Merge remote-tracking branch 'origin/master' into staging-next

NixOS · Nov 12, 2024 · 9c85c8a · 9c85c8a
2 parents b4d4509 + 1556ad2
commit 9c85c8a
Show file tree

Hide file tree

Showing 101 changed files with 1,960 additions and 1,068 deletions.
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
@@ -1834,6 +1834,12 @@
     githubId = 10587952;
     name = "Armijn Hemel";
   };
+  arminius-smh = {
+    email = "[email protected]";
+    github = "arminius-smh";
+    githubId = 159054879;
+    name = "Armin Manfred Sprejz";
+  };
   arnarg = {
     email = "[email protected]";
     github = "arnarg";
@@ -10297,6 +10303,13 @@
     githubId = 2502736;
     name = "James Hillyerd";
   };
+  jhol = {
+    name = "Joel Holdsworth";
+    email = "[email protected]";
+    github = "jhol";
+    githubId = 1449493;
+    keys = [ { fingerprint = "08F7 2546 95DE EAEF 03DE  B0E4 D874 562D DC99 D889"; } ];
+  };
   jhollowe = {
     email = "[email protected]";
     github = "jhollowe";
@@ -16537,6 +16550,13 @@
     githubId = 120342602;
     name = "Michael Paepcke";
   };
+  pagedMov = {
+    email = "[email protected]";
+    github = "pagedMov";
+    githubId = 19557376;
+    name = "Kyler Clay";
+    keys = [ { fingerprint = "784B 3623 94E7 8F11 0B9D AE0F 56FD CFA6 2A93 B51E"; } ];
+  };
   paholg = {
     email = "[email protected]";
     github = "paholg";
@@ -23458,6 +23478,12 @@
     githubId = 7121530;
     name = "Wolf Honoré";
   };
+  whtsht = {
+    email = "[email protected]";
+    github = "whtsht";
+    githubId = 85547207;
+    name = "Hinata Toma";
+  };
   wietsedv = {
     email = "[email protected]";
     github = "wietsedv";

diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -123,6 +123,8 @@
 
 - [HomeBox](https://github.com/sysadminsmedia/homebox), an inventory and organization system built for the home user. Available as [services.homebox](#opt-services.homebox.enable).
 
+- [evremap](https://github.com/wez/evremap), a keyboard input remapper for Linux/Wayland systems. Available as [services.evremap](options.html#opt-services.evremap).
+
 - [matrix-hookshot](https://matrix-org.github.io/matrix-hookshot), a Matrix bot for connecting to external services. Available as [services.matrix-hookshot](#opt-services.matrix-hookshot.enable).
 
 - [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various Git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable).

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -752,6 +752,7 @@
   ./services/misc/etebase-server.nix
   ./services/misc/etesync-dav.nix
   ./services/misc/evdevremapkeys.nix
+  ./services/misc/evremap.nix
   ./services/misc/felix.nix
   ./services/misc/flaresolverr.nix
   ./services/misc/forgejo.nix

diff --git a/nixos/modules/services/misc/evremap.nix b/nixos/modules/services/misc/evremap.nix
@@ -0,0 +1,167 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.evremap;
+  format = pkgs.formats.toml { };
+
+  key = lib.types.strMatching "KEY_[[:upper:]]+" // {
+    description = "key ID prefixed with KEY_";
+  };
+
+  mkKeyOption =
+    description:
+    lib.mkOption {
+      type = key;
+      description = ''
+        ${description}
+
+        You can get a list of keys by running `evremap list-keys`.
+      '';
+    };
+  mkKeySeqOption =
+    description:
+    (mkKeyOption description)
+    // {
+      type = lib.types.listOf key;
+    };
+
+  dualRoleModule = lib.types.submodule {
+    options = {
+      input = mkKeyOption "The key that should be remapped.";
+      hold = mkKeySeqOption "The key sequence that should be output when the input key is held.";
+      tap = mkKeySeqOption "The key sequence that should be output when the input key is tapped.";
+    };
+  };
+
+  remapModule = lib.types.submodule {
+    options = {
+      input = mkKeySeqOption "The key sequence that should be remapped.";
+      output = mkKeySeqOption "The key sequence that should be output when the input sequence is entered.";
+    };
+  };
+in
+{
+  options.services.evremap = {
+    enable = lib.mkEnableOption "evremap, a keyboard input remapper for Linux/Wayland systems";
+
+    settings = lib.mkOption {
+      type = lib.types.submodule {
+        freeformType = format.type;
+
+        options = {
+          device_name = lib.mkOption {
+            type = lib.types.str;
+            example = "AT Translated Set 2 keyboard";
+            description = ''
+              The name of the device that should be remapped.
+
+              You can get a list of devices by running `evremap list-devices` with elevated permissions.
+            '';
+          };
+
+          dual_role = lib.mkOption {
+            type = lib.types.listOf dualRoleModule;
+            default = [ ];
+            example = [
+              {
+                input = "KEY_CAPSLOCK";
+                hold = [ "KEY_LEFTCTRL" ];
+                tap = [ "KEY_ESC" ];
+              }
+            ];
+            description = ''
+              List of dual-role remappings that output different key sequences based on whether the
+              input key is held or tapped.
+            '';
+          };
+
+          remap = lib.mkOption {
+            type = lib.types.listOf remapModule;
+            default = [ ];
+            example = [
+              {
+                input = [
+                  "KEY_LEFTALT"
+                  "KEY_UP"
+                ];
+                output = [ "KEY_PAGEUP" ];
+              }
+            ];
+            description = ''
+              List of remappings.
+            '';
+          };
+        };
+      };
+
+      description = ''
+        Settings for evremap.
+
+        See the [upstream documentation](https://github.com/wez/evremap/blob/master/README.md#configuration)
+        for how to configure evremap.
+      '';
+      default = { };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.evremap ];
+
+    hardware.uinput.enable = true;
+
+    systemd.services.evremap = {
+      description = "evremap - keyboard input remapper";
+      wantedBy = [ "multi-user.target" ];
+
+      script = "${lib.getExe pkgs.evremap} remap ${format.generate "evremap.toml" cfg.settings}";
+
+      serviceConfig = {
+        DynamicUser = true;
+        User = "evremap";
+        SupplementaryGroups = [
+          config.users.groups.input.name
+          config.users.groups.uinput.name
+        ];
+        Restart = "on-failure";
+        RestartSec = 5;
+        TimeoutSec = 20;
+
+        # Hardening
+        ProtectClock = true;
+        ProtectKernelLogs = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+        ProtectHostname = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        ProtectHome = true;
+        ProcSubset = "pid";
+
+        PrivateTmp = true;
+        PrivateNetwork = true;
+        PrivateUsers = true;
+
+        RestrictRealtime = true;
+        RestrictNamespaces = true;
+        RestrictAddressFamilies = "none";
+
+        MemoryDenyWriteExecute = true;
+        LockPersonality = true;
+        IPAddressDeny = "any";
+        AmbientCapabilities = "";
+        CapabilityBoundingSet = "";
+        SystemCallArchitectures = "native";
+        SystemCallFilter = [
+          "@system-service"
+          "~@resources"
+          "~@privileged"
+        ];
+        UMask = "0027";
+      };
+    };
+  };
+}
diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix
@@ -177,7 +177,7 @@ in
         type = types.nullOr types.str;
         example = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
         description = ''
-          "bantime.formula" used by default to calculate next value of ban time, default value bellow,
+          "bantime.formula" used by default to calculate next value of ban time, default value below,
           the same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32 ...
         '';
       };

diff --git a/nixos/modules/services/web-apps/changedetection-io.nix b/nixos/modules/services/web-apps/changedetection-io.nix
@@ -129,9 +129,6 @@ in
       services.changedetection-io = {
         wantedBy = [ "multi-user.target" ];
         after = [ "network.target" ];
-        preStart = ''
-          mkdir -p ${cfg.datastorePath}
-        '';
         serviceConfig = {
           User = cfg.user;
           Group = cfg.group;
@@ -153,7 +150,7 @@ in
           Restart = "on-failure";
         };
       };
-      tmpfiles.rules = mkIf defaultStateDir [
+      tmpfiles.rules = mkIf (!defaultStateDir) [
         "d ${cfg.datastorePath} 0750 ${cfg.user} ${cfg.group} - -"
       ];
     };

diff --git a/pkgs/applications/audio/mopidy/mopidy.nix b/pkgs/applications/audio/mopidy/mopidy.nix
@@ -1,5 +1,13 @@
-{ lib, stdenv, fetchFromGitHub, pythonPackages, wrapGAppsNoGuiHook
-, gst_all_1, glib-networking, gobject-introspection
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  pythonPackages,
+  wrapGAppsNoGuiHook,
+  gst_all_1,
+  glib-networking,
+  gobject-introspection,
+  pipewire,
 }:
 
 pythonPackages.buildPythonApplication rec {
@@ -24,17 +32,22 @@ pythonPackages.buildPythonApplication rec {
     gst-plugins-rs
   ];
 
-  propagatedBuildInputs = [
-    gobject-introspection
-  ] ++ (with pythonPackages; [
-      gst-python
-      pygobject3
-      pykka
-      requests
-      setuptools
-      tornado
-    ] ++ lib.optional (!stdenv.hostPlatform.isDarwin) dbus-python
-  );
+  propagatedBuildInputs =
+    [
+      gobject-introspection
+    ]
+    ++ (
+      with pythonPackages;
+      [
+        gst-python
+        pygobject3
+        pykka
+        requests
+        setuptools
+        tornado
+      ]
+      ++ lib.optional (!stdenv.hostPlatform.isDarwin) dbus-python
+    );
 
   propagatedNativeBuildInputs = [
     gobject-introspection
@@ -43,12 +56,18 @@ pythonPackages.buildPythonApplication rec {
   # There are no tests
   doCheck = false;
 
+  preFixup = ''
+    gappsWrapperArgs+=(
+      --prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "${pipewire}/lib/gstreamer-1.0"
+    )
+  '';
+
   meta = with lib; {
     homepage = "https://www.mopidy.com/";
     description = "Extensible music server that plays music from local disk, Spotify, SoundCloud, and more";
     mainProgram = "mopidy";
     license = licenses.asl20;
     maintainers = [ maintainers.fpletz ];
-    hydraPlatforms = [];
+    hydraPlatforms = [ ];
   };
 }