Merge remote-tracking branch 'origin/master' into staging-next

              - nixos/modules/services/x11/desktop-managers/mate.nix

              - nixos/tests/mate.nix

              - pkgs/desktops/mate/**/*

              - pkgs/by-name/ca/caja/**/*

              - pkgs/by-name/ca/caja-*/**/*

              - pkgs/by-name/li/libmatekbd/**/*

              - pkgs/by-name/li/libmatemixer/**/*

              - pkgs/by-name/li/libmateweather/**/*

              - pkgs/by-name/ma/marco/**/*

              - pkgs/by-name/ma/mate-*/**/*

"6.topic: module system":

  - any:

    github = "weitzj";

    githubId = 829277;

  };

  wellmannmathis = {

    email = "wellmannmathis@gmail.com";

    github = "MathisWellmann";

    githubId = 26856233;

    name = "Mathis Wellmann";

  };

  welteki = {

    email = "welteki@pm.me";

    github = "welteki";

- `services.desktopManager.gnome` no longer installs the Geary e-mail client since it is not part of the GNOME [core applications](https://apps.gnome.org/) list. Geary's position in the default favorite apps section has been replaced by GNOME Text Editor. To keep it installed, add `programs.geary.enable = true;` to your configuration.

- MATE packages have been moved to top level (e.g. if you previously added `pkgs.mate.caja` to `environment.systemPackages`, you will need to change it to `pkgs.caja`).

- `walker` has been updated to 2.0.0+, which is a complete rewrite in rust.

  It now requires a running `elephant` application launcher backend service, which can be enabled using the new `services.elephpant.enable`.

      ++ lib.optional config.networking.networkmanager.enable pkgs.networkmanagerapplet

      ++ (utils.removePackagesByName [

        nemo

        mate.eom

        mate.pluma

        mate.atril

        mate.engrampa

        mate.mate-calc

        mate.mate-system-monitor

        eom

        pluma

        atril

        engrampa

        mate-calc

        mate-system-monitor

        vlc

        # Supplemental tooling.

      serviceConfig = {

        DynamicUser = true;

        ExecStart = "${lib.getExe cfg.package} ${args}";

        CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ] ++ lib.optionals cfg.allowDHCP [ "CAP_NET_RAW" ];

        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ] ++ lib.optionals cfg.allowDHCP [ "CAP_NET_RAW" ];

        Restart = "always";

        RestartSec = 10;

        RuntimeDirectory = "AdGuardHome";

        StateDirectory = "AdGuardHome";

        SystemCallFilter = [

          "@system-service"

          "~@privileged"

          "~@resources"

        ];

        SystemCallArchitectures = "native";

        DevicePolicy = "closed";

        LockPersonality = true;

        NoNewPrivileges = true;

        PrivateTmp = true;

        PrivateDevices = true;

        PrivateMounts = true;

        ProtectClock = true;

        ProtectControlGroups = true;

        ProtectHome = true;

        ProtectHostname = true;

        ProtectKernelLogs = true;

        ProtectKernelModules = true;

        ProtectKernelTunables = true;

        ProtectSystem = "strict";

        RemoveIPC = true;

        RestrictAddressFamilies = [

          "AF_NETLINK"

          "AF_INET"

          "AF_INET6"

        ]

        ++ lib.optionals cfg.allowDHCP [ "AF_PACKET" ];

        RestrictNamespaces = true;

        RestrictRealtime = true;

        UMask = "0077";

      };

    };