Merge remote-tracking branch 'origin/staging-next' into staging

.github/CODEOWNERS

@@ -122,8 +122,6 @@
 
 # Rust
 /pkgs/development/compilers/rust @Mic92 @LnL7 @zowoq
-/pkgs/build-support/rust @zowoq
-/doc/languages-frameworks/rust.section.md @zowoq
 
 # C compilers
 /pkgs/development/compilers/gcc @matthewbauer

lib/licenses.nix

@@ -148,6 +148,11 @@ in mkLicense lset) ({
     fullName = ''BSD 4-clause "Original" or "Old" License'';
   };
 
+  bsdOriginalShortened = {
+    spdxId = "BSD-4-Clause-Shortened";
+    fullName = "BSD 4 Clause Shortened";
+  };
+
   bsdOriginalUC = {
     spdxId = "BSD-4-Clause-UC";
     fullName = "BSD 4-Clause University of California-Specific";
@@ -693,6 +698,11 @@ in mkLicense lset) ({
     fullName = "SIL Open Font License 1.1";
   };
 
+  oml = {
+    spdxId = "OML";
+    fullName = "Open Market License";
+  };
+
   openldap = {
     spdxId = "OLDAP-2.8";
     fullName = "Open LDAP Public License v2.8";
@@ -824,6 +834,11 @@ in mkLicense lset) ({
     fullName = "TCL/TK License";
   };
 
+  ucd = {
+    fullName = "Unicode Character Database License";
+    url = "https://fedoraproject.org/wiki/Licensing:UCD";
+  };
+
   ufl = {
     fullName = "Ubuntu Font License 1.0";
     url = "https://ubuntu.com/legal/font-licence";

lib/lists.nix

@@ -36,7 +36,7 @@ rec {
   forEach = xs: f: map f xs;
 
   /* “right fold” a binary function `op` between successive elements of
-     `list` with `nul' as the starting value, i.e.,
+     `list` with `nul` as the starting value, i.e.,
      `foldr op nul [x_1 x_2 ... x_n] == op x_1 (op x_2 ... (op x_n nul))`.
 
      Type: foldr :: (a -> b -> b) -> b -> [a] -> b

lib/minver.nix

@@ -1,2 +1,2 @@
 # Expose the minimum required version for evaluating Nixpkgs
-"2.2"
+"2.3"

maintainers/maintainer-list.nix

@@ -115,6 +115,12 @@
     githubId = 7414843;
     name = "Nicholas von Klitzing";
   };
+  _360ied = {
+    name = "Brian Zhu";
+    email = "therealbarryplayer@gmail.com";
+    github = "360ied";
+    githubId = 19516527;
+  };
   _13r0ck = {
     name = "Brock Szuszczewicz";
     email = "bnr@tuta.io";
@@ -6355,6 +6361,16 @@
     }];
     name = "Ioannis Koutras";
   };
+  jonaenz = {
+    name = "Jona Enzinger";
+    email = "5xt3zyy5l@mozmail.com";
+    matrix = "@jona:matrix.jonaenz.de";
+    github = "jonaenz";
+    githubId = 57130301;
+    keys = [{
+      fingerprint = "1CC5 B67C EB9A 13A5 EDF6 F10E 0B4A 3662 FC58 9202";
+    }];
+  };
   jonafato = {
     email = "jon@jonafato.com";
     github = "jonafato";
@@ -6969,12 +6985,6 @@
       fingerprint = "8992 44FC D291 5CA2 0A97  802C 156C 88A5 B0A0 4B2A";
     }];
   };
-  kiyengar = {
-    email = "hello@kiyengar.net";
-    github = "karthikiyengar";
-    githubId = 8260207;
-    name = "Karthik Iyengar";
-  };
   kjeremy = {
     email = "kjeremy@gmail.com";
     name = "Jeremy Kolb";
@@ -13954,6 +13964,15 @@
     github = "wentasah";
     githubId = 140542;
   };
+  wesnel = {
+    name = "Wesley Nelson";
+    email = "wgn@wesnel.dev";
+    github = "wesnel";
+    githubId = 43357387;
+    keys = [{
+      fingerprint = "F844 80B2 0CA9 D6CC C7F5  2479 A776 D2AD 099E 8BC0";
+    }];
+  };
   wheelsandmetal = {
     email = "jakob@schmutz.co.uk";
     github = "wheelsandmetal";

maintainers/team-list.nix

@@ -107,6 +107,7 @@ with lib.maintainers; {
 
   cinnamon = {
     members = [
+      bobby285271
       mkg20001
     ];
     scope = "Maintain Cinnamon desktop environment and applications made by the LinuxMint team.";

nixos/doc/manual/configuration/x-windows.chapter.md

@@ -120,7 +120,6 @@ to set one. The recommended configuration for modern systems is:
 
 ```nix
 services.xserver.videoDrivers = [ "modesetting" ];
-services.xserver.useGlamor = true;
 ```
 
 If you experience screen tearing no matter what, this configuration was

nixos/doc/manual/from_md/configuration/x-windows.chapter.xml

@@ -133,7 +133,6 @@ services.xserver.displayManager.autoLogin.user = "alice";
     </para>
     <programlisting language="bash">
 services.xserver.videoDrivers = [ &quot;modesetting&quot; ];
-services.xserver.useGlamor = true;
 </programlisting>
     <para>
       If you experience screen tearing no matter what, this

nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

@@ -203,6 +203,20 @@
           <link xlink:href="options.html#opt-services.kanata.enable">services.kanata</link>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://www.getoutline.com/">Outline</link>,
+          a wiki and knowledge base similar to Notion. Available as
+          <link linkend="opt-services.outline.enable">services.outline</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://netbird.io">netbird</link>, a zero
+          configuration VPN. Available as
+          <link xlink:href="options.html#opt-services.netbird.enable">services.netbird</link>.
+        </para>
+      </listitem>
       <listitem>
         <para>
           <link xlink:href="https://github.com/aiberia/persistent-evdev">persistent-evdev</link>,
@@ -246,6 +260,11 @@
   <section xml:id="sec-release-22.11-incompatibilities">
     <title>Backward Incompatibilities</title>
     <itemizedlist>
+      <listitem>
+        <para>
+          Nixpkgs now requires Nix 2.3 or newer.
+        </para>
+      </listitem>
       <listitem>
         <para>
           The <literal>isCompatible</literal> predicate checking CPU

nixos/doc/manual/release-notes/rl-2211.section.md

@@ -76,6 +76,11 @@ In addition to numerous new and upgraded packages, this release has the followin
 - [kanata](https://github.com/jtroo/kanata), a tool to improve keyboard comfort and usability with advanced customization.
   Available as [services.kanata](options.html#opt-services.kanata.enable).
 
+- [Outline](https://www.getoutline.com/), a wiki and knowledge base similar to Notion. Available as [services.outline](#opt-services.outline.enable).
+
+- [netbird](https://netbird.io), a zero configuration VPN.
+  Available as [services.netbird](options.html#opt-services.netbird.enable).
+
 - [persistent-evdev](https://github.com/aiberia/persistent-evdev), a daemon to add virtual proxy devices that mirror a physical input device but persist even if the underlying hardware is hot-plugged. Available as [services.persistent-evdev](#opt-services.persistent-evdev.enable).
 
 - [schleuder](https://schleuder.org/), a mailing list manager with PGP support. Enable using [services.schleuder](#opt-services.schleuder.enable).
@@ -91,6 +96,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
 
 ## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
 
+- Nixpkgs now requires Nix 2.3 or newer.
+
 - The `isCompatible` predicate checking CPU compatibility is no longer exposed
   by the platform sets generated using `lib.systems.elaborate`. In most cases
   you will want to use the new `canExecute` predicate instead which also

nixos/modules/hardware/device-tree.nix

@@ -14,6 +14,15 @@ let
         '';
       };
 
+      filter = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        example = "*rpi*.dtb";
+        description = lib.mdDoc ''
+          Only apply to .dtb files matching glob expression.
+        '';
+      };
+
       dtsFile = mkOption {
         type = types.nullOr types.path;
         description = lib.mdDoc ''
@@ -56,23 +65,6 @@ let
     };
   };
 
-  # this requires kernel package
-  dtbsWithSymbols = pkgs.stdenv.mkDerivation {
-    name = "dtbs-with-symbols";
-    inherit (cfg.kernelPackage) src nativeBuildInputs depsBuildBuild;
-    patches = map (patch: patch.patch) cfg.kernelPackage.kernelPatches;
-    buildPhase = ''
-      patchShebangs scripts/*
-      substituteInPlace scripts/Makefile.lib \
-        --replace 'DTC_FLAGS += $(DTC_FLAGS_$(basetarget))' 'DTC_FLAGS += $(DTC_FLAGS_$(basetarget)) -@'
-      make ${pkgs.stdenv.hostPlatform.linux-kernel.baseConfig} ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
-      make dtbs ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
-    '';
-    installPhase = ''
-      make dtbs_install INSTALL_DTBS_PATH=$out/dtbs  ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
-    '';
-  };
-
   filterDTBs = src: if isNull cfg.filter
     then "${src}/dtbs"
     else
@@ -83,6 +75,8 @@ let
           | xargs -0 cp -v --no-preserve=mode --target-directory $out --parents
       '';
 
+  filteredDTBs = filterDTBs cfg.kernelPackage;
+
   # Compile single Device Tree overlay source
   # file (.dts) into its compiled variant (.dtbo)
   compileDTS = name: f: pkgs.callPackage({ stdenv, dtc }: stdenv.mkDerivation {
@@ -165,6 +159,7 @@ in
           '';
           type = types.listOf (types.coercedTo types.path (path: {
             name = baseNameOf path;
+            filter = null;
             dtboFile = path;
           }) overlayType);
           description = lib.mdDoc ''
@@ -197,7 +192,7 @@ in
     };
 
     hardware.deviceTree.package = if (cfg.overlays != [])
-      then pkgs.deviceTree.applyOverlays (filterDTBs dtbsWithSymbols) (withDTBOs cfg.overlays)
-      else (filterDTBs cfg.kernelPackage);
+      then pkgs.deviceTree.applyOverlays filteredDTBs (withDTBOs cfg.overlays)
+      else filteredDTBs;
   };
 }

nixos/modules/module-list.nix

@@ -861,6 +861,7 @@
   ./services/networking/nbd.nix
   ./services/networking/ndppd.nix
   ./services/networking/nebula.nix
+  ./services/networking/netbird.nix
   ./services/networking/networkmanager.nix
   ./services/networking/nextdns.nix
   ./services/networking/nftables.nix
@@ -1104,6 +1105,7 @@
   ./services/web-apps/prosody-filer.nix
   ./services/web-apps/matomo.nix
   ./services/web-apps/openwebrx.nix
+  ./services/web-apps/outline.nix
   ./services/web-apps/restya-board.nix
   ./services/web-apps/sogo.nix
   ./services/web-apps/rss-bridge.nix

nixos/modules/security/pam.nix

@@ -521,7 +521,7 @@ let
           # Modules in this block require having the password set in PAM_AUTHTOK.
           # pam_unix is marked as 'sufficient' on NixOS which means nothing will run
           # after it succeeds. Certain modules need to run after pam_unix
-          # prompts the user for password so we run it once with 'required' at an
+          # prompts the user for password so we run it once with 'optional' at an
           # earlier point and it will run again with 'sufficient' further down.
           # We use try_first_pass the second time to avoid prompting password twice
           (optionalString (cfg.unixAuth &&
@@ -534,7 +534,7 @@ let
               || cfg.duoSecurity.enable))
             (
               ''
-                auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth
+                auth optional pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth
               '' +
               optionalString config.security.pam.enableEcryptfs ''
                 auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap

nixos/modules/services/games/terraria.nix

@@ -131,6 +131,7 @@ in
   config = mkIf cfg.enable {
     users.users.terraria = {
       description = "Terraria server service user";
+      group       = "terraria";
       home        = cfg.dataDir;
       createHome  = true;
       uid         = config.ids.uids.terraria;
@@ -138,7 +139,6 @@ in
 
     users.groups.terraria = {
       gid = config.ids.gids.terraria;
-      members = [ "terraria" ];
     };
 
     systemd.services.terraria = {

nixos/modules/services/hardware/kanata.nix

@@ -180,8 +180,8 @@ in
     package = mkOption {
       type = types.package;
       default = pkgs.kanata;
-      defaultText = lib.literalExpression "pkgs.kanata";
-      example = lib.literalExpression "pkgs.kanata-with-cmd";
+      defaultText = literalExpression "pkgs.kanata";
+      example = literalExpression "pkgs.kanata-with-cmd";
       description = mdDoc ''
         The kanata package to use.
 
@@ -198,7 +198,7 @@ in
     };
   };
 
-  config = lib.mkIf cfg.enable {
+  config = mkIf cfg.enable {
     hardware.uinput.enable = true;
 
     systemd = {
@@ -211,5 +211,5 @@ in
     };
   };
 
-  meta.maintainers = with lib.maintainers; [ linj ];
+  meta.maintainers = with maintainers; [ linj ];
 }

nixos/modules/services/matrix/mautrix-facebook.nix

@@ -44,6 +44,12 @@ in {
             encryption = {
               allow = true;
               default = true;
+
+              verification_levels = {
+                receive = "cross-signed-tofu";
+                send = "cross-signed-tofu";
+                share = "cross-signed-tofu";
+              };
             };
             username_template = "facebook_{userid}";
           };
@@ -116,6 +122,8 @@ in {
   };
 
   config = mkIf cfg.enable {
+    users.groups.mautrix-facebook = {};
+
     users.users.mautrix-facebook = {
       group = "mautrix-facebook";
       isSystemUser = true;

nixos/modules/services/networking/https-dns-proxy.nix

@@ -20,19 +20,23 @@ let
       ips = [ "9.9.9.9" "149.112.112.112" ];
       url = "https://dns.quad9.net/dns-query";
     };
+    opendns = {
+      ips = [ "208.67.222.222" "208.67.220.220" ];
+      url = "https://doh.opendns.com/dns-query";
+    };
+    custom = {
+      inherit (cfg.provider) ips url;
+    };
   };
 
   defaultProvider = "quad9";
 
   providerCfg =
-    let
-      isCustom = cfg.provider.kind == "custom";
-    in
-    lib.concatStringsSep " " [
+    concatStringsSep " " [
       "-b"
-      (concatStringsSep "," (if isCustom then cfg.provider.ips else providers."${cfg.provider.kind}".ips))
+      (concatStringsSep "," providers."${cfg.provider.kind}".ips)
       "-r"
-      (if isCustom then cfg.provider.url else providers."${cfg.provider.kind}".url)
+      providers."${cfg.provider.kind}".url
     ];
 
 in
@@ -62,14 +66,16 @@ in
           The upstream provider to use or custom in case you do not trust any of
           the predefined providers or just want to use your own.
 
-          The default is ${defaultProvider} and there are privacy and security trade-offs
-          when using any upstream provider. Please consider that before using any
-          of them.
+          The default is ${defaultProvider} and there are privacy and security
+          trade-offs when using any upstream provider. Please consider that
+          before using any of them.
+
+          Supported providers: ${concatStringsSep ", " (builtins.attrNames providers)}
 
-          If you pick a custom provider, you will need to provide the bootstrap
-          IP addresses as well as the resolver https URL.
+          If you pick the custom provider, you will need to provide the
+          bootstrap IP addresses as well as the resolver https URL.
         '';
-        type = types.enum ((builtins.attrNames providers) ++ [ "custom" ]);
+        type = types.enum (builtins.attrNames providers);
         default = defaultProvider;
       };
 
@@ -105,14 +111,18 @@ in
   config = lib.mkIf cfg.enable {
     systemd.services.https-dns-proxy = {
       description = "DNS to DNS over HTTPS (DoH) proxy";
+      requires = [ "network.target" ];
       after = [ "network.target" ];
+      wants = [ "nss-lookup.target" ];
+      before = [ "nss-lookup.target" ];
       wantedBy = [ "multi-user.target" ];
       serviceConfig = rec {
         Type = "exec";
         DynamicUser = true;
+        ProtectHome = "tmpfs";
         ExecStart = lib.concatStringsSep " " (
           [
-            "${pkgs.https-dns-proxy}/bin/https_dns_proxy"
+            (lib.getExe pkgs.https-dns-proxy)
             "-a ${toString cfg.address}"
             "-p ${toString cfg.port}"
             "-l -"

nixos/modules/services/networking/netbird.nix

@@ -0,0 +1,64 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.netbird;
+  kernel = config.boot.kernelPackages;
+  interfaceName = "wt0";
+in {
+  meta.maintainers = with maintainers; [ misuzu ];
+
+  options.services.netbird = {
+    enable = mkEnableOption "Netbird daemon";
+    package = mkOption {
+      type = types.package;
+      default = pkgs.netbird;
+      defaultText = literalExpression "pkgs.netbird";
+      description = "The package to use for netbird";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard;
+
+    environment.systemPackages = [ cfg.package ];
+
+    networking.dhcpcd.denyInterfaces = [ interfaceName ];
+
+    systemd.network.networks."50-netbird" = mkIf config.networking.useNetworkd {
+      matchConfig = {
+        Name = interfaceName;
+      };
+      linkConfig = {
+        Unmanaged = true;
+        ActivationPolicy = "manual";
+      };
+    };
+
+    systemd.services.netbird = {
+      description = "A WireGuard-based mesh network that connects your devices into a single private network";
+      documentation = [ "https://netbird.io/docs/" ];
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        AmbientCapabilities = [ "CAP_NET_ADMIN" ];
+        DynamicUser = true;
+        Environment = [
+          "NB_CONFIG=/var/lib/netbird/config.json"
+          "NB_LOG_FILE=console"
+        ];
+        ExecStart = "${cfg.package}/bin/netbird service run";
+        Restart = "always";
+        RuntimeDirectory = "netbird";
+        StateDirectory = "netbird";
+        WorkingDirectory = "/var/lib/netbird";
+      };
+      unitConfig = {
+        StartLimitInterval = 5;
+        StartLimitBurst = 10;
+      };
+      stopIfChanged = false;
+    };
+  };
+}

nixos/modules/services/web-apps/jitsi-meet.nix

@@ -267,6 +267,7 @@ in
         EnvironmentFile = [ "/var/lib/jitsi-meet/secrets-env" ];
         SupplementaryGroups = [ "jitsi-meet" ];
       };
+      reloadIfChanged = true;
     };
 
     users.groups.jitsi-meet = {};

nixos/modules/services/web-apps/nextcloud.nix

@@ -254,6 +254,14 @@ in {
       '';
     };
 
+    fastcgiTimeout = mkOption {
+      type = types.int;
+      default = 120;
+      description = lib.mdDoc ''
+        FastCGI timeout for database connection in seconds.
+      '';
+    };
+
     database = {
 
       createLocally = mkOption {
@@ -1032,7 +1040,7 @@ in {
               fastcgi_pass unix:${fpm.socket};
               fastcgi_intercept_errors on;
               fastcgi_request_buffering off;
-              fastcgi_read_timeout 120s;
+              fastcgi_read_timeout ${builtins.toString cfg.fastcgiTimeout}s;
             '';
           };
           "~ \\.(?:css|js|woff2?|svg|gif|map)$".extraConfig = ''

nixos/modules/services/web-apps/outline.nix

@@ -0,0 +1,777 @@
+{ config, lib, pkgs, ...}:
+
+let
+  defaultUser = "outline";
+  cfg = config.services.outline;
+in
+{
+  # See here for a reference of all the options:
+  #   https://github.com/outline/outline/blob/v0.65.2/.env.sample
+  #   https://github.com/outline/outline/blob/v0.65.2/app.json
+  #   https://github.com/outline/outline/blob/v0.65.2/server/env.ts
+  #   https://github.com/outline/outline/blob/v0.65.2/shared/types.ts
+  # The order is kept the same here to make updating easier.
+  options.services.outline = {
+    enable = lib.mkEnableOption "outline";
+
+    package = lib.mkOption {
+      default = pkgs.outline;
+      defaultText = lib.literalExpression "pkgs.outline";
+      type = lib.types.package;
+      example = lib.literalExpression ''
+        pkgs.outline.overrideAttrs (super: {
+          # Ignore the domain part in emails that come from OIDC. This is might
+          # be helpful if you want multiple users with different email providers
+          # to still land in the same team. Note that this effectively makes
+          # Outline a single-team instance.
+          patchPhase = ${"''"}
+            sed -i 's/const domain = parts\.length && parts\[1\];/const domain = "example.com";/g' server/routes/auth/providers/oidc.ts
+          ${"''"};
+        })
+      '';
+      description = "Outline package to use.";
+    };
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = defaultUser;
+      description = ''
+        User under which the service should run. If this is the default value,
+        the user will be created, with the specified group as the primary
+        group.
+      '';
+    };
+
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = defaultUser;
+      description = ''
+        Group under which the service should run. If this is the default value,
+        the group will be created.
+      '';
+    };
+
+    sequelizeArguments = lib.mkOption {
+      type = lib.types.str;
+      default = "";
+      example = "--env=production-ssl-disabled";
+      description = ''
+        Optional arguments to pass to <literal>sequelize</literal> calls.
+      '';
+    };
+
+    #
+    # Required options
+    #
+
+    secretKeyFile = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/lib/outline/secret_key";
+      description = ''
+        File path that contains the application secret key. It must be 32
+        bytes long and hex-encoded. If the file does not exist, a new key will
+        be generated and saved here.
+      '';
+    };
+
+    utilsSecretFile = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/lib/outline/utils_secret";
+      description = ''
+        File path that contains the utility secret key. If the file does not
+        exist, a new key will be generated and saved here.
+      '';
+    };
+
+    databaseUrl = lib.mkOption {
+      type = lib.types.str;
+      default = "local";
+      description = ''
+        URI to use for the main PostgreSQL database. If this needs to include
+        credentials that shouldn't be world-readable in the Nix store, set an
+        environment file on the systemd service and override the
+        <literal>DATABASE_URL</literal> entry. Pass the string
+        <literal>local</literal> to setup a database on the local server.
+      '';
+    };
+
+    redisUrl = lib.mkOption {
+      type = lib.types.str;
+      default = "local";
+      description = ''
+        Connection to a redis server. If this needs to include credentials
+        that shouldn't be world-readable in the Nix store, set an environment
+        file on the systemd service and override the
+        <literal>REDIS_URL</literal> entry. Pass the string
+        <literal>local</literal> to setup a local Redis database.
+      '';
+    };
+
+    publicUrl = lib.mkOption {
+      type = lib.types.str;
+      default = "http://localhost:3000";
+      description = "The fully qualified, publicly accessible URL";
+    };
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 3000;
+      description = "Listening port.";
+    };
+
+    storage = lib.mkOption {
+      description = ''
+        To support uploading of images for avatars and document attachments an
+        s3-compatible storage must be provided. AWS S3 is recommended for
+        redundency however if you want to keep all file storage local an
+        alternative such as <link xlink:href="https://github.com/minio/minio">minio</link>
+        can be used.
+
+        A more detailed guide on setting up S3 is available
+        <link xlink:href="https://wiki.generaloutline.com/share/125de1cc-9ff6-424b-8415-0d58c809a40f">here</link>.
+      '';
+      example = lib.literalExpression ''
+        {
+          accessKey = "...";
+          secretKeyFile = "/somewhere";
+          uploadBucketUrl = "https://minio.example.com";
+          uploadBucketName = "outline";
+          region = "us-east-1";
+        }
+      '';
+      type = lib.types.submodule {
+        options = {
+          accessKey = lib.mkOption {
+            type = lib.types.str;
+            description = "S3 access key.";
+          };
+          secretKeyFile = lib.mkOption {
+            type = lib.types.path;
+            description = "File path that contains the S3 secret key.";
+          };
+          region = lib.mkOption {
+            type = lib.types.str;
+            default = "xx-xxxx-x";
+            description = "AWS S3 region name.";
+          };
+          uploadBucketUrl = lib.mkOption {
+            type = lib.types.str;
+            description = ''
+              URL endpoint of an S3-compatible API where uploads should be
+              stored.
+            '';
+          };
+          uploadBucketName = lib.mkOption {
+            type = lib.types.str;
+            description = "Name of the bucket where uploads should be stored.";
+          };
+          uploadMaxSize = lib.mkOption {
+            type = lib.types.int;
+            default = 26214400;
+            description = "Maxmium file size for uploads.";
+          };
+          forcePathStyle = lib.mkOption {
+            type = lib.types.bool;
+            default = true;
+            description = "Force S3 path style.";
+          };
+          acl = lib.mkOption {
+            type = lib.types.str;
+            default = "private";
+            description = "ACL setting.";
+          };
+        };
+      };
+    };
+
+    #
+    # Authentication
+    #
+
+    slackAuthentication = lib.mkOption {
+      description = ''
+        To configure Slack auth, you'll need to create an Application at
+        https://api.slack.com/apps
+
+        When configuring the Client ID, add a redirect URL under "OAuth &amp; Permissions"
+        to <literal>https://[publicUrl]/auth/slack.callback</literal>.
+      '';
+      default = null;
+      type = lib.types.nullOr (lib.types.submodule {
+        options = {
+          clientId = lib.mkOption {
+            type = lib.types.str;
+            description = "Authentication key.";
+          };
+          secretFile = lib.mkOption {
+            type = lib.types.str;
+            description = "File path containing the authentication secret.";
+          };
+        };
+      });
+    };
+
+    googleAuthentication = lib.mkOption {
+      description = ''
+        To configure Google auth, you'll need to create an OAuth Client ID at
+        https://console.cloud.google.com/apis/credentials
+
+        When configuring the Client ID, add an Authorized redirect URI to
+        <literal>https://[publicUrl]/auth/google.callback</literal>.
+      '';
+      default = null;
+      type = lib.types.nullOr (lib.types.submodule {
+        options = {
+          clientId = lib.mkOption {
+            type = lib.types.str;
+            description = "Authentication client identifier.";
+          };
+          clientSecretFile = lib.mkOption {
+            type = lib.types.str;
+            description = "File path containing the authentication secret.";
+          };
+        };
+      });
+    };
+
+    azureAuthentication = lib.mkOption {
+      description = ''
+        To configure Microsoft/Azure auth, you'll need to create an OAuth
+        Client. See
+        <link xlink:href="https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4">the guide</link>
+        for details on setting up your Azure App.
+      '';
+      default = null;
+      type = lib.types.nullOr (lib.types.submodule {
+        options = {
+          clientId = lib.mkOption {
+            type = lib.types.str;
+            description = "Authentication client identifier.";
+          };
+          clientSecretFile = lib.mkOption {
+            type = lib.types.str;
+            description = "File path containing the authentication secret.";
+          };
+          resourceAppId = lib.mkOption {
+            type = lib.types.str;
+            description = "Authentication application resource ID.";
+          };
+        };
+      });
+    };
+
+    oidcAuthentication = lib.mkOption {
+      description = ''
+        To configure generic OIDC auth, you'll need some kind of identity
+        provider. See the documentation for whichever IdP you use to fill out
+        all the fields. The redirect URL is
+        <literal>https://[publicUrl]/auth/oidc.callback</literal>.
+      '';
+      default = null;
+      type = lib.types.nullOr (lib.types.submodule {
+        options = {
+          clientId = lib.mkOption {
+            type = lib.types.str;
+            description = "Authentication client identifier.";
+          };
+          clientSecretFile = lib.mkOption {
+            type = lib.types.str;
+            description = "File path containing the authentication secret.";
+          };
+          authUrl = lib.mkOption {
+            type = lib.types.str;
+            description = "OIDC authentication URL endpoint.";
+          };
+          tokenUrl = lib.mkOption {
+            type = lib.types.str;
+            description = "OIDC token URL endpoint.";
+          };
+          userinfoUrl = lib.mkOption {
+            type = lib.types.str;
+            description = "OIDC userinfo URL endpoint.";
+          };
+          usernameClaim = lib.mkOption {
+            type = lib.types.str;
+            description = ''
+              Specify which claims to derive user information from. Supports any
+              valid JSON path with the JWT payload
+            '';
+            default = "preferred_username";
+          };
+          displayName = lib.mkOption {
+            type = lib.types.str;
+            description = "Display name for OIDC authentication.";
+            default = "OpenID";
+          };
+          scopes = lib.mkOption {
+            type = lib.types.listOf lib.types.str;
+            description = "OpenID authentication scopes.";
+            default = [ "openid" "profile" "email" ];
+          };
+        };
+      });
+    };
+
+    #
+    # Optional configuration
+    #
+
+    sslKeyFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = ''
+        File path that contains the Base64-encoded private key for HTTPS
+        termination. This is only required if you do not use an external reverse
+        proxy. See
+        <link xlink:href="https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4">the documentation</link>.
+      '';
+    };
+    sslCertFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = ''
+        File path that contains the Base64-encoded certificate for HTTPS
+        termination. This is only required if you do not use an external reverse
+        proxy. See
+        <link xlink:href="https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4">the documentation</link>.
+      '';
+    };
+
+    cdnUrl = lib.mkOption {
+      type = lib.types.str;
+      default = "";
+      description = ''
+        If using a Cloudfront/Cloudflare distribution or similar it can be set
+        using this option. This will cause paths to JavaScript files,
+        stylesheets and images to be updated to the hostname defined here. In
+        your CDN configuration the origin server should be set to public URL.
+      '';
+    };
+
+    forceHttps = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = ''
+        Auto-redirect to HTTPS in production. The default is
+        <literal>true</literal> but you may set this to <literal>false</literal>
+        if you can be sure that SSL is terminated at an external loadbalancer.
+      '';
+    };
+
+    enableUpdateCheck = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Have the installation check for updates by sending anonymized statistics
+        to the maintainers.
+      '';
+    };
+
+    concurrency = lib.mkOption {
+      type = lib.types.int;
+      default = 1;
+      description = ''
+        How many processes should be spawned. For a rough estimate, divide your
+        server's available memory by 512.
+      '';
+    };
+
+    maximumImportSize = lib.mkOption {
+      type = lib.types.int;
+      default = 5120000;
+      description = ''
+        The maximum size of document imports. Overriding this could be required
+        if you have especially large Word documents with embedded imagery.
+      '';
+    };
+
+    debugOutput = lib.mkOption {
+      type = lib.types.nullOr (lib.types.enum [ "http" ]);
+      default = null;
+      description = "Set this to <literal>http</literal> log HTTP requests.";
+    };
+
+    slackIntegration = lib.mkOption {
+      description = ''
+        For a complete Slack integration with search and posting to channels
+        this configuration is also needed. See here for details:
+        https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a
+      '';
+      default = null;
+      type = lib.types.nullOr (lib.types.submodule {
+        options = {
+          verificationTokenFile = lib.mkOption {
+            type = lib.types.str;
+            description = "File path containing the verification token.";
+          };
+          appId = lib.mkOption {
+            type = lib.types.str;
+            description = "Application ID.";
+          };
+          messageActions = lib.mkOption {
+            type = lib.types.bool;
+            default = true;
+            description = "Whether to enable message actions.";
+          };
+        };
+      });
+    };
+
+    googleAnalyticsId = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = ''
+        Optionally enable Google Analytics to track page views in the knowledge
+        base.
+      '';
+    };
+
+    sentryDsn = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = ''
+        Optionally enable <link xlink:href="https://sentry.io/">Sentry</link> to
+        track errors and performance.
+      '';
+    };
+
+    logo = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = ''
+        Custom logo displayed on the authentication screen. This will be scaled
+        to a height of 60px.
+      '';
+    };
+
+    smtp = lib.mkOption {
+      description = ''
+        To support sending outgoing transactional emails such as
+        "document updated" or "you've been invited" you'll need to provide
+        authentication for an SMTP server.
+      '';
+      default = null;
+      type = lib.types.nullOr (lib.types.submodule {
+        options = {
+          host = lib.mkOption {
+            type = lib.types.str;
+            description = "Host name or IP adress of the SMTP server.";
+          };
+          port = lib.mkOption {
+            type = lib.types.port;
+            description = "TCP port of the SMTP server.";
+          };
+          username = lib.mkOption {
+            type = lib.types.str;
+            description = "Username to authenticate with.";
+          };
+          passwordFile = lib.mkOption {
+            type = lib.types.str;
+            description = ''
+              File path containing the password to authenticate with.
+            '';
+          };
+          fromEmail = lib.mkOption {
+            type = lib.types.str;
+            description = "Sender email in outgoing mail.";
+          };
+          replyEmail = lib.mkOption {
+            type = lib.types.str;
+            description = "Reply address in outgoing mail.";
+          };
+          tlsCiphers = lib.mkOption {
+            type = lib.types.str;
+            default = "";
+            description = "Override SMTP cipher configuration.";
+          };
+          secure = lib.mkOption {
+            type = lib.types.bool;
+            default = true;
+            description = "Use a secure SMTP connection.";
+          };
+        };
+      });
+    };
+
+    defaultLanguage = lib.mkOption {
+      type = lib.types.enum [
+         "da_DK"
+         "de_DE"
+         "en_US"
+         "es_ES"
+         "fa_IR"
+         "fr_FR"
+         "it_IT"
+         "ja_JP"
+         "ko_KR"
+         "nl_NL"
+         "pl_PL"
+         "pt_BR"
+         "pt_PT"
+         "ru_RU"
+         "sv_SE"
+         "th_TH"
+         "vi_VN"
+         "zh_CN"
+         "zh_TW"
+      ];
+      default = "en_US";
+      description = ''
+        The default interface language. See
+        <link xlink:href="https://translate.getoutline.com/">translate.getoutline.com</link>
+        for a list of available language codes and their rough percentage
+        translated.
+      '';
+    };
+
+    rateLimiter.enable = lib.mkEnableOption "rate limiter for the application web server";
+    rateLimiter.requests = lib.mkOption {
+      type = lib.types.int;
+      default = 5000;
+      description = "Maximum number of requests in a throttling window.";
+    };
+    rateLimiter.durationWindow = lib.mkOption {
+      type = lib.types.int;
+      default = 60;
+      description = "Length of a throttling window.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    users.users = lib.optionalAttrs (cfg.user == defaultUser) {
+      ${defaultUser} = {
+        isSystemUser = true;
+        group = cfg.group;
+      };
+    };
+
+    users.groups = lib.optionalAttrs (cfg.group == defaultUser) {
+      ${defaultUser} = { };
+    };
+
+    systemd.tmpfiles.rules = [
+      "f ${cfg.secretKeyFile} 0600 ${cfg.user} ${cfg.group} -"
+      "f ${cfg.utilsSecretFile} 0600 ${cfg.user} ${cfg.group} -"
+      "f ${cfg.storage.secretKeyFile} 0600 ${cfg.user} ${cfg.group} -"
+    ];
+
+    services.postgresql = lib.mkIf (cfg.databaseUrl == "local") {
+      enable = true;
+      ensureUsers = [{
+        name = "outline";
+        ensurePermissions."DATABASE outline" = "ALL PRIVILEGES";
+      }];
+      ensureDatabases = [ "outline" ];
+    };
+
+    services.redis.servers.outline = lib.mkIf (cfg.redisUrl == "local") {
+      enable = true;
+      user = config.services.outline.user;
+      port = 0; # Disable the TCP listener
+    };
+
+    systemd.services.outline = let
+      localRedisUrl = "redis+unix:///run/redis-outline/redis.sock";
+      localPostgresqlUrl = "postgres://localhost/outline?host=/run/postgresql";
+
+      # Create an outline-sequalize wrapper (a wrapper around the wrapper) that
+      # has the config file's path baked in. This is necessary because there is
+      # at least one occurrence of outline calling this from its own code.
+      sequelize = pkgs.writeShellScriptBin "outline-sequelize" ''
+        exec ${cfg.package}/bin/outline-sequelize \
+          --config $RUNTIME_DIRECTORY/database.json \
+          ${cfg.sequelizeArguments} \
+          "$@"
+      '';
+    in {
+      description = "Outline wiki and knowledge base";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "networking.target" ]
+        ++ lib.optional (cfg.databaseUrl == "local") "postgresql.service"
+        ++ lib.optional (cfg.redisUrl == "local") "redis-outline.service";
+      requires = lib.optional (cfg.databaseUrl == "local") "postgresql.service"
+        ++ lib.optional (cfg.redisUrl == "local") "redis-outline.service";
+      path = [
+        pkgs.openssl # Required by the preStart script
+        sequelize
+      ];
+
+
+      environment = lib.mkMerge [
+        {
+          NODE_ENV = "production";
+
+          REDIS_URL = if cfg.redisUrl == "local" then localRedisUrl else cfg.redisUrl;
+          URL = cfg.publicUrl;
+          PORT = builtins.toString cfg.port;
+
+          AWS_ACCESS_KEY_ID = cfg.storage.accessKey;
+          AWS_REGION = cfg.storage.region;
+          AWS_S3_UPLOAD_BUCKET_URL = cfg.storage.uploadBucketUrl;
+          AWS_S3_UPLOAD_BUCKET_NAME = cfg.storage.uploadBucketName;
+          AWS_S3_UPLOAD_MAX_SIZE = builtins.toString cfg.storage.uploadMaxSize;
+          AWS_S3_FORCE_PATH_STYLE = builtins.toString cfg.storage.forcePathStyle;
+          AWS_S3_ACL = cfg.storage.acl;
+
+          CDN_URL = cfg.cdnUrl;
+          FORCE_HTTPS = builtins.toString cfg.forceHttps;
+          ENABLE_UPDATES = builtins.toString cfg.enableUpdateCheck;
+          WEB_CONCURRENCY = builtins.toString cfg.concurrency;
+          MAXIMUM_IMPORT_SIZE = builtins.toString cfg.maximumImportSize;
+          DEBUG = cfg.debugOutput;
+          GOOGLE_ANALYTICS_ID = lib.optionalString (cfg.googleAnalyticsId != null) cfg.googleAnalyticsId;
+          SENTRY_DSN = lib.optionalString (cfg.sentryDsn != null) cfg.sentryDsn;
+          TEAM_LOGO = lib.optionalString (cfg.logo != null) cfg.logo;
+          DEFAULT_LANGUAGE = cfg.defaultLanguage;
+
+          RATE_LIMITER_ENABLED = builtins.toString cfg.rateLimiter.enable;
+          RATE_LIMITER_REQUESTS = builtins.toString cfg.rateLimiter.requests;
+          RATE_LIMITER_DURATION_WINDOW = builtins.toString cfg.rateLimiter.durationWindow;
+        }
+
+        (lib.mkIf (cfg.slackAuthentication != null) {
+          SLACK_CLIENT_ID = cfg.slackAuthentication.clientId;
+        })
+
+        (lib.mkIf (cfg.googleAuthentication != null) {
+          GOOGLE_CLIENT_ID = cfg.googleAuthentication.clientId;
+        })
+
+        (lib.mkIf (cfg.azureAuthentication != null) {
+          AZURE_CLIENT_ID = cfg.azureAuthentication.clientId;
+          AZURE_RESOURCE_APP_ID = cfg.azureAuthentication.resourceAppId;
+        })
+
+        (lib.mkIf (cfg.oidcAuthentication != null) {
+          OIDC_CLIENT_ID = cfg.oidcAuthentication.clientId;
+          OIDC_AUTH_URI = cfg.oidcAuthentication.authUrl;
+          OIDC_TOKEN_URI = cfg.oidcAuthentication.tokenUrl;
+          OIDC_USERINFO_URI = cfg.oidcAuthentication.userinfoUrl;
+          OIDC_USERNAME_CLAIM = cfg.oidcAuthentication.usernameClaim;
+          OIDC_DISPLAY_NAME = cfg.oidcAuthentication.displayName;
+          OIDC_SCOPES = lib.concatStringsSep " " cfg.oidcAuthentication.scopes;
+        })
+
+        (lib.mkIf (cfg.slackIntegration != null) {
+          SLACK_APP_ID = cfg.slackIntegration.appId;
+          SLACK_MESSAGE_ACTIONS = builtins.toString cfg.slackIntegration.messageActions;
+        })
+
+        (lib.mkIf (cfg.smtp != null) {
+          SMTP_HOST = cfg.smtp.host;
+          SMTP_PORT = builtins.toString cfg.smtp.port;
+          SMTP_USERNAME = cfg.smtp.username;
+          SMTP_FROM_EMAIL = cfg.smtp.fromEmail;
+          SMTP_REPLY_EMAIL = cfg.smtp.replyEmail;
+          SMTP_TLS_CIPHERS = cfg.smtp.tlsCiphers;
+          SMTP_SECURE = builtins.toString cfg.smtp.secure;
+        })
+      ];
+
+      preStart = ''
+        if [ ! -s ${lib.escapeShellArg cfg.secretKeyFile} ]; then
+          openssl rand -hex 32 > ${lib.escapeShellArg cfg.secretKeyFile}
+        fi
+        if [ ! -s ${lib.escapeShellArg cfg.utilsSecretFile} ]; then
+          openssl rand -hex 32 > ${lib.escapeShellArg cfg.utilsSecretFile}
+        fi
+
+        # The config file is required for the CLI, the DATABASE_URL environment
+        # variable is read by the app.
+        ${if (cfg.databaseUrl == "local") then ''
+          cat <<EOF > $RUNTIME_DIRECTORY/database.json
+          {
+            "production": {
+              "dialect": "postgres",
+              "host": "/run/postgresql",
+              "username": null,
+              "password": null
+            }
+          }
+          EOF
+          export DATABASE_URL=${lib.escapeShellArg localPostgresqlUrl}
+          export PGSSLMODE=disable
+        '' else ''
+          cat <<EOF > $RUNTIME_DIRECTORY/database.json
+          {
+            "production": {
+              "use_env_variable": "DATABASE_URL",
+              "dialect": "postgres",
+              "dialectOptions": {
+                "ssl": {
+                  "rejectUnauthorized": false
+                }
+              }
+            },
+            "production-ssl-disabled": {
+              "use_env_variable": "DATABASE_URL",
+              "dialect": "postgres"
+            }
+          }
+          EOF
+          export DATABASE_URL=${lib.escapeShellArg cfg.databaseUrl}
+        ''}
+
+        cd $RUNTIME_DIRECTORY
+        ${sequelize}/bin/outline-sequelize db:migrate
+      '';
+
+      script = ''
+        export SECRET_KEY="$(head -n1 ${lib.escapeShellArg cfg.secretKeyFile})"
+        export UTILS_SECRET="$(head -n1 ${lib.escapeShellArg cfg.utilsSecretFile})"
+        export AWS_SECRET_ACCESS_KEY="$(head -n1 ${lib.escapeShellArg cfg.storage.secretKeyFile})"
+        ${lib.optionalString (cfg.slackAuthentication != null) ''
+          export SLACK_CLIENT_SECRET="$(head -n1 ${lib.escapeShellArg cfg.slackAuthentication.secretFile})"
+        ''}
+        ${lib.optionalString (cfg.googleAuthentication != null) ''
+          export GOOGLE_CLIENT_SECRET="$(head -n1 ${lib.escapeShellArg cfg.googleAuthentication.clientSecretFile})"
+        ''}
+        ${lib.optionalString (cfg.azureAuthentication != null) ''
+          export AZURE_CLIENT_SECRET="$(head -n1 ${lib.escapeShellArg cfg.azureAuthentication.clientSecretFile})"
+        ''}
+        ${lib.optionalString (cfg.oidcAuthentication != null) ''
+          export OIDC_CLIENT_SECRET="$(head -n1 ${lib.escapeShellArg cfg.oidcAuthentication.clientSecretFile})"
+        ''}
+        ${lib.optionalString (cfg.sslKeyFile != null) ''
+          export SSL_KEY="$(head -n1 ${lib.escapeShellArg cfg.sslKeyFile})"
+        ''}
+        ${lib.optionalString (cfg.sslCertFile != null) ''
+          export SSL_CERT="$(head -n1 ${lib.escapeShellArg cfg.sslCertFile})"
+        ''}
+        ${lib.optionalString (cfg.slackIntegration != null) ''
+          export SLACK_VERIFICATION_TOKEN="$(head -n1 ${lib.escapeShellArg cfg.slackIntegration.verificationTokenFile})"
+        ''}
+        ${lib.optionalString (cfg.smtp != null) ''
+          export SMTP_PASSWORD="$(head -n1 ${lib.escapeShellArg cfg.smtp.passwordFile})"
+        ''}
+
+        ${if (cfg.databaseUrl == "local") then ''
+          export DATABASE_URL=${lib.escapeShellArg localPostgresqlUrl}
+          export PGSSLMODE=disable
+        '' else ''
+          export DATABASE_URL=${lib.escapeShellArg cfg.databaseUrl}
+        ''}
+
+        ${cfg.package}/bin/outline-server
+      '';
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+        Restart = "always";
+        ProtectSystem = "strict";
+        PrivateHome = true;
+        PrivateTmp = true;
+        UMask = "0007";
+
+        StateDirectory = "outline";
+        StateDirectoryMode = "0750";
+        RuntimeDirectory = "outline";
+        RuntimeDirectoryMode = "0750";
+        # This working directory is required to find stuff like the set of
+        # onboarding files:
+        WorkingDirectory = "${cfg.package}/share/outline/build";
+      };
+    };
+  };
+}

nixos/modules/services/web-apps/plausible.nix

@@ -188,7 +188,11 @@ in {
           inherit (pkgs.plausible.meta) description;
           documentation = [ "https://plausible.io/docs/self-hosting" ];
           wantedBy = [ "multi-user.target" ];
-          after = optionals cfg.database.postgres.setup [ "postgresql.service" "plausible-postgres.service" ];
+          after = optional cfg.database.clickhouse.setup "clickhouse.service"
+          ++ optionals cfg.database.postgres.setup [
+              "postgresql.service"
+              "plausible-postgres.service"
+            ];
           requires = optional cfg.database.clickhouse.setup "clickhouse.service"
             ++ optionals cfg.database.postgres.setup [
               "postgresql.service"

nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix

@@ -25,13 +25,7 @@ in
 {
   options = {
     services.xserver.displayManager.lightdm.greeters.slick = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = lib.mdDoc ''
-          Whether to enable lightdm-slick-greeter as the lightdm greeter.
-        '';
-      };
+      enable = mkEnableOption "lightdm-slick-greeter as the lightdm greeter";
 
       theme = {
         package = mkOption {

nixos/modules/services/x11/xserver.nix

@@ -151,8 +151,10 @@ in
       (mkRemovedOptionModule
         [ "services" "xserver" "startDbusSession" ]
         "The user D-Bus session is now always socket activated and this option can safely be removed.")
-      (mkRemovedOptionModule ["services" "xserver" "useXFS" ]
+      (mkRemovedOptionModule [ "services" "xserver" "useXFS" ]
         "Use services.xserver.fontPath instead of useXFS")
+      (mkRemovedOptionModule [ "services" "xserver" "useGlamor" ]
+        "Option services.xserver.useGlamor was removed because it is unnecessary. Drivers that uses Glamor will use it automatically.")
     ];
 
 
@@ -555,15 +557,6 @@ in
         '';
       };
 
-      useGlamor = mkOption {
-        type = types.bool;
-        default = false;
-        description = lib.mdDoc ''
-          Whether to use the Glamor module for 2D acceleration,
-          if possible.
-        '';
-      };
-
       enableCtrlAltBackspace = mkOption {
         type = types.bool;
         default = false;
@@ -794,13 +787,6 @@ in
           '')}
         EndSection
 
-        ${if cfg.useGlamor then ''
-          Section "Module"
-            Load "dri2"
-            Load "glamoregl"
-          EndSection
-        '' else ""}
-
         # For each supported driver, add a "Device" and "Screen"
         # section.
         ${flip concatMapStrings cfg.drivers (driver: ''
@@ -808,7 +794,6 @@ in
           Section "Device"
             Identifier "Device-${driver.name}[0]"
             Driver "${driver.driverName or driver.name}"
-            ${if cfg.useGlamor then ''Option "AccelMethod" "glamor"'' else ""}
           ${indent cfg.deviceSection}
           ${indent (driver.deviceSection or "")}
           ${indent xrandrDeviceSection}

nixos/modules/system/activation/switch-to-configuration.pl

@@ -167,7 +167,7 @@ sub get_active_units {
 # Takes the name of the unit as an argument and returns a bool whether the unit is active or not.
 sub unit_is_active {
     my ($unit_name) = @_;
-    my $units = busctl_call_systemd1_mgr("ListUnitsByNames", "as", 1, $unit_name)->{data}->[0];
+    my $units = busctl_call_systemd1_mgr("ListUnitsByNames", "as", 1, , "--", $unit_name)->{data}->[0];
     if (scalar(@{$units}) == 0) {
         return 0;
     }

nixos/modules/system/boot/systemd/initrd.nix

@@ -100,12 +100,6 @@ let
 
   fileSystems = filter utils.fsNeededForBoot config.system.build.fileSystems;
 
-  fstab = pkgs.writeText "initrd-fstab" (lib.concatMapStringsSep "\n"
-    ({ fsType, mountPoint, device, options, autoFormat, autoResize, ... }@fs: let
-        opts = options ++ optional autoFormat "x-systemd.makefs" ++ optional autoResize "x-systemd.growfs";
-        finalDevice = if (lib.elem "bind" options) then "/sysroot${device}" else device;
-      in "${finalDevice} /sysroot${mountPoint} ${fsType} ${lib.concatStringsSep "," opts}") fileSystems);
-
   needMakefs = lib.any (fs: fs.autoFormat) fileSystems;
   needGrowfs = lib.any (fs: fs.autoResize) fileSystems;
 
@@ -354,8 +348,6 @@ in {
           DefaultEnvironment=PATH=/bin:/sbin ${optionalString (isBool cfg.emergencyAccess && cfg.emergencyAccess) "SYSTEMD_SULOGIN_FORCE=1"}
         '';
 
-        "/etc/fstab".source = fstab;
-
         "/lib/modules".source = "${modulesClosure}/lib/modules";
         "/lib/firmware".source = "${modulesClosure}/lib/firmware";
 

nixos/modules/tasks/filesystems.nix

@@ -153,6 +153,34 @@ let
       specialMount "${mount.device}" "${mount.mountPoint}" "${concatStringsSep "," mount.options}" "${mount.fsType}"
     '') mounts);
 
+  makeFstabEntries =
+    let
+      fsToSkipCheck = [ "none" "bindfs" "btrfs" "zfs" "tmpfs" "nfs" "vboxsf" "glusterfs" "apfs" "9p" "cifs" "prl_fs" "vmhgfs" ];
+      isBindMount = fs: builtins.elem "bind" fs.options;
+      skipCheck = fs: fs.noCheck || fs.device == "none" || builtins.elem fs.fsType fsToSkipCheck || isBindMount fs;
+      # https://wiki.archlinux.org/index.php/fstab#Filepath_spaces
+      escape = string: builtins.replaceStrings [ " " "\t" ] [ "\\040" "\\011" ] string;
+    in fstabFileSystems: { rootPrefix ? "", excludeChecks ? false, extraOpts ? (fs: []) }: concatMapStrings (fs:
+      (optionalString (isBindMount fs) (escape rootPrefix))
+      + (if fs.device != null then escape fs.device
+         else if fs.label != null then "/dev/disk/by-label/${escape fs.label}"
+         else throw "No device specified for mount point ‘${fs.mountPoint}’.")
+      + " " + escape (rootPrefix + fs.mountPoint)
+      + " " + fs.fsType
+      + " " + builtins.concatStringsSep "," (fs.options ++ (extraOpts fs))
+      + " " + (optionalString (!excludeChecks)
+        ("0 " + (if skipCheck fs then "0" else if fs.mountPoint == "/" then "1" else "2")))
+      + "\n"
+    ) fstabFileSystems;
+
+    initrdFstab = pkgs.writeText "initrd-fstab" (makeFstabEntries (filter utils.fsNeededForBoot fileSystems) {
+      rootPrefix = "/sysroot";
+      excludeChecks = true;
+      extraOpts = fs:
+        (optional fs.autoResize "x-systemd.growfs")
+        ++ (optional fs.autoFormat "x-systemd.makefs");
+    });
+
 in
 
 {
@@ -278,11 +306,6 @@ in
 
     environment.etc.fstab.text =
       let
-        fsToSkipCheck = [ "none" "bindfs" "btrfs" "zfs" "tmpfs" "nfs" "vboxsf" "glusterfs" "apfs" "9p" "cifs" "prl_fs" "vmhgfs" ];
-        isBindMount = fs: builtins.elem "bind" fs.options;
-        skipCheck = fs: fs.noCheck || fs.device == "none" || builtins.elem fs.fsType fsToSkipCheck || isBindMount fs;
-        # https://wiki.archlinux.org/index.php/fstab#Filepath_spaces
-        escape = string: builtins.replaceStrings [ " " "\t" ] [ "\\040" "\\011" ] string;
         swapOptions = sw: concatStringsSep "," (
           sw.options
           ++ optional (sw.priority != null) "pri=${toString sw.priority}"
@@ -297,18 +320,7 @@ in
         # <file system> <mount point>   <type>  <options>       <dump>  <pass>
 
         # Filesystems.
-        ${concatMapStrings (fs:
-            (if fs.device != null then escape fs.device
-             else if fs.label != null then "/dev/disk/by-label/${escape fs.label}"
-             else throw "No device specified for mount point ‘${fs.mountPoint}’.")
-            + " " + escape fs.mountPoint
-            + " " + fs.fsType
-            + " " + builtins.concatStringsSep "," fs.options
-            + " 0"
-            + " " + (if skipCheck fs then "0" else
-                     if fs.mountPoint == "/" then "1" else "2")
-            + "\n"
-        ) fileSystems}
+        ${makeFstabEntries fileSystems {}}
 
         # Swap devices.
         ${flip concatMapStrings config.swapDevices (sw:
@@ -316,6 +328,8 @@ in
         )}
       '';
 
+    boot.initrd.systemd.contents."/etc/fstab".source = initrdFstab;
+
     # Provide a target that pulls in all filesystems.
     systemd.targets.fs =
       { description = "All File Systems";

nixos/modules/virtualisation/libvirtd.nix

@@ -282,7 +282,7 @@ in
       setuid = true;
       owner = "root";
       group = "root";
-      source = "/run/${dirName}/nix-helpers/qemu-bridge-helper";
+      source = "${cfg.qemu.package}/libexec/qemu-bridge-helper";
     };
 
     systemd.packages = [ cfg.package ];
@@ -308,7 +308,7 @@ in
           ln -s --force "$emulator" /run/${dirName}/nix-emulators/
         done
 
-        for helper in libexec/qemu-bridge-helper bin/qemu-pr-helper; do
+        for helper in bin/qemu-pr-helper; do
           ln -s --force ${cfg.qemu.package}/$helper /run/${dirName}/nix-helpers/
         done
 

nixos/modules/virtualisation/proxmox-image.nix

@@ -129,21 +129,16 @@ with lib;
         # Build qemu with PVE's patch that adds support for the VMA format
         vma = pkgs.qemu_kvm.overrideAttrs ( super: rec {
 
-          # proxmox's VMA patch doesn't work with qemu 7.0 yet
-          version = "6.2.0";
-          src = pkgs.fetchurl {
-            url= "https://download.qemu.org/qemu-${version}.tar.xz";
-            hash = "sha256-aOFdjkWsVjJuC5pK+otJo9/oq6NIgiHQmMhGmLymW0U=";
-          };
-
-          patches = let
-            rev = "b37b17c286da3d32945fbee8ee4fd97a418a50db";
-            path = "debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch";
-            vma-patch = pkgs.fetchpatch {
-              url = "https://git.proxmox.com/?p=pve-qemu.git;a=blob_plain;h=${rev};f=${path}";
-              hash = "sha256-siuDWDUnM9Zq0/L2Faww3ELAOUHhVIHu5RAQn6L4Atc=";
-            };
-          in [ vma-patch ];
+          patches = [
+            (pkgs.fetchpatch {
+              url =
+                let
+                  rev = "1976ca460796f28447b41e3618e5c1e234035dd5";
+                  path = "debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch";
+                in "https://git.proxmox.com/?p=pve-qemu.git;a=blob_plain;hb=${rev};f=${path}";
+              hash = "sha256-2Dz+ceTwrcyYYxi76RtyY3v15/2pwGcDhFuoZWlgbjc=";
+            })
+          ];
 
           buildInputs = super.buildInputs ++ [ pkgs.libuuid ];
 
@@ -155,6 +150,9 @@ with lib;
         rm $diskImage
         ${pkgs.zstd}/bin/zstd "vzdump-qemu-${cfg.filenameSuffix}.vma"
         mv "vzdump-qemu-${cfg.filenameSuffix}.vma.zst" $out/
+
+        mkdir -p $out/nix-support
+        echo "file vma $out/vzdump-qemu-${cfg.filenameSuffix}.vma.zst" >> $out/nix-support/hydra-build-products
       '';
       format = "raw";
       inherit config lib pkgs;

nixos/modules/virtualisation/qemu-vm.nix

@@ -98,12 +98,6 @@ let
   addDeviceNames =
     imap1 (idx: drive: drive // { device = driveDeviceName idx; });
 
-  efiPrefix =
-    if pkgs.stdenv.hostPlatform.isx86 then "${pkgs.OVMF.fd}/FV/OVMF"
-    else if pkgs.stdenv.isAarch64 then "${pkgs.OVMF.fd}/FV/AAVMF"
-    else throw "No EFI firmware available for platform";
-  efiFirmware = "${efiPrefix}_CODE.fd";
-  efiVarsDefault = "${efiPrefix}_VARS.fd";
 
   # Shell script to start the VM.
   startVM =
@@ -218,14 +212,14 @@ let
               ${qemu}/bin/qemu-img create -f qcow2 $diskImage "60M"
               ${if cfg.useEFIBoot then ''
                 efiVars=$out/efi-vars.fd
-                cp ${efiVarsDefault} $efiVars
+                cp ${cfg.efi.variables} $efiVars
                 chmod 0644 $efiVars
               '' else ""}
             '';
           buildInputs = [ pkgs.util-linux ];
           QEMU_OPTS = "-nographic -serial stdio -monitor none"
                       + lib.optionalString cfg.useEFIBoot (
-                        " -drive if=pflash,format=raw,unit=0,readonly=on,file=${efiFirmware}"
+                        " -drive if=pflash,format=raw,unit=0,readonly=on,file=${cfg.efi.firmware}"
                       + " -drive if=pflash,format=raw,unit=1,file=$efiVars");
         }
         ''
@@ -705,8 +699,31 @@ in
             manager.
             useEFIBoot is ignored if useBootLoader == false.
           '';
+        };
+
+    virtualisation.efi = {
+      firmware = mkOption {
+        type = types.path;
+        default = pkgs.OVMF.firmware;
+        defaultText = "pkgs.OVMF.firmware";
+        description =
+          lib.mdDoc ''
+            Firmware binary for EFI implementation, defaults to OVMF.
+          '';
       };
 
+      variables = mkOption {
+        type = types.path;
+        default = pkgs.OVMF.variables;
+        defaultText = "pkgs.OVMF.variables";
+        description =
+          lib.mdDoc ''
+            Platform-specific flash binary for EFI variables, implementation-dependent to the EFI firmware.
+            Defaults to OVMF.
+          '';
+      };
+    };
+
     virtualisation.useDefaultFilesystems =
       mkOption {
         type = types.bool;
@@ -928,7 +945,7 @@ in
         ''-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${consoles} $QEMU_KERNEL_PARAMS"''
       ])
       (mkIf cfg.useEFIBoot [
-        "-drive if=pflash,format=raw,unit=0,readonly=on,file=${efiFirmware}"
+        "-drive if=pflash,format=raw,unit=0,readonly=on,file=${cfg.efi.firmware}"
         "-drive if=pflash,format=raw,unit=1,file=$NIX_EFI_VARS"
       ])
       (mkIf (cfg.bios != null) [

nixos/tests/all-tests.nix

@@ -284,6 +284,7 @@ in {
   libreswan = handleTest ./libreswan.nix {};
   librewolf = handleTest ./firefox.nix { firefoxPackage = pkgs.librewolf; };
   libuiohook = handleTest ./libuiohook.nix {};
+  libvirtd = handleTest ./libvirtd.nix {};
   lidarr = handleTest ./lidarr.nix {};
   lightdm = handleTest ./lightdm.nix {};
   lighttpd = handleTest ./lighttpd.nix {};
@@ -357,6 +358,7 @@ in {
   ncdns = handleTest ./ncdns.nix {};
   ndppd = handleTest ./ndppd.nix {};
   nebula = handleTest ./nebula.nix {};
+  netbird = handleTest ./netbird.nix {};
   neo4j = handleTest ./neo4j.nix {};
   netdata = handleTest ./netdata.nix {};
   networking.networkd = handleTest ./networking.nix { networkd = true; };

nixos/tests/libvirtd.nix

@@ -0,0 +1,49 @@
+import ./make-test-python.nix ({ pkgs, ... }: {
+  name = "libvirtd";
+  meta.maintainers = with pkgs.lib.maintainers; [ fpletz ];
+
+  nodes = {
+    virthost =
+      { pkgs, ... }:
+      {
+        virtualisation = {
+          cores = 2;
+          memorySize = 2048;
+
+          libvirtd.enable = true;
+        };
+        networking.nameservers = [ "192.168.122.1" ];
+        security.polkit.enable = true;
+        environment.systemPackages = with pkgs; [ virt-manager ];
+      };
+  };
+
+  testScript = let
+    nixosInstallISO = (import ../release.nix {}).iso_minimal.${pkgs.hostPlatform.system};
+    virshShutdownCmd = if pkgs.stdenv.isx86_64 then "shutdown" else "destroy";
+  in ''
+    start_all()
+
+    virthost.wait_for_unit("sockets.target")
+
+    with subtest("enable default network"):
+      virthost.succeed("virsh net-start default")
+      virthost.succeed("virsh net-autostart default")
+      virthost.succeed("virsh net-info default")
+
+    with subtest("check if partition disk pools works with parted"):
+      virthost.succeed("fallocate -l100m /tmp/foo; losetup /dev/loop0 /tmp/foo; echo 'label: dos' | sfdisk /dev/loop0")
+      virthost.succeed("virsh pool-create-as foo disk --source-dev /dev/loop0 --target /dev")
+      virthost.succeed("virsh vol-create-as foo loop0p1 25MB")
+      virthost.succeed("virsh vol-create-as foo loop0p2 50MB")
+
+    with subtest("check if nixos install iso boots and network works"):
+      virthost.succeed(
+        "virt-install -n nixos --osinfo=nixos-unstable --ram=1024 --graphics=none --disk=`find ${nixosInstallISO}/iso -type f | head -n1`,readonly=on --import --noautoconsole"
+      )
+      virthost.succeed("virsh domstate nixos | grep running")
+      virthost.wait_until_succeeds("ping -c 1 nixos")
+      virthost.succeed("virsh ${virshShutdownCmd} nixos")
+      virthost.wait_until_succeeds("virsh domstate nixos | grep 'shut off'")
+  '';
+})

nixos/tests/netbird.nix

@@ -0,0 +1,21 @@
+import ./make-test-python.nix ({ pkgs, lib, ... }:
+{
+  name = "netbird";
+
+  meta = with pkgs.lib.maintainers; {
+    maintainers = [ misuzu ];
+  };
+
+  nodes = {
+    node = { ... }: {
+      services.netbird.enable = true;
+    };
+  };
+
+  testScript = ''
+    start_all()
+    node.wait_for_unit("netbird.service")
+    node.wait_for_file("/var/run/netbird/sock")
+    node.succeed("netbird status | grep -q 'Daemon status: NeedsLogin'")
+  '';
+})

nixos/tests/switch-test.nix

@@ -214,6 +214,25 @@ in {
           systemd.services."escaped\\x2ddash".serviceConfig.X-Test = "test";
         };
 
+        unitStartingWithDash.configuration = {
+          systemd.services."-" = {
+            wantedBy = [ "multi-user.target" ];
+            serviceConfig = {
+              Type = "oneshot";
+              RemainAfterExit = true;
+              ExecStart = "${pkgs.coreutils}/bin/true";
+            };
+          };
+        };
+
+        unitStartingWithDashModified.configuration = {
+          imports = [ unitStartingWithDash.configuration ];
+          systemd.services."-" = {
+            reloadIfChanged = true;
+            serviceConfig.ExecReload = "${pkgs.coreutils}/bin/true";
+          };
+        };
+
         unitWithRequirement.configuration = {
           systemd.services.required-service = {
             wantedBy = [ "multi-user.target" ];
@@ -637,9 +656,27 @@ in {
         assert_contains(out, "\nstarting the following units: escaped\\x2ddash.service\n")
         assert_lacks(out, "the following new units were started:")
 
+        # Ensure units can start with a dash
+        out = switch_to_specialisation("${machine}", "unitStartingWithDash")
+        assert_contains(out, "stopping the following units: escaped\\x2ddash.service\n")
+        assert_lacks(out, "NOT restarting the following changed units:")
+        assert_lacks(out, "reloading the following units:")
+        assert_lacks(out, "\nrestarting the following units:")
+        assert_lacks(out, "\nstarting the following units:")
+        assert_contains(out, "the following new units were started: -.service\n")
+
+        # The regression only occurs when reloading units
+        out = switch_to_specialisation("${machine}", "unitStartingWithDashModified")
+        assert_lacks(out, "stopping the following units:")
+        assert_lacks(out, "NOT restarting the following changed units:")
+        assert_contains(out, "reloading the following units: -.service")
+        assert_lacks(out, "\nrestarting the following units:")
+        assert_lacks(out, "\nstarting the following units:")
+        assert_lacks(out, "the following new units were started:")
+
         # Ensure units that require changed units are properly reloaded
         out = switch_to_specialisation("${machine}", "unitWithRequirement")
-        assert_contains(out, "stopping the following units: escaped\\x2ddash.service\n")
+        assert_contains(out, "stopping the following units: -.service\n")
         assert_lacks(out, "NOT restarting the following changed units:")
         assert_lacks(out, "reloading the following units:")
         assert_lacks(out, "\nrestarting the following units:")

pkgs/applications/accessibility/wvkbd/default.nix

@@ -13,13 +13,13 @@
 
 stdenv.mkDerivation rec {
   pname = "wvkbd";
-  version = "0.7";
+  version = "0.9";
 
   src = fetchFromGitHub {
     owner = "jjsullivan5196";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-5UV2PMrLXtF3AxjfPxxwFRkgVef+Ap8nG1v795o0bWE=";
+    sha256 = "sha256-Dcb1mnqvf2MvwljWuqMV/8AyF/aGMcDiz4cRQ9NAFtM=";
   };
 
   nativeBuildInputs = [ pkg-config ];

pkgs/applications/audio/cmus/default.nix

@@ -102,13 +102,13 @@ in
 
 stdenv.mkDerivation rec {
   pname = "cmus";
-  version = "2.9.1";
+  version = "2.10.0";
 
   src = fetchFromGitHub {
     owner  = "cmus";
     repo   = "cmus";
     rev    = "v${version}";
-    sha256 = "sha256-HEiEnEWf/MzhPO19VKTLYzhylpEvyzy1Jxs6EW2NU34=";
+    sha256 = "sha256-Ha0bIh3SYMhA28YXQ//Loaz9J1lTJAzjTx8eK3AqUjM=";
   };
 
   patches = [ ./option-debugging.patch ];

pkgs/applications/audio/dexed/default.nix

@@ -0,0 +1,107 @@
+{ stdenv
+, lib
+, fetchFromGitHub
+, cmake
+, pkg-config
+, libX11
+, libXrandr
+, libXinerama
+, libXext
+, libXcursor
+, freetype
+, alsa-lib
+, libjack2
+, Cocoa
+, WebKit
+, MetalKit
+, simd
+, DiscRecording
+, CoreAudioKit
+}:
+
+stdenv.mkDerivation rec {
+  pname = "dexed";
+  version = "unstable-2022-07-09";
+
+  src = fetchFromGitHub {
+    owner = "asb2m10";
+    repo = "dexed";
+    rev = "2c036316bcd512818aa9cc8129767ad9e0ec7132";
+    fetchSubmodules = true;
+    sha256 = "sha256-6buvA72YRlGjHWLPEZMr45lYYG6ZY+IWmylcHruX27g=";
+  };
+
+  postPatch = ''
+    # needs special setup on Linux, dunno if it can work on Darwin
+    # https://github.com/NixOS/nixpkgs/issues/19098
+    sed -i -e '/juce::juce_recommended_lto_flags/d' Source/CMakeLists.txt
+  '';
+
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+  ];
+
+  buildInputs = lib.optionals stdenv.hostPlatform.isLinux [
+    libX11
+    libXext
+    libXcursor
+    libXinerama
+    libXrandr
+    freetype
+    alsa-lib
+    libjack2
+  ] ++ lib.optionals stdenv.hostPlatform.isDarwin [
+    Cocoa
+    WebKit
+    MetalKit
+    simd
+    DiscRecording
+    CoreAudioKit
+  ];
+
+  # JUCE insists on only dlopen'ing these
+  NIX_LDFLAGS = lib.optionalString stdenv.hostPlatform.isLinux (toString [
+    "-lX11"
+    "-lXext"
+    "-lXcursor"
+    "-lXinerama"
+    "-lXrandr"
+    "-ljack"
+  ]);
+
+  installPhase = let
+    vst3Dir = if stdenv.hostPlatform.isDarwin then "$out/Library/Audio/Plug-Ins/VST3" else "$out/lib/vst3";
+    # this one's a guess, don't know where ppl have agreed to put them yet
+    clapDir = if stdenv.hostPlatform.isDarwin then "$out/Library/Audio/Plug-Ins/CLAP" else "$out/lib/clap";
+    auDir = "$out/Library/Audio/Plug-Ins/Components";
+  in ''
+    runHook preInstall
+
+  '' + (if stdenv.hostPlatform.isDarwin then ''
+    mkdir -p $out/{Applications,bin}
+    mv Source/Dexed_artefacts/Release/Standalone/Dexed.app $out/Applications/
+    ln -s $out/{Applications/Dexed.app/Contents/MacOS,bin}/Dexed
+  '' else ''
+    install -Dm755 {Source/Dexed_artefacts/Release/Standalone,$out/bin}/Dexed
+  '') + ''
+    mkdir -p ${vst3Dir} ${clapDir}
+    mv Source/Dexed_artefacts/Release/VST3/* ${vst3Dir}
+    mv Source/Dexed_artefacts/Release/CLAP/* ${clapDir}
+  '' + lib.optionalString stdenv.hostPlatform.isDarwin ''
+    mkdir -p ${auDir}
+    mv Source/Dexed_artefacts/Release/AU/* ${auDir}
+  '' + ''
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "DX7 FM multi platform/multi format plugin";
+    mainProgram = "Dexed";
+    homepage = "https://asb2m10.github.io/dexed";
+    license = licenses.gpl3Only;
+    platforms = platforms.all;
+    maintainers = with maintainers; [ OPNA2608 ];
+  };
+}

pkgs/applications/audio/ncspot/default.nix

@@ -7,16 +7,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "ncspot";
-  version = "0.10.1";
+  version = "0.11.0";
 
   src = fetchFromGitHub {
     owner = "hrkfdn";
     repo = "ncspot";
     rev = "v${version}";
-    sha256 = "sha256-KETLPBMBWGqmuczF5BG7WZ15szWqQHx7uKwDA2KyN/U=";
+    sha256 = "sha256-mtveGRwadcct9R8CxLWCvT9FamK2PnicpeSvL4iT4oE=";
   };
 
-  cargoSha256 = "sha256-95IFRFZySpyyF3k3RpGeV+sDXkg38kcHyPYxuxTfJJA=";
+  cargoSha256 = "sha256-JqHJY91q2vm0x819zUkBBAObpnXN5aPde8m5UJ2NeNY=";
 
   nativeBuildInputs = [ pkg-config ];
 

pkgs/applications/audio/new-session-manager/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "new-session-manager";
-  version = "1.5.3";
+  version = "1.6.0";
 
   src = fetchFromGitHub {
     owner = "linuxaudio";
     repo = "new-session-manager";
     rev = "v${version}";
-    sha256 = "sha256-dQE7kUoxqDtTrk5euHqpMVeApxniecWZWOARcCl573o=";
+    sha256 = "sha256-QVykRYXToeVXr7pYQy2afgEAlXrQnm68+xEUZhd+FkY=";
   };
 
   nativeBuildInputs = [ meson pkg-config ninja ];

pkgs/applications/audio/osdlyrics/default.nix

@@ -17,13 +17,13 @@
 
 stdenv.mkDerivation rec {
   pname = "osdlyrics";
-  version = "0.5.10";
+  version = "0.5.11";
 
   src = fetchFromGitHub {
     owner = "osdlyrics";
     repo = "osdlyrics";
     rev = version;
-    sha256 = "sha256-x9gIT1JkfPIc4RmmQJLv9rOG2WqAftoTK5uiRlS65zU=";
+    sha256 = "sha256-VxLNaNe4hFwgSW4JEF1T4BWC2NwiOgfwVGiAIOszfGE=";
   };
 
   nativeBuildInputs = [

pkgs/applications/audio/patchage/default.nix

@@ -15,13 +15,13 @@
 
 stdenv.mkDerivation rec {
   pname = "patchage";
-  version = "1.0.4";
+  version = "1.0.6";
 
   src = fetchFromGitLab {
     owner = "drobilla";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-feQXACsn2i2pJXs0EA9tIbtpl9Lxx5K4G7eG5VWuDV0=";
+    hash = "sha256-LzN6RyF/VT4LUVeR0904BnLuNMFZjFTDu9oDIKYG2Yo=";
     fetchSubmodules = true;
   };
 

pkgs/applications/audio/pavucontrol/default.nix

@@ -35,6 +35,8 @@ stdenv.mkDerivation rec {
 
   configureFlags = [ "--disable-lynx" ];
 
+  enableParallelBuilding = true;
+
   meta = with lib; {
     description = "PulseAudio Volume Control";
 

pkgs/applications/audio/qpwgraph/default.nix

@@ -5,14 +5,14 @@
 
 mkDerivation rec {
   pname = "qpwgraph";
-  version = "0.3.4";
+  version = "0.3.5";
 
   src = fetchFromGitLab {
     domain = "gitlab.freedesktop.org";
     owner = "rncbc";
     repo = "qpwgraph";
     rev = "v${version}";
-    sha256 = "sha256-JCnvwSredXO1WrTu4BIUaUTTjPcd5U/ZZcRbI/GiFfc=";
+    sha256 = "sha256-ZpVQjlqz1aPpf04qHMsN06s1n5msf32oB7cJYZf6xAU=";
   };
 
   nativeBuildInputs = [ cmake pkg-config ];

pkgs/applications/audio/schismtracker/default.nix

@@ -9,13 +9,13 @@
 
 stdenv.mkDerivation rec {
   pname = "schismtracker";
-  version = "20220125";
+  version = "20220506";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = version;
-    sha256 = "sha256-Hqbm5+YyCde/6QuyIy4NE/jG4xNDzeNjEefMr60GEZM=";
+    sha256 = "sha256-fK0FBn9e7l1Y/A7taFlaoas6ZPREFhEmskVBqjda6q0=";
   };
 
   configureFlags = [ "--enable-dependency-tracking" ]

pkgs/applications/audio/spotify-qt/default.nix

@@ -9,13 +9,13 @@
 
 mkDerivation rec {
    pname = "spotify-qt";
-   version = "3.8";
+   version = "3.9";
 
    src = fetchFromGitHub {
       owner = "kraxarn";
       repo = pname;
       rev = "v${version}";
-      sha256 = "sha256-Rgtw+nrM8YUBHPIIe9zVhLij/ep07piPf/2MSmTVQKk=";
+      sha256 = "sha256-8rLpasgXiaL2KpGnYMQdNN2ayjcSkmz5hDkNBnKNWHk=";
    };
 
    buildInputs = [ libxcb qtbase qtsvg ];
@@ -30,7 +30,7 @@ mkDerivation rec {
     description = "Lightweight unofficial Spotify client using Qt";
     homepage = "https://github.com/kraxarn/spotify-qt";
     license = licenses.gpl3Only;
-    maintainers = with maintainers; [ kiyengar ];
+    maintainers = with maintainers; [ ];
     platforms = platforms.unix;
    };
 }

pkgs/applications/audio/transcribe/default.nix

@@ -20,14 +20,14 @@
 
 stdenv.mkDerivation rec {
   pname = "transcribe";
-  version = "9.10";
+  version = "9.21";
 
   src =
     if stdenv.hostPlatform.system == "x86_64-linux" then
       fetchzip
         {
-          url = "https://www.seventhstring.com/xscribe/downlo/xscsetup-9.10.0.tar.gz";
-          sha256 = "sha256-6+P2qdjyvCzwrXYgw2yeG+hu8W5t6E0RCZx6Znkvj3g=";
+          url = "https://www.seventhstring.com/xscribe/downlo/xscsetup-9.21.0.tar.gz";
+          sha256 = "sha256-M0hOJOsTTRxPef8rTO+/KpiP4lr8mtplS9KITaFOFPA=";
         }
     else throw "Platform not supported";
 

pkgs/applications/audio/uade/default.nix

@@ -6,22 +6,24 @@
 , which
 , makeWrapper
 , libao
-, libbencodetools
+, bencodetools
 , sox
 , lame
 , flac
 , vorbis-tools
+# https://gitlab.com/uade-music-player/uade/-/issues/38
+, withWriteAudio ? !stdenv.hostPlatform.isDarwin
 }:
 
 stdenv.mkDerivation rec {
-  pname = "uade123";
-  version = "3.01";
+  pname = "uade";
+  version = "3.02";
 
   src = fetchFromGitLab {
     owner = "uade-music-player";
     repo = "uade";
     rev = "uade-${version}";
-    sha256 = "0fam3g8mlzrirrac3iwcwsz9jmsqwdy7lkwwdr2q4pkq9cpmh8m5";
+    sha256 = "sha256-skPEXBQwyr326zCmZ2jwGxcBoTt3Y/h2hagDeeqbMpw=";
   };
 
   postPatch = ''
@@ -31,30 +33,41 @@ stdenv.mkDerivation rec {
     substituteInPlace src/frontends/mod2ogg/mod2ogg2.sh.in \
       --replace '-e stat' '-n stat' \
       --replace '/usr/local' "$out"
+    substituteInPlace python/uade/generate_oscilloscope_view.py \
+      --replace "default='uade123'" "default='$out/bin/uade123'"
+    # https://gitlab.com/uade-music-player/uade/-/issues/37
+    substituteInPlace write_audio/Makefile.in \
+      --replace 'g++' '${stdenv.cc.targetPrefix}c++'
   '';
 
   nativeBuildInputs = [
     pkg-config
     which
     makeWrapper
+  ] ++ lib.optionals withWriteAudio [
     python3
   ];
 
   buildInputs = [
     libao
-    libbencodetools
+    bencodetools
     sox
     lame
     flac
     vorbis-tools
+  ] ++ lib.optionals withWriteAudio [
     (python3.withPackages (p: with p; [
       pillow
       tqdm
+      more-itertools
     ]))
   ];
 
   configureFlags = [
-    "--bencode-tools-prefix=${libbencodetools}"
+    "--bencode-tools-prefix=${bencodetools}"
+    "--with-text-scope"
+  ] ++ lib.optionals (!withWriteAudio) [
+    "--without-write-audio"
   ];
 
   enableParallelBuilding = true;
@@ -66,6 +79,7 @@ stdenv.mkDerivation rec {
       --prefix PATH : $out/bin:${lib.makeBinPath [ sox lame flac vorbis-tools ]}
     # This is an old script, don't break expectations by renaming it
     ln -s $out/bin/mod2ogg2{.sh,}
+  '' + lib.optionalString withWriteAudio ''
     wrapProgram $out/bin/generate_amiga_oscilloscope_view \
       --prefix PYTHONPATH : "$PYTHONPATH:$out/${python3.sitePackages}"
   '';
@@ -79,6 +93,7 @@ stdenv.mkDerivation rec {
     # Let's make it easy and flag the whole package as unfree.
     license = licenses.unfree;
     maintainers = with maintainers; [ OPNA2608 ];
+    mainProgram = "uade123";
     platforms = platforms.unix;
   };
 }

pkgs/applications/audio/vmpk/default.nix

@@ -5,11 +5,11 @@
 
 mkDerivation rec {
   pname = "vmpk";
-  version = "0.8.6";
+  version = "0.8.7";
 
   src = fetchurl {
     url = "mirror://sourceforge/${pname}/${version}/${pname}-${version}.tar.bz2";
-    sha256 = "sha256-cwfJJVeUokyZI1iGvqBvXjcBR36VGodzrUx5Atv3POM=";
+    sha256 = "sha256-0y1XS+I3bmNrJ65LT0LyTd8aSLXVlVZFFDZwgxVDLGk=";
   };
 
   nativeBuildInputs = [ cmake pkg-config qttools docbook-xsl-nons ];

pkgs/applications/audio/ymuse/default.nix

@@ -0,0 +1,71 @@
+{ stdenv
+, lib
+, fetchFromGitHub
+, buildGoModule
+, wrapGAppsHook
+, pkg-config
+, glib
+, gobject-introspection
+, gtk3
+, gdk-pixbuf
+, gettext
+, librsvg
+}:
+
+buildGoModule rec {
+  pname = "ymuse";
+  version = "0.20";
+
+  src = fetchFromGitHub {
+    owner = "yktoo";
+    repo = "ymuse";
+    rev = "v${version}";
+    sha256 = "sha256-wDQjNBxwxFVFdSswubp4AVD35aXKJ8i0ahk/tgRsDRc=";
+  };
+  vendorSha256 = "sha256-Ap/nf0NT0VkP2k9U1HzEiptDfLjKkBopP5h0czP3vis=";
+
+  nativeBuildInputs = [
+    pkg-config
+    wrapGAppsHook
+    glib
+    gobject-introspection
+    gdk-pixbuf
+    gettext
+  ];
+
+  buildInputs = [
+    gtk3
+    librsvg
+  ];
+
+  postInstall = ''
+    install -Dm644 ./resources/ymuse.desktop -t $out/share/applications
+    cp -r ./resources/icons $out/share
+
+    app_id="ymuse"
+    find ./resources/i18n -type f -name '*.po' |
+    while read file; do
+        # Language is the filename without the extension
+        lang="$(basename "$file")"
+        lang="''${lang%.*}"
+
+        # Create the target dir if needed
+        target_dir="$out/share/locale/$lang/LC_MESSAGES"
+        mkdir -p "$target_dir"
+
+        # Compile the .po into a .mo
+        echo "Compiling $file" into "$target_dir/$app_id.mo"
+        msgfmt "$file" -o "$target_dir/$app_id.mo"
+    done
+  '';
+
+  # IDK how to deal with tests that open up display.
+  doCheck = false;
+
+  meta = with lib; {
+    homepage = "https://yktoo.com/en/software/ymuse/";
+    description = "GTK client for Music Player Daemon (MPD)";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ foo-dogsquared ];
+  };
+}

pkgs/applications/audio/yoshimi/default.nix

@@ -22,13 +22,13 @@
 
 stdenv.mkDerivation rec {
   pname = "yoshimi";
-  version = "2.1.2.2";
+  version = "2.2.1";
 
   src = fetchFromGitHub {
     owner = "Yoshimi";
     repo = pname;
     rev = version;
-    hash = "sha256-6YsA6tC94yJuuWp5rXXqHzqRy28tvmJzjOR92YwQYO0=";
+    hash = "sha256-Uo403vxzmDntmdoQZQqncuLpDXVJ2FdGi4pQ9jE9b/k=";
   };
 
   sourceRoot = "source/src";

pkgs/applications/backup/unifi-protect-backup/default.nix

@@ -2,15 +2,15 @@
 
 python3.pkgs.buildPythonApplication rec {
   pname = "unifi-protect-backup";
-  version = "0.7.1";
+  version = "0.7.4";
 
   format = "pyproject";
 
   src = fetchFromGitHub {
     owner = "ep1cman";
     repo = pname;
-    rev = "v${version}";
-    hash = "sha256-HAiyNFWLs1McrlAB48me/iI15LssO8ec7BiWuJbRlbs=";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-4Kpz89yqKmxHmnaPYpvJ2hx46yfcaCYjOioyya+38vE=";
   };
 
   preBuild = ''

pkgs/applications/blockchains/chia/default.nix

@@ -6,14 +6,14 @@
 
 let chia = python3Packages.buildPythonApplication rec {
   pname = "chia";
-  version = "1.5.0";
+  version = "1.5.1";
 
   src = fetchFromGitHub {
     owner = "Chia-Network";
     repo = "chia-blockchain";
     rev = version;
     fetchSubmodules = true;
-    hash = "sha256-OlaAnUy16QBff81XMoYQaZA0wKnsr+/3XEQLBP8IMug=";
+    hash = "sha256-FzKdb6Z/ykKYjpjCr7QR5fxXPNnQbW3bBY97t7DxS90=";
   };
 
   patches = [
@@ -55,7 +55,7 @@ let chia = python3Packages.buildPythonApplication rec {
     concurrent-log-handler
     cryptography
     dnslib
-    dnspythonchia
+    dnspython
     fasteners
     filelock
     keyrings-cryptfile

pkgs/applications/editors/featherpad/default.nix

@@ -3,13 +3,13 @@
 
 mkDerivation rec {
   pname = "featherpad";
-  version = "1.3.0";
+  version = "1.3.1";
 
   src = fetchFromGitHub {
     owner = "tsujan";
     repo = "FeatherPad";
     rev = "V${version}";
-    sha256 = "sha256-j8nfK162JmhQLWS1qN909jjxWpzhxE6JnO5uRwtw3c4=";
+    sha256 = "sha256-OLipBhSrXf9lLpSYLwjjOv5AYJDt46MlnEW4YetXZjI=";
   };
 
   nativeBuildInputs = [ cmake pkg-config qttools ];

pkgs/applications/editors/gophernotes/default.nix

@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "gophernotes";
-  version = "0.7.4";
+  version = "0.7.5";
 
   src = fetchFromGitHub {
     owner = "gopherdata";
     repo = "gophernotes";
     rev = "v${version}";
-    sha256 = "sha256-ZyZ5VOZEgFn9QrFBC1bNHKA2g8msDUnd1c5plooO+b8=";
+    sha256 = "sha256-cGlYgay/t6XIl0U9XvrHkqNxZ6BXtXi0TIANY1WdZ3Y=";
   };
 
-  vendorSha256 = "sha256-NH8Hz9SzmDksvGqCpggi6hG4kW+AoA1tctF6rGgy4H4=";
+  vendorSha256 = "sha256-iIBqx52fD12R+7MSjQNihMYYtZ9vPAdJndOG4YJVhy4=";
 
   meta = with lib; {
     description = "Go kernel for Jupyter notebooks";

pkgs/applications/editors/neovim/tests/default.nix

@@ -2,6 +2,7 @@
 , lib, fetchFromGitHub, neovimUtils, wrapNeovimUnstable
 , neovim-unwrapped
 , fetchFromGitLab
+, runCommandLocal
 , pkgs
 }:
 let
@@ -19,6 +20,24 @@ let
     }
   ];
 
+  packagesWithSingleLineConfigs = with vimPlugins; [
+    {
+      plugin = vim-obsession;
+      config = ''map <Leader>$ <Cmd>Obsession<CR>'';
+    }
+    {
+      plugin = trouble-nvim;
+      config = ''" placeholder config'';
+    }
+  ];
+
+  nvimConfSingleLines = makeNeovimConfig {
+    plugins = packagesWithSingleLineConfigs;
+    customRC = ''
+      " just a comment
+    '';
+  };
+
   nvimConfNix = makeNeovimConfig {
     inherit plugins;
     customRC = ''
@@ -47,8 +66,9 @@ let
     sha256 = "1ykcvyx82nhdq167kbnpgwkgjib8ii7c92y3427v986n2s5lsskc";
   };
 
+  # neovim-drv must be a wrapped neovim
   runTest = neovim-drv: buildCommand:
-    pkgs.runCommandLocal "test-${neovim-drv.name}" ({
+    runCommandLocal "test-${neovim-drv.name}" ({
       nativeBuildInputs = [ ];
       meta.platforms = neovim-drv.meta.platforms;
     }) (''
@@ -68,6 +88,12 @@ rec {
   ##################
   nvim_with_plugins = wrapNeovim2 "-with-plugins" nvimConfNix;
 
+  singlelinesconfig = runTest (wrapNeovim2 "-single-lines" nvimConfSingleLines) ''
+      assertFileContent \
+        "$vimrcGeneric" \
+        "${./init-single-lines.vim}"
+  '';
+
   nvim_via_override = neovim.override {
     extraName = "-via-override";
     configure = {
@@ -131,7 +157,7 @@ rec {
   nvim_via_override-test = runTest nvim_via_override ''
       assertFileContent \
         "$vimrcGeneric" \
-        "${./neovim-override.vim}"
+        "${./init-override.vim}"
   '';
 
 

pkgs/applications/editors/neovim/tests/init-single-lines.vim

@@ -0,0 +1,3 @@
+map <Leader>$ <Cmd>Obsession<CR>
+" placeholder config
+" just a comment

pkgs/applications/editors/neovim/utils.nix

@@ -49,12 +49,17 @@ let
       };
 
       # transform all plugins into an attrset
-      # { optional = bool; plugin = package; dest = filename; }
-      pluginsNormalized = map (x: if x ? plugin then { dest = "init.vim"; optional = false; } // x else { plugin = x; optional = false;}) plugins;
-
-
-
-      pluginRC = lib.concatMapStrings (p: p.config or "") pluginsNormalized;
+      # { optional = bool; plugin = package; }
+      pluginsNormalized = let
+        defaultPlugin = {
+          plugin = null;
+          config = null;
+          optional = false;
+        };
+      in
+        map (x: defaultPlugin // (if (x ? plugin) then x else { plugin = x; })) plugins;
+
+      pluginRC = lib.foldl (acc: p: if p.config != null then acc ++ [p.config] else acc) []  pluginsNormalized;
 
       pluginsPartitioned = lib.partition (x: x.optional == true) pluginsNormalized;
       requiredPlugins = vimUtils.requiredPluginsForPackage myVimPackage;
@@ -116,7 +121,11 @@ let
 
       manifestRc = vimUtils.vimrcContent ({ customRC = ""; }) ;
       # we call vimrcContent without 'packages' to avoid the init.vim generation
-      neovimRcContent = vimUtils.vimrcContent ({ beforePlugins = ""; customRC = pluginRC + customRC; packages = null; });
+      neovimRcContent = vimUtils.vimrcContent ({
+        beforePlugins = "";
+        customRC = lib.concatStringsSep "\n" (pluginRC ++ [customRC]);
+        packages = null;
+      });
     in
 
     builtins.removeAttrs args ["plugins"] // {

pkgs/applications/editors/neovim/wrapper.nix

@@ -123,7 +123,7 @@ let
       unwrapped = neovim;
       initRc = neovimRcContent;
 
-      tests = callPackage ./tests.nix {
+      tests = callPackage ./tests {
       };
     };
 

pkgs/applications/editors/setzer/default.nix

@@ -18,13 +18,13 @@
 
 python3.pkgs.buildPythonApplication rec {
   pname = "setzer";
-  version = "0.4.7";
+  version = "0.4.8";
 
   src = fetchFromGitHub {
     owner = "cvfosammmm";
     repo = "Setzer";
     rev = "v${version}";
-    hash = "sha256-IP56jOiiIK9EW4D5yEdLc49rUzcvegAX3Yyk2ERK/pE=";
+    hash = "sha256-7NPyvAof0xObYZws3KFAbdue/GpIRthzdX00jc9GhYs=";
   };
 
   format = "other";
@@ -37,10 +37,10 @@ python3.pkgs.buildPythonApplication rec {
     appstream-glib
     wrapGAppsHook
     desktop-file-utils
+    gobject-introspection
   ];
 
   buildInputs = [
-    gobject-introspection
     gtksourceview4
     gspell
     poppler_gi

pkgs/applications/editors/sigil/default.nix

@@ -6,13 +6,13 @@
 
 mkDerivation rec {
   pname = "sigil";
-  version = "1.9.2";
+  version = "1.9.10";
 
   src = fetchFromGitHub {
     repo = "Sigil";
     owner = "Sigil-Ebook";
     rev = version;
-    sha256 = "sha256-LfP3qUzoHuYSpkTz1queVGTWOP9v9kbgbgvvtiMK6Eo=";
+    sha256 = "sha256-FWUrhTTV1TCoBhitopQc469I7SRy4UDKdRLifVKhCCg=";
   };
 
   pythonPath = with python3Packages; [ lxml ];

pkgs/applications/editors/vim/plugins/deprecated.json

@@ -1,6 +1,6 @@
 {
     "TrueZen-nvim": {
-        "date": "2022-07-27",
+        "date": "2022-08-21",
         "new": "true-zen-nvim"
     },
     "compe-tmux": {

pkgs/applications/editors/vim/plugins/vim-plugin-names

@@ -152,7 +152,7 @@ https://github.com/Domeee/com.cloudedmountain.ide.neovim/,HEAD,
 https://github.com/wincent/command-t/,,
 https://github.com/numtostr/comment.nvim/,,
 https://github.com/rhysd/committia.vim/,,
-https://github.com/tami5/compe-conjure/,,
+https://github.com/hrsh7th/compe-conjure/,,
 https://github.com/GoldsteinE/compe-latex-symbols/,,
 https://github.com/tzachar/compe-tabnine/,,
 https://github.com/tamago324/compe-zsh/,,
@@ -322,6 +322,7 @@ https://github.com/latex-box-team/latex-box/,,
 https://github.com/kdheepak/lazygit.nvim/,,
 https://github.com/Julian/lean.nvim/,,
 https://github.com/leanprover/lean.vim/,,
+https://github.com/mrjones2014/legendary.nvim/,HEAD,
 https://github.com/camspiers/lens.vim/,,
 https://github.com/thirtythreeforty/lessspace.vim/,,
 https://github.com/cohama/lexima.vim/,,
@@ -343,6 +344,7 @@ https://github.com/ldelossa/litee-filetree.nvim/,,
 https://github.com/ldelossa/litee-symboltree.nvim/,,
 https://github.com/ldelossa/litee.nvim/,,
 https://github.com/folke/lsp-colors.nvim/,,
+https://github.com/lukas-reineke/lsp-format.nvim/,HEAD,
 https://github.com/ahmedkhalf/lsp-rooter.nvim/,,
 https://github.com/nvim-lua/lsp-status.nvim/,,
 https://github.com/nvim-lua/lsp_extensions.nvim/,,
@@ -497,6 +499,7 @@ https://github.com/navarasu/onedark.nvim/,,
 https://github.com/joshdick/onedark.vim/,,
 https://github.com/olimorris/onedarkpro.nvim/,,
 https://github.com/sonph/onehalf/,,
+https://github.com/rmehri01/onenord.nvim/,main,
 https://github.com/tyru/open-browser-github.vim/,,
 https://github.com/tyru/open-browser.vim/,,
 https://github.com/nvim-orgmode/orgmode/,,

pkgs/applications/editors/vscode/vscodium.nix

@@ -15,11 +15,11 @@ let
   archive_fmt = if stdenv.isDarwin then "zip" else "tar.gz";
 
   sha256 = {
-    x86_64-linux = "04jmp9z9b8gqq1nxfw186fnyd0glcp0s8iiy5g2zy2y7jsllm5qi";
-    x86_64-darwin = "119k1q1dnnhzdyv3wx13ghpwvsrmb1s8ira50ldlac3dr54rhjc9";
-    aarch64-linux = "0sr9q4rm63p6lgg3qq86hmkcyg4i6znijw1k5h0sv1qc9hrlq6gv";
-    aarch64-darwin = "0n742ka8ap35klx5yiba08fyqfq5077l8f8b8r5if91rcdwmkwm1";
-    armv7l-linux = "0a5wd91ksdgabalgmk9pwjjl2haxdidyxz3bnrmrvr1hnlylq1mh";
+    x86_64-linux = "1b2603fcb28479dajwg9q2ck083fym6khjv02ax3l0p6jazjyc70";
+    x86_64-darwin = "0xggqfmsm7zzbn43mjmmk8wg75nr2nvkiaddcgwq3a2xn1x90jb5";
+    aarch64-linux = "1wfrfap840a9azik1dbzp7kib04amc3y2m6s45v3qa3c0kw1162a";
+    aarch64-darwin = "1nfv5ysri6p2sfp47786alv7b8rrn7mxsaisdlz970r8d79mrp5n";
+    armv7l-linux = "185ayjvahyqxqab7dkpygxd68adxai25sw4fcw00x5c4l5lgmvhl";
   }.${system} or throwSystem;
 
   sourceRoot = if stdenv.isDarwin then "" else ".";
@@ -29,7 +29,7 @@ in
 
     # Please backport all compatible updates to the stable release.
     # This is important for the extension ecosystem.
-    version = "1.70.1.22228";
+    version = "1.70.2.22230";
     pname = "vscodium";
 
     executableName = "codium";

pkgs/applications/emulators/libdsk/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "libdsk";
-  version = "1.5.18";
+  version = "1.5.19";
 
   src = fetchurl {
     url = "https://www.seasip.info/Unix/LibDsk/${pname}-${version}.tar.gz";
-    sha256 = "sha256-43HUMQ35nwOwaQP8F1vO7zFccxHrQqJhZ6D5zzYhB5A=";
+    sha256 = "sha256-W8w5o9rK/yCipQnfn4gMOwDZ+9WeV3G53q5h2XlevkE=";
   };
 
   meta = with lib; {

pkgs/applications/emulators/wine/sources.nix

@@ -46,9 +46,9 @@ in rec {
 
   unstable = fetchurl rec {
     # NOTE: Don't forget to change the SHA256 for staging as well.
-    version = "7.13";
+    version = "7.15";
     url = "https://dl.winehq.org/wine/source/7.x/wine-${version}.tar.xz";
-    sha256 = "sha256-a/6+kz2qUJVprnmwv2ofG08H4b+K/Balm+4TdIuSymQ=";
+    sha256 = "sha256-0auKGarm/mwIM8PYgqMkSKv6SihZDxRulUUOufWPuRw=";
     inherit (stable) gecko32 gecko64 patches;
 
     mono = fetchurl rec {
@@ -61,7 +61,7 @@ in rec {
   staging = fetchFromGitHub rec {
     # https://github.com/wine-staging/wine-staging/releases
     inherit (unstable) version;
-    sha256 = "sha256-U1awbhJRT3aAJstyEjv2Dp20FqyQ4ntnFFRYJb12C/U=";
+    sha256 = "sha256-JMig0EUgxdRwpeaxZcNQi+6xWHUg43bXB7jkm5skKC8=";
     owner = "wine-staging";
     repo = "wine-staging";
     rev = "v${version}";

pkgs/applications/emulators/yuzu/default.nix

@@ -5,23 +5,23 @@
 }:
 
 let
-  # Fetched from https://api.yuzu-emu.org/gamedb, last updated 2022-07-14
+  # Mirror of https://api.yuzu-emu.org/gamedb, last updated 2022-08-13
   # Please make sure to update this when updating yuzu!
   compat-list = fetchurl {
     name = "yuzu-compat-list";
-    url = "https://web.archive.org/web/20220714160745/https://api.yuzu-emu.org/gamedb";
+    url = "https://raw.githubusercontent.com/flathub/org.yuzu_emu.yuzu/d83401d2ee3fd5e1922e31baed1f3bdb1c0f036c/compatibility_list.json";
     sha256 = "sha256-anOmO7NscHDsQxT03+YbJEyBkXjhcSVGgKpDwt//GHw=";
   };
 in {
   mainline = libsForQt5.callPackage ./generic.nix rec {
     pname = "yuzu-mainline";
-    version = "1131";
+    version = "1137";
 
     src = fetchFromGitHub {
       owner = "yuzu-emu";
       repo = "yuzu-mainline";
       rev = "mainline-0-${version}";
-      sha256 = "0lh8s59hrysfjz69yr0f44s3l4aaznmclq0xfnyblsk0cw9ripf6";
+      sha256 = "sha256-DLU5hmjTnlpRQ6sbcU7as/KeI9dDJAFUzVLciql5niE=";
       fetchSubmodules = true;
     };
 
@@ -30,13 +30,13 @@ in {
 
   early-access = libsForQt5.callPackage ./generic.nix rec {
     pname = "yuzu-ea";
-    version = "2901";
+    version = "2907";
 
     src = fetchFromGitHub {
       owner = "pineappleEA";
       repo = "pineapple-src";
       rev = "EA-${version}";
-      sha256 = "0jymm9sdsnayjaffmcbpjck4k2yslx8zid2vsm4jfdaajr244q2z";
+      sha256 = "sha256-spPW2/qeVyd1P1/Z2lcuA69igS3xV4KtcJ59yf9X4JI=";
       fetchSubmodules = true;
     };
 

pkgs/applications/emulators/yuzu/generic.nix

@@ -45,15 +45,6 @@
 stdenv.mkDerivation rec {
   inherit pname version src;
 
-  # Replace icons licensed under CC BY-ND 3.0 with free ones to allow
-  # for binary redistribution: https://github.com/yuzu-emu/yuzu/pull/8104
-  # The patch hosted on GitHub has the binary information in git format, which
-  # can’t be applied with patch(1), so it has been regenerated with
-  # "git format-patch --text --full-index --binary".
-  # Because pineapple strips all files beginning with a dot, the patch needs to
-  # be edited manually afterwards to remove all changes to those.
-  patches = [ ./yuzu-free-icons.patch ];
-
   nativeBuildInputs = [
     cmake
     doxygen
@@ -111,6 +102,13 @@ stdenv.mkDerivation rec {
     "-DENABLE_COMPATIBILITY_LIST_DOWNLOAD=OFF" # We provide this deterministically
   ];
 
+  qtWrapperArgs = [
+    # Fixes vulkan detection
+    "--prefix LD_LIBRARY_PATH : ${vulkan-loader}/lib"
+    # Without yuzu doesnt start on wayland. See https://github.com/yuzu-emu/yuzu/issues/6088
+    "--set QT_QPA_PLATFORM xcb"
+  ];
+
   preConfigure = ''
     # This prevents a check for submodule directories.
     rm -f .gitmodules
@@ -127,13 +125,6 @@ stdenv.mkDerivation rec {
     ln -sf ${compat-list} ./dist/compatibility_list/compatibility_list.json
   '';
 
-  # Fix vulkan detection
-  postFixup = ''
-    for bin in $out/bin/yuzu $out/bin/yuzu-cmd; do
-      wrapProgram $bin --prefix LD_LIBRARY_PATH : ${vulkan-loader}/lib
-    done
-  '';
-
   passthru.updateScript = runCommandLocal "yuzu-${branch}-updateScript" {
     script = substituteAll {
       src = ./update.sh;
@@ -154,7 +145,7 @@ stdenv.mkDerivation rec {
     platforms = [ "x86_64-linux" ];
     license = with licenses; [
       gpl3Plus
-      # Icons. Note that this would be cc0 and cc-by-nd-30 without the "yuzu-free-icons" patch
+      # Icons
       asl20 mit cc0
     ];
     maintainers = with maintainers; [

pkgs/applications/emulators/yuzu/update.sh

@@ -1,84 +1,105 @@
 #! /usr/bin/env nix-shell
-#! nix-shell -i bash -p nix nix-prefetch-git coreutils curl jq gnused
+#! nix-shell -I nixpkgs=./. -i bash -p nix nix-prefetch-git coreutils curl jq gnused
 
-set -e
+set -euo pipefail
 
 # Will be replaced with the actual branch when running this from passthru.updateScript
 BRANCH="@branch@"
+DEFAULT_NIX="$(dirname "${BASH_SOURCE[@]}")/default.nix"
 
-if [[ ! "$(basename $PWD)" = "yuzu" ]]; then
-    echo "error: Script must be ran from yuzu's directory!"
+if [[ "$(basename "$PWD")" = "yuzu" ]]; then
+    echo "error: Script must be ran from nixpkgs's root directory for compatibility with the maintainer script"
     exit 1
 fi
 
-getLocalVersion() {
-    pushd ../../../.. >/dev/null
-    nix eval --raw -f default.nix "$1".version
-    popd >/dev/null
-}
-
-getLocalHash() {
-    pushd ../../../.. >/dev/null
-    nix eval --raw -f default.nix "$1".src.drvAttrs.outputHash
-    popd >/dev/null
-}
-
-updateMainline() {
-    OLD_MAINLINE_VERSION="$(getLocalVersion "yuzu-mainline")"
-    OLD_MAINLINE_HASH="$(getLocalHash "yuzu-mainline")"
-
-    NEW_MAINLINE_VERSION="$(curl -s ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \
-        "https://api.github.com/repos/yuzu-emu/yuzu-mainline/releases?per_page=1" | jq -r '.[0].name' | cut -d" " -f2)"
-
-    if [[ "${OLD_MAINLINE_VERSION}" = "${NEW_MAINLINE_VERSION}" ]]; then
-        echo "yuzu-mainline is already up to date!"
+updateBranch() {
+    local branch attribute oldVersion oldHash newVersion newHash
+    branch="$1"
+    attribute="yuzu-$branch"
+    [[ "$branch" = "early-access" ]] && attribute="yuzu-ea" # Attribute path doesnt match the branch name
+    oldVersion="$(nix eval --raw -f "./default.nix" "$attribute".version)"
+    oldHash="$(nix eval --raw -f "./default.nix" "$attribute".src.drvAttrs.outputHash)"
+
+    if [[ "$branch" = "mainline" ]]; then
+        newVersion="$(curl -s ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} "https://api.github.com/repos/yuzu-emu/yuzu-mainline/releases?per_page=1" \
+            | jq -r '.[0].name' | cut -d" " -f2)"
+    elif [[ "$branch" = "early-access" ]]; then
+        newVersion="$(curl -s ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} "https://api.github.com/repos/pineappleEA/pineapple-src/releases?per_page=2" \
+            | jq -r '.[].tag_name' | grep '^EA-[0-9]*' | head -n1 | cut -d"-" -f2 | cut -d" " -f1)"
+    fi
 
-        [ "$KEEP_GOING" ] && return || exit
+    if [[ "${oldVersion}" = "${newVersion}" ]]; then
+        echo "$attribute is already up to date."
+        return
     else
-        echo "yuzu-mainline: ${OLD_MAINLINE_VERSION} -> ${NEW_MAINLINE_VERSION}"
+        echo "$attribute: ${oldVersion} -> ${newVersion}"
     fi
 
-    echo "  Fetching source code..."
-
-    NEW_MAINLINE_HASH="$(nix-prefetch-git --quiet --fetch-submodules --rev "mainline-0-${NEW_MAINLINE_VERSION}" "https://github.com/yuzu-emu/yuzu-mainline" | jq -r '.sha256')"
-
-    echo "  Succesfully fetched. hash: ${NEW_MAINLINE_HASH}"
+    echo "  fetching source code to generate hash..."
+    if [[ "$branch" = "mainline" ]]; then
+        newHash="$(nix-prefetch-git --quiet --fetch-submodules --rev "mainline-0-${newVersion}" "https://github.com/yuzu-emu/yuzu-mainline" | jq -r '.sha256')"
+    elif [[ "$branch" = "early-access" ]]; then
+        newHash="$(nix-prefetch-git --quiet --fetch-submodules --rev "EA-${newVersion}" "https://github.com/pineappleEA/pineapple-src" | jq -r '.sha256')"
+    fi
+    newHash="$(nix hash to-sri --type sha256 "${newHash}")"
 
-    sed -i "s/${OLD_MAINLINE_VERSION}/${NEW_MAINLINE_VERSION}/" ./default.nix
-    sed -i "s/${OLD_MAINLINE_HASH}/${NEW_MAINLINE_HASH}/" ./default.nix
+    sed -i "s,${oldVersion},${newVersion}," "$DEFAULT_NIX"
+    sed -i "s,${oldHash},${newHash},g" "$DEFAULT_NIX"
+    echo "  succesfully updated $attribute. new hash: $newHash"
 }
 
-updateEarlyAccess() {
-    OLD_EA_VERSION="$(getLocalVersion "yuzu-ea")"
-    OLD_EA_HASH="$(getLocalHash "yuzu-ea")"
+updateCompatibilityList() {
+    local latestRevision oldUrl newUrl oldHash newHash oldDate newDate
+    latestRevision="$(curl -s ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} "https://api.github.com/repos/flathub/org.yuzu_emu.yuzu/commits/master" | jq -r '.sha')"
 
-    NEW_EA_VERSION="$(curl -s ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \
-        "https://api.github.com/repos/pineappleEA/pineapple-src/releases?per_page=2" | jq -r '.[].tag_name' | grep '^EA-[0-9]*' | head -n1 | cut -d"-" -f2 | cut -d" " -f1)"
+    oldUrl="$(sed -n '/yuzu-compat-list/,/url/p' "$DEFAULT_NIX" | tail -n1 | cut -d'"' -f2)"
+    newUrl="https://raw.githubusercontent.com/flathub/org.yuzu_emu.yuzu/${latestRevision}/compatibility_list.json"
 
-    if [[ "${OLD_EA_VERSION}" = "${NEW_EA_VERSION}" ]]; then
-        echo "yuzu-ea is already up to date!"
+    oldDate="$(sed -n '/last updated.*/p' "$DEFAULT_NIX" | rev | cut -d' ' -f1 | rev)"
+    newDate="$(curl -s ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} "https://api.github.com/repos/flathub/org.yuzu_emu.yuzu/commits/${latestRevision}" \
+        | jq -r '.commit.committer.date' | cut -d'T' -f1)"
 
-        [ "$KEEP_GOING" ] && return || exit
+    oldHash="$(sed -n '/yuzu-compat-list/,/sha256/p' "$DEFAULT_NIX" | tail -n1 | cut -d'"' -f2)"
+    newHash="$(nix hash to-sri --type sha256 "$(nix-prefetch-url --quiet "$newUrl")")"
+
+    if [[ "$oldHash" = "$newHash" ]]; then
+        echo "compatibility_list is already up to date."
+        return
     else
-        echo "yuzu-ea: ${OLD_EA_VERSION} -> ${NEW_EA_VERSION}"
+        echo "compatibility_list: $oldDate -> $newDate"
     fi
 
-    echo "  Fetching source code..."
-
-    NEW_EA_HASH="$(nix-prefetch-git --quiet --fetch-submodules --rev "EA-${NEW_EA_VERSION}" "https://github.com/pineappleEA/pineapple-src" | jq -r '.sha256')"
-
-    echo "  Succesfully fetched. hash: ${NEW_EA_HASH}"
-
-    sed -i "s/${OLD_EA_VERSION}/${NEW_EA_VERSION}/" ./default.nix
-    sed -i "s/${OLD_EA_HASH}/${NEW_EA_HASH}/" ./default.nix
+    sed -i "s,${oldUrl},${newUrl},g" "$DEFAULT_NIX"
+    sed -i "s,${oldHash},${newHash},g" "$DEFAULT_NIX"
+    sed -i "s,${oldDate},${newDate},g" "$DEFAULT_NIX"
+    echo "  succesfully updated compatibility_list. new hash: $newHash"
 }
 
-if [[ "$BRANCH" = "mainline" ]]; then
-    updateMainline
-elif [[ "$BRANCH" = "early-access" ]]; then
-    updateEarlyAccess
-else
-    KEEP_GOING=1
-    updateMainline
-    updateEarlyAccess
+if [[ "$BRANCH" = "mainline" ]] || [[ "$BRANCH" = "early-access" ]]; then
+    updateBranch "$BRANCH"
+    updateCompatibilityList
+else # Script is not ran from passthru.updateScript
+    if (( $# == 0 )); then
+        updateBranch "mainline"
+        updateBranch "early-access"
+    fi
+
+    while (( "$#" > 0 )); do
+        case "$1" in
+            mainline|yuzu-mainline)
+                updateBranch "mainline"
+                ;;
+            early-access|yuzu-early-access|ea|yuzu-ea)
+                updateBranch "early-access"
+                ;;
+            *)
+                echo "error: invalid branch: $1."
+                echo "usage: $(basename "$0") [mainline|early-access]"
+                exit 1
+                ;;
+        esac
+        shift
+    done
+
+    updateCompatibilityList
 fi

pkgs/applications/file-managers/clifm/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "clifm";
-  version = "1.5.1";
+  version = "1.6";
 
   src = fetchFromGitHub {
     owner = "leo-arch";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-JdVRi5xHKpYjP8h7df4WdizSU1dy+CtPfOiPEK+MEOE=";
+    sha256 = "sha256-ak2tZTNNKsHGNpxobi8oqnimhsNvoaW75zMYBeskXZU=";
   };
 
   buildInputs = [ libcap acl file readline ];

pkgs/applications/finance/irpf/default.nix

@@ -11,13 +11,13 @@
 
 stdenvNoCC.mkDerivation rec {
   pname = "irpf";
-  version = "2022-1.6";
+  version = "2022-1.7";
 
   src = let
     year = lib.head (lib.splitVersion version);
   in fetchzip {
     url = "https://downloadirpf.receita.fazenda.gov.br/irpf/${year}/irpf/arquivos/IRPF${version}.zip";
-    sha256 = "sha256-/4dND4CMl4xnGGIb+FWqgL0wbt7fqUE78m737U0kAdw=";
+    sha256 = "sha256-EHuka0HzWoqjvT/DcuJ9LWSrWl0PW5FyS+7/PdCgrNQ=";
   };
 
   nativeBuildInputs = [ unzip makeWrapper copyDesktopItems ];

pkgs/applications/gis/qgis/unwrapped-ltr.nix

@@ -73,14 +73,14 @@ let
     six
   ];
 in mkDerivation rec {
-  version = "3.22.9";
+  version = "3.22.10";
   pname = "qgis-ltr-unwrapped";
 
   src = fetchFromGitHub {
     owner = "qgis";
     repo = "QGIS";
     rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}";
-    sha256 = "sha256-QHdcK34e7tC0AUstE8pbsBHzHXbmOd3gI2/zqsxb6X4=";
+    hash = "sha256-v/PshUZpf8fVW2PrGBiuAMfyfC/osOkR9GcnNOyg0l4=";
   };
 
   passthru = {

pkgs/applications/gis/qgis/unwrapped.nix

@@ -73,14 +73,14 @@ let
     six
   ];
 in mkDerivation rec {
-  version = "3.26.1";
+  version = "3.26.2";
   pname = "qgis-unwrapped";
 
   src = fetchFromGitHub {
     owner = "qgis";
     repo = "QGIS";
     rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}";
-    sha256 = "sha256-FjMe/5uEbmSeQrAtkKvoGh4VlPkbGMHNzlCpn27C5CQ=";
+    hash = "sha256-WU1yamZM/UVhtZjoZ/5J8gt7FOHEHi0D2Z9BWEl4br0=";
   };
 
   passthru = {

pkgs/applications/graphics/cloudcompare/default.nix

@@ -23,13 +23,13 @@
 
 mkDerivation rec {
   pname = "cloudcompare";
-  version = "2.12.1";
+  version = "2.12.4";
 
   src = fetchFromGitHub {
     owner = "CloudCompare";
     repo = "CloudCompare";
     rev = "v${version}";
-    sha256 = "sha256-gX07Km+DNnsz5eDAC2RueMHjmIfQvgGnNOujZ/yM/vE=";
+    sha256 = "sha256-rQ9/vS/fyRWGBL4UGPNSeeNsDtnRHEp9NCViBtu/QEs=";
     fetchSubmodules = true;
   };
 

pkgs/applications/graphics/imgbrd-grabber/default.nix

@@ -21,13 +21,13 @@
 
 stdenv.mkDerivation rec {
   pname = "imgbrd-grabber";
-  version = "7.7.1";
+  version = "7.9.1";
 
   src = fetchFromGitHub {
     owner = "Bionus";
     repo = "imgbrd-grabber";
     rev = "v${version}";
-    sha256 = "sha256-3qE3mdtlIlReIkUf0oH2/qmunE8nvdB0EaD7EOqaEj0=";
+    sha256 = "sha256-0CceSXH1GJbWKOnxZkjmbuyj7NBOQ6tpCYrCl7z4Vrw=";
     fetchSubmodules = true;
   };
 

pkgs/applications/graphics/ovito/default.nix

@@ -21,13 +21,13 @@
 
 mkDerivation rec {
   pname = "ovito";
-  version = "3.7.1";
+  version = "3.7.7";
 
   src = fetchFromGitLab {
     owner = "stuko";
     repo = "ovito";
     rev = "v${version}";
-    sha256 = "sha256-6b/yqfrpeZ6i6DoPe3lcftvuzwvK7rfZhgyHc9GtyBs=";
+    sha256 = "sha256-wKXnb7ZzWOPPrHj3jOeFazRy0PVqcV/OFeaBs6qgF1I=";
   };
 
   nativeBuildInputs = [

pkgs/applications/graphics/smartdeblur/default.nix

@@ -1,24 +1,29 @@
-{ lib, stdenv, fetchFromGitHub, cmake, qt4, fftw }:
+{ stdenv, lib, fetchFromGitHub, cmake, fftw
+, qtbase, qmake, wrapQtAppsHook }:
 
 stdenv.mkDerivation rec {
   pname = "smartdeblur";
-  version = "unstable-2013-01-09";
+  version = "unstable-2018-10-29";
 
   src = fetchFromGitHub {
     owner = "Y-Vladimir";
     repo = "SmartDeblur";
-    rev = "9895036d26cbb823a9ade28cdcb26fd0ac37258e";
-    sha256 = "sha256-+EbqEpOG1fj2OKmlz8NRF/CGfT2OYGwY5/lwJHCHaMw=";
+    rev = "5af573c7048ac49ef68e638f3405d3a571b96a8b";
+    sha256 = "151vdd5ld0clw0vgp0fvp2gp2ybwpx9g43dad9fvbvwkg60izs87";
   };
 
-  preConfigure = ''
-    cd src
-  '';
+  sourceRoot = "${src.name}/src";
+
+  nativeBuildInputs = [ qmake wrapQtAppsHook ];
+  buildInputs = [ qtbase fftw ];
 
-  nativeBuildInputs = [ cmake ];
-  buildInputs = [ qt4 fftw ];
+  installPhase = ''
+    runHook preInstall
 
-  cmakeFlags = [ "-DUSE_SYSTEM_FFTW=ON" ];
+    install -Dm755 ./SmartDeblur -t $out/bin
+
+    runHook postInstall
+  '';
 
   meta = with lib; {
     homepage = "https://github.com/Y-Vladimir/SmartDeblur";

pkgs/applications/misc/1password/default.nix

@@ -12,12 +12,12 @@ let
     if extension == "zip" then fetchzip args else fetchurl args;
 
   pname = "1password-cli";
-  version = "2.6.1";
+  version = "2.6.2";
   sources = rec {
-    aarch64-linux = fetch "linux_arm64" "sha256-udKcojp7CUz5mXIFeLiXKJ7X1A/fejoeLUc+2zlnlKo=" "zip";
-    i686-linux = fetch "linux_386" "sha256-gJpwZrtgzC+fD8dqc2hgfsAiYmVkAY3xSmIQnsC5naw=" "zip";
-    x86_64-linux = fetch "linux_amd64" "sha256-X+VyoXg7HRq70b9qRhk2N/UvBlhIkvCWM6kadaGDhsU=" "zip";
-    aarch64-darwin = fetch "apple_universal" "sha256-Z8MKp9fQBsvg1nQ0QSrnMV0Bxy6LmnwHb5WIrhGjxv8=" "pkg";
+    aarch64-linux = fetch "linux_arm64" "sha256-3R2afGRSrwffhZNNJAszzmrwfHJ0/wy4/6j2cpvMosA=" "zip";
+    i686-linux = fetch "linux_386" "sha256-QhUIm+RAmPIS7HBUE/AxPvlx2s3Pk8KeIV9tEJ22+8c=" "zip";
+    x86_64-linux = fetch "linux_amd64" "sha256-/8iuQAyCA4srH/mUlbo7W5VdlR4At7TlFCVPaqH45og=" "zip";
+    aarch64-darwin = fetch "apple_universal" "sha256-HMGR2oBTzB7TwresCN0SYHqM7fcMSiMEu8aw7BN6wyI=" "pkg";
     x86_64-darwin = aarch64-darwin;
   };
   platforms = builtins.attrNames sources;

pkgs/applications/misc/buku/default.nix

@@ -1,26 +1,7 @@
 { lib, python3, fetchFromGitHub, withServer ? false }:
 
 let
-  python3' = python3.override {
-    packageOverrides = self: super: {
-      sqlalchemy = super.sqlalchemy.overridePythonAttrs (oldAttrs: rec {
-        version = "1.3.24";
-        src = oldAttrs.src.override {
-          inherit version;
-          hash = "sha256-67t3fL+TEjWbiXv4G6ANrg9ctp+6KhgmXcwYpvXvdRk=";
-        };
-        doCheck = false;
-      });
-      sqlalchemy-utils = super.sqlalchemy-utils.overridePythonAttrs (oldAttrs: rec {
-        version = "0.36.6";
-        src = oldAttrs.src.override {
-          inherit version;
-          sha256 = "0srs5w486wp5zydjs70igi5ypgxhm6h73grb85jz03fqpqaanzvs";
-        };
-      });
-    };
-  };
-  serverRequire = with python3'.pkgs; [
+  serverRequire = with python3.pkgs; [
     requests
     flask
     flask-admin
@@ -36,7 +17,7 @@ let
     toml
   ];
 in
-with python3'.pkgs; buildPythonApplication rec {
+with python3.pkgs; buildPythonApplication rec {
   version = "4.7";
   pname = "buku";
 
@@ -54,6 +35,10 @@ with python3'.pkgs; buildPythonApplication rec {
     pyyaml
     mypy-extensions
     click
+    pylint
+    flake8
+    pytest-cov
+    pyyaml
   ];
 
   propagatedBuildInputs = [
@@ -64,20 +49,7 @@ with python3'.pkgs; buildPythonApplication rec {
     html5lib
   ] ++ lib.optionals withServer serverRequire;
 
-  postPatch = ''
-    # Jailbreak problematic dependencies
-    sed -i \
-      -e "s,'PyYAML.*','PyYAML',g" \
-      -e "/'pytest-cov/d" \
-      -e "/'pylint/d" \
-      -e "/'flake8/d" \
-      setup.py
-  '';
-
   preCheck = ''
-    # Fixes two tests for wrong encoding
-    export PYTHONIOENCODING=utf-8
-
     # Disables a test which requires internet
     substituteInPlace tests/test_bukuDb.py \
       --replace "@pytest.mark.slowtest" "@unittest.skip('skipping')" \

pkgs/applications/misc/charm/default.nix

@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "charm";
-  version = "0.12.3";
+  version = "0.12.4";
 
   src = fetchFromGitHub {
     owner = "charmbracelet";
     repo = "charm";
     rev = "v${version}";
-    sha256 = "sha256-FQNOU75mZqeXAVFOxTXri6bfkJZx4A/YhXMf8bFAKxs=";
+    sha256 = "sha256-1uxgiVJGdTE8R0gEQ515zxoKXSs5lTGAURNlgJYMuMI=";
   };
 
-  vendorSha256 = "sha256-6Grg6/q4idhWk6slxV2GBblmOA5dclFh/PcGtPXUTd4=";
+  vendorSha256 = "sha256-ouqA4Rg03M9dAUu2Uxmvez7LJTcrqYvqPNVQQmqwoFQ=";
 
   ldflags = [ "-s" "-w" "-X=main.Version=${version}" ];
 

pkgs/applications/misc/copyq/default.nix

@@ -17,13 +17,13 @@
 
 mkDerivation rec {
   pname = "CopyQ";
-  version = "6.1.0";
+  version = "6.2.0";
 
   src = fetchFromGitHub {
     owner = "hluk";
     repo = "CopyQ";
     rev = "v${version}";
-    sha256 = "sha256-2BWyLVxH50G+S/Hp8E5hWG64DcIamtZPGm0nSMwEhY4=";
+    hash = "sha256-0XCqSF1oc2B3FD5OmOxqgt9sqCIrzK0KjkntVFXlRWI=";
   };
 
   nativeBuildInputs = [

pkgs/applications/misc/cubiomes-viewer/default.nix

@@ -9,13 +9,13 @@
 
 stdenv.mkDerivation rec {
   pname = "cubiomes-viewer";
-  version = "2.2.2";
+  version = "2.3.3";
 
   src = fetchFromGitHub {
     owner = "Cubitect";
     repo = pname;
     rev = version;
-    sha256 = "sha256-jwYmgA2JtWpEbuuFPwGdKKaSZ2uAs3t7CCCeu6eD9nI=";
+    sha256 = "sha256-QNNKfL2pLdOqbjd6t7SLaLcHmyEmmB7vFvj1g6FSTBo=";
     fetchSubmodules = true;
   };
 

pkgs/applications/misc/ddcui/default.nix

@@ -10,13 +10,13 @@
 
 mkDerivation rec {
   pname = "ddcui";
-  version = "0.2.1";
+  version = "0.3.0";
 
   src = fetchFromGitHub {
     owner = "rockowitz";
     repo = "ddcui";
     rev = "v${version}";
-    sha256 = "sha256-a8UGdVLi+i8hvWE3M5d92vnm3VryxRR56jXeBtB2PSk=";
+    sha256 = "sha256-P8dh6k8lht1/JNILzNZEyYD8loNoJjG5869K2Hl11z8=";
   };
 
   nativeBuildInputs = [

pkgs/applications/misc/edgetx/default.nix

@@ -6,14 +6,14 @@
 
 mkDerivation rec {
   pname = "edgetx";
-  version = "2.6.0";
+  version = "2.7.1";
 
   src = fetchFromGitHub {
     owner = "EdgeTX";
     repo = pname;
     rev = "v${version}";
     fetchSubmodules = true;
-    sha256 = "sha256-TffHFgr3g7v4VnNSSlLITz4cYjHM6wE0aI85W1g4IFA=";
+    sha256 = "sha256-1l5EoDY17+2PDS3eRT3CHksVoZQgNLV9vRDu7nfzlrE=";
   };
 
   nativeBuildInputs = [ cmake gcc-arm-embedded python3Packages.pillow ];

pkgs/applications/misc/fetchmail/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "fetchmail";
-  version = "6.4.30";
+  version = "6.4.32";
 
   src = fetchurl {
     url = "mirror://sourceforge/fetchmail/fetchmail-${version}.tar.xz";
-    sha256 = "sha256-NYJMIKodjZfj8WEf70m59/aDlvfLxNOoB/7SeunqRFo=";
+    sha256 = "sha256-PudERmVgatBvtfexX5HjFzuEW8mLZGsaRRSkaqSLcig=";
   };
 
   buildInputs = [ openssl ];

pkgs/applications/misc/fluidd/default.nix

@@ -2,12 +2,12 @@
 
 stdenvNoCC.mkDerivation rec {
   pname = "fluidd";
-  version = "1.19.0";
+  version = "1.19.1";
 
   src = fetchurl {
     name = "fluidd-v${version}.zip";
     url = "https://github.com/cadriel/fluidd/releases/download/v${version}/fluidd.zip";
-    sha256 = "sha256-KFWjpJ7nYAvEwaI1yeBV+Zvj+uaS2Myw1Szkb/2VZe4=";
+    sha256 = "sha256-ARBi+8IAheEJ5keyiDCub6Y83hT/dU/BajPChi3f1po=";
   };
 
   nativeBuildInputs = [ unzip ];

pkgs/applications/misc/heimer/default.nix

@@ -2,13 +2,13 @@
 
 mkDerivation rec {
   pname = "heimer";
-  version = "3.2.0";
+  version = "3.5.0";
 
   src = fetchFromGitHub {
     owner = "juzzlin";
     repo = pname;
     rev = version;
-    sha256 = "sha256-aAFhShsC3FLGgtF/8XJbWIMBEO3/gcGeDZei69Luz+s=";
+    sha256 = "sha256-rxvfBgbMVKNiv+F2fyqcieGamTUwFKScEky918oU8lc=";
   };
 
   nativeBuildInputs = [ cmake ];

pkgs/applications/misc/iptsd/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "iptsd";
-  version = "0.5";
+  version = "0.5.1";
 
   src = fetchFromGitHub {
     owner = "linux-surface";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-A/0hA4gJwzrRPn57IKYvfcAnx1KXbQl0ZX2TE8mcQhc=";
+    sha256 = "sha256-du5TC3I5+hWifjdnaeTj2QPJ6/oTXZqaOrZJkef/USU=";
   };
 
   nativeBuildInputs = [ meson ninja pkg-config ];

pkgs/applications/misc/keepass/default.nix

@@ -1,7 +1,8 @@
 { lib, fetchurl, buildDotnetPackage, substituteAll, makeWrapper, makeDesktopItem,
   unzip, icoutils, gtk2, xorg, xdotool, xsel, coreutils, unixtools, glib, plugins ? [] }:
-
-with builtins; buildDotnetPackage rec {
+let
+  inherit (builtins) add length readFile replaceStrings unsafeDiscardStringContext toString map;
+in buildDotnetPackage rec {
   pname = "keepass";
   version = "2.49";
 

pkgs/applications/misc/moonlight-qt/default.nix

@@ -20,13 +20,13 @@
 
 stdenv.mkDerivation rec {
   pname = "moonlight-qt";
-  version = "4.0.0";
+  version = "4.1.0";
 
   src = fetchFromGitHub {
     owner = "moonlight-stream";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-CfOphr8QILCZg+UrImp5JO/1DTqoan5EwiQeTKR15Fo=";
+    sha256 = "sha256-/HRmyf4sW8rsNmKMrlgPvq1L8gAEa6VRCyG2w5TfGkI=";
     fetchSubmodules = true;
   };
 

pkgs/applications/misc/pure-maps/default.nix

@@ -6,13 +6,13 @@
 
 mkDerivation rec {
   pname = "pure-maps";
-  version = "3.0.0";
+  version = "3.1.0";
 
   src = fetchFromGitHub {
     owner = "rinigus";
     repo = "pure-maps";
     rev = version;
-    hash = "sha256-r36/Vpt4ZIWV1+VhqRBuo4uT7nmEGiFGIt3QGG3ijjs=";
+    hash = "sha256-PjZ8aKF+g3mH7z6LIUxI7mbtkcFv3wznBywaX/Y+1FU=";
     fetchSubmodules = true;
   };
 

pkgs/applications/misc/qdirstat/default.nix

@@ -4,13 +4,13 @@
 
 let
   pname = "qdirstat";
-  version = "1.8";
+  version = "1.8.1";
 
   src = fetchFromGitHub {
     owner = "shundhammer";
     repo = pname;
     rev = version;
-    sha256 = "sha256-R/eUqv5AxO5TcLkqOvlAXEkjAzeKGihf8YIQIIevOR0=";
+    sha256 = "sha256-yWv41iWtdTdlFuvLHKCbwmnSXq7Z5pIJq28GMDltdxM=";
   };
 in
 

pkgs/applications/misc/remarkable/rmapi/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "rmapi";
-  version = "0.0.19";
+  version = "0.0.20";
 
   src = fetchFromGitHub {
     owner = "juruen";
     repo = "rmapi";
     rev = "v${version}";
-    sha256 = "sha256-HXWE6688jhRQQEiZuPfuJStSQeueqoWwwa+PfneHprw=";
+    sha256 = "sha256-khQ4Q2y/MJdz5EpfTSrLBROCX2QP2+3PXRO+x+FaXro=";
   };
 
   vendorSha256 = "sha256-gu+BU2tL/xZ7D6lZ1ueO/9IB9H3NNm4mloCZaGqZskU=";

pkgs/applications/misc/surface-control/default.nix

@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "surface-control";
-  version = "0.4.1-2";
+  version = "0.4.2-1";
 
   src = fetchFromGitHub {
     owner = "linux-surface";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-ZgtEmjk1HwoKkyuOiMWalK5RPb3ML8HM/wwz8OM9HoI=";
+    sha256 = "sha256-tFGYIIlcJ4qF1t4Ej6WanjHtm8dSWtH38856uSTc7rU=";
   };
 
-  cargoSha256 = "sha256-CsPyY/NA2+Lecemuor2nHd6yzf2PvMK7NZyvY3vewpI=";
+  cargoSha256 = "sha256-WwTM1DMTi5DKnkMERkW8H8T2OXlg+Tk6BupmwnOAK5I=";
 
   nativeBuildInputs = [ pkg-config installShellFiles ];
   buildInputs = [ udev ];

pkgs/applications/misc/tdrop/default.nix

@@ -4,13 +4,13 @@
 
 stdenv.mkDerivation rec {
   pname = "tdrop";
-  version = "0.4.0";
+  version = "0.5.0";
 
   src = fetchFromGitHub {
     owner = "noctuid";
     repo = "tdrop";
     rev = version;
-    sha256 = "sha256-1umHwzpv4J8rZ0c0q+2dPsEk4vhFB4UerwI8ctIJUZg=";
+    sha256 = "sha256-fHvGXaZL7MMvTnkap341B79PDDo2lOVPPcOH4AX/zXo=";
   };
 
   dontBuild = true;

pkgs/applications/misc/translate-shell/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "translate-shell";
-  version = "0.9.6.12";
+  version = "0.9.7";
 
   src = fetchFromGitHub {
     owner = "soimort";
     repo = "translate-shell";
     rev = "v${version}";
-    sha256 = "075vqnha21rhr1b61dim7dqlfwm1yffyzcaa83s36rpk9r5sddzx";
+    sha256 = "sha256-OLbGBP+QHW51mt0sFXf6SqrIYZ0iC/X10F148NAG4A4=";
   };
 
   nativeBuildInputs = [ makeWrapper ];

pkgs/applications/misc/unipicker/default.nix

@@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
     description = "A CLI utility for searching unicode characters by description and optionally copying them to clipboard";
     homepage = "https://github.com/jeremija/unipicker";
     license = licenses.mit;
-    maintainers = with maintainers; [ kiyengar ];
+    maintainers = with maintainers; [ ];
     platforms = platforms.unix;
    };
 }

pkgs/applications/misc/wofi-emoji/default.nix

@@ -1,30 +1,27 @@
-{ stdenv, lib, fetchFromGitHub, jq }:
-
-let
-  emojiJSON = fetchFromGitHub {
-    owner = "github";
-    repo = "gemoji";
-    sha256 = "sha256-Tn0vba129LPlX+MRcCBA9qp2MU1ek1jYzVCqoNxCL/w=";
-    rev = "v4.0.0.rc2";
-  };
-
-in stdenv.mkDerivation rec {
+{ stdenv, lib, fetchurl, fetchFromGitHub, jq, wofi, wtype, wl-clipboard }:
+
+let emojiJSON = fetchurl {
+  url = "https://raw.githubusercontent.com/muan/emojilib/v3.0.6/dist/emoji-en-US.json";
+  sha256 = "sha256-wf7zsIEbX/diLwmVvnN2Goxh2V5D3Z6nbEMSb5pSGt0=";
+};
+in
+stdenv.mkDerivation rec {
   pname = "wofi-emoji";
-  version = "unstable-2021-05-24";
+  version = "unstable-2022-08-19";
 
   src = fetchFromGitHub {
     owner = "dln";
     repo = pname;
-    rev = "bfe35c1198667489023109f6843217b968a35183";
-    sha256 = "sha256-wMIjTUCVn4uF0cpBkPfs76NRvwS0WhGGJRy9vvtmVWQ=";
+    rev = "c5ecb4f0f164aedb046f52b5eacac889609c8522";
+    sha256 = "1wq276bhf9x24ds13b2dwa69cjnr207p6977hr4bsnczryg609rh";
   };
 
   nativeBuildInputs = [ jq ];
+  buildInputs = [ wofi wtype wl-clipboard ];
 
   postPatch = ''
-    cp "${emojiJSON}/db/emoji.json" .
     substituteInPlace build.sh \
-      --replace 'curl https://raw.githubusercontent.com/github/gemoji/master/db/emoji.json' 'cat emoji.json'
+      --replace 'curl ${emojiJSON.url}' 'cat emoji-en-US.json'
   '';
 
   buildPhase = ''