Unverified Commit 12563242 authored by nixpkgs-ci[bot]'s avatar nixpkgs-ci[bot] Committed by GitHub
Browse files

Merge master into staging-next

parents 7e9e7583 daebeba7

doc/release-notes/rl-2511.section.md

+2 −0
Original line number Diff line number Diff line
@@ -174,6 +174,8 @@ 


- `vmware-horizon-client` was renamed to `omnissa-horizon-client`, following [VMware's sale of their end-user business to Omnissa](https://www.omnissa.com/insights/introducing-omnissa-the-former-vmware-end-user-computing-business/). The binary has been renamed from `vmware-view` to `horizon-client`.



- `yggdrasil-jumper` has been updated to v0.4, changing traversal protocol. See [release notes](https://github.com/one-d-wide/yggdrasil-jumper/releases/tag/v0.4.0).



- `neovimUtils.makeNeovimConfig` now uses `customLuaRC` parameter instead of accepting `luaRcContent`. The old usage is deprecated but still works with a warning.



- `python3Packages.pyocr` no longer supports `cuneiform` on Linux by default. It is still possible to enable it using `withCuneiformSupport` override.

maintainers/maintainer-list.nix

+6 −0
Original line number Diff line number Diff line
@@ -26043,6 +26043,12 @@ 
    github = "tilpner";

    githubId = 4322055;

  };

  timasoft = {

    name = "Timofey Klester";

    email = "tima.klester@yandex.ru";

    github = "timasoft";

    githubId = 74288993;

  };

  timbertson = {

    email = "tim@gfxmonk.net";

    github = "timbertson";

nixos/modules/services/networking/yggdrasil-jumper.nix

+36 −4
Original line number Diff line number Diff line
@@ -10,11 +10,14 @@ let 
    escapeShellArgs

    filter

    hasPrefix

    makeBinPath

    mapAttrsToList

    mkEnableOption

    mkIf

    mkOption

    mkPackageOption

    optional

    optionals

    ;

  format = pkgs.formats.toml { };

in
@@ -55,14 +58,23 @@ in 
          '';

        };



        detectWireguard = mkOption {

          type = bool;

          default = true;

          description = ''

            Control whether `settings.wireguard = true` should automatically

            provide CAP_NET_ADMIN capability and make the necessary packages

            available to Yggdrasil Jumper service.

          '';

        };



        settings = mkOption {

          type = format.type;

          default = { };

          example = {

            listen_port = 9999;

            whitelist = [

              "<IPv6 address of a remote node>"

            ];

            whitelist = [ "<IPv6 address of a remote node>" ];

            wireguard = true;

          };

          description = ''

            Configuration for Yggdrasil Jumper as a Nix attribute set.
@@ -114,10 +126,22 @@ in 
    let

      cfg = config.services.yggdrasil-jumper;



      wg = cfg.detectWireguard && (cfg.settings ? wireguard) && cfg.settings.wireguard;

      wgExtraPkgs = optionals wg (

        with pkgs;

        [

          iproute2

          iptables

          wireguard-tools

          conntrack-tools

        ]

      );



      # Generate, concatenate and validate config file

      jumperSettings = format.generate "yggdrasil-jumper-settings" cfg.settings;

      jumperExtraConfig = pkgs.writeText "yggdrasil-jumper-extra-config" cfg.extraConfig;

      jumperConfig = pkgs.runCommand "yggdrasil-jumper-config" { } ''

        export PATH="${makeBinPath wgExtraPkgs}:$PATH"

        cat ${jumperSettings} ${jumperExtraConfig} \

          | tee $out \

          | ${cfg.package}/bin/yggdrasil-jumper --validate --config -
@@ -158,6 +182,7 @@ in 
        unitConfig.BindsTo = [ "yggdrasil.service" ];

        wantedBy = [ "multi-user.target" ];



        path = wgExtraPkgs;

        serviceConfig = {

          User = "yggdrasil";

          DynamicUser = true;
@@ -179,9 +204,16 @@ in 
          MemoryDenyWriteExecute = true;

          ProtectControlGroups = true;

          ProtectHome = "tmpfs";

          RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";

          RestrictAddressFamilies = [

            "AF_UNIX"

            "AF_INET"

            "AF_INET6"

          ]

          ++ optional wg "AF_NETLINK";

          RestrictNamespaces = true;

          RestrictRealtime = true;

          AmbientCapabilities = optional wg "CAP_NET_ADMIN";

          CapabilityBoundingSet = optional wg "CAP_NET_ADMIN";

          SystemCallArchitectures = "native";

          SystemCallFilter = [

            "@system-service"

pkgs/applications/audio/zynaddsubfx/default.nix

+1 −0
Original line number Diff line number Diff line
@@ -134,6 +134,7 @@ stdenv.mkDerivation rec { 
  cmakeFlags = [

    "-DGuiModule=${guiModule}"

    "-DZYN_DATADIR=${placeholder "out"}/share/zynaddsubfx"

    "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"

  ]

  # OSS library is included in glibc.

  # Must explicitly disable if support is not wanted.

pkgs/applications/science/logic/easycrypt/default.nix

+3 −3
Original line number Diff line number Diff line
@@ -10,13 +10,13 @@ 


stdenv.mkDerivation rec {

  pname = "easycrypt";

  version = "2025.08";

  version = "2025.10";



  src = fetchFromGitHub {

    owner = "easycrypt";

    repo = "easycrypt";

    tag = "r${version}";

    hash = "sha256-WUms6hh7T5/gxRLFvbJQiT1ErLr8KFilFNOMTT/fIyY=";

    hash = "sha256-EF508JsM99lLIqTrWkV/gvlKYRSPQgaLfqxDoOkJbhU=";

  };



  nativeBuildInputs =
@@ -34,7 +34,7 @@ stdenv.mkDerivation rec { 
    batteries

    dune-build-info

    dune-site

    inifiles

    pcre2

    why3

    yojson

    zarith