Merge remote-tracking branch 'origin/master' into staging-next

Author: K900

.github/workflows/eval.yml

@@ -171,11 +171,11 @@ jobs:
         run: |
           # Get the latest eval.yml workflow run for the PR's target commit
           if ! run=$(gh api --method GET /repos/"$REPOSITORY"/actions/workflows/eval.yml/runs \
-            -f head_sha="$BASE_SHA" -f event=push \
+            -f head_sha="$TARGET_SHA" -f event=push \
             --jq '.workflow_runs | sort_by(.run_started_at) | .[-1]') \
             || [[ -z "$run" ]]; then
-            echo "Could not find an eval.yml workflow run for $BASE_SHA, cannot make comparison"
-            exit 0
+            echo "Could not find an eval.yml workflow run for $TARGET_SHA, cannot make comparison"
+            exit 1
           fi
           echo "Comparing against $(jq .html_url <<< "$run")"
           runId=$(jq .id <<< "$run")
@@ -189,13 +189,13 @@ jobs:
 
           if [[ "$conclusion" != "success" ]]; then
             echo "Workflow was not successful (conclusion: $conclusion), cannot make comparison"
-            exit 0
+            exit 1
           fi
 
           echo "targetRunId=$runId" >> "$GITHUB_OUTPUT"
         env:
           REPOSITORY: ${{ github.repository }}
-          BASE_SHA: ${{ needs.attrs.outputs.targetSha }}
+          TARGET_SHA: ${{ needs.attrs.outputs.targetSha }}
           GH_TOKEN: ${{ github.token }}
 
       - uses: actions/download-artifact@v4

maintainers/maintainer-list.nix

@@ -5974,6 +5974,12 @@
     githubId = 523628;
     name = "Jonathan Strickland";
   };
+  djds = {
+    email = "[email protected]";
+    github = "djds";
+    githubId = 4218822;
+    name = "djds";
+  };
   Dje4321 = {
     email = "[email protected]";
     github = "dje4321";

nixos/doc/manual/release-notes/rl-2505.section.md

@@ -149,6 +149,8 @@
 
 - [git-worktree-switcher](https://github.com/mateusauler/git-worktree-switcher), switch between git worktrees with speed. Available as [programs.git-worktree-switcher](#opt-programs.git-worktree-switcher.enable)
 
+- [GLPI-Agent](https://github.com/glpi-project/glpi-agent), GLPI Agent. Available as [services.glpiAgent](options.html#opt-services.glpiAgent.enable).
+
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
 
 ## Backward Incompatibilities {#sec-release-25.05-incompatibilities}

nixos/modules/module-list.nix

@@ -925,6 +925,7 @@
   ./services/monitoring/gatus.nix
   ./services/monitoring/gitwatch.nix
   ./services/monitoring/glances.nix
+  ./services/monitoring/glpi-agent.nix
   ./services/monitoring/goss.nix
   ./services/monitoring/grafana-agent.nix
   ./services/monitoring/grafana-image-renderer.nix

nixos/modules/services/blockchain/ethereum/geth.nix

@@ -126,11 +126,8 @@ let
         network = lib.mkOption {
           type = lib.types.nullOr (
             lib.types.enum [
-              "goerli"
               "holesky"
-              "rinkeby"
-              "yolov2"
-              "ropsten"
+              "sepolia"
             ]
           );
           default = null;

nixos/modules/services/misc/recyclarr.nix

@@ -0,0 +1,156 @@
+{
+  config,
+  lib,
+  pkgs,
+  utils,
+  ...
+}:
+
+let
+  cfg = config.services.recyclarr;
+  format = pkgs.formats.yaml { };
+  stateDir = "/var/lib/recyclarr";
+  configPath = "${stateDir}/config.json";
+in
+{
+  options.services.recyclarr = {
+    enable = lib.mkEnableOption "recyclarr service";
+
+    package = lib.mkPackageOption pkgs "recyclarr" { };
+
+    configuration = lib.mkOption {
+      type = format.type;
+      default = { };
+      example = {
+        sonarr = [
+          {
+            instance_name = "main";
+            base_url = "http://localhost:8989";
+            api_key = {
+              _secret = "/run/credentials/recyclarr.service/sonarr-api_key";
+            };
+          }
+        ];
+        radarr = [
+          {
+            instance_name = "main";
+            base_url = "http://localhost:7878";
+            api_key = {
+              _secret = "/run/credentials/recyclarr.service/radarr-api_key";
+            };
+          }
+        ];
+      };
+      description = lib.mdDoc ''
+        Recyclarr YAML configuration as a Nix attribute set.
+
+        For detailed configuration options and examples, see the
+        [official configuration reference](https://recyclarr.dev/wiki/yaml/config-reference/).
+
+        The configuration is processed using [utils.genJqSecretsReplacementSnippet](https://github.com/NixOS/nixpkgs/blob/master/nixos/lib/utils.nix#L232-L331) to handle secret substitution.
+
+        To avoid permission issues, secrets should be provided via systemd's credential mechanism:
+
+        ```nix
+        systemd.services.recyclarr.serviceConfig.LoadCredential = [
+          "radarr-api_key:''${config.sops.secrets.radarr-api_key.path}"
+        ];
+      '';
+    };
+
+    schedule = lib.mkOption {
+      type = lib.types.str;
+      default = "daily";
+      description = "When to run recyclarr in systemd calendar format.";
+    };
+
+    command = lib.mkOption {
+      type = lib.types.str;
+      default = "sync";
+      description = "The recyclarr command to run (e.g., sync).";
+    };
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "recyclarr";
+      description = "User account under which recyclarr runs.";
+    };
+
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = "recyclarr";
+      description = "Group under which recyclarr runs.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    users.users = lib.mkIf (cfg.user == "recyclarr") {
+      recyclarr = {
+        isSystemUser = true;
+        description = "recyclarr user";
+        home = stateDir;
+        group = cfg.group;
+      };
+    };
+
+    users.groups = lib.mkIf (cfg.group == "recyclarr") {
+      ${cfg.group} = { };
+    };
+
+    systemd.services.recyclarr = {
+      description = "Recyclarr Service";
+
+      # YAML is a JSON super-set
+      preStart = utils.genJqSecretsReplacementSnippet cfg.configuration configPath;
+
+      serviceConfig = {
+        Type = "oneshot";
+        User = cfg.user;
+        Group = cfg.group;
+        StateDirectory = "recyclarr";
+        ExecStart = "${lib.getExe cfg.package} ${cfg.command} --app-data ${stateDir} --config ${configPath}";
+
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        PrivateTmp = true;
+        PrivateDevices = true;
+        ProtectHostname = true;
+        ProtectClock = true;
+        ProtectKernelTunables = true;
+        ProtectKernelModules = true;
+        ProtectKernelLogs = true;
+        ProtectControlGroups = true;
+
+        PrivateNetwork = false;
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+        ];
+
+        NoNewPrivileges = true;
+        RestrictSUIDSGID = true;
+        RemoveIPC = true;
+
+        ReadWritePaths = [ stateDir ];
+
+        CapabilityBoundingSet = "";
+
+        LockPersonality = true;
+        RestrictRealtime = true;
+      };
+    };
+
+    systemd.timers.recyclarr = {
+      description = "Recyclarr Timer";
+      wantedBy = [ "timers.target" ];
+      partOf = [ "recyclarr.service" ];
+
+      timerConfig = {
+        OnCalendar = cfg.schedule;
+        Persistent = true;
+        RandomizedDelaySec = "5m";
+      };
+    };
+  };
+}

nixos/modules/services/monitoring/glpi-agent.nix

@@ -0,0 +1,91 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.services.glpiAgent;
+
+  settingsType =
+    with lib.types;
+    attrsOf (oneOf [
+      bool
+      int
+      str
+      (listOf str)
+    ]);
+
+  formatValue =
+    v:
+    if lib.isBool v then
+      if v then "1" else "0"
+    else if lib.isList v then
+      lib.concatStringsSep "," v
+    else
+      toString v;
+
+  configContent = lib.concatStringsSep "\n" (
+    lib.mapAttrsToList (k: v: "${k} = ${formatValue v}") cfg.settings
+  );
+
+  configFile = pkgs.writeText "agent.cfg" configContent;
+
+in
+{
+  options = {
+    services.glpiAgent = {
+      enable = lib.mkEnableOption "GLPI Agent";
+
+      package = lib.mkPackageOption pkgs "glpi-agent" { };
+
+      settings = lib.mkOption {
+        type = settingsType;
+        default = { };
+        description = ''
+          GLPI Agent configuration options.
+          See https://glpi-agent.readthedocs.io/en/latest/configuration.html for all available options.
+
+          The 'server' option is mandatory and must point to your GLPI server.
+        '';
+        example = lib.literalExpression ''
+          {
+            server = [ "https://glpi.example.com/inventory" ];
+            delaytime = 3600;
+            tag = "production";
+            logger = [ "stderr" "file" ];
+            debug = 1;
+            "no-category" = [ "printer" "software" ];
+          }
+        '';
+      };
+
+      stateDir = lib.mkOption {
+        type = lib.types.str;
+        default = "/var/lib/glpi-agent";
+        description = "Directory where GLPI Agent stores its state.";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.settings ? server;
+        message = "GLPI Agent requires a server to be configured in services.glpiAgent.settings.server";
+      }
+    ];
+
+    systemd.services.glpi-agent = {
+      description = "GLPI Agent";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        ExecStart = "${lib.getExe cfg.package} --conf-file ${configFile} --vardir ${cfg.stateDir} --daemon --no-fork";
+        Restart = "on-failure";
+      };
+    };
+  };
+}

nixos/tests/geth.nix

@@ -15,7 +15,8 @@ import ./make-test-python.nix (
             enable = true;
           };
         };
-        services.geth."testnet" = {
+
+        services.geth."holesky" = {
           enable = true;
           port = 30304;
           network = "holesky";
@@ -28,15 +29,31 @@ import ./make-test-python.nix (
             port = 18551;
           };
         };
+
+        services.geth."sepolia" = {
+          enable = true;
+          port = 30305;
+          network = "sepolia";
+          http = {
+            enable = true;
+            port = 28545;
+          };
+          authrpc = {
+            enable = true;
+            port = 28551;
+          };
+        };
       };
 
     testScript = ''
       start_all()
 
       machine.wait_for_unit("geth-mainnet.service")
-      machine.wait_for_unit("geth-testnet.service")
+      machine.wait_for_unit("geth-holesky.service")
+      machine.wait_for_unit("geth-sepolia.service")
       machine.wait_for_open_port(8545)
       machine.wait_for_open_port(18545)
+      machine.wait_for_open_port(28545)
 
       machine.succeed(
           'geth attach --exec "eth.blockNumber" http://localhost:8545 | grep \'^0$\' '
@@ -45,6 +62,10 @@ import ./make-test-python.nix (
       machine.succeed(
           'geth attach --exec "eth.blockNumber" http://localhost:18545 | grep \'^0$\' '
       )
+
+      machine.succeed(
+          'geth attach --exec "eth.blockNumber" http://localhost:28545 | grep \'^0$\' '
+      )
     '';
   }
 )

pkgs/applications/networking/instant-messengers/discord/default.nix

@@ -9,7 +9,7 @@ let
   versions =
     if stdenv.hostPlatform.isLinux then
       {
-        stable = "0.0.82";
+        stable = "0.0.83";
         ptb = "0.0.128";
         canary = "0.0.581";
         development = "0.0.68";
@@ -26,7 +26,7 @@ let
     x86_64-linux = {
       stable = fetchurl {
         url = "https://stable.dl2.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz";
-        hash = "sha256-L8Lwe5UavmbW1s3gsSJiHjbiZnNtyEsEJzlrN0Fgc3w=";
+        hash = "sha256-thBnSYjYa2QEHyxIhEiA73hMs/S8n808oq8IAKtA7VI=";
       };
       ptb = fetchurl {
         url = "https://ptb.dl2.discordapp.net/apps/linux/${version}/discord-ptb-${version}.tar.gz";