Merge master into haskell-updates

.github/CODEOWNERS

@@ -105,6 +105,9 @@
 /nixos/lib/systemd-*.nix                    @NixOS/systemd
 /pkgs/os-specific/linux/systemd             @NixOS/systemd
 
+# Systemd-boot
+/nixos/modules/system/boot/loader/systemd-boot      @JulienMalka
+
 # Images and installer media
 /nixos/modules/installer/cd-dvd/            @samueldr
 /nixos/modules/installer/sd-card/           @samueldr

.github/ISSUE_TEMPLATE/bug_report.md

@@ -40,7 +40,7 @@ Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result.
 output here
 ```
 
-### Priorities
+---
 
 Add a :+1: [reaction] to [issues you find important].
 

.github/ISSUE_TEMPLATE/build_failure.md

@@ -38,7 +38,7 @@ Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result.
 output here
 ```
 
-### Priorities
+---
 
 Add a :+1: [reaction] to [issues you find important].
 

.github/ISSUE_TEMPLATE/missing_documentation.md

@@ -30,7 +30,7 @@ assignees: ''
 [open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22
 [open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22
 
-### Priorities
+---
 
 Add a :+1: [reaction] to [issues you find important].
 

.github/ISSUE_TEMPLATE/out_of_date_package_report.md

@@ -27,7 +27,7 @@ There's a high chance that you'll have the new version right away while helping
 
 Note for maintainers: Please tag this issue in your PR.
 
-**Priorities**
+---
 
 Add a :+1: [reaction] to [issues you find important].
 

.github/ISSUE_TEMPLATE/packaging_request.md

@@ -18,7 +18,7 @@ assignees: ''
 * license: mit, bsd, gpl2+ , ...
 * platforms: unix, linux, darwin, ...
 
-**Priorities**
+---
 
 Add a :+1: [reaction] to [issues you find important].
 

.github/ISSUE_TEMPLATE/unreproducible_package.md

@@ -86,7 +86,7 @@ nix log $(nix path-info --derivation nixpkgs#<package>)
 (please share the relevant fragment of the diffoscope output here, and any
 additional analysis you may have done)
 
-### Priorities
+---
 
 Add a :+1: [reaction] to [issues you find important].
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -41,7 +41,7 @@ List of open PRs: https://github.com/NixOS/nixpkgs/pulls
 Reviewing guidelines: https://nixos.org/manual/nixpkgs/unstable/#chap-reviewing-contributions
 -->
 
-### Priorities
+---
 
 Add a :+1: [reaction] to [pull requests you find important].
 

lib/customisation.nix

@@ -5,11 +5,11 @@ let
     intersectAttrs;
   inherit (lib)
     functionArgs isFunction mirrorFunctionArgs isAttrs setFunctionArgs
-    optionalAttrs attrNames levenshtein filter elemAt concatStringsSep sort take length
+    optionalAttrs attrNames filter elemAt concatStringsSep sort take length
     filterAttrs optionalString flip pathIsDirectory head pipe isDerivation listToAttrs
     mapAttrs seq flatten deepSeq warnIf isInOldestRelease extends
     ;
-  inherit (lib.strings) levenshteinAtMost;
+  inherit (lib.strings) levenshtein levenshteinAtMost;
 
 in
 rec {

lib/systems/default.nix

@@ -324,7 +324,8 @@ rec {
               "riscv64" = "riscv64gc";
             }.${cpu.name} or cpu.name;
             vendor_ = final.rust.platform.vendor;
-          in rust.config
+          # TODO: deprecate args.rustc in favour of args.rust after 23.05 is EOL.
+          in args.rust.rustcTarget or args.rustc.config
             or "${cpu_}-${vendor_}-${kernel.name}${lib.optionalString (abi.name != "unknown") "-${abi.name}"}";
 
           # The name of the rust target if it is standard, or the json file

maintainers/maintainer-list.nix

@@ -2469,6 +2469,12 @@
     githubId = 37907;
     name = "Julian Stecklina";
   };
+  bloveless = {
+    email = "brennon.loveless@gmail.com";
+    github = "bloveless";
+    githubId = 535135;
+    name = "Brennon Loveless";
+  };
   bluescreen303 = {
     email = "mathijs@bluescreen303.nl";
     github = "bluescreen303";
@@ -12247,7 +12253,7 @@
   moni = {
     email = "lythe1107@gmail.com";
     matrix = "@fortuneteller2k:matrix.org";
-    github = "moni";
+    github = "moni-dz";
     githubId = 20619776;
     name = "moni";
   };
@@ -13943,6 +13949,18 @@
     githubId = 6931743;
     name = "pasqui23";
   };
+  passivelemon = {
+    email = "jeremyseber@gmail.com";
+    github = "PassiveLemon";
+    githubId = 72527881;
+    name = "PassiveLemon";
+  };
+  patricksjackson = {
+    email = "patrick@jackson.dev";
+    github = "patricksjackson";
+    githubId = 160646;
+    name = "Patrick Jackson";
+  };
   patryk27 = {
     email = "pwychowaniec@pm.me";
     github = "Patryk27";
@@ -17266,6 +17284,12 @@
     githubId = 327943;
     name = "Scott Zhu Reeves";
   };
+  starzation = {
+    email = "nixpkgs@starzation.net";
+    github = "starzation";
+    githubId = 145975416;
+    name = "Starzation";
+  };
   stasjok = {
     name = "Stanislav Asunkin";
     email = "nixpkgs@stasjok.ru";
@@ -18784,6 +18808,11 @@
     githubId = 347983;
     name = "Udo Spallek";
   };
+  ufUNnxagpM = {
+    github = "ufUNnxagpM";
+    githubId = 12422133;
+    name = "Chromo-residuum-opec";
+  };
   ulrikstrid = {
     email = "ulrik.strid@outlook.com";
     github = "ulrikstrid";
@@ -19771,6 +19800,12 @@
     githubId = 3992240;
     name = "Elijah Rum";
   };
+  x0ba = {
+    name = "x0ba";
+    email = "dax@omg.lol";
+    github = "x0ba";
+    githubId = 64868985;
+  };
   x3ro = {
     name = "^x3ro";
     email = "nix@x3ro.dev";

maintainers/team-list.nix

@@ -317,6 +317,7 @@ with lib.maintainers; {
       das-g
       imincik
       nh2
+      nialov
       sikmir
       willcohen
     ];

nixos/doc/manual/configuration/luks-file-systems.section.md

@@ -42,8 +42,12 @@ boot.loader.grub.enableCryptodisk = true;
 
 ## FIDO2 {#sec-luks-file-systems-fido2}
 
-NixOS also supports unlocking your LUKS-Encrypted file system using a
-FIDO2 compatible token. In the following example, we will create a new
+NixOS also supports unlocking your LUKS-Encrypted file system using a FIDO2
+compatible token.
+
+### Without systemd in initrd {#sec-luks-file-systems-fido2-legacy}
+
+In the following example, we will create a new
 FIDO2 credential and add it as a new key to our existing device
 `/dev/sda2`:
 
@@ -75,3 +79,37 @@ as [Trezor](https://trezor.io/).
 ```nix
 boot.initrd.luks.devices."/dev/sda2".fido2.passwordLess = true;
 ```
+
+### systemd Stage 1 {#sec-luks-file-systems-fido2-systemd}
+
+If systemd stage 1 is enabled, it handles unlocking of LUKS-enrypted volumes
+during boot. The following example enables systemd stage1 and adds support for
+unlocking the existing LUKS2 volume `root` using any enrolled FIDO2 compatible
+tokens.
+
+```nix
+boot.initrd = {
+  luks.devices.root = {
+    crypttabExtraOpts = [ "fido2-device=auto" ];
+    device = "/dev/sda2";
+  };
+  systemd.enable = true;
+};
+```
+
+All tokens that should be used for unlocking the LUKS2-encrypted volume must
+first be enrolled using [systemd-cryptenroll](https://www.freedesktop.org/software/systemd/man/systemd-cryptenroll.html).
+In the following example, a new key slot for the first discovered token is
+added to the LUKS volume.
+
+```ShellSession
+# systemd-cryptenroll --fido2-device=auto /dev/sda2
+```
+
+Existing key slots are left intact, unless `--wipe-slot=` is specified. It is
+recommened to add a recovery key that should be stored in a secure physical
+location and can be entered wherever a password would be entered.
+
+```ShellSession
+# systemd-cryptenroll --recovery-key /dev/sda2
+```

nixos/doc/manual/release-notes/rl-2405.section.md

@@ -14,9 +14,12 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
 
+- [Guix](https://guix.gnu.org), a functional package manager inspired by Nix. Available as [services.guix](#opt-services.guix.enable).
+
 - [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable).
 
 - [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).
+The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server softwares.
 
 - [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable).
 
@@ -31,6 +34,10 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
 
+- `addDriverRunpath` has been added to facilitate the deprecation of the old `addOpenGLRunpath` setuphook. This change is motivated by the evolution of the setuphook to include all hardware acceleration.
+
+- Cinnamon has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release.
+
 - Programs written in [Nim](https://nim-lang.org/) are built with libraries selected by lockfiles.
   The `nimPackages` and `nim2Packages` sets have been removed.
   See https://nixos.org/manual/nixpkgs/unstable#nim for more information.
@@ -45,3 +52,4 @@ In addition to numerous new and upgraded packages, this release has the followin
   - New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command.
 
 - The `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399).
+

nixos/modules/module-list.nix

@@ -684,6 +684,7 @@
   ./services/misc/gollum.nix
   ./services/misc/gpsd.nix
   ./services/misc/greenclip.nix
+  ./services/misc/guix
   ./services/misc/headphones.nix
   ./services/misc/heisenbridge.nix
   ./services/misc/homepage-dashboard.nix