Merge master into staging-next

nixos/modules/virtualisation/cri-o.nix

@@ -6,6 +6,9 @@ let
 
   crioPackage = (pkgs.cri-o.override { inherit (cfg) extraPackages; });
 
+  format = pkgs.formats.toml { };
+
+  cfgFile = format.generate "00-default.conf" cfg.settings;
 in
 {
   imports = [
@@ -13,7 +16,7 @@ in
   ];
 
   meta = {
-    maintainers = lib.teams.podman.members;
+    maintainers = teams.podman.members;
   };
 
   options.virtualisation.cri-o = {
@@ -55,7 +58,7 @@ in
     extraPackages = mkOption {
       type = with types; listOf package;
       default = [ ];
-      example = lib.literalExample ''
+      example = literalExample ''
         [
           pkgs.gvisor
         ]
@@ -65,7 +68,7 @@ in
       '';
     };
 
-    package = lib.mkOption {
+    package = mkOption {
       type = types.package;
       default = crioPackage;
       internal = true;
@@ -80,6 +83,15 @@ in
       description = "Override the network_dir option.";
       internal = true;
     };
+
+    settings = mkOption {
+      type = format.type;
+      default = { };
+      description = ''
+        Configuration for cri-o, see
+        <link xlink:href="https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md"/>.
+      '';
+    };
   };
 
   config = mkIf cfg.enable {
@@ -87,36 +99,38 @@ in
 
     environment.etc."crictl.yaml".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/crictl.yaml";
 
-    environment.etc."crio/crio.conf.d/00-default.conf".text = ''
-      [crio]
-      storage_driver = "${cfg.storageDriver}"
+    virtualisation.cri-o.settings.crio = {
+      storage_driver = cfg.storageDriver;
 
-      [crio.image]
-      ${optionalString (cfg.pauseImage != null) ''pause_image = "${cfg.pauseImage}"''}
-      ${optionalString (cfg.pauseCommand != null) ''pause_command = "${cfg.pauseCommand}"''}
+      image = {
+        pause_image = mkIf (cfg.pauseImage != null) cfg.pauseImage;
+        pause_command = mkIf (cfg.pauseCommand != null) cfg.pauseCommand;
+      };
 
-      [crio.network]
-      plugin_dirs = ["${pkgs.cni-plugins}/bin/"]
-      ${optionalString (cfg.networkDir != null) ''network_dir = "${cfg.networkDir}"''}
+      network = {
+        plugin_dirs = [ "${pkgs.cni-plugins}/bin" ];
+        network_dir = mkIf (cfg.networkDir != null) cfg.networkDir;
+      };
 
-      [crio.runtime]
-      cgroup_manager = "systemd"
-      log_level = "${cfg.logLevel}"
-      pinns_path = "${cfg.package}/bin/pinns"
-      hooks_dir = [
-      ${lib.optionalString config.virtualisation.containers.ociSeccompBpfHook.enable
-        ''"${config.boot.kernelPackages.oci-seccomp-bpf-hook}",''}
-      ]
+      runtime = {
+        cgroup_manager = "systemd";
+        log_level = cfg.logLevel;
+        manage_ns_lifecycle = true;
+        pinns_path = "${cfg.package}/bin/pinns";
+        hooks_dir =
+          optional (config.virtualisation.containers.ociSeccompBpfHook.enable)
+            config.boot.kernelPackages.oci-seccomp-bpf-hook;
 
-      ${optionalString (cfg.runtime != null) ''
-      default_runtime = "${cfg.runtime}"
-      [crio.runtime.runtimes]
-      [crio.runtime.runtimes.${cfg.runtime}]
-      ''}
-    '';
+        default_runtime = mkIf (cfg.runtime != null) cfg.runtime;
+        runtimes = mkIf (cfg.runtime != null) {
+          "${cfg.runtime}" = { };
+        };
+      };
+    };
 
     environment.etc."cni/net.d/10-crio-bridge.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/10-crio-bridge.conf";
     environment.etc."cni/net.d/99-loopback.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/99-loopback.conf";
+    environment.etc."crio/crio.conf.d/00-default.conf".source = cfgFile;
 
     # Enable common /etc/containers configuration
     virtualisation.containers.enable = true;
@@ -139,6 +153,7 @@ in
         TimeoutStartSec = "0";
         Restart = "on-abnormal";
       };
+      restartTriggers = [ cfgFile ];
     };
   };
 }

pkgs/applications/audio/csound/default.nix

@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
   # When updating, please check if https://github.com/csound/csound/issues/1078
   # has been fixed in the new version so we can use the normal fluidsynth
   # version and remove fluidsynth 1.x from nixpkgs again.
-  version = "6.16.0";
+  version = "6.16.2";
 
   hardeningDisable = [ "format" ];
 
@@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
     owner = "csound";
     repo = "csound";
     rev = version;
-    sha256 = "sha256-1+P2W8auc34sNJdKHUcilOBCK+Is9GHnM+J+M4oNR3U=";
+    sha256 = "sha256-1rcS3kOspU9ACx45yB8betph4G0hso1OSJQRiabX6tE=";
   };
 
   cmakeFlags = [ "-DBUILD_CSOUND_AC=0" ] # fails to find Score.hpp

pkgs/applications/virtualization/containerd/default.nix

@@ -10,7 +10,7 @@
 
 buildGoModule rec {
   pname = "containerd";
-  version = "1.5.2";
+  version = "1.5.4";
 
   outputs = [ "out" "man" ];
 
@@ -18,7 +18,7 @@ buildGoModule rec {
     owner = "containerd";
     repo = "containerd";
     rev = "v${version}";
-    sha256 = "sha256-RDLAmPBjDHCx9al+gstUTrvKc/L0vAm8IEd/mvX5Als=";
+    sha256 = "sha256-VV1cxA8tDRiPDxKV8OGu3T7sgutmyL+VPNqTeFcVjJA=";
   };
 
   vendorSha256 = null;

pkgs/development/tools/analysis/flow/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "flow";
-  version = "0.155.0";
+  version = "0.155.1";
 
   src = fetchFromGitHub {
     owner  = "facebook";
     repo   = "flow";
     rev    = "refs/tags/v${version}";
-    sha256 = "sha256-NMqglKpVrGgkxnrxSKKUeQ9RZ3eamlO6CDlaHjwKA3I=";
+    sha256 = "sha256-tlnABN/mcUsR8tgqgrQT+t6joo6wJMeGKtcbjyiVbbE=";
   };
 
   installPhase = ''

pkgs/servers/althttpd/default.nix

@@ -2,12 +2,12 @@
 
 stdenv.mkDerivation rec {
   pname = "althttpd";
-  version = "unstable-2021-05-07";
+  version = "unstable-2021-06-09";
 
   src = fetchfossil {
     url = "https://sqlite.org/althttpd/";
-    rev = "2c5e3f9f7051a578";
-    sha256 = "sha256-+RuogtQAc+zjCWTOiOunu1pXf3LxfdWYQX+24ysJ7uY=";
+    rev = "0d3b5e232c57e188";
+    sha256 = "sha256-vZwpjYYMdP/FgPTAQ9Kdh2RRMovpONqu2v73cCoYyxE=";
   };
 
   installPhase = ''