Merge #289734: staging-next 2024-02-18

  environment variable and add dependent libraries to script's `LUA_PATH` and

  `LUA_CPATH`.

It accepts as arguments:

* 'luarocksConfig': a nix value that directly maps to the luarocks config used during

  the installation

By default `meta.platforms` is set to the same value as the interpreter unless overridden otherwise.

#### `buildLuaApplication` function {#buildluaapplication-function}

  be added as `build-system`.

- `pipInstallHook` to install wheels.

- `pytestCheckHook` to run tests with `pytest`. See [example usage](#using-pytestcheckhook).

- `pythonCatchConflictsHook` to check whether a Python package is not already existing.

- `pythonCatchConflictsHook` to fail if the package depends on two different versions of the same dependency.

- `pythonImportsCheckHook` to check whether importing the listed modules works.

- `pythonRelaxDepsHook` will relax Python dependencies restrictions for the package.

  See [example usage](#using-pythonrelaxdepshook).

  - The bundled Lua was updated to Lua v5.2, which includes breaking changes. See the [Lua manual](https://www.lua.org/manual/5.2/manual.html#8) for more information.

  - The WebSocket API [was rewritten](https://github.com/MCJack123/craftos2/issues/337), which introduced breaking changes.

- The `gtest` package has been updated past v1.13.0, which requires C++14 or higher.

- The latest available version of Nextcloud is v28 (available as `pkgs.nextcloud28`). The installation logic is as follows:

  - If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**)

  - If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud28` will be installed by default.

      networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; };

      pango = super.pango.override { x11Support = false; };

      pinentry = super.pinentry.override { enabledFlavors = [ "curses" "tty" "emacs" ]; withLibsecret = false; };

      pipewire = super.pipewire.override { x11Support = false; };

      pipewire = super.pipewire.override { vulkanSupport = false; x11Support = false; };

      pythonPackagesExtensions = super.pythonPackagesExtensions ++ [

        (python-final: python-prev: {

          # tk feature requires wayland which fails to compile

    extraCertificateFiles = cfg.certificateFiles;

    extraCertificateStrings = cfg.certificates;

  };

  caBundle = "${cacertPackage}/etc/ssl/certs/ca-bundle.crt";

  caBundleName = if cfg.useCompatibleBundle then "ca-no-trust-rules-bundle.crt" else "ca-bundle.crt";

  caBundle = "${cacertPackage}/etc/ssl/certs/${caBundleName}";

in

      internal = true;

    };

    security.pki.useCompatibleBundle = mkEnableOption ''usage of a compatibility bundle.

      Such a bundle consist exclusively of `BEGIN CERTIFICATE` and no `BEGIN TRUSTED CERTIFICATE`,

      which is a OpenSSL specific PEM format.

      It is known to be incompatible with certain software stacks.

      Nevertheless, enabling this will strip all additional trust rules provided by the

      certificates themselves, this can have security consequences depending on your usecases.

    '';

    security.pki.certificateFiles = mkOption {

      type = types.listOf types.path;

      default = [];