Merge #304232: frr 9.1 → 10.0

- `services.archisteamfarm` no longer uses the abbreviation `asf` for its state directory (`/var/lib/asf`), user and group (both `asf`). Instead the long name `archisteamfarm` is used.

  Configurations with `system.stateVersion` 23.11 or earlier, default to the old stateDirectory until the 24.11 release and must either set the option explicitly or move the data to the new directory.

- `frr` was updated to 10.0, which introduces the default of `enforce-first-as` for BGP. Please disable again if needed.

- `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`.

  This was done so that secrets aren't stored in the world-readable nix store.

  To migrate, you will have to create a file with the same exact string, and change

stdenv.mkDerivation rec {

  pname = "frr";

  version = "9.1";

  version = "10.0";

  src = fetchFromGitHub {

    owner = "FRRouting";

    repo = pname;

    rev = "${pname}-${version}";

    hash = "sha256-oDPr51vI+tlT1IiUPufmZh/UE0TNKWrn4RqpnGoGxNo=";

    hash = "sha256-vvh9z2hmjvAA7OXgrUmlcrrTE5MRedZzfmhX5FEDKwE=";

  };

  patches = [

    # fixes crash in OSPF TE parsing

    (fetchpatch {

      name = "CVE-2024-27913.patch";

      url = "https://github.com/FRRouting/frr/commit/541503eecd302d2cc8456167d130014cd2cf1134.patch";

      hash = "sha256-7NxPlQK/6lbLs/NqNi4OZ2uBWfXw99SiXDR6okNvJlg=";

    })

  ];

  nativeBuildInputs = [

    autoreconfHook

    bison