commit 31aedcfbee577d8118709cbfd1ecc0d61ff49f82 · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2505.section.md

···

       258
       258
        
       - `services.paperless` now installs `paperless-manage` as a normal system package instead of creating a symlink in `/var/lib/paperless`.

     

       259
       259
        
         `paperless-manage` now also changes to the appropriate user when being executed.

     

       260
       260
        
       

     

       261
       261
       +
       - The `gotenberg` package has been updated to 8.16.0, which brings breaking changes to the configuration from version 8.13.0. See the [upstream release notes](https://github.com/gotenberg/gotenberg/releases/tag/v8.13.0)

     

       262
       262
       +
         for that release to get all the details. The `services.gotenberg` module has been updated appropriately to ensure your configuration is valid with this new release.

     

       263
       263
       +
       

     

       261
       264
        
       - `asusd` has been upgraded to version 6 which supports multiple aura devices. To account for this, the single `auraConfig` configuration option has been replaced with `auraConfigs` which is an attribute set of config options per each device. The config files may also be now specified as either source files or text strings; to account for this you will need to specify that `text` is used for your existing configs, e.g.:

     

       262
       265
        
         ```diff

     

       263
       266
        
         -services.asusd.asusdConfig = '''file contents'''

+119 -21

nixos/modules/services/misc/gotenberg.nix

···

       16
       16
        
             "--chromium-max-queue-size=${toString cfg.chromium.maxQueueSize}"

     

       17
       17
        
             "--libreoffice-restart-after=${toString cfg.libreoffice.restartAfter}"

     

       18
       18
        
             "--libreoffice-max-queue-size=${toString cfg.libreoffice.maxQueueSize}"

     

       19
       19
       -
             "--pdfengines-engines=${lib.concatStringsSep "," cfg.pdfEngines}"

     

       19
       19
       +
             "--pdfengines-merge-engines=${lib.concatStringsSep "," cfg.pdfEngines.merge}"

     

       20
       20
       +
             "--pdfengines-convert-engines=${lib.concatStringsSep "," cfg.pdfEngines.convert}"

     

       21
       21
       +
             "--pdfengines-read-metadata-engines=${lib.concatStringsSep "," cfg.pdfEngines.readMetadata}"

     

       22
       22
       +
             "--pdfengines-write-metadata-engines=${lib.concatStringsSep "," cfg.pdfEngines.writeMetadata}"

     

       23
       23
       +
             "--api-download-from-allow-list=${cfg.downloadFrom.allowList}"

     

       24
       24
       +
             "--api-download-from-max-retry=${toString cfg.downloadFrom.maxRetries}"

     

       20
       25
        
           ]

     

       21
       26
        
           ++ optional cfg.enableBasicAuth "--api-enable-basic-auth"

     

       22
       27
        
           ++ optional cfg.chromium.autoStart "--chromium-auto-start"

     

       23
       28
        
           ++ optional cfg.chromium.disableJavascript "--chromium-disable-javascript"

     

       24
       29
        
           ++ optional cfg.chromium.disableRoutes "--chromium-disable-routes"

     

       25
       30
        
           ++ optional cfg.libreoffice.autoStart "--libreoffice-auto-start"

     

       26
       26
       -
           ++ optional cfg.libreoffice.disableRoutes "--libreoffice-disable-routes";

     

       31
       31
       +
           ++ optional cfg.libreoffice.disableRoutes "--libreoffice-disable-routes"

     

       32
       32
       +
           ++ optional cfg.pdfEngines.disableRoutes "--pdfengines-disable-routes"

     

       33
       33
       +
           ++ optional (

     

       34
       34
       +
             cfg.downloadFrom.denyList != null

     

       35
       35
       +
           ) "--api-download-from-deny-list=${cfg.downloadFrom.denyList}"

     

       36
       36
       +
           ++ optional cfg.downloadFrom.disable "--api-disable-download-from"

     

       37
       37
       +
           ++ optional (cfg.bodyLimit != null) "--api-body-limit=${cfg.bodyLimit}"

     

       38
       38
       +
           ++ lib.optionals (cfg.extraArgs != [ ]) cfg.extraArgs;

     

       27
       39
        
       

     

       28
       40
        
         inherit (lib)

     

       29
       41
        
           mkEnableOption

     
···

       51
       63
        
               description = "Port on which the API should listen.";

     

       52
       64
        
             };

     

       53
       65
        
       

     

       66
       66
       +
             bindIP = mkOption {

     

       67
       67
       +
               type = types.nullOr types.str;

     

       68
       68
       +
               default = "127.0.0.1";

     

       69
       69
       +
               description = "Port the API listener should bind to. Set to 0.0.0.0 to listen on all available IPs.";

     

       70
       70
       +
             };

     

       71
       71
       +
       

     

       54
       72
        
             timeout = mkOption {

     

       55
       73
        
               type = types.nullOr types.str;

     

       56
       74
        
               default = "30s";

     
···

       74
       92
        
               '';

     

       75
       93
        
             };

     

       76
       94
        
       

     

       95
       95
       +
             bodyLimit = mkOption {

     

       96
       96
       +
               type = types.nullOr types.str;

     

       97
       97
       +
               default = null;

     

       98
       98
       +
               description = "Sets the max limit for `multipart/form-data` requests. Accepts values like '5M', '20G', etc.";

     

       99
       99
       +
             };

     

       100
       100
       +
       

     

       77
       101
        
             extraFontPackages = mkOption {

     

       78
       102
        
               type = types.listOf types.package;

     

       79
       103
        
               default = [ ];

     
···

       108
       132
        
               };

     

       109
       133
        
             };

     

       110
       134
        
       

     

       135
       135
       +
             downloadFrom = {

     

       136
       136
       +
               allowList = mkOption {

     

       137
       137
       +
                 type = types.nullOr types.str;

     

       138
       138
       +
                 default = ".*";

     

       139
       139
       +
                 description = "Allow these URLs to be used in the `downloadFrom` API field. Accepts a regular expression.";

     

       140
       140
       +
               };

     

       141
       141
       +
               denyList = mkOption {

     

       142
       142
       +
                 type = types.nullOr types.str;

     

       143
       143
       +
                 default = null;

     

       144
       144
       +
                 description = "Deny accepting URLs from these domains in the `downloadFrom` API field. Accepts a regular expression.";

     

       145
       145
       +
               };

     

       146
       146
       +
               maxRetries = mkOption {

     

       147
       147
       +
                 type = types.int;

     

       148
       148
       +
                 default = 4;

     

       149
       149
       +
                 description = "The maximum amount of times to retry downloading a file specified with `downloadFrom`.";

     

       150
       150
       +
               };

     

       151
       151
       +
               disable = mkOption {

     

       152
       152
       +
                 type = types.bool;

     

       153
       153
       +
                 default = false;

     

       154
       154
       +
                 description = "Whether to disable the ability to download files for conversion from outside sources.";

     

       155
       155
       +
               };

     

       156
       156
       +
             };

     

       157
       157
       +
       

     

       111
       158
        
             libreoffice = {

     

       112
       159
        
               package = mkPackageOption pkgs "libreoffice" { };

     

       113
       160
        
       

     
···

       136
       183
        
               };

     

       137
       184
        
             };

     

       138
       185
        
       

     

       139
       139
       -
             pdfEngines = mkOption {

     

       140
       140
       -
               type = types.listOf (

     

       141
       141
       -
                 types.enum [

     

       186
       186
       +
             pdfEngines = {

     

       187
       187
       +
               merge = mkOption {

     

       188
       188
       +
                 type = types.listOf (

     

       189
       189
       +
                   types.enum [

     

       190
       190
       +
                     "qpdf"

     

       191
       191
       +
                     "pdfcpu"

     

       192
       192
       +
                     "pdftk"

     

       193
       193
       +
                   ]

     

       194
       194
       +
                 );

     

       195
       195
       +
                 default = [

     

       196
       196
       +
                   "qpdf"

     

       197
       197
       +
                   "pdfcpu"

     

       142
       198
        
                   "pdftk"

     

       143
       143
       -
                   "qpdf"

     

       199
       199
       +
                 ];

     

       200
       200
       +
                 description = "PDF Engines to use for merging files.";

     

       201
       201
       +
               };

     

       202
       202
       +
               convert = mkOption {

     

       203
       203
       +
                 type = types.listOf (

     

       204
       204
       +
                   types.enum [

     

       205
       205
       +
                     "libreoffice-pdfengine"

     

       206
       206
       +
                   ]

     

       207
       207
       +
                 );

     

       208
       208
       +
                 default = [

     

       144
       209
        
                   "libreoffice-pdfengine"

     

       210
       210
       +
                 ];

     

       211
       211
       +
                 description = "PDF Engines to use for converting files.";

     

       212
       212
       +
               };

     

       213
       213
       +
               readMetadata = mkOption {

     

       214
       214
       +
                 type = types.listOf (

     

       215
       215
       +
                   types.enum [

     

       216
       216
       +
                     "exiftool"

     

       217
       217
       +
                   ]

     

       218
       218
       +
                 );

     

       219
       219
       +
                 default = [

     

       145
       220
        
                   "exiftool"

     

       146
       146
       -
                   "pdfcpu"

     

       147
       147
       -
                 ]

     

       148
       148
       -
               );

     

       149
       149
       -
               default = [

     

       150
       150
       -
                 "pdftk"

     

       151
       151
       -
                 "qpdf"

     

       152
       152
       -
                 "libreoffice-pdfengine"

     

       153
       153
       -
                 "exiftool"

     

       154
       154
       -
                 "pdfcpu"

     

       155
       155
       -
               ];

     

       156
       156
       -
               description = ''

     

       157
       157
       -
                 PDF engines to enable. Each one can be used to perform a specific task.

     

       158
       158
       -
                 See [the documentation](https://gotenberg.dev/docs/configuration#pdf-engines) for more details.

     

       159
       159
       -
                 Defaults to all possible PDF engines.

     

       160
       160
       -
               '';

     

       221
       221
       +
                 ];

     

       222
       222
       +
                 description = "PDF Engines to use for reading metadata from files.";

     

       223
       223
       +
               };

     

       224
       224
       +
               writeMetadata = mkOption {

     

       225
       225
       +
                 type = types.listOf (

     

       226
       226
       +
                   types.enum [

     

       227
       227
       +
                     "exiftool"

     

       228
       228
       +
                   ]

     

       229
       229
       +
                 );

     

       230
       230
       +
                 default = [

     

       231
       231
       +
                   "exiftool"

     

       232
       232
       +
                 ];

     

       233
       233
       +
                 description = "PDF Engines to use for writing metadata to files.";

     

       234
       234
       +
               };

     

       235
       235
       +
       

     

       236
       236
       +
               disableRoutes = mkOption {

     

       237
       237
       +
                 type = types.bool;

     

       238
       238
       +
                 default = false;

     

       239
       239
       +
                 description = "Disable routes related to PDF engines.";

     

       240
       240
       +
               };

     

       161
       241
        
             };

     

       162
       242
        
       

     

       163
       243
        
             logLevel = mkOption {

     
···

       196
       276
        
                 See `services.gotenberg.enableBasicAuth` for the names of those variables.

     

       197
       277
        
               '';

     

       198
       278
        
             }

     

       279
       279
       +
             {

     

       280
       280
       +
               assertion = !(lib.isList cfg.pdfEngines);

     

       281
       281
       +
               message = ''

     

       282
       282
       +
                 Setting `services.gotenberg.pdfEngines` to a list is now deprecated.

     

       283
       283
       +
                 Use the new `pdfEngines.mergeEngines`, `pdfEngines.convertEngines`, `pdfEngines.readMetadataEngines`, and `pdfEngines.writeMetadataEngines` settings instead.

     

       284
       284
       +
       

     

       285
       285
       +
                 The previous option was using a method that is now deprecated by upstream.

     

       286
       286
       +
               '';

     

       287
       287
       +
             }

     

       199
       288
        
           ];

     

       200
       289
        
       

     

       201
       290
        
           systemd.services.gotenberg = {

     
···

       209
       298
        
               FONTCONFIG_FILE = pkgs.makeFontsConf {

     

       210
       299
        
                 fontDirectories = [ pkgs.liberation_ttf_v2 ] ++ cfg.extraFontPackages;

     

       211
       300
        
               };

     

       301
       301
       +
               # Needed for LibreOffice to work correctly.

     

       302
       302
       +
               # https://github.com/NixOS/nixpkgs/issues/349123#issuecomment-2418330936

     

       303
       303
       +
               HOME = "/run/gotenberg";

     

       212
       304
        
             };

     

       213
       305
        
             serviceConfig = {

     

       214
       306
        
               Type = "simple";

     

       215
       307
        
               DynamicUser = true;

     

       216
       308
        
               ExecStart = "${lib.getExe cfg.package} ${lib.escapeShellArgs args}";

     

       309
       309
       +
       

     

       310
       310
       +
               # Needed for LibreOffice to work correctly.

     

       311
       311
       +
               # See above issue comment.

     

       312
       312
       +
               WorkingDirectory = "/run/gotenberg";

     

       313
       313
       +
               RuntimeDirectory = "gotenberg";

     

       217
       314
        
       

     

       218
       315
        
               # Hardening options

     

       219
       316
        
               PrivateDevices = true;

     
···

       243
       340
        
               SystemCallFilter = [

     

       244
       341
        
                 "@sandbox"

     

       245
       342
        
                 "@system-service"

     

       343
       343
       +
                 "@chown"

     

       246
       344
        
               ];

     

       247
       345
        
               SystemCallArchitectures = "native";

     

       248
       346