Merge master into haskell-updates

If set to `true`, the standard environment will enable debug information in C/C++ builds. After installation, the debug information will be separated from the executables and stored in the output named `debug`. (This output is enabled automatically; you don’t need to set the `outputs` attribute explicitly.) To be precise, the debug information is stored in `debug/lib/debug/.build-id/XX/YYYY…`, where \<XXYYYY…\> is the \<build ID\> of the binary — a SHA-1 hash of the contents of the binary. Debuggers like GDB use the build ID to look up the separated debug information.

For example, with GDB, you can add

:::{.example #ex-gdb-debug-symbols-socat}

# Enable debug symbols for use with GDB

To make GDB find debug information for the `socat` package and its dependencies, you can use the following `shell.nix`:

```nix

let

  pkgs = import ./. {

    config = {};

    overlays = [

      (final: prev: {

        ncurses = prev.ncurses.overrideAttrs { separateDebugInfo = true; };

        readline = prev.readline.overrideAttrs { separateDebugInfo = true; };

      })

    ];

  };

  myDebugInfoDirs = pkgs.symlinkJoin {

    name = "myDebugInfoDirs";

    paths = with pkgs; [

      glibc.debug

      ncurses.debug

      openssl.debug

      readline.debug

    ];

  };

in

  pkgs.mkShell {

    NIX_DEBUG_INFO_DIRS = "${pkgs.lib.getLib myDebugInfoDirs}/lib/debug";

    packages = [

      pkgs.gdb

      pkgs.socat

    ];

    shellHook = ''

      ${pkgs.lib.getBin pkgs.gdb}/bin/gdb ${pkgs.lib.getBin pkgs.socat}/bin/socat

    '';

  }

```

set debug-file-directory ~/.nix-profile/lib/debug

```

to `~/.gdbinit`. GDB will then be able to find debug information installed via `nix-env -i`.

This setup works as follows:

- Add [`overlays`](#chap-overlays) to the package set, since debug symbols are disabled for `ncurses` and `readline` by default.

- Create a derivation to combine all required debug symbols under one path with [`symlinkJoin`](#trivial-builder-symlinkJoin).

- Set the environment variable `NIX_DEBUG_INFO_DIRS` in the shell. Nixpkgs patches `gdb` to use it for looking up debug symbols.

- Run `gdb` on the `socat` binary on shell startup in the [`shellHook`](#sec-pkgs-mkShell). Here we use [`lib.getBin`](#function-library-lib.attrsets.getBin) to ensure that the correct derivation output is selected rather than the default one.

:::

### The installCheck phase {#ssec-installCheck-phase}

    githubId = 160476;

    name = "Amanjeev Sethi";

  };

  amanse = {

    email = "amansetiarjp@gmail.com";

    github = "amanse";

    githubId = 13214574;

    name = "Aman Setia";

  };

  amar1729 = {

    email = "amar.paul16@gmail.com";

    github = "Amar1729";

    githubId = 1001112;

    name = "Marcin Janczyk";

  };

  mjm = {

    email = "matt@mattmoriarity.com";

    github = "mjm";

    githubId = 1181;

    matrix = "@mjm:beeper.com";

    name = "Matt Moriarity";

  };

  mjp = {

    email = "mike@mythik.co.uk";

    github = "MikePlayle";

    githubId = 59313755;

    name = "Maxim Karasev";

  };

  mxmlnkn = {

    github = "mxmlnkn";

    githubId = 6842824;

    name = "Maximilian Knespel";

  };

  myaats = {

    email = "mats@mats.sh";

    github = "Myaats";

    githubId = 171470;

    name = "Sam Hug";

  };

  SamirTalwar = {

    email = "lazy.git@functional.computer";

    github = "SamirTalwar";

    githubId = 47852;

    name = "Samir Talwar";

  };

  samlich = {

    email = "nixos@samli.ch";

    github = "samlich";

    githubId = 7121530;

    name = "Wolf Honoré";

  };

  wietsedv = {

    email = "wietsedv@proton.me";

    github = "wietsedv";

    githubId = 13139101;

    name = "Wietse de Vries";

  };

  wigust = {

    name = "Oleg Pykhalov";

    email = "go.wigust@gmail.com";

- [tuxedo-rs](https://github.com/AaronErhardt/tuxedo-rs), Rust utilities for interacting with hardware from TUXEDO Computers.

- [audiobookshelf](https://github.com/advplyr/audiobookshelf/), a self-hosted audiobook and podcast server. Available as [services.audiobookshelf](#opt-services.audiobookshelf.enable).

## Backward Incompatibilities {#sec-release-23.11-incompatibilities}

- The `boot.loader.raspberryPi` options have been marked deprecated, with intent for removal for NixOS 24.11. They had a limited use-case, and do not work like people expect. They required either very old installs ([before mid-2019](https://github.com/NixOS/nixpkgs/pull/62462)) or customized builds out of scope of the standard and generic AArch64 support. That option set never supported the Raspberry Pi 4 family of devices.

- PHP now defaults to PHP 8.2, updated from 8.1.

- GraalVM has been updated to the latest version, and this brings significant changes. Upstream don't release multiple versions targeting different JVMs anymore, so now we only have one GraalVM derivation (`graalvm-ce`). While at first glance the version may seem a downgrade (22.3.1 -> 21.0.0), the major version is now following the JVM it targets (so this latest version targets JVM 21). Also some products like `llvm-installable-svm` and `native-image-svm` were incorporate to the main GraalVM derivation, so they're included by default.

- GraalPy (`graalCEPackages.graalpy`), TruffleRuby (`graalCEPackages.truffleruby`), GraalJS (`graalCEPackages.graaljs`) and GraalNodeJS (`grallCEPackages.graalnodejs`) are now indepedent from the main GraalVM derivation.

- The ISC DHCP package and corresponding module have been removed, because they are end of life upstream. See https://www.isc.org/blogs/isc-dhcp-eol/ for details and switch to a different DHCP implementation like kea or dnsmasq.

- `prometheus-unbound-exporter` has been replaced by the Let's Encrypt maintained version, since the previous version was archived. This requires some changes to the module configuration, most notable `controlInterface` needs migration

- `spamassassin` no longer supports the `Hashcash` module. The module needs to be removed from the `loadplugin` list if it was copied over from the default `initPreConf` option.

- `nano` was removed from `environment.defaultPackages`. To not leave systems without a editor, now `programs.nano.enable` is enabled by default.

- `programs.nano.nanorc` and `programs.nano.syntaxHighlight` no longer have an effect unless `programs.nano.enable` is set to true which is the default.

- `services.outline.sequelizeArguments` has been removed, as `outline` no longer executes database migrations via the `sequelize` cli.

- The binary of the package `cloud-sql-proxy` has changed from `cloud_sql_proxy` to `cloud-sql-proxy`.

            while True:

                chunk = self.shell.recv(1024)

                # No need to print empty strings, it means we are waiting.

                if len(chunk) == 0:

                    continue

                self.log(f"Guest shell says: {chunk!r}")

                # NOTE: for this to work, nothing must be printed after this line!

                if b"Spawning backdoor root shell..." in chunk:

    ];

  defaultPackageNames =

    [ "nano"

      "perl"

    [ "perl"

      "rsync"

      "strace"

    ];