Merge staging-next into staging

      "opt/brave/native-messaging-hosts/${appId}".source = source "hosts/chromium";

      "opt/brave/policies/managed/${appId}".source = source "policies/chromium";

    };

    programs.firefox.wrapperConfig.enableBrowserpass = true;

    programs.firefox.nativeMessagingHosts.packages = [ pkgs.browserpass ];

  };

}

let

  cfg = config.programs.firefox;

  nmh = cfg.nativeMessagingHosts;

  policyFormat = pkgs.formats.json { };

  organisationInfo = ''

    given control of your browser, unless of course they also control your

    NixOS configuration.

  '';

  # deprecated per-native-messaging-host options

  nmhOptions = {

    browserpass = {

      name = "Browserpass";

      package = pkgs.browserpass;

    };

    bukubrow = {

      name = "Bukubrow";

      package = pkgs.bukubrow;

    };

    euwebid = {

      name = "Web eID";

      package = pkgs.web-eid-app;

    };

    ff2mpv = {

      name = "ff2mpv";

      package = pkgs.ff2mpv;

    };

    fxCast = {

      name = "fx_cast";

      package = pkgs.fx-cast-bridge;

    };

    gsconnect = {

      name = "GSConnect";

      package = pkgs.gnomeExtensions.gsconnect;

    };

    jabref = {

      name = "JabRef";

      package = pkgs.jabref;

    };

    passff = {

      name = "PassFF";

      package = pkgs.passff-host;

    };

    tridactyl = {

      name = "Tridactyl";

      package = pkgs.tridactyl-native;

    };

    ugetIntegrator = {

      name = "Uget Integrator";

      package = pkgs.uget-integrator;

    };

  };

in

{

  options.programs.firefox = {

      '';

    };

    nativeMessagingHosts = mapAttrs (_: v: mkEnableOption (mdDoc v)) {

      browserpass = "Browserpass support";

      bukubrow = "Bukubrow support";

      euwebid = "Web eID support";

      ff2mpv = "ff2mpv support";

      fxCast = "fx_cast support";

      gsconnect = "GSConnect support";

      jabref = "JabRef support";

      passff = "PassFF support";

      tridactyl = "Tridactyl support";

      ugetIntegrator = "Uget Integrator support";

    nativeMessagingHosts = ({

      packages = mkOption {

        type = types.listOf types.package;

        default = [];

        description = mdDoc ''

          Additional packages containing native messaging hosts that should be made available to Firefox extensions.

        '';

      };

    }) // (mapAttrs (k: v: mkEnableOption (mdDoc "${v.name} support")) nmhOptions);

  };

  config = mkIf cfg.enable {

  config = let

    forEachEnabledNmh = fn: flatten (mapAttrsToList (k: v: lib.optional cfg.nativeMessagingHosts.${k} (fn k v)) nmhOptions);

  in mkIf cfg.enable {

    warnings = forEachEnabledNmh (k: v:

      "The `programs.firefox.nativeMessagingHosts.${k}` option is deprecated, " +

      "please add `${v.package.pname}` to `programs.firefox.nativeMessagingHosts.packages` instead."

    );

    programs.firefox.nativeMessagingHosts.packages = forEachEnabledNmh (_: v: v.package);

    environment.systemPackages = [

      (cfg.package.override (old: {

        extraPrefs = cfg.autoConfig;

        extraNativeMessagingHosts =

          old.extraNativeMessagingHosts or []

          ++ optional nmh.ff2mpv pkgs.ff2mpv

          ++ optional nmh.euwebid pkgs.web-eid-app

          ++ optional nmh.gsconnect pkgs.gnomeExtensions.gsconnect

          ++ optional nmh.jabref pkgs.jabref

          ++ optional nmh.passff pkgs.passff-host;

        cfg = let

          # copy-pasted from the wrapper; TODO: figure out fix

          applicationName = cfg.package.binaryName or (lib.getName cfg.package);

          oldCfg = old.cfg or {};

          nixpkgsConfig = pkgs.config.${applicationName} or {};

          optionConfig = cfg.wrapperConfig;

          nmhConfig = {

            enableBrowserpass = nmh.browserpass;

            enableBukubrow = nmh.bukubrow;

            enableTridactylNative = nmh.tridactyl;

            enableUgetIntegrator = nmh.ugetIntegrator;

            enableFXCastBridge = nmh.fxCast;

          };

        in oldCfg // nixpkgsConfig // optionConfig // nmhConfig;

        extraPrefsFiles = old.extraPrefsFiles or [] ++ [(pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig)];

        nativeMessagingHosts = old.nativeMessagingHosts or [] ++ cfg.nativeMessagingHosts.packages;

        cfg = (old.cfg or {}) // cfg.wrapperConfig;

      }))

    ];

    services.dbus.packages = [ pkgs.gnome-browser-connector ];

    programs.firefox.wrapperConfig.enableGnomeExtensions = true;

    programs.firefox.nativeMessagingHosts.packages = [ pkgs.gnome-browser-connector ];

  };

}

    ++ lib.optional (cfg.settings ? oidc_providers) "oidc"

    ++ lib.optional (cfg.settings ? jwt_config) "jwt"

    ++ lib.optional (cfg.settings ? saml2_config) "saml2"

    ++ lib.optional (cfg.settings ? opentracing) "opentracing"

    ++ lib.optional (cfg.settings ? redis) "redis"

    ++ lib.optional (cfg.settings ? sentry) "sentry"

    ++ lib.optional (cfg.settings ? user_directory) "user-search"

          [

            "cache-memory" # Provide statistics about caching memory consumption

            "jwt"          # JSON Web Token authentication

            "opentracing"  # End-to-end tracing support using Jaeger

            "oidc"         # OpenID Connect authentication

            "postgres"     # PostgreSQL database backend

            "redis"        # Redis support for the replication stream between worker processes

          };

          port = mkOption {

            type = types.nullOr port;

            description = lib.mdDoc "Port number.";

            description = lib.mdDoc ''

              Port number to listen on.

              If unset and the listen address is not a socket then nginx defaults to 80.

            '';

            default = null;

          };

          ssl = mkOption {