Merge remote-tracking branch 'origin/master' into staging-next

    riscv64-unknown-linux-gnu

    s390x-unknown-linux-gnu

    x86_64-unknown-freebsd

    loongarch64-unknown-linux-gnu

)

is_cross() {

<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

- Initial support for the [COSMIC DE](https://system76.com/cosmic), a Rust-based desktop environment by System76, makers of Pop!_OS. Toggle the greeter (login manager) using `services.displayManager.cosmic-greeter.enable` and the DE itself with `services.desktopManager.cosmic.enable`. Mostly stable but still experimental. Please report any issues to the [COSMIC DE tracker in Nixpkgs](https://github.com/NixOS/nixpkgs/issues/259641) instead of upstream.

- NixOS now has initial support for the [**COSMIC DE**](https://system76.com/cosmic) which is currently at **Alpha 7**. COSMIC is a Rust-based Desktop Environment by System76, makers of Pop!_OS. Enable COSMIC by enabling the greeter (login manager) `services.displayManager.cosmic-greeter.enable` and the DE itself by enabling `services.desktopManager.cosmic.enable` options. The support in NixOS/nixpkgs is stable but still considered experimental because of the recent the addition. The COSMIC maintainers will be waiting for one more release of NixOS to determine if the experimental tag should be removed or not. Until then, please report any issues to the [COSMIC DE tracker in Nixpkgs](https://github.com/NixOS/nixpkgs/issues/259641) instead of upstream.

- `services.dex` now restarts upon changes to the `.environmentFile` or entries in `.settings.staticClients[].secretFile` when the entry is a `path` type.

- [`yarr`](https://github.com/nkanaev/yarr), a small, web-based feed aggregator and RSS reader. Available as [services.yarr](#opt-services.yarr.enable).

- [OliveTin](https://www.olivetin.app/), gives safe and simple access to predefined shell commands from a web interface. Available as [services.olivetin](#opt-services.olivetin.enable).

- [Stash](https://github.com/stashapp/stash), An organizer for your adult videos/images, written in Go. Available as [services.stash](#opt-services.stash.enable).

- [vsmartcard-vpcd](https://frankmorgner.github.io/vsmartcard/virtualsmartcard/README.html), a virtual smart card driver. Available as [services.vsmartcard-vpcd](#opt-services.vsmartcard-vpcd.enable).

  Note that all provided plugins must have versions/tags (string after `@`), even if upstream repo does not tag each release. For untagged plugins, you can either create an empty Go project and run `go get <plugin>` and see changes in `go.mod` to get the pseudo-version number, or provide a commit hash in place of version/tag for the first run, and update the plugin string based on the error output.

- `buildGoModule` now supports a self-referencing `finalAttrs:` parameter

  containing the final arguments including overrides.

  This allows packaging configuration to be overridden in a consistent manner by

  providing an alternative to `rec {}` syntax.

- KDE Partition Manager `partitionmanager`'s support for ReiserFS is removed.

  ReiserFS has not been actively maintained for many years. It has been marked as obsolete since Linux 6.6, and

  [is removed](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c01f664e4ca210823b7594b50669bbd9b0a3c3b0)

  ./services/web-apps/mediagoblin.nix

  ./services/web-apps/open-web-calendar.nix

  ./services/web-apps/mobilizon.nix

  ./services/web-apps/olivetin.nix

  ./services/web-apps/openwebrx.nix

  ./services/web-apps/outline.nix

  ./services/web-apps/pds.nix

{

  config,

  pkgs,

  lib,

  ...

}:

let

  cfg = config.services.olivetin;

  settingsFormat = pkgs.formats.yaml { };

in

{

  meta.maintainers = with lib.maintainers; [ defelo ];

  options.services.olivetin = {

    enable = lib.mkEnableOption "OliveTin";

    package = lib.mkPackageOption pkgs "olivetin" { };

    user = lib.mkOption {

      type = lib.types.str;

      description = "The user account under which OliveTin runs.";

      default = "olivetin";

    };

    group = lib.mkOption {

      type = lib.types.str;

      description = "The group under which OliveTin runs.";

      default = "olivetin";

    };

    path = lib.mkOption {

      type =

        with lib.types;

        listOf (oneOf [

          package

          str

        ]);

      description = ''

        Packages added to the service's {env}`PATH`.

      '';

      defaultText = lib.literalExpression ''

        with pkgs; [ bash ]

      '';

    };

    settings = lib.mkOption {

      description = ''

        Configuration of OliveTin. See <https://docs.olivetin.app/config.html> for more information.

      '';

      default = { };

      type = lib.types.submodule {

        freeformType = settingsFormat.type;

        options = {

          ListenAddressSingleHTTPFrontend = lib.mkOption {

            type = lib.types.str;

            description = ''

              The address to listen on for the internal "microproxy" frontend.

            '';

            default = "127.0.0.1:8000";

            example = "0.0.0.0:8000";

          };

        };

      };

    };

    extraConfigFiles = lib.mkOption {

      type = lib.types.listOf lib.types.path;

      default = [ ];

      example = [ "/run/secrets/olivetin.yaml" ];

      description = ''

        Config files to merge into the settings defined in [](#opt-services.olivetin.settings).

        This is useful to avoid putting secrets into the nix store.

        See <https://docs.olivetin.app/config.html> for more information.

      '';

    };

  };

  config = lib.mkIf cfg.enable {

    services.olivetin = {

      path = with pkgs; [ bash ];

    };

    systemd.services.olivetin = {

      description = "OliveTin";

      wantedBy = [ "multi-user.target" ];

      wants = [

        "network-online.target"

        "local-fs.target"

      ];

      after = [

        "network-online.target"

        "local-fs.target"

      ];

      inherit (cfg) path;

      preStart = ''

        tmp="$(mktemp -d)"

        trap 'rm -rf "$tmp"' EXIT

        cd "$tmp"

        cp ${settingsFormat.generate "olivetin-config.yaml" cfg.settings} config.yaml

        chmod +w config.yaml

        for ((i=0; i < ${toString (lib.length cfg.extraConfigFiles)}; i++)); do

          ${lib.getExe pkgs.yq} -yi '

            def merge($y):

              . as $x |

              if ($x | type == "object") and ($y | type == "object") then

                $x + $y + with_entries(select(.key | in($y)) | .key as $key | .value |= merge($y[$key]))

              elif ($x | type == "array") and ($y | type == "array") then

                $x + $y

              else

                $y

              end;

            merge($f | fromjson)

          ' config.yaml --rawfile f <(${lib.getExe pkgs.yq} -c . "$CREDENTIALS_DIRECTORY/config-$i.yaml")

        done

        chmod -w config.yaml

        mkdir -p /run/olivetin/config

        mv config.yaml /run/olivetin/config/config.yaml

      '';

      serviceConfig = {

        User = cfg.user;

        Group = cfg.group;

        RuntimeDirectory = "olivetin";

        Restart = "always";

        LoadCredential = lib.imap0 (i: path: "config-${toString i}.yaml:${path}") cfg.extraConfigFiles;

        ExecStart = "${lib.getExe cfg.package} -configdir /run/olivetin/config";

      };

    };

    users.users = lib.mkIf (cfg.user == "olivetin") {

      olivetin = {

        group = cfg.group;

        isSystemUser = true;

      };

    };

    users.groups = lib.mkIf (cfg.group == "olivetin") { olivetin = { }; };

  };

}

  oddjobd = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./oddjobd.nix { };

  obs-studio = runTest ./obs-studio.nix;

  oh-my-zsh = handleTest ./oh-my-zsh.nix { };

  olivetin = runTest ./olivetin.nix;

  ollama = runTest ./ollama.nix;

  ollama-cuda = runTestOn [ "x86_64-linux" "aarch64-linux" ] ./ollama-cuda.nix;

  ollama-rocm = runTestOn [ "x86_64-linux" "aarch64-linux" ] ./ollama-rocm.nix;