 -p ospfigp -j ACCEPT";
-            services.frr = {
-              ospfd.enable = true;
-              config = ospfConf1;
-            };
-
-            specialisation.ospf.configuration = {
-              services.frr.config = ospfConf2;
-            };
-          };
+    meta = with pkgs.lib.maintainers; {
+      maintainers = [ ];
+    };
+
+    nodes = {
 
-        router2 =
-          { ... }:
-          {
-            virtualisation.vlans = [ 3 2 ];
-            boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
-            networking.firewall.extraCommands = "iptables -A nixos-fw -i eth2 -p ospfigp -j ACCEPT";
-            services.frr = {
-              ospfd.enable = true;
-              config = ospfConf2;
-            };
+      client =
+        { nodes, ... }:
+        {
+          virtualisation.vlans = [ 1 ];
+          services.frr = {
+            config = ''
+              ip route 192.168.0.0/16 ${ifAddr nodes.router1 "eth1"}
+            '';
+          };
+        };
+
+      router1 =
+        { ... }:
+        {
+          virtualisation.vlans = [
+            1
+            2
+          ];
+          boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
+          networking.firewall.extraCommands = "iptables -A nixos-fw -i eth2 -p ospfigp -j ACCEPT";
+          services.frr = {
+            ospfd.enable = true;
+            config = ospfConf1;
           };
 
-        server =
-          { nodes, ... }:
-          {
-            virtualisation.vlans = [ 3 ];
-            services.frr = {
-              config = ''
-                ip route 192.168.0.0/16 ${ifAddr nodes.router2 "eth1"}
-              '';
-            };
+          specialisation.ospf.configuration = {
+            services.frr.config = ospfConf2;
+          };
+        };
+
+      router2 =
+        { ... }:
+        {
+          virtualisation.vlans = [
+            3
+            2
+          ];
+          boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
+          networking.firewall.extraCommands = "iptables -A nixos-fw -i eth2 -p ospfigp -j ACCEPT";
+          services.frr = {
+            ospfd.enable = true;
+            config = ospfConf2;
           };
-      };
+        };
 
-      testScript =
+      server =
         { nodes, ... }:
-        ''
-          start_all()
-
-          # Wait for the networking to start on all machines
-          for machine in client, router1, router2, server:
-              machine.wait_for_unit("network.target")
-
-          with subtest("Wait for FRR"):
-              for gw in client, router1, router2, server:
-                  gw.wait_for_unit("frr")
-
-          router1.succeed("${nodes.router1.config.system.build.toplevel}/specialisation/ospf/bin/switch-to-configuration test >&2")
-
-          with subtest("Wait for OSPF to form adjacencies"):
-              for gw in router1, router2:
-                  gw.wait_until_succeeds("vtysh -c 'show ip ospf neighbor' | grep Full")
-                  gw.wait_until_succeeds("vtysh -c 'show ip route' | grep '^O>'")
-
-          with subtest("Test ICMP"):
-              client.wait_until_succeeds("ping -4 -c 3 server >&2")
-        '';
-    })
+        {
+          virtualisation.vlans = [ 3 ];
+          services.frr = {
+            config = ''
+              ip route 192.168.0.0/16 ${ifAddr nodes.router2 "eth1"}
+            '';
+          };
+        };
+    };
+
+    testScript =
+      { nodes, ... }:
+      ''
+        start_all()
+
+        # Wait for the networking to start on all machines
+        for machine in client, router1, router2, server:
+            machine.wait_for_unit("network.target")
+
+        with subtest("Wait for FRR"):
+            for gw in client, router1, router2, server:
+                gw.wait_for_unit("frr")
+
+        router1.succeed("${nodes.router1.system.build.toplevel}/specialisation/ospf/bin/switch-to-configuration test >&2")
+
+        with subtest("Wait for OSPF to form adjacencies"):
+            for gw in router1, router2:
+                gw.wait_until_succeeds("vtysh -c 'show ip ospf neighbor' | grep Full")
+                gw.wait_until_succeeds("vtysh -c 'show ip route' | grep '^O>'")
+
+        with subtest("Test ICMP"):
+            client.wait_until_succeeds("ping -4 -c 3 server >&2")
+      '';
+  }
+)

pkgs/applications/emulators/wibo/default.nix

@@ -9,13 +9,13 @@
 
 stdenv.mkDerivation rec {
   pname = "wibo";
-  version = "0.4.2";
+  version = "0.6.14";
 
   src = fetchFromGitHub {
     owner = "decompals";
     repo = "wibo";
     rev = version;
-    hash = "sha256-oq/i0Hb2y5pwDEvaqSyC4+6LH1oUbvDZ/62l+V3S7Uk=";
+    hash = "sha256-6YcraHBFWmm8TBfuFHbM9jGvUm9KvTOplJrFSTQkt70=";
   };
 
   nativeBuildInputs = [
@@ -29,8 +29,8 @@ stdenv.mkDerivation rec {
     gc = srcOnly {
       name = "GC_WII_COMPILERS";
       src = fetchzip {
-        url = "https://cdn.discordapp.com/attachments/727918646525165659/917185027656286218/GC_WII_COMPILERS.zip";
-        hash = "sha256-o+UrmIbCsa74LxtLofT0DKrTRgT0qDK5/V7GsG2Zprc=";
+        url = "https://files.decomp.dev/compilers_20230715.zip";
+        hash = "sha256-IX3byvEUVJB6Rmc+NqO9ZNt1jl95nQpEIqxbHI+uUio=";
         stripRoot = false;
       };
       meta.license = lib.licenses.unfree;