Merge master into haskell-updates

    githubId = 3212452;

    name = "Cameron Nemo";

  };

  cameronraysmith = {

    email = "cameronraysmith@gmail.com";

    matrix = "@cameronraysmith:matrix.org";

    github = "cameronraysmith";

    githubId = 420942;

    name = "Cameron Smith";

    keys = [{

      fingerprint = "3F14 C258 856E 88AE E0F9  661E FF04 3B36 8811 DD1C";

    }];

  };

  camillemndn = {

    email = "camillemondon@free.fr";

    github = "camillemndn";

    githubId = 111202;

    name = "Henry Bubert";

  };

  cryptoluks = {

    github = "cryptoluks";

    githubId = 9020527;

    name = "cryptoluks";

  };

  CrystalGamma = {

    email = "nixos@crystalgamma.de";

    github = "CrystalGamma";

      fingerprint = "B722 6464 838F 8BDB 2BEA  C8C8 5B0E FDDF BA81 6105";

    }];

  };

  Forden = {

    email = "forden@zuku.tech";

    github = "Forden";

    githubId = 24463229;

    name = "Forden";

  };

  forkk = {

    email = "forkk@forkk.net";

    github = "Forkk";

    githubId = 26346867;

    name = "K.B.Dharun Krishna";

  };

  kbudde = {

    email = "kris@budd.ee";

    github = "kbudde";

    githubId = 1072181;

    name = "Kris Budde";

  };

  kcalvinalvin = {

    email = "calvin@kcalvinalvin.info";

    github = "kcalvinalvin";

    github = "nyawox";

    githubId = 93813719;

  };

  nydragon = {

    name = "nydragon";

    github = "nydragon";

    email = "nix@ccnlc.eu";

    githubId = 56591727;

    keys = [ { fingerprint = "25FF 8464 F062 7EC0 0129 6A43 14AA 30A8 65EA 1209"; } ];

  };

  nzbr = {

    email = "nixos@nzbr.de";

    github = "nzbr";

## Extensible Option Types {#sec-option-declarations-eot}

Extensible option types is a feature that allow to extend certain types

Extensible option types is a feature that allows to extend certain types

declaration through multiple module files. This feature only work with a

restricted set of types, namely `enum` and `submodules` and any composed

forms of them.

- [Handheld Daemon](https://github.com/hhd-dev/hhd), support for gaming handhelds like the Legion Go, ROG Ally, and GPD Win. Available as [services.handheld-daemon](#opt-services.handheld-daemon.enable).

- [BenchExec](https://github.com/sosy-lab/benchexec), a framework for reliable benchmarking and resource measurement, available as [programs.benchexec](#opt-programs.benchexec.enable),

  As well as related programs

  [CPU Energy Meter](https://github.com/sosy-lab/cpu-energy-meter), available as [programs.cpu-energy-meter](#opt-programs.cpu-energy-meter.enable), and

  [PQoS Wrapper](https://gitlab.com/sosy-lab/software/pqos-wrapper), available as [programs.pqos-wrapper](#opt-programs.pqos-wrapper.enable).

- [Guix](https://guix.gnu.org), a functional package manager inspired by Nix. Available as [services.guix](#opt-services.guix.enable).

- [PhotonVision](https://photonvision.org/), a free, fast, and easy-to-use computer vision solution for the FIRST® Robotics Competition.

- `firefox-devedition`, `firefox-beta`, `firefox-esr` executable file names for now match their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher.

- `chromium` and `ungoogled-chromium` had a long stanging issue regarding Widevine DRM handling in nixpkgs fixed.

- `chromium` and `ungoogled-chromium` had a long standing issue regarding Widevine DRM handling in nixpkgs fixed.

  `chromium` now no longer automatically downloads Widevine when encountering DRM protected content.

  To be able to play DRM protected content in `chromium` now, you have to explicitly opt-in as originally intended using `chromium.override { enableWideVine = true; }`.

  This override has been added almost 10 years ago.

  ./programs/bash/ls-colors.nix

  ./programs/bash/undistract-me.nix

  ./programs/bcc.nix

  ./programs/benchexec.nix

  ./programs/browserpass.nix

  ./programs/calls.nix

  ./programs/captive-browser.nix

  ./programs/chromium.nix

  ./programs/clash-verge.nix

  ./programs/cnping.nix

  ./programs/cpu-energy-meter.nix

  ./programs/command-not-found/command-not-found.nix

  ./programs/coolercontrol.nix

  ./programs/criu.nix

  ./programs/pantheon-tweaks.nix

  ./programs/partition-manager.nix

  ./programs/plotinus.nix

  ./programs/pqos-wrapper.nix

  ./programs/projecteur.nix

  ./programs/proxychains.nix

  ./programs/qdmr.nix

{ lib

, pkgs

, config

, options

, ...

}:

let

  cfg = config.programs.benchexec;

  opt = options.programs.benchexec;

  filterUsers = x:

    if builtins.isString x then config.users.users ? ${x} else

    if builtins.isInt    x then x                         else

    throw "filterUsers expects string (username) or int (UID)";

  uid = x:

    if builtins.isString x then config.users.users.${x}.uid else

    if builtins.isInt    x then x                           else

    throw "uid expects string (username) or int (UID)";

in

{

  options.programs.benchexec = {

    enable = lib.mkEnableOption "BenchExec";

    package = lib.options.mkPackageOption pkgs "benchexec" { };

    users = lib.options.mkOption {

      type = with lib.types; listOf (either str int);

      description = ''

        Users that intend to use BenchExec.

        Provide usernames of users that are configured via {option}`${options.users.users}` as string,

        and UIDs of "mutable users" as integers.

        Control group delegation will be configured via systemd.

        For more information, see <https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#setting-up-cgroups>.

      '';

      default = [ ];

      example = lib.literalExpression ''

        [

          "alice" # username of a user configured via ${options.users.users}

          1007    # UID of a mutable user

        ]

      '';

    };

  };

  config = lib.mkIf cfg.enable {

    assertions = (map

      (user: {

        assertion = config.users.users ? ${user};

        message = ''

          The user '${user}' intends to use BenchExec (via `${opt.users}`), but is not configured via `${options.users.users}`.

        '';

      })

      (builtins.filter builtins.isString cfg.users)

    ) ++ (map

      (id: {

        assertion = config.users.mutableUsers;

        message = ''

          The user with UID '${id}' intends to use BenchExec (via `${opt.users}`), but mutable users are disabled via `${options.users.mutableUsers}`.

        '';

      })

      (builtins.filter builtins.isInt cfg.users)

    ) ++ [

      {

        assertion = config.systemd.enableUnifiedCgroupHierarchy == true;

        message = ''

          The BenchExec module `${opt.enable}` only supports control groups 2 (`${options.systemd.enableUnifiedCgroupHierarchy} = true`).

        '';

      }

    ];

    environment.systemPackages = [ cfg.package ];

    # See <https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#setting-up-cgroups>.

    systemd.services = builtins.listToAttrs (map

      (user: {

        name = "user@${builtins.toString (uid user)}";

        value = {

          serviceConfig.Delegate = "yes";

          overrideStrategy = "asDropin";

        };

      })

      (builtins.filter filterUsers cfg.users));

    # See <https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#requirements>.

    virtualisation.lxc.lxcfs.enable = lib.mkDefault true;

    # See <https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#requirements>.

    programs = {

      cpu-energy-meter.enable = lib.mkDefault true;

      pqos-wrapper.enable = lib.mkDefault true;

    };

    # See <https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#kernel-requirements>.

    security.unprivilegedUsernsClone = true;

  };

  meta.maintainers = with lib.maintainers; [ lorenzleutgeb ];

}