diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 0693ca9e17bc2..1765409b840fe 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -19,8 +19,9 @@ In addition to numerous new and upgraded packages, this release has the followin - The default kernel package has been updated from 6.1 to 6.6. All supported kernels remain available. - NixOS now installs a stub ELF loader that prints an informative error message when users attempt to run binaries not made for NixOS. - - This can be disabled through the `environment.stub-ld.enable` option. - - If you use `programs.nix-ld.enable`, no changes are needed. The stub will be disabled automatically. + + - This can be disabled through the `environment.stub-ld.enable` option. + - If you use `programs.nix-ld.enable`, no changes are needed. The stub will be disabled automatically. - On flake-based NixOS configurations using `nixpkgs.lib.nixosSystem`, NixOS will automatically set `NIX_PATH` and the system-wide flake registry (`/etc/nix/registry.json`) to point `` and the unqualified flake path `nixpkgs` to the version of nixpkgs used to build the system. @@ -33,9 +34,9 @@ In addition to numerous new and upgraded packages, this release has the followin - Julia environments can now be built with arbitrary packages from the ecosystem using the `.withPackages` function. For example: `julia.withPackages ["Plots"]`. - The PipeWire and WirePlumber modules have removed support for using -`environment.etc."pipewire/..."` and `environment.etc."wireplumber/..."`. -Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for PipeWire and -`services.pipewire.wireplumber.configPackages` for WirePlumber instead." + `environment.etc."pipewire/..."` and `environment.etc."wireplumber/..."`. + Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for PipeWire and + `services.pipewire.wireplumber.configPackages` for WirePlumber instead." - `teleport` has been upgraded from major version 14 to major version 15. Refer to upstream [upgrade instructions](https://goteleport.com/docs/management/operations/upgrading/) @@ -63,6 +64,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi without perl). Previously, the NixOS activation depended on two perl scripts which can now be replaced via an opt-in mechanism. To make your system perlless, you can use the new perlless profile: + ```nix { modulesPath, ... }: { imports = [ "${modulesPath}/profiles/perlless.nix" ]; @@ -127,7 +129,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi - [db-rest](https://github.com/derhuerst/db-rest), a wrapper around Deutsche Bahn's internal API for public transport data. Available as [services.db-rest](#opt-services.db-rest.enable). - [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable). -The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server softwares. + The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server softwares. - [mautrix-meta](https://github.com/mautrix/meta), a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge. Available as services.mautrix-meta @@ -193,6 +195,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [prometheus-nats-exporter](https://github.com/nats-io/prometheus-nats-exporter), a Prometheus exporter for NATS. Available as [services.prometheus.exporters.nats](#opt-services.prometheus.exporters.nats.enable). +- [Overseerr](https://overseerr.dev), a request management and media discovery tool for the Plex ecosystem. Available as [services.overseerr](#opt-services.overseerr.enable). + ## Backward Incompatibilities {#sec-release-24.05-incompatibilities} @@ -253,7 +257,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m This was done so that secrets aren't stored in the world-readable nix store. To migrate, you will have create a file with the same exact string, and change your module options to point to that file. For example, `services.aria2.rpcSecret = - "mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"` +"mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"` where the file `secret_file` contains the string `mysecret`. - `openssh`, `openssh_hpn` and `openssh_gssapi` are now compiled without support for the DSA signature algorithm as it is being deprecated upstream. Users still relying on DSA keys should consider upgrading @@ -284,10 +288,12 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m (azure-cli.withExtensions [ azure-cli.extensions.aks-preview ]); ]; ``` + To make the `azure-cli` immutable and prevent clashes in case `azure-cli` is also installed via other package managers, some configuration files were moved into the derivation. This can be disabled by overriding `withImmutableConfig = false` when building `azure-cli`. - `services.frp.settings` now generates the frp configuration file in TOML format as [recommended by upstream](https://github.com/fatedier/frp#configuration-files), instead of the legacy INI format. This has also introduced other changes in the configuration file structure and options. + - The `settings.common` section in the configuration is no longer valid and all the options form inside it now goes directly under `settings`. - The `_` separating words in the configuration options is removed so the options are now in camel case. For example: `server_addr` becomes `serverAddr`, `server_port` becomes `serverPort` etc. - Proxies are now defined with a new option `settings.proxies` which takes a list of proxies. @@ -324,6 +330,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - The `kanata` package has been updated to v1.5.0, which includes [breaking changes](https://github.com/jtroo/kanata/releases/tag/v1.5.0). - The `craftos-pc` package has been updated to v2.8, which includes [breaking changes](https://github.com/MCJack123/craftos2/releases/tag/v2.8). + - Files are now handled in binary mode; this could break programs with embedded UTF-8 characters. - The ROM was updated to match ComputerCraft version v1.109.2. - The bundled Lua was updated to Lua v5.2, which includes breaking changes. See the [Lua manual](https://www.lua.org/manual/5.2/manual.html#8) for more information. @@ -332,6 +339,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - The `gtest` package has been updated past v1.13.0, which requires C++14 or higher. - The latest available version of Nextcloud is v28 (available as `pkgs.nextcloud28`). The installation logic is as follows: + - If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**) - If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud28` will be installed by default. - If [`system.stateVersion`](#opt-system.stateVersion) is >=23.11, `pkgs.nextcloud27` will be installed by default. @@ -385,8 +393,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m Configurations with `system.stateVersion` 23.11 or earlier, default to the old stateDirectory until the 24.11 release and must either set the option explicitly or move the data to the new directory. - `xfsprogs` was updated to version 6.6.0, which enables reverse mapping (rmapbt) and large extent counts (nrext64) by default. - Support for these features was added in kernel 4.9 and 5.19 and nrext64 was deemed stable in kernel 6.5. - Format your filesystems with `mkfs.xfs -i nrext64=0`, if they need to be readable by GRUB2 before 2.12 or kernels older than 5.19. + Support for these features was added in kernel 4.9 and 5.19 and nrext64 was deemed stable in kernel 6.5. + Format your filesystems with `mkfs.xfs -i nrext64=0`, if they need to be readable by GRUB2 before 2.12 or kernels older than 5.19. - `networking.iproute2.enable` now does not set `environment.etc."iproute2/rt_tables".text`. @@ -455,7 +463,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m This has the further implication that the `livebook` service configuration has changed: - The `erlang_node_short_name`, `erlang_node_name`, `port` and `options` configuration parameters are gone, and have been replaced with an `environment` parameter. - Use the appropriate [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) inside `environment` to configure the service instead. + Use the appropriate [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) inside `environment` to configure the service instead. - `akkoma` now requires explicitly setting the base URL for uploaded media (`settings."Pleroma.Upload".base_url`), as well as for the media proxy if enabled (`settings."Media"`). This is recommended to be a separate (sub)domain to the one Akkoma is hosted at. @@ -475,6 +483,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - Cinnamon has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release and could potentially [affect Xorg sessions](https://blog.linuxmint.com/?p=4639). We suggest a reboot when switching between sessions. - MATE has been updated to 1.28. + - To properly support panel plugins built with Wayland (in-process) support, we are introducing `services.xserver.desktopManager.mate.extraPanelApplets` option, please use that for installing panel applets. - Similarly, please use `services.xserver.desktopManager.mate.extraCajaExtensions` option for installing Caja extensions. - To use the Wayland session, enable `services.xserver.desktopManager.mate.enableWaylandSession`. This is opt-in for now as it is in early stage and introduces a new set of Wayfire closure. Due to [known issues with LightDM](https://github.com/canonical/lightdm/issues/63), we suggest using SDDM for display manager. @@ -486,7 +495,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `boot.loader.systemd-boot` will now verify that `efiSysMountPoint` (and `xbootldrMountPoint` if configured) are mounted partitions. - `services.postgresql.extraPlugins` changed its type from just a list of packages to also a function that returns such a list. - For example a config line like ``services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ postgis ];`` is recommended to be changed to ``services.postgresql.extraPlugins = ps: with ps; [ postgis ];``; + For example a config line like `services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ postgis ];` is recommended to be changed to `services.postgresql.extraPlugins = ps: with ps; [ postgis ];`; - The Matrix homeserver [Synapse](https://element-hq.github.io/synapse/) module now supports configuring UNIX domain socket [listeners](#opt-services.matrix-synapse.settings.listeners) through the `path` option. The default replication worker on the main instance has been migrated away from TCP sockets to UNIX domain sockets. @@ -516,6 +525,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - The EC2 image module now enables the [Amazon SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) by default. - The following options of the Nextcloud module were moved into [`services.nextcloud.settings`](#opt-services.nextcloud.settings) and renamed to match the name from Nextcloud's `config.php`: + - `logLevel` -> [`loglevel`](#opt-services.nextcloud.settings.loglevel), - `logType` -> [`log_type`](#opt-services.nextcloud.settings.log_type), - `defaultPhoneRegion` -> [`default_phone_region`](#opt-services.nextcloud.settings.default_phone_region), @@ -567,7 +577,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - The source of the `mockgen` package has changed to the [go.uber.org/mock](https://github.com/uber-go/mock) fork because [the original repository is no longer maintained](https://github.com/golang/mock#gomock). - `security.pam.enableSSHAgentAuth` was renamed to `security.pam.sshAgentAuth.enable` and an `authorizedKeysFiles` - option was added, to control which `authorized_keys` files are trusted. It defaults to the previous behaviour, + option was added, to control which `authorized_keys` files are trusted. It defaults to the previous behaviour, **which is insecure**: see [#31611](https://github.com/NixOS/nixpkgs/issues/31611). - [](#opt-boot.kernel.sysctl._net.core.wmem_max_) changed from a string to an integer because of the addition of a custom merge option (taking the highest value defined to avoid conflicts between 2 services trying to set that value), just as [](#opt-boot.kernel.sysctl._net.core.rmem_max_) since 22.11. @@ -593,6 +603,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `services.soju` now has a wrapper for the `sojuctl` command, pointed at the service config file. It also has the new option `adminSocket.enable`, which creates a unix admin socket at `/run/soju/admin`. - Gitea 1.21 upgrade has several breaking changes, including: + - Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*` - New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 511d991e919cd..b72092afaf665 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -766,6 +766,7 @@ ./services/misc/persistent-evdev.nix ./services/misc/pinnwand.nix ./services/misc/plex.nix + ./services/misc/overseerr.nix ./services/misc/plikd.nix ./services/misc/podgrab.nix ./services/misc/polaris.nix diff --git a/nixos/modules/services/misc/overseerr.nix b/nixos/modules/services/misc/overseerr.nix new file mode 100644 index 0000000000000..9499f3541ea94 --- /dev/null +++ b/nixos/modules/services/misc/overseerr.nix @@ -0,0 +1,59 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.services.overseerr; +in +{ + meta.maintainers = [ lib.maintainers.caarlos0 ]; + + options.services.overseerr = { + enable = lib.mkEnableOption "Overseerr, a request management and media discovery tool for the Plex ecosystem"; + + package = lib.mkPackageOption pkgs "overseerr" { }; + + openFirewall = lib.mkEnableOption "opening a port in the firewall for the Overseerr web interface"; + + port = lib.mkOption { + type = lib.types.port; + default = 5055; + description = ''The port which the Overseerr web UI should listen to.''; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.overseerr = { + description = "Request management and media discovery tool for the Plex ecosystem"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment.PORT = toString cfg.port; + serviceConfig = { + Type = "exec"; + StateDirectory = "overseerr"; + WorkingDirectory = "${cfg.package}/libexec/overseerr/deps/overseerr"; + DynamicUser = true; + ExecStart = lib.getExe cfg.package; + BindPaths = [ "/var/lib/overseerr/:${cfg.package}/libexec/overseerr/deps/overseerr/config/" ]; + Restart = "on-failure"; + ProtectHome = true; + ProtectSystem = "strict"; + PrivateTmp = true; + PrivateDevices = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + NoNewPrivileges = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RemoveIPC = true; + PrivateMounts = true; + }; + }; + + networking.firewall = lib.mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; + }; +} diff --git a/pkgs/by-name/ov/overseerr/package.nix b/pkgs/by-name/ov/overseerr/package.nix new file mode 100644 index 0000000000000..d56c78bee5d69 --- /dev/null +++ b/pkgs/by-name/ov/overseerr/package.nix @@ -0,0 +1,78 @@ +{ lib +, mkYarnPackage +, fetchFromGitHub +, fetchYarnDeps +, nodejs +, python3 +, makeWrapper +}: + +mkYarnPackage rec { + pname = "overseerr"; + version = "1.33.2"; + + src = fetchFromGitHub { + owner = "sct"; + repo = "overseerr"; + rev = "v${version}"; + hash = "sha256-xDzWyU4f56+0Tpk87LpH6zXtxmRxVMCKySCY6WD5go0="; + }; + + + offlineCache = fetchYarnDeps { + yarnLock = "${src}/yarn.lock"; + hash = "sha256-SZwhC6djgU5qshtDhQnkz/INeklp/c+BKjn7ao0r5IE="; + }; + + env = { + CYPRESS_INSTALL_BINARY = 0; # cypress tries to download binaries otherwise + }; + + nativeBuildInputs = [ nodejs makeWrapper ]; + + # Fixes "SQLite package has not been found installed" at launch + pkgConfig.sqlite3 = { + nativeBuildInputs = [ nodejs.pkgs.node-pre-gyp python3 ]; + postInstall = '' + export CPPFLAGS="-I${nodejs}/include/node" + node-pre-gyp install --prefer-offline --build-from-source --nodedir=${nodejs}/include/node + rm -r build-tmp-napi-v6 + ''; + }; + + # Fixes MODULE_NOT_FOUND at launch. + pkgConfig.bcrypt = { + nativeBuildInputs = [ nodejs.pkgs.node-pre-gyp python3 ]; + postInstall = '' + export CPPFLAGS="-I${nodejs}/include/node" + node-pre-gyp install --prefer-offline --build-from-source --nodedir=${nodejs}/include/node + ''; + }; + + postInstall = '' + makeWrapper '${nodejs}/bin/node' "$out/bin/overseerr" \ + --add-flags "$out/libexec/overseerr/deps/overseerr/dist/index.js" \ + --set NODE_ENV production + ''; + + buildPhase = '' + runHook preBuild + shopt -s dotglob + pushd deps/overseerr + rm -rf config/ + yarn --offline build + rm -rf .next/cache + popd + runHook postBuild + ''; + + distPhase = "true"; + + meta = { + description = "Request management and media discovery tool for the Plex ecosystem"; + homepage = "https://github.com/sct/overseerr"; + license = lib.licenses.mit; + mainProgram = "overseerr"; + maintainers = with lib.maintainers; [ caarlos0 ]; + }; +}