Merge remote-tracking branch 'origin/master' into staging-next (d07e701d) · Commits · nix / nixpkgs

.github/workflows/labels.yml

+6 −5

Original line number	Diff line number	Diff line
		@@ -96,7 +96,7 @@ jobs:
		name == '12.approved-by: package-maintainer'
		)

		const approvals =
		const approvals = new Set(
		(await github.paginate(github.rest.pulls.listReviews, {
		owner: context.repo.owner,
		repo: context.repo.repo,
		@@ -104,15 +104,16 @@ jobs:
		}))
		.filter(review => review.state == 'APPROVED')
		.map(review => review.user.id)
		)

		const maintainers = Object.keys(
		const maintainers = new Set(Object.keys(
		JSON.parse(await readFile('comparison/maintainers.json', 'utf-8'))
		)
		))

		// And the labels that should be there
		const after = JSON.parse(await readFile('comparison/changed-paths.json', 'utf-8')).labels
		if (approvals.length > 0) after.push(`12.approvals: ${approvals.length > 2 ? '3+' : approvals.length}`)
		if (maintainers.some(id => approvals.includes(id))) after.push('12.approved-by: package-maintainer')
		if (approvals.size > 0) after.push(`12.approvals: ${approvals.size > 2 ? '3+' : approvals.size}`)
		if (Array.from(maintainers).some(m => approvals.has(m))) after.push('12.approved-by: package-maintainer')

		// Remove the ones not needed anymore
		await Promise.all(

doc/release-notes/rl-2511.section.md

+2 −1

Original line number	Diff line number	Diff line
		@@ -29,7 +29,8 @@

		- New hardening flags, `strictflexarrays1` and `strictflexarrays3` were made available, corresponding to the gcc/clang options `-fstrict-flex-arrays=1` and `-fstrict-flex-arrays=3` respectively.

		- `vmalert` now supports multiple instances with the option `services.vmalert.instances."".enable`
		- `gramps` has been updated to 6.0.0
		Upstream recommends [backing up your Family Trees](https://gramps-project.org/wiki/index.php/Gramps_6.0_Wiki_Manual_-_Manage_Family_Trees#Backing_up_a_Family_Tree) before upgrading.

		## Nixpkgs Library {#sec-nixpkgs-release-25.11-lib}

maintainers/maintainer-list.nix

+2 −1

Original line number	Diff line number	Diff line
		@@ -26358,10 +26358,11 @@
		name = "Danny Wilson";
		};
		vizid = {
		email = "vizid1337@gmail.com";
		email = "mail@vizqq.cc";
		github = "ViZiD";
		githubId = 7444430;
		name = "Radik Islamov";
		keys = [ { fingerprint = "5779 01B8 C620 E064 4212 C6FC F396 46E8 0C71 08E7"; } ];
		};
		vji = {
		email = "mail@viktor.im";

nixos/doc/manual/release-notes/rl-2511.section.md

+9 −0

Original line number	Diff line number	Diff line
		@@ -42,12 +42,21 @@

		- The Pocket ID module ([`services.pocket-id`][#opt-services.pocket-id.enable]) and package (`pocket-id`) has been updated to 1.0.0. Some environment variables have been changed or removed, see the [migration guide](https://pocket-id.org/docs/setup/migrate-to-v1/).

		- The `yeahwm` package and `services.xserver.windowManager.yeahwm` module were removed due to the package being broken and unmaintained upstream.

		- The `services.siproxd` module has been removed as `siproxd` is unmaintained and broken with libosip 5.x.

		- `renovate` was updated to v40. See the [upstream release notes](https://github.com/renovatebot/renovate/releases/tag/40.0.0) for breaking changes.

		- The `boot.readOnlyNixStore` has been removed. Control over bind mount options on `/nix/store` is now offered by the `boot.nixStoreMountOpts` option.

		- The Postfix module has been updated and likely requires configuration changes:
		- The `services.postfix.sslCert` and `sslKey` options were removed and you now need to configure
		- [services.postfix.config.smtpd_tls_chain_files](#opt-services.postfix.config.smtpd_tls_chain_files) for server certificates,
		- [services.postfix.config.smtp_tls_chain_files](#opt-services.postfix.config) for client certificates.

		- `vmalert` now supports multiple instances with the option `services.vmalert.instances."".enable`

		## Other Notable Changes {#sec-release-25.11-notable-changes}

		<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

nixos/modules/services/mail/postfix.nix

+67 −33

Original line number	Diff line number	Diff line
		@@ -5,6 +5,10 @@
		...
		}:
		let
		inherit (lib)
		mkOption
		types
		;

		cfg = config.services.postfix;
		user = cfg.user;
		@@ -47,7 +51,11 @@ let
		);
		mkEntry = name: value: "${escape name} =${mkVal value}";
		in
		lib.concatStringsSep "\n" (lib.mapAttrsToList mkEntry cfg.config) + "\n" + cfg.extraConfig;
		lib.concatStringsSep "\n" (
		lib.mapAttrsToList mkEntry (lib.filterAttrsRecursive (_: value: value != null) cfg.config)
		)
		+ "\n"
		+ cfg.extraConfig;

		masterCfOptions =
		{
		@@ -564,16 +572,60 @@ in
		};

		config = lib.mkOption {
		type =
		with lib.types;
		attrsOf (oneOf [
		type = lib.types.submodule {
		freeformType =
		with types;
		attrsOf (
		nullOr (oneOf [
		bool
		int
		str
		(listOf str)
		]);
		])
		);
		options = {
		smtpd_tls_chain_files = mkOption {
		type = with types; listOf path;
		default = [ ];
		example = [
		"/var/lib/acme/mail.example.com/privkey.pem"
		"/var/lib/acme/mail.example.com/fullchain.pem"
		];
		description = ''
		List of paths to the server private keys and certificates.

		::: {.caution}
		The order of items matters and a private key must always be followed by the corresponding certificate.
		:::

		<https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files>
		'';
		};

		smtpd_tls_security_level = mkOption {
		type = types.enum [
		"none"
		"may"
		"encrypt"
		];
		default = if config.services.postfix.config.smtpd_tls_chain_files != [ ] then "may" else "none";
		defaultText = lib.literalExpression ''
		if config.services.postfix.config.smtpd_tls_chain_files != [ ] then "may" else "none"
		'';
		example = "may";
		description = ''
		The server TLS security level. Enable TLS by configuring at least `may`.

		<https://www.postfix.org/postconf.5.html#smtpd_tls_security_level>
		'';
		};
		};
		};

		description = ''
		The main.cf configuration file as key value set.

		Null values will not be rendered.
		'';
		example = {
		mail_owner = "postfix";
		@@ -599,18 +651,6 @@ in
		'';
		};

		sslCert = lib.mkOption {
		type = lib.types.str;
		default = "";
		description = "SSL certificate to use.";
		};

		sslKey = lib.mkOption {
		type = lib.types.str;
		default = "";
		description = "SSL key to use.";
		};

		recipientDelimiter = lib.mkOption {
		type = lib.types.str;
		default = "";
		@@ -974,18 +1014,6 @@ in
		// lib.optionalAttrs (cfg.tlsTrustedAuthorities != "") {
		smtp_tls_CAfile = cfg.tlsTrustedAuthorities;
		smtp_tls_security_level = lib.mkDefault "may";
		}
		// lib.optionalAttrs (cfg.sslCert != "") {
		smtp_tls_cert_file = cfg.sslCert;
		smtp_tls_key_file = cfg.sslKey;

		smtp_tls_security_level = lib.mkDefault "may";

		smtpd_tls_cert_file = cfg.sslCert;
		smtpd_tls_key_file = cfg.sslKey;

		smtpd_tls_security_level = lib.mkDefault "may";

		};

		services.postfix.masterConfig =
		@@ -1150,6 +1178,12 @@ in
		(lib.mkRemovedOptionModule [ "services" "postfix" "sslCACert" ]
		"services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.extraConfig."
		)
		(lib.mkRemovedOptionModule [ "services" "postfix" "sslCert" ]
		"services.postfix.sslCert was removed. Use services.postfix.config.smtpd_tls_chain_files for the server certificate, or services.postfix.config.smtp_tls_chain_files for the client certificate."
		)
		(lib.mkRemovedOptionModule [ "services" "postfix" "sslKey" ]
		"services.postfix.sslKey was removed. Use services.postfix.config.smtpd_tls_chain_files for server private key, or services.postfix.config.smtp_tls_chain_files for the client private key."
		)

		(lib.mkChangedOptionModule
		[ "services" "postfix" "useDane" ]

Admin message