Merge master into staging-next

13 files changed, 102 insertions, 34 deletions

diff --git a/nixos/doc/manual/configuration/x-windows.xml b/nixos/doc/manual/configuration/x-windows.xml
index 110712baf5f..ca93026d865 100644
--- a/nixos/doc/manual/configuration/x-windows.xml
+++ b/nixos/doc/manual/configuration/x-windows.xml
@@ -96,6 +96,47 @@
   The options are named identically for all other display managers.
   </para>
  </simplesect>
+ <simplesect xml:id="sec-x11--graphics-cards-intel">
+  <title>Intel Graphics drivers</title>
+  <para>
+   There are two choices for Intel Graphics drivers in X.org:
+   <literal>modesetting</literal> (included in the <package>xorg-server</package> itself)
+   and <literal>intel</literal> (provided by the package <package>xf86-video-intel</package>).
+  </para>
+  <para>
+   The default and recommended is <literal>modesetting</literal>.
+   It is a generic driver which uses the kernel
+   <link xlink:href="https://en.wikipedia.org/wiki/Mode_setting">mode setting</link>
+   (KMS) mechanism. It supports Glamor (2D graphics acceleration via OpenGL)
+   and is actively maintained but may perform worse in some cases (like in old chipsets).
+  </para>
+  <para>
+   The second driver, <literal>intel</literal>, is specific to Intel GPUs,
+   but not recommended by most distributions: it lacks several modern features
+   (for example, it doesn't support Glamor) and the package hasn't been officially
+   updated since 2015.
+  </para>
+  <para>
+   The results vary depending on the hardware, so you may have to try both drivers.
+   Use the option <xref linkend="opt-services.xserver.videoDrivers"/> to set one.
+   The recommended configuration for modern systems is:
+<programlisting>
+  <xref linkend="opt-services.xserver.videoDrivers"/> = [ "modesetting" ];
+  <xref linkend="opt-services.xserver.useGlamor"/> = true;
+</programlisting>
+   If you experience screen tearing no matter what, this configuration was
+   reported to resolve the issue:
+<programlisting>
+  <xref linkend="opt-services.xserver.videoDrivers"/> = [ "intel" ];
+  <xref linkend="opt-services.xserver.deviceSection"/> = ''
+    Option "DRI" "2"
+    Option "TearFree" "true"
+  '';
+</programlisting>
+   Note that this will likely downgrade the performance compared to
+  <literal>modesetting</literal> or <literal>intel</literal> with DRI 3 (default).
+  </para>
+ </simplesect>
  <simplesect xml:id="sec-x11-graphics-cards-nvidia">
   <title>Proprietary NVIDIA drivers</title>
   <para>
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index 7fbbfcec751..8defa86818a 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -626,7 +626,7 @@ in {
         then
         ''
           The password hash of user "${name}" may be invalid. You must set a
-          valid hash or the user will be locked out of his account. Please
+          valid hash or the user will be locked out of their account. Please
           check the value of option `users.users."${name}".hashedPassword`.
         ''
         else null
diff --git a/nixos/modules/hardware/device-tree.nix b/nixos/modules/hardware/device-tree.nix
index cf553497c89..b3f1dda98c8 100644
--- a/nixos/modules/hardware/device-tree.nix
+++ b/nixos/modules/hardware/device-tree.nix
@@ -22,11 +22,22 @@ in {
           example = literalExample "pkgs.device-tree_rpi";
           type = types.path;
           description = ''
-            The package containing the base device-tree (.dtb) to boot. Contains
+            The path containing the base device-tree (.dtb) to boot. Contains
             device trees bundled with the Linux kernel by default.
           '';
         };
 
+        name = mkOption {
+          default = null;
+          example = "some-dtb.dtb";
+          type = types.nullOr types.str;
+          description = ''
+            The name of an explicit dtb to be loaded, relative to the dtb base.
+            Useful in extlinux scenarios if the bootloader doesn't pick the
+            right .dtb file from FDTDIR.
+          '';
+        };
+
         overlays = mkOption {
           default = [];
           example = literalExample
diff --git a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
index 2d34406a032..bef6cd2fb5a 100644
--- a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
+++ b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
@@ -2,12 +2,6 @@
 # nix-build nixos -I nixos-config=nixos/modules/installer/cd-dvd/sd-image-aarch64.nix -A config.system.build.sdImage
 { config, lib, pkgs, ... }:
 
-let
-  extlinux-conf-builder =
-    import ../../system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix {
-      pkgs = pkgs.buildPackages;
-    };
-in
 {
   imports = [
     ../../profiles/base.nix
@@ -56,7 +50,7 @@ in
       '';
     populateRootCommands = ''
       mkdir -p ./files/boot
-      ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
+      ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
     '';
   };
 
diff --git a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
index 651d1a36dc1..d2ba611532e 100644
--- a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
+++ b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
@@ -2,12 +2,6 @@
 # nix-build nixos -I nixos-config=nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix -A config.system.build.sdImage
 { config, lib, pkgs, ... }:
 
-let
-  extlinux-conf-builder =
-    import ../../system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix {
-      pkgs = pkgs.buildPackages;
-    };
-in
 {
   imports = [
     ../../profiles/base.nix
@@ -53,7 +47,7 @@ in
       '';
     populateRootCommands = ''
       mkdir -p ./files/boot
-      ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
+      ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
     '';
   };
 
diff --git a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix
index ba4127eaa0e..40a01f96177 100644
--- a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix
+++ b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix
@@ -2,12 +2,6 @@
 # nix-build nixos -I nixos-config=nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix -A config.system.build.sdImage
 { config, lib, pkgs, ... }:
 
-let
-  extlinux-conf-builder =
-    import ../../system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix {
-      pkgs = pkgs.buildPackages;
-    };
-in
 {
   imports = [
     ../../profiles/base.nix
@@ -42,7 +36,7 @@ in
       '';
     populateRootCommands = ''
       mkdir -p ./files/boot
-      ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
+      ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
     '';
   };
 
diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix
index c15befa59e2..ddad1116c94 100644
--- a/nixos/modules/installer/cd-dvd/sd-image.nix
+++ b/nixos/modules/installer/cd-dvd/sd-image.nix
@@ -99,7 +99,7 @@ in
     };
 
     populateRootCommands = mkOption {
-      example = literalExample "''\${extlinux-conf-builder} -t 3 -c \${config.system.build.toplevel} -d ./files/boot''";
+      example = literalExample "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''";
       description = ''
         Shell commands to populate the ./files directory.
         All files in that directory are copied to the
diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl
index 422c405054d..157dc28e0a8 100644
--- a/nixos/modules/installer/tools/nixos-generate-config.pl
+++ b/nixos/modules/installer/tools/nixos-generate-config.pl
@@ -628,6 +628,7 @@ EOF
         write_file($fn, <<EOF);
 @configuration@
 EOF
+        print STDERR "For more hardware-specific settings, see https://github.com/NixOS/nixos-hardware"
     } else {
         print STDERR "warning: not overwriting existing $fn\n";
     }
diff --git a/nixos/modules/services/networking/3proxy.nix b/nixos/modules/services/networking/3proxy.nix
index ae8a4958ca9..37a48657c1c 100644
--- a/nixos/modules/services/networking/3proxy.nix
+++ b/nixos/modules/services/networking/3proxy.nix
@@ -124,7 +124,7 @@ in {
                   <literal>"iponly"</literal>: specifies no authentication. ACLs authorization is used.
                 </para></listitem>
                 <listitem><para>
-                  <literal>"strong"</literal>: authentication by username/password. If user is not registered his access is denied regardless of ACLs.
+                  <literal>"strong"</literal>: authentication by username/password. If user is not registered their access is denied regardless of ACLs.
                 </para></listitem>
               </itemizedlist>
 
diff --git a/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix b/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix
index af39c7bb684..bd508bbe8ea 100644
--- a/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix
+++ b/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix
@@ -4,11 +4,15 @@ with lib;
 
 let
   blCfg = config.boot.loader;
+  dtCfg = config.hardware.deviceTree;
   cfg = blCfg.generic-extlinux-compatible;
 
   timeoutStr = if blCfg.timeout == null then "-1" else toString blCfg.timeout;
 
+  # The builder used to write during system activation
   builder = import ./extlinux-conf-builder.nix { inherit pkgs; };
+  # The builder exposed in populateCmd, which runs on the build architecture
+  populateBuilder = import ./extlinux-conf-builder.nix { pkgs = pkgs.buildPackages; };
 in
 {
   options = {
@@ -34,11 +38,28 @@ in
           Maximum number of configurations in the boot menu.
         '';
       };
+
+      populateCmd = mkOption {
+        type = types.str;
+        readOnly = true;
+        description = ''
+          Contains the builder command used to populate an image,
+          honoring all options except the <literal>-c &lt;path-to-default-configuration&gt;</literal>
+          argument.
+          Useful to have for sdImage.populateRootCommands
+        '';
+      };
+
     };
   };
 
-  config = mkIf cfg.enable {
-    system.build.installBootLoader = "${builder} -g ${toString cfg.configurationLimit} -t ${timeoutStr} -c";
-    system.boot.loader.id = "generic-extlinux-compatible";
-  };
+  config = let
+    builderArgs = "-g ${toString cfg.configurationLimit} -t ${timeoutStr}" + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}";
+  in
+    mkIf cfg.enable {
+      system.build.installBootLoader = "${builder} ${builderArgs} -c";
+      system.boot.loader.id = "generic-extlinux-compatible";
+
+      boot.loader.generic-extlinux-compatible.populateCmd = "${populateBuilder} ${builderArgs}";
+    };
 }
diff --git a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh
index 0092ee92b62..854684b87fa 100644
--- a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh
+++ b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh
@@ -6,7 +6,7 @@ export PATH=/empty
 for i in @path@; do PATH=$PATH:$i/bin; done
 
 usage() {
-    echo "usage: $0 -t <timeout> -c <path-to-default-configuration> [-d <boot-dir>] [-g <num-generations>]" >&2
+    echo "usage: $0 -t <timeout> -c <path-to-default-configuration> [-d <boot-dir>] [-g <num-generations>] [-n <dtbName>]" >&2
     exit 1
 }
 
@@ -15,7 +15,7 @@ default=                # Default configuration
 target=/boot            # Target directory
 numGenerations=0        # Number of other generations to include in the menu
 
-while getopts "t:c:d:g:" opt; do
+while getopts "t:c:d:g:n:" opt; do
     case "$opt" in
         t) # U-Boot interprets '0' as infinite and negative as instant boot
             if [ "$OPTARG" -lt 0 ]; then
@@ -29,6 +29,7 @@ while getopts "t:c:d:g:" opt; do
         c) default="$OPTARG" ;;
         d) target="$OPTARG" ;;
         g) numGenerations="$OPTARG" ;;
+        n) dtbName="$OPTARG" ;;
         \?) usage ;;
     esac
 done
@@ -96,7 +97,17 @@ addEntry() {
     echo "  LINUX ../nixos/$(basename $kernel)"
     echo "  INITRD ../nixos/$(basename $initrd)"
     if [ -d "$dtbDir" ]; then
-        echo "  FDTDIR ../nixos/$(basename $dtbs)"
+        # if a dtbName was specified explicitly, use that, else use FDTDIR
+        if [ -n "$dtbName" ]; then
+            echo "  FDT ../nixos/$(basename $dtbs)/${dtbName}"
+        else
+            echo "  FDTDIR ../nixos/$(basename $dtbs)"
+        fi
+    else
+        if [ -n "$dtbName" ]; then
+            echo "Explicitly requested dtbName $dtbName, but there's no FDTDIR - bailing out." >&2
+            exit 1
+        fi
     fi
     echo "  APPEND systemConfig=$path init=$path/init $extraParams"
 }
diff --git a/nixos/tests/sudo.nix b/nixos/tests/sudo.nix
index 5bbec3d5726..8c38f1b47ef 100644
--- a/nixos/tests/sudo.nix
+++ b/nixos/tests/sudo.nix
@@ -74,7 +74,7 @@ in
         with subtest("test5 user should not be able to run commands under root"):
             machine.fail("sudo -u test5 sudo -n -u root true")
 
-        with subtest("test5 user should be able to keep his environment"):
+        with subtest("test5 user should be able to keep their environment"):
             machine.succeed("sudo -u test5 sudo -n -E -u test1 true")
 
         with subtest("users in group 'barfoo' should not be able to keep their environment"):
diff --git a/nixos/tests/taskserver.nix b/nixos/tests/taskserver.nix
index ab9b589f859..9c07bcf9f51 100644
--- a/nixos/tests/taskserver.nix
+++ b/nixos/tests/taskserver.nix
@@ -176,7 +176,8 @@ in {
 
     sub checkClientCert ($) {
       my $user = $_[0];
-      my $cmd = "gnutls-cli".
+      # debug level 3 is a workaround for gnutls issue https://gitlab.com/gnutls/gnutls/-/issues/1040
+      my $cmd = "gnutls-cli -d 3".
         " --x509cafile=/home/$user/.task/keys/ca.cert".
         " --x509keyfile=/home/$user/.task/keys/private.key".
         " --x509certfile=/home/$user/.task/keys/public.cert".