Merge staging-next into staging

2024-09-20 04:19:00 +02:00 · 2023-01-04 06:01:44 +00:00 · 2023-01-04 06:01:44 +00:00 · 47507cf77a
parent e464bde9ba ce1da07174
commit 47507cf77a
25 changed files with 115 additions and 147 deletions
--- a/doc/builders/special/darwin-builder.section.md
+++ b/doc/builders/special/darwin-builder.section.md
@ -28,19 +28,21 @@ Password:
 ```

 … so that it can install a private key used to `ssh` into the build server.
-After that the script will launch the virtual machine:
+After that the script will launch the virtual machine and automatically log you
+in as the `builder` user:

 ```
 <<< Welcome to NixOS 22.11.20220901.1bd8d11 (aarch64) - ttyAMA0 >>>

 Run 'nixos-help' for the NixOS manual.

-nixos login:
+nixos login: builder (automatic login)
+
+
+[builder@nixos:~]$
 ```

-> Note: When you need to stop the VM, type `Ctrl`-`a` + `c` to open the `qemu`
-> prompt and then type `system_powerdown` followed by `Enter`, or run `shutdown now`
-> as the `builder` user (e.g. `ssh -i keys/builder_ed25519 builder@localhost shutdown now`)
+> Note: When you need to stop the VM, run `shutdown now` as the `builder` user.

 To delegate builds to the remote builder, add the following options to your
 `nix.conf` file:
--- a/doc/contributing/quick-start.chapter.md
+++ b/doc/contributing/quick-start.chapter.md
@ -34,7 +34,7 @@ To add a package to Nixpkgs:

   - Apache HTTPD: [`pkgs/servers/http/apache-httpd/2.4.nix`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/http/apache-httpd/2.4.nix). A bunch of optional features, variable substitutions in the configure flags, a post-install hook, and miscellaneous hackery.

-   - Thunderbird: [`pkgs/applications/networking/mailreaders/thunderbird/default.nix`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/mailreaders/thunderbird/default.nix). Lots of dependencies.
+   - buildMozillaMach: [`pkgs/applications/networking/browser/firefox/common.nix`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/browsers/firefox/common.nix). A reusable build function for Firefox, Thunderbird and Librewolf.

   - JDiskReport, a Java utility: [`pkgs/tools/misc/jdiskreport/default.nix`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/misc/jdiskreport/default.nix). Nixpkgs doesn’t have a decent `stdenv` for Java yet so this is pretty ad-hoc.

--- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
@ -115,6 +115,15 @@
          <link linkend="opt-services.borgbackup.jobs._name_.inhibitsSleep"><literal>services.borgbackup.jobs.&lt;name&gt;.inhibitsSleep</literal></link>.
        </para>
      </listitem>
+      <listitem>
+        <para>
+          <literal>podman</literal> now uses the
+          <literal>netavark</literal> network stack. Users will need to
+          delete all of their local containers, images, volumes, etc, by
+          running <literal>podman system reset --force</literal> once
+          before upgrading their systems.
+        </para>
+      </listitem>
      <listitem>
        <para>
          The EC2 image module no longer fetches instance metadata in
--- a/nixos/doc/manual/release-notes/rl-2305.section.md
+++ b/nixos/doc/manual/release-notes/rl-2305.section.md
@ -40,6 +40,8 @@ In addition to numerous new and upgraded packages, this release has the followin

 - `borgbackup` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.borgbackup.jobs.<name>.inhibitsSleep`](#opt-services.borgbackup.jobs._name_.inhibitsSleep).

+- `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems.
+
 - The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services.
  This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service`

--- a/nixos/modules/profiles/macos-builder.nix
+++ b/nixos/modules/profiles/macos-builder.nix
@ -59,10 +59,14 @@ in
    trusted-users = [ "root" user ];
  };

-  services.openssh = {
-    enable = true;
+  services = {
+    getty.autologinUser = user;

-    authorizedKeysFiles = [ "${keysDirectory}/%u_${keyType}.pub" ];
+    openssh = {
+      enable = true;
+
+      authorizedKeysFiles = [ "${keysDirectory}/%u_${keyType}.pub" ];
+    };
  };

  system.build.macos-builder-installer =
--- a/nixos/modules/services/x11/desktop-managers/cinnamon.nix
+++ b/nixos/modules/services/x11/desktop-managers/cinnamon.nix
@ -180,6 +180,7 @@ in
        mint-themes
        mint-x-icons
        mint-y-icons
+        xapp # provides some xapp-* icons
      ] config.environment.cinnamon.excludePackages);

      xdg.mime.enable = true;
--- a/nixos/modules/virtualisation/podman/default.nix
+++ b/nixos/modules/virtualisation/podman/default.nix
@ -1,7 +1,6 @@
 { config, lib, pkgs, ... }:
 let
  cfg = config.virtualisation.podman;
-  toml = pkgs.formats.toml { };
  json = pkgs.formats.json { };

  inherit (lib) mkOption types;
@ -27,24 +26,13 @@ let
    done
  '';

-  net-conflist = pkgs.runCommand "87-podman-bridge.conflist"
-    {
-      nativeBuildInputs = [ pkgs.jq ];
-      extraPlugins = builtins.toJSON cfg.defaultNetwork.extraPlugins;
-      jqScript = ''
-        . + { "plugins": (.plugins + $extraPlugins) }
-      '';
-    } ''
-    jq <${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist \
-      --argjson extraPlugins "$extraPlugins" \
-      "$jqScript" \
-      >$out
-  '';
-
 in
 {
  imports = [
-    ./dnsname.nix
+    (lib.mkRemovedOptionModule [ "virtualisation" "podman" "defaultNetwork" "dnsname" ]
+      "Use virtualisation.podman.defaultNetwork.settings.dns_enabled instead.")
+    (lib.mkRemovedOptionModule [ "virtualisation" "podman" "defaultNetwork" "extraPlugins" ]
+      "Netavark isn't compatible with CNI plugins.")
    ./network-socket.nix
  ];

@ -149,11 +137,11 @@ in
      '';
    };

-    defaultNetwork.extraPlugins = lib.mkOption {
-      type = types.listOf json.type;
-      default = [ ];
+    defaultNetwork.settings = lib.mkOption {
+      type = json.type;
+      default = { };
      description = lib.mdDoc ''
-        Extra CNI plugin configurations to add to podman's default network.
+        Settings for podman's default network.
      '';
    };

@ -164,11 +152,26 @@ in
      environment.systemPackages = [ cfg.package ]
        ++ lib.optional cfg.dockerCompat dockerCompat;

-      environment.etc."cni/net.d/87-podman-bridge.conflist".source = net-conflist;
+      # https://github.com/containers/podman/blob/097cc6eb6dd8e598c0e8676d21267b4edb11e144/docs/tutorials/basic_networking.md#default-network
+      environment.etc."containers/networks/podman.json" = lib.mkIf (cfg.defaultNetwork.settings != { }) {
+        source = json.generate "podman.json" ({
+          dns_enabled = false;
+          driver = "bridge";
+          id = "0000000000000000000000000000000000000000000000000000000000000000";
+          internal = false;
+          ipam_options = { driver = "host-local"; };
+          ipv6_enabled = false;
+          name = "podman";
+          network_interface = "podman0";
+          subnets = [{ gateway = "10.88.0.1"; subnet = "10.88.0.0/16"; }];
+        } // cfg.defaultNetwork.settings);
+      };

      virtualisation.containers = {
        enable = true; # Enable common /etc/containers configuration
-        containersConf.settings = lib.optionalAttrs cfg.enableNvidia {
+        containersConf.settings = {
+          network.network_backend = "netavark";
+        } // lib.optionalAttrs cfg.enableNvidia {
          engine = {
            conmon_env_vars = [ "PATH=${lib.makeBinPath [ pkgs.nvidia-podman ]}" ];
            runtimes.nvidia = [ "${pkgs.nvidia-podman}/bin/nvidia-container-runtime" ];
--- a/nixos/modules/virtualisation/podman/dnsname.nix
+++ b/nixos/modules/virtualisation/podman/dnsname.nix
@ -1,36 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  inherit (lib)
-    mkOption
-    mkIf
-    types
-    ;
-
-  cfg = config.virtualisation.podman;
-
-in
-{
-  options = {
-    virtualisation.podman = {
-
-      defaultNetwork.dnsname.enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = lib.mdDoc ''
-          Enable DNS resolution in the default podman network.
-        '';
-      };
-
-    };
-  };
-
-  config = {
-    virtualisation.containers.containersConf.cniPlugins = mkIf cfg.defaultNetwork.dnsname.enable [ pkgs.dnsname-cni ];
-    virtualisation.podman.defaultNetwork.extraPlugins =
-      lib.optional cfg.defaultNetwork.dnsname.enable {
-        type = "dnsname";
-        domainName = "dns.podman";
-        capabilities.aliases = true;
-      };
-  };
-}
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -527,7 +527,6 @@ in {
  plotinus = handleTest ./plotinus.nix {};
  podgrab = handleTest ./podgrab.nix {};
  podman = handleTestOn ["aarch64-linux" "x86_64-linux"] ./podman/default.nix {};
-  podman-dnsname = handleTestOn ["aarch64-linux" "x86_64-linux"] ./podman/dnsname.nix {};
  podman-tls-ghostunnel = handleTestOn ["aarch64-linux" "x86_64-linux"] ./podman/tls-ghostunnel.nix {};
  polaris = handleTest ./polaris.nix {};
  pomerium = handleTestOn ["x86_64-linux"] ./pomerium.nix {};
--- a/nixos/tests/podman/default.nix
+++ b/nixos/tests/podman/default.nix
@ -13,6 +13,13 @@ import ../make-test-python.nix (
          isNormalUser = true;
        };
      };
+      dns = { pkgs, ... }: {
+        virtualisation.podman.enable = true;
+
+        virtualisation.podman.defaultNetwork.settings.dns_enabled = true;
+
+        networking.firewall.allowedUDPPorts = [ 53 ];
+      };
      docker = { pkgs, ... }: {
        virtualisation.podman.enable = true;

@ -43,6 +50,7 @@ import ../make-test-python.nix (


      podman.wait_for_unit("sockets.target")
+      dns.wait_for_unit("sockets.target")
      docker.wait_for_unit("sockets.target")
      start_all()

@ -120,6 +128,23 @@ import ../make-test-python.nix (
          pid = podman.succeed("podman run --rm --init busybox readlink /proc/self").strip()
          assert pid == "2"

+      with subtest("aardvark-dns"):
+        dns.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
+        dns.succeed(
+          "podman run -d --name=webserver -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin -w ${pkgs.writeTextDir "index.html" "<h1>Hi</h1>"} scratchimg ${pkgs.python3}/bin/python -m http.server 8000"
+        )
+        dns.succeed("podman ps | grep webserver")
+        dns.succeed("""
+          for i in `seq 0 120`; do
+            podman run --rm --name=client -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg ${pkgs.curl}/bin/curl http://webserver:8000 >/dev/console \
+              && exit 0
+            sleep 0.5
+          done
+          exit 1
+        """)
+        dns.succeed("podman stop webserver")
+        dns.succeed("podman rm webserver")
+
      with subtest("A podman member can use the docker cli"):
          docker.succeed(su_cmd("docker version"))

--- a/nixos/tests/podman/dnsname.nix
+++ b/nixos/tests/podman/dnsname.nix
@ -1,42 +0,0 @@
-import ../make-test-python.nix (
-  { pkgs, lib, ... }:
-  let
-    inherit (pkgs) writeTextDir python3 curl;
-    webroot = writeTextDir "index.html" "<h1>Hi</h1>";
-  in
-  {
-    name = "podman-dnsname";
-    meta = {
-      maintainers = with lib.maintainers; [ roberth ] ++ lib.teams.podman.members;
-    };
-
-    nodes = {
-      podman = { pkgs, ... }: {
-        virtualisation.podman.enable = true;
-        virtualisation.podman.defaultNetwork.dnsname.enable = true;
-      };
-    };
-
-    testScript = ''
-      podman.wait_for_unit("sockets.target")
-
-      with subtest("DNS works"): # also tests inter-container tcp routing
-        podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
-        podman.succeed(
-          "podman run -d --name=webserver -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin -w ${webroot} scratchimg ${python3}/bin/python -m http.server 8000"
-        )
-        podman.succeed("podman ps | grep webserver")
-        podman.succeed("""
-          for i in `seq 0 120`; do
-            podman run --rm --name=client -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg ${curl}/bin/curl http://webserver:8000 >/dev/console \
-              && exit 0
-            sleep 0.5
-          done
-          exit 1
-        """)
-        podman.succeed("podman stop webserver")
-        podman.succeed("podman rm webserver")
-
-    '';
-  }
-)
--- a/pkgs/applications/networking/cluster/cni/plugins.nix
+++ b/pkgs/applications/networking/cluster/cni/plugins.nix
@ -38,7 +38,7 @@ buildGoModule rec {
    "plugins/meta/vrf"
  ];

-  passthru.tests = { inherit (nixosTests) cri-o podman; };
+  passthru.tests = { inherit (nixosTests) cri-o; };

  meta = with lib; {
    description = "Some standard networking plugins, maintained by the CNI team";
--- a/pkgs/applications/networking/cluster/dnsname-cni/default.nix
+++ b/pkgs/applications/networking/cluster/dnsname-cni/default.nix
@ -3,7 +3,6 @@
  dnsmasq,
  fetchFromGitHub,
  lib,
-  nixosTests,
  makeWrapper,
 }:

@ -28,10 +27,6 @@ buildGoModule rec {

  doCheck = false; # NOTE: requires root privileges

-  passthru.tests = {
-    inherit (nixosTests) podman-dnsname;
-  };
-
  meta = with lib; {
    description = "DNS name resolution for containers";
    homepage = "https://github.com/containers/dnsname";
--- a/pkgs/applications/virtualization/podman/default.nix
+++ b/pkgs/applications/virtualization/podman/default.nix
@ -68,7 +68,6 @@ buildGoModule rec {
    ${if stdenv.isDarwin then ''
      mv bin/{darwin/podman,podman}
    '' else ''
-      install -Dm644 cni/87-podman-bridge.conflist -t $out/etc/cni/net.d
      install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d
      for s in contrib/systemd/**/*.in; do
        substituteInPlace "$s" --replace "@@PODMAN@@" "podman" # don't use unwrapped binary
@ -92,7 +91,6 @@ buildGoModule rec {
    # related modules
    inherit (nixosTests)
      podman-tls-ghostunnel
-      podman-dnsname
      ;
    oci-containers-podman = nixosTests.oci-containers.podman;
  };
--- a/pkgs/applications/virtualization/podman/wrapper.nix
+++ b/pkgs/applications/virtualization/podman/wrapper.nix
@ -15,12 +15,12 @@
 , iproute2
 , catatonit
 , gvproxy
+, aardvark-dns
+, netavark
 }:

 # do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed

-# adding aardvark-dns/netavark to `helpersBin` requires changes to the modules and tests
-
 let
  binPath = lib.makeBinPath ([
  ] ++ lib.optionals stdenv.isLinux [
@ -41,7 +41,9 @@ let
    paths = [
      gvproxy
    ] ++ lib.optionals stdenv.isLinux [
+      aardvark-dns
      catatonit # added here for the pause image and also set in `containersConf` for `init_path`
+      netavark
      podman-unwrapped.rootlessport
    ];
  };
--- a/pkgs/development/tools/language-servers/millet/default.nix
+++ b/pkgs/development/tools/language-servers/millet/default.nix
@ -2,24 +2,24 @@

 rustPlatform.buildRustPackage rec {
  pname = "millet";
-  version = "0.6.0";
+  version = "0.6.7";

  src = fetchFromGitHub {
    owner = "azdavis";
    repo = pname;
    rev = "v${version}";
-    hash = "sha256-tP1ccUtHfj+JPUYGo+QFYjbz56uNl3p53QNeE/xaCt4=";
+    hash = "sha256-sZy5SQ3Gd6bZcEx/30XJXoUI2/HRGTUn8ZZHtti5Cos=";
  };

-  cargoHash = "sha256-umOlvHDA8AtoAeB1i8nNgbjvzTmzwZfdjF+TCTKzqAU=";
+  cargoHash = "sha256-74bGGZakz3yAaamqt3UU4r0QGbUcN6vIXebsgTj6cBM=";

  postPatch = ''
    rm .cargo/config.toml
  '';

-  cargoBuildFlags = [ "--package" "lang-srv" ];
+  cargoBuildFlags = [ "--package" "millet-ls" ];

-  cargoTestFlags = [ "--package" "lang-srv" ];
+  cargoTestFlags = [ "--package" "millet-ls" ];

  meta = with lib; {
    description = "A language server for Standard ML";
@ -27,6 +27,6 @@ rustPlatform.buildRustPackage rec {
    changelog = "https://github.com/azdavis/millet/raw/v${version}/docs/changelog.md";
    license = [ licenses.mit /* or */ licenses.asl20 ];
    maintainers = with maintainers; [ marsam ];
-    mainProgram = "lang-srv";
+    mainProgram = "millet-ls";
  };
 }
--- a/pkgs/development/tools/misc/universal-ctags/default.nix
+++ b/pkgs/development/tools/misc/universal-ctags/default.nix
@ -17,13 +17,13 @@

 stdenv.mkDerivation (finalAttrs: {
  pname = "universal-ctags";
-  version = "5.9.20221106.0";
+  version = "6.0.0";

  src = fetchFromGitHub {
    owner = "universal-ctags";
    repo = "ctags";
-    rev = "p${finalAttrs.version}";
-    hash = "sha256-6piWdofvlX+ysXmRPnQc7PlZuHSyVqdVxOztY2+Pcss=";
+    rev = "v${finalAttrs.version}";
+    hash = "sha256-XlqBndo8g011SDGp3zM7S+AQ0aCp6rpQlqJF6e5Dd6w=";
  };

  depsBuildBuild = [
@ -76,7 +76,7 @@ stdenv.mkDerivation (finalAttrs: {
    '';
    license = licenses.gpl2Plus;
    maintainers = [ maintainers.AndersonTorres ];
-    platforms = platforms.unix;
+    platforms = platforms.all;
    mainProgram = "ctags";
    priority = 1; # over the emacs implementation
  };
--- a/pkgs/development/tools/ruff/default.nix
+++ b/pkgs/development/tools/ruff/default.nix
@ -7,16 +7,16 @@

 rustPlatform.buildRustPackage rec {
  pname = "ruff";
-  version = "0.0.207";
+  version = "0.0.209";

  src = fetchFromGitHub {
    owner = "charliermarsh";
    repo = pname;
    rev = "v${version}";
-    sha256 = "sha256-DAjBie0wiweT/FE4kHLrYoymy+NJvaXkYSky1iJwwv4=";
+    sha256 = "sha256-DYMGGA/GGE4Vue8G61gmDFspODVI81vTK9iOuIB8dDA=";
  };

-  cargoSha256 = "sha256-px6T0DsQPWD6qWZpvEoEUwAiFPxVaBmevGguYpPTQoo=";
+  cargoSha256 = "sha256-Uvl/3VutaquorMMd8KQlqBc5DOdh23oLZSjGExTqUWE=";

  buildInputs = lib.optionals stdenv.isDarwin [
    darwin.apple_sdk.frameworks.CoreServices
--- a/pkgs/development/tools/rust/cargo-nextest/default.nix
+++ b/pkgs/development/tools/rust/cargo-nextest/default.nix
@ -2,16 +2,16 @@

 rustPlatform.buildRustPackage rec {
  pname = "cargo-nextest";
-  version = "0.9.47";
+  version = "0.9.48";

  src = fetchFromGitHub {
    owner = "nextest-rs";
    repo = "nextest";
    rev = "cargo-nextest-${version}";
-    sha256 = "sha256-G7Y2x9aRcQB28uR2TlyG8JW9kYSD9iMPASd0VFXOxcE=";
+    sha256 = "sha256-y1Ka9XEXuwavAI23C4UmjTHraHHnbsA3QzDIkkSqfoU=";
  };

-  cargoSha256 = "sha256-7fesLvkHPpPS4xKn3r6hLjQzP0udm92BsVPhdckTk7c=";
+  cargoSha256 = "sha256-1LsAbBdRz5Xf+LF/eOc34d+SQ0Ein8JW5/4v7ZZEFqA=";

  buildInputs = lib.optionals stdenv.isDarwin [ Security ];

--- a/pkgs/development/tools/sq/default.nix
+++ b/pkgs/development/tools/sq/default.nix
@ -2,16 +2,16 @@

 buildGoModule rec {
  pname = "sq";
-  version = "0.18.2";
+  version = "0.20.0";

  src = fetchFromGitHub {
    owner = "neilotoole";
    repo = pname;
    rev = "v${version}";
-    sha256 = "sha256-x5NHMTyOZSGOnAUCRu1qZggU5m832TFrBTSNJU6DUKo=";
+    sha256 = "sha256-mJp4lb4pzjdjodHk2zLAEePn+oIPI/vTtU0YOIbmWDY=";
  };

-  vendorSha256 = "sha256-IRuwX+VF0ltASTt/QKlZ3A00tgDhc9qpBfzhINp3HgQ=";
+  vendorSha256 = "sha256-8kk+KCanbnsizGRjF3qcxCBxC7Sx0zfptQFTETZp89E=";

  proxyVendor = true;

--- a/pkgs/development/tools/zsv/default.nix
+++ b/pkgs/development/tools/zsv/default.nix
@ -2,13 +2,13 @@

 stdenv.mkDerivation rec {
  pname = "zsv";
-  version = "0.3.3-alpha";
+  version = "0.3.4-alpha";

  src = fetchFromGitHub {
    owner = "liquidaty";
    repo = "zsv";
    rev = "v${version}";
-    sha256 = "sha256-gKtnyBCgiXNKiAjOYk2rxExfcNGHEAmjealcCTWRj+M=";
+    sha256 = "sha256-3drVqKRs5bjkvQiHyEANI5geeF5g7ba2+RxmAhxbu84=";
  };

  nativeBuildInputs = [ perl ];
--- a/pkgs/tools/filesystems/httm/default.nix
+++ b/pkgs/tools/filesystems/httm/default.nix
@ -6,16 +6,16 @@

 rustPlatform.buildRustPackage rec {
  pname = "httm";
-  version = "0.18.3";
+  version = "0.19.2";

  src = fetchFromGitHub {
    owner = "kimono-koans";
    repo = pname;
    rev = version;
-    sha256 = "sha256-LJFBridWS7YYO9Bw3mzRdRnh2gGUxAtuoNq2T1wuAcY=";
+    sha256 = "sha256-0diHZFD4+glTdGWWJk/5amr0mDsvKV5OibKGQNtitIk=";
  };

-  cargoSha256 = "sha256-/v0QQ3EnmL1EKEjJ4O0t52SOrCz+CVBpunogEfVMpBw=";
+  cargoSha256 = "sha256-Rg1wmDLmkDC25meZIe94WZ3Wp8a93VAqRJXjmaE6k18=";

  nativeBuildInputs = [ installShellFiles ];

--- a/pkgs/tools/networking/aardvark-dns/default.nix
+++ b/pkgs/tools/networking/aardvark-dns/default.nix
@ -1,6 +1,7 @@
 { lib
 , rustPlatform
 , fetchFromGitHub
+, nixosTests
 }:

 rustPlatform.buildRustPackage rec {
@ -16,6 +17,8 @@ rustPlatform.buildRustPackage rec {

  cargoHash = "sha256-naWkSXQHfImd6R+RHKkmTe8UiqxknZEFYoJ0g/URCVY=";

+  passthru.tests = { inherit (nixosTests) podman; };
+
  meta = with lib; {
    description = "Authoritative dns server for A/AAAA container records";
    homepage = "https://github.com/containers/aardvark-dns";
--- a/pkgs/tools/networking/netavark/default.nix
+++ b/pkgs/tools/networking/netavark/default.nix
@ -3,6 +3,7 @@
 , fetchFromGitHub
 , installShellFiles
 , mandown
+, nixosTests
 }:

 rustPlatform.buildRustPackage rec {
@ -25,6 +26,8 @@ rustPlatform.buildRustPackage rec {
    installManPage docs/netavark.1
  '';

+  passthru.tests = { inherit (nixosTests) podman; };
+
  meta = with lib; {
    description = "Rust based network stack for containers";
    homepage = "https://github.com/containers/netavark";
--- a/pkgs/tools/networking/v2ray/default.nix
+++ b/pkgs/tools/networking/v2ray/default.nix
@ -6,18 +6,18 @@

 buildGoModule rec {
  pname = "v2ray-core";
-  version = "5.1.0";
+  version = "5.2.0";

  src = fetchFromGitHub {
    owner = "v2fly";
    repo = "v2ray-core";
    rev = "v${version}";
-    hash = "sha256-87BtyaJN6qbinZQ+6MAwaK62YzbVnncj4qnEErG5tfA=";
+    hash = "sha256-/n8GyKcTsus7BWspg6Br4ALH98A1dSpkNFNKkRlIqHs=";
  };

  # `nix-update` doesn't support `vendorHash` yet.
  # https://github.com/Mic92/nix-update/pull/95
-  vendorSha256 = "sha256-RuDCAgTzqwe5fUwa9ce2wRx4FPT8siRLbP7mU8/jg/Y=";
+  vendorSha256 = "sha256-85k6XWe12m2siejfoPJru87/AYdVSl+ag09jUkBIc0M=";

  ldflags = [ "-s" "-w" "-buildid=" ];