Merge master into staging-next

8 files changed, 96 insertions, 21 deletions

diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md
index 28330764418a4..2998256f51893 100644
--- a/nixos/doc/manual/release-notes/rl-2311.section.md
+++ b/nixos/doc/manual/release-notes/rl-2311.section.md
@@ -82,6 +82,8 @@
 
 - mdraid support is now optional. This reduces initramfs size and prevents the potentially undesired automatic detection and activation of software RAID pools. It is disabled by default in new configurations (determined by `stateVersion`), but the appropriate settings will be generated by `nixos-generate-config` when installing to a software RAID device, so the standard installation procedure should be unaffected. If you have custom configs relying on mdraid, ensure that you use `stateVersion` correctly or set `boot.swraid.enable` manually.
 
+- The `go-ethereum` package has been updated to v1.12.0. This drops support for proof-of-work. Its GraphQL API now encodes all numeric values as hex strings and the GraphQL UI is updated to version 2.0. The default database has changed from `leveldb` to `pebble` but `leveldb` can be forced with the --db.engine=leveldb flag. The `checkpoint-admin` command was [removed along with trusted checkpoints](https://github.com/ethereum/go-ethereum/pull/27147).
+
 ## Other Notable Changes {#sec-release-23.11-notable-changes}
 
 - The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration.
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 48cbc404a815a..a20fbd69a2cb3 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -646,6 +646,7 @@
   ./services/misc/greenclip.nix
   ./services/misc/headphones.nix
   ./services/misc/heisenbridge.nix
+  ./services/misc/homepage-dashboard.nix
   ./services/misc/ihaskell.nix
   ./services/misc/input-remapper.nix
   ./services/misc/irkerd.nix
diff --git a/nixos/modules/services/misc/homepage-dashboard.nix b/nixos/modules/services/misc/homepage-dashboard.nix
new file mode 100644
index 0000000000000..e685712534333
--- /dev/null
+++ b/nixos/modules/services/misc/homepage-dashboard.nix
@@ -0,0 +1,55 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+
+let
+  cfg = config.services.homepage-dashboard;
+in
+{
+  options = {
+    services.homepage-dashboard = {
+      enable = lib.mkEnableOption (lib.mdDoc "Homepage Dashboard");
+
+      package = lib.mkPackageOptionMD pkgs "homepage-dashboard" { };
+
+      openFirewall = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = lib.mdDoc "Open ports in the firewall for Homepage.";
+      };
+
+      listenPort = lib.mkOption {
+        type = lib.types.int;
+        default = 8082;
+        description = lib.mdDoc "Port for Homepage to bind to.";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.homepage-dashboard = {
+      description = "Homepage Dashboard";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      environment = {
+        HOMEPAGE_CONFIG_DIR = "/var/lib/homepage-dashboard";
+        PORT = "${toString cfg.listenPort}";
+      };
+
+      serviceConfig = {
+        Type = "simple";
+        DynamicUser = true;
+        StateDirectory = "homepage-dashboard";
+        ExecStart = "${lib.getExe cfg.package}";
+        Restart = "on-failure";
+      };
+    };
+
+    networking.firewall = lib.mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.listenPort ];
+    };
+  };
+}
diff --git a/nixos/modules/services/misc/prowlarr.nix b/nixos/modules/services/misc/prowlarr.nix
index 77b8ec9894795..cd2c98fc5dfbf 100644
--- a/nixos/modules/services/misc/prowlarr.nix
+++ b/nixos/modules/services/misc/prowlarr.nix
@@ -11,6 +11,8 @@ in
     services.prowlarr = {
       enable = mkEnableOption (lib.mdDoc "Prowlarr");
 
+      package = mkPackageOptionMD pkgs "prowlarr" { };
+
       openFirewall = mkOption {
         type = types.bool;
         default = false;
@@ -29,7 +31,7 @@ in
         Type = "simple";
         DynamicUser = true;
         StateDirectory = "prowlarr";
-        ExecStart = "${pkgs.prowlarr}/bin/Prowlarr -nobrowser -data=/var/lib/prowlarr";
+        ExecStart = "${cfg.package}/bin/Prowlarr -nobrowser -data=/var/lib/prowlarr";
         Restart = "on-failure";
       };
     };
diff --git a/nixos/modules/services/web-apps/peering-manager.nix b/nixos/modules/services/web-apps/peering-manager.nix
index 666b82621268c..641a3644614f7 100644
--- a/nixos/modules/services/web-apps/peering-manager.nix
+++ b/nixos/modules/services/web-apps/peering-manager.nix
@@ -1,7 +1,5 @@
 { config, lib, pkgs, buildEnv, ... }:
 
-with lib;
-
 let
   cfg = config.services.peering-manager;
   configFile = pkgs.writeTextFile {
@@ -41,24 +39,24 @@ let
   pkg = (pkgs.peering-manager.overrideAttrs (old: {
     postInstall = ''
       ln -s ${configFile} $out/opt/peering-manager/peering_manager/configuration.py
-    '' + optionalString cfg.enableLdap ''
+    '' + lib.optionalString cfg.enableLdap ''
       ln -s ${cfg.ldapConfigPath} $out/opt/peering-manager/peering_manager/ldap_config.py
     '';
   })).override {
     inherit (cfg) plugins;
   };
-  peeringManagerManageScript = with pkgs; (writeScriptBin "peering-manager-manage" ''
-    #!${stdenv.shell}
+  peeringManagerManageScript = pkgs.writeScriptBin "peering-manager-manage" ''
+    #!${pkgs.stdenv.shell}
     export PYTHONPATH=${pkg.pythonPath}
     sudo -u peering-manager ${pkg}/bin/peering-manager "$@"
-  '');
+  '';
 
 in {
-  options.services.peering-manager = {
+  options.services.peering-manager = with lib; {
     enable = mkOption {
-      type = lib.types.bool;
+      type = types.bool;
       default = false;
-      description = lib.mdDoc ''
+      description = mdDoc ''
         Enable Peering Manager.
 
         This module requires a reverse proxy that serves `/static` separately.
@@ -69,7 +67,7 @@ in {
     listenAddress = mkOption {
       type = types.str;
       default = "[::1]";
-      description = lib.mdDoc ''
+      description = mdDoc ''
         Address the server will listen on.
       '';
     };
@@ -77,7 +75,7 @@ in {
     port = mkOption {
       type = types.port;
       default = 8001;
-      description = lib.mdDoc ''
+      description = mdDoc ''
         Port the server will listen on.
       '';
     };
@@ -88,14 +86,14 @@ in {
       defaultText = literalExpression ''
         python3Packages: with python3Packages; [];
       '';
-      description = lib.mdDoc ''
+      description = mdDoc ''
         List of plugin packages to install.
       '';
     };
 
     secretKeyFile = mkOption {
       type = types.path;
-      description = lib.mdDoc ''
+      description = mdDoc ''
         Path to a file containing the secret key.
       '';
     };
@@ -103,7 +101,7 @@ in {
     peeringdbApiKeyFile = mkOption {
       type = with types; nullOr path;
       default = null;
-      description = lib.mdDoc ''
+      description = mdDoc ''
         Path to a file containing the PeeringDB API key.
       '';
     };
@@ -111,7 +109,7 @@ in {
     extraConfig = mkOption {
       type = types.lines;
       default = "";
-      description = lib.mdDoc ''
+      description = mdDoc ''
         Additional lines of configuration appended to the `configuration.py`.
         See the [documentation](https://peering-manager.readthedocs.io/en/stable/configuration/optional-settings/) for more possible options.
       '';
@@ -120,7 +118,7 @@ in {
     enableLdap = mkOption {
       type = types.bool;
       default = false;
-      description = lib.mdDoc ''
+      description = mdDoc ''
         Enable LDAP-Authentication for Peering Manager.
 
         This requires a configuration file being pass through `ldapConfigPath`.
@@ -129,15 +127,15 @@ in {
 
     ldapConfigPath = mkOption {
       type = types.path;
-      description = lib.mdDoc ''
+      description = mdDoc ''
         Path to the Configuration-File for LDAP-Authentication, will be loaded as `ldap_config.py`.
         See the [documentation](https://peering-manager.readthedocs.io/en/stable/setup/6-ldap/#configuration) for possible options.
       '';
     };
   };
 
-  config = mkIf cfg.enable {
-    services.peering-manager.plugins = mkIf cfg.enableLdap (ps: [ ps.django-auth-ldap ]);
+  config = lib.mkIf cfg.enable {
+    services.peering-manager.plugins = lib.mkIf cfg.enableLdap (ps: [ ps.django-auth-ldap ]);
 
     system.build.peeringManagerPkg = pkg;
 
@@ -262,4 +260,6 @@ in {
     users.groups.peering-manager = {};
     users.groups."${config.services.redis.servers.peering-manager.user}".members = [ "peering-manager" ];
   };
+
+  meta.maintainers = with lib.maintainers; [ yuka ];
 }
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 790de7bbdc47b..723b030072e19 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -337,6 +337,7 @@ in {
   hbase3 = handleTest ./hbase.nix { package=pkgs.hbase3; };
   hedgedoc = handleTest ./hedgedoc.nix {};
   herbstluftwm = handleTest ./herbstluftwm.nix {};
+  homepage-dashboard = handleTest ./homepage-dashboard.nix {};
   installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {});
   invidious = handleTest ./invidious.nix {};
   oci-containers = handleTestOn ["aarch64-linux" "x86_64-linux"] ./oci-containers.nix {};
diff --git a/nixos/tests/homepage-dashboard.nix b/nixos/tests/homepage-dashboard.nix
new file mode 100644
index 0000000000000..56e077f5ff6de
--- /dev/null
+++ b/nixos/tests/homepage-dashboard.nix
@@ -0,0 +1,14 @@
+import ./make-test-python.nix ({ lib, ... }: {
+  name = "homepage-dashboard";
+  meta.maintainers = with lib.maintainers; [ jnsgruk ];
+
+  nodes.machine = { pkgs, ... }: {
+    services.homepage-dashboard.enable = true;
+  };
+
+  testScript = ''
+    machine.wait_for_unit("homepage-dashboard.service")
+    machine.wait_for_open_port(8082)
+    machine.succeed("curl --fail http://localhost:8082/")
+  '';
+})
diff --git a/nixos/tests/web-apps/peering-manager.nix b/nixos/tests/web-apps/peering-manager.nix
index 56b7eebfadffd..3f0acd560d132 100644
--- a/nixos/tests/web-apps/peering-manager.nix
+++ b/nixos/tests/web-apps/peering-manager.nix
@@ -34,7 +34,7 @@ import ../make-test-python.nix ({ lib, pkgs, ... }: {
             "sudo -u postgres psql -c 'ALTER USER \"peering-manager\" WITH SUPERUSER;'"
         )
         machine.succeed(
-            "cd ${nodes.machine.config.system.build.peeringManagerPkg}/opt/peering-manager ; peering-manager-manage test --no-input"
+            "cd ${nodes.machine.system.build.peeringManagerPkg}/opt/peering-manager ; peering-manager-manage test --no-input"
         )
   '';
 })