Merge pull request #184 from knuton/bump-nixpkgs-2405

Bump nixpkgs to 24.11

Author: knuton

application.nix

@@ -23,6 +23,8 @@ rec {
 
     module = { config, lib, pkgs, ... }:
     let
+      sessionName = "kiosk-browser";
+
       selectDisplay = pkgs.writeShellApplication {
         name = "select-display";
         runtimeInputs = with pkgs; [
@@ -41,6 +43,18 @@ rec {
         ./application/limit-vtes.nix
       ];
 
+      boot.blacklistedKernelModules = [
+        # Blacklist NFC modules conflicting with CCID/PCSC
+        # https://ludovicrousseau.blogspot.com/2013/11/linux-nfc-driver-conflicts-with-ccid.html
+        "pn533_usb"
+        "pn533"
+        "nfc"
+
+        # Disable any USB sound cards to create a closed world where the audio
+        # landscape on the standard devices is completely predictable.
+        "snd_usb_audio"
+      ];
+
       # Kiosk runs as a non-privileged user
       users.users.play = {
         isNormalUser = true;
@@ -64,9 +78,11 @@ rec {
       # System-wide packages
       environment.systemPackages = with pkgs; [ breeze-contrast-cursor-theme ];
 
+      # Avoid bloating system image size
+      services.speechd.enable = false;
+
       # Kiosk session
-      services.xserver = let sessionName = "kiosk-browser";
-      in {
+      services.xserver = {
         enable = true;
 
         desktopManager = {
@@ -103,27 +119,28 @@ rec {
         };
 
         displayManager = {
-          # Always automatically log in play user
           lightdm = {
             enable = true;
             greeter.enable = false;
             autoLogin.timeout = 0;
           };
 
-          autoLogin = {
-            enable = true;
-            user = "play";
-          };
-
-          defaultSession = sessionName;
-
           sessionCommands = ''
             ${pkgs.xorg.xrdb}/bin/xrdb -merge <<EOF
               Xcursor.theme: ${pkgs.breeze-contrast-cursor-theme.themeName}
             EOF
           '';
         };
       };
+      services.displayManager = {
+        # Always automatically log in play user
+        autoLogin = {
+          enable = true;
+          user = "play";
+        };
+
+        defaultSession = sessionName;
+      };
 
       # Firewall configuration
       networking.firewall = {
@@ -166,15 +183,16 @@ rec {
       };
 
       # Audio
-      sound.enable = true;
+      services.pipewire.enable = false;
+
       hardware.pulseaudio = {
         enable = true;
         extraConfig = ''
           # Use HDMI output
           set-card-profile 0 output:hdmi-stereo
           # Respond to changes in connected outputs
           load-module module-switch-on-port-available
-          load-module module-switch-on-connect
+          load-module module-switch-on-connect blacklist=""
         '';
       };
 
@@ -183,8 +201,6 @@ rec {
 
       # Enable pcscd for smart card identification
       services.pcscd.enable = true;
-      # Blacklist NFC modules conflicting with CCID (https://ludovicrousseau.blogspot.com/2013/11/linux-nfc-driver-conflicts-with-ccid.html)
-      boot.blacklistedKernelModules = [ "pn533_usb" "pn533" "nfc" ];
       # Allow play user to access pcsc
       security.polkit.extraConfig = ''
         polkit.addRule(function(action, subject) {

controller/.ocamlformat

@@ -1,4 +1,4 @@
-version = 0.26.1
+version = 0.27.0
 
 profile = ocamlformat
 

controller/bindings/connman/connman.ml

@@ -684,7 +684,8 @@ module Service = struct
         Lwt.fail_with
           (Printf.sprintf
              "Connection failed, unknown error reported by manager: %s\n\
-              DBus connect exception: %s" err (Printexc.to_string exn)
+              DBus connect exception: %s"
+             err (Printexc.to_string exn)
           )
     | Error exn, Some (AgentError err) ->
         Lwt.fail_with

controller/dune-project

@@ -1 +1 @@
-(lang dune 3.11)
+(lang dune 3.16)

kiosk/default.nix

@@ -23,6 +23,7 @@ python3Packages.buildPythonApplication rec {
   nativeBuildInputs = [
     mypy
     qt6.wrapQtAppsHook
+    wrapGAppsHook
   ];
 
   propagatedBuildInputs = with python3Packages; [

kiosk/kiosk_browser/__init__.py

@@ -1,4 +1,5 @@
 import sys
+import os
 import logging
 import signal
 from PyQt6.QtCore import Qt, QUrl
@@ -7,10 +8,22 @@
 
 from kiosk_browser import main_widget
 
+# Workaround for https://bugreports.qt.io/browse/QTBUG-130273 in Qt 6.8.1
+# Should be fixed with QT 6.8.2
+# Note: doing this via env variables rather than passing `--webEngineArgs`,
+# because the env variable overrides the args (and so is easy to break in tests,
+# etc)
+def tempFixAudioIssues():
+    curFlags = os.environ.get('QTWEBENGINE_CHROMIUM_FLAGS', "")
+    os.environ['QTWEBENGINE_CHROMIUM_FLAGS'] = curFlags + " --disable-features=FFmpegAllowLists"
+
+
 def start(kiosk_url, settings_url, toggle_settings_key, fullscreen = True):
 
     logging.basicConfig(level=logging.INFO)
 
+    tempFixAudioIssues()
+
     app = QApplication(sys.argv)
     app.setApplicationName("kiosk-browser")
 

kiosk/kiosk_browser/browser_widget.py

@@ -145,7 +145,7 @@ def _view(self, status):
 
 def user_agent_with_system(user_agent, system_name, system_version):
     """Inject a specific system into a user agent string"""
-    pattern = re.compile('(Mozilla/5.0) \(([^\)]*)\)(.*)')
+    pattern = re.compile(r'(Mozilla/5.0) \(([^\)]*)\)(.*)')
     m = pattern.match(user_agent)
 
     if m == None:

kiosk/kiosk_browser/dialogable_widget.py

@@ -117,7 +117,7 @@ def title_line(
         font-size: 16px;
     """)
 
-    button = QtWidgets.QPushButton("❌", dialog)
+    button = QtWidgets.QPushButton("×", dialog)
     button.setCursor(QtGui.QCursor(QtCore.Qt.CursorShape.PointingHandCursor))
     button.setStyleSheet("""
         QPushButton {

pkgs/default.nix

@@ -3,9 +3,9 @@
 let
 
   nixpkgs = builtins.fetchTarball {
-    # nixos-23.11 2024-03-18
-    url = "https://github.com/nixos/nixpkgs/archive/614b4613980a522ba49f0d194531beddbb7220d3.tar.gz";
-    sha256 = "1kipdjdjcd1brm5a9lzlhffrgyid0byaqwfnpzlmw3q825z7nj6w";
+    # release-24.11 2025-02-10
+    url = "https://github.com/NixOS/nixpkgs/archive/edd84e9bffdf1c0ceba05c0d868356f28a1eb7de.tar.gz";
+    sha256 = "1gb61gahkq74hqiw8kbr9j0qwf2wlwnsvhb7z68zhm8wa27grqr0";
   };
 
   overlay =
@@ -15,7 +15,7 @@ let
 
       rauc = (import ./rauc) super;
 
-      ocamlPackages = super.ocamlPackages.overrideScope' (self: super: {
+      ocamlPackages = super.ocamlPackages.overrideScope (self: super: {
         semver = self.callPackage ./ocaml-modules/semver {};
         obus = self.callPackage ./ocaml-modules/obus {};
         opium = self.callPackage ./ocaml-modules/opium {};
@@ -25,14 +25,6 @@ let
             ./ocaml-modules/ppx_protocol_conv_jsonm {};
       });
 
-      # fixes getExe warning, used in tests
-      # Should be obsolete after upgrading to nixpkgs 24.05: https://github.com/NixOS/nixpkgs/pull/273952
-      tinyproxy = super.tinyproxy.overrideAttrs (_: prev: {
-        meta = prev.meta // {
-          mainProgram = "tinyproxy";
-        };
-      });
-
     };
 
 in

testing/end-to-end/profile.nix

@@ -6,8 +6,8 @@
     ];
 
     config = {
-        # don't need opengl for running tests, reduces image size vastly
-        hardware.opengl.enable = false;
+        # disable hardware-accelerated graphics, reduces image size vastly
+        hardware.graphics.enable = false;
 
         # test-instrumentation.nix sets this in the boot as kernel param,
         # but since we are booting with a custom GRUB config it has no effect,