Merge staging-next into staging

7 files changed, 150 insertions, 21 deletions

diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md
index bb2e8e1d10fc..46ba82a55d71 100644
--- a/nixos/doc/manual/release-notes/rl-2311.section.md
+++ b/nixos/doc/manual/release-notes/rl-2311.section.md
@@ -150,6 +150,8 @@
 
 - [c2FmZQ](https://github.com/c2FmZQ/c2FmZQ/), an application that can securely encrypt, store, and share files, including but not limited to pictures and videos. Available as [services.c2fmzq-server](#opt-services.c2fmzq-server.enable).
 
+- [preload](http://sourceforge.net/projects/preload), a service that makes applications run faster by prefetching binaries and shared objects.  Available as [services.preload](#opt-services.preload.enable).
+
 ## Backward Incompatibilities {#sec-release-23.11-incompatibilities}
 
 - `services.postgresql.ensurePermissions` has been deprecated in favor of `services.postgresql.ensureUsers.*.ensureDBOwnership` which simplifies the setup of database owned by a certain system user
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 2e2b94e5a97b..3017857ec645 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -723,6 +723,7 @@
   ./services/misc/podgrab.nix
   ./services/misc/polaris.nix
   ./services/misc/portunus.nix
+  ./services/misc/preload.nix
   ./services/misc/prowlarr.nix
   ./services/misc/pufferpanel.nix
   ./services/misc/pykms.nix
@@ -1153,6 +1154,7 @@
   ./services/search/meilisearch.nix
   ./services/search/opensearch.nix
   ./services/search/qdrant.nix
+  ./services/search/sonic-server.nix
   ./services/search/typesense.nix
   ./services/security/aesmd.nix
   ./services/security/authelia.nix
diff --git a/nixos/modules/services/misc/preload.nix b/nixos/modules/services/misc/preload.nix
new file mode 100644
index 000000000000..19b2531087dd
--- /dev/null
+++ b/nixos/modules/services/misc/preload.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.preload;
+in {
+  meta = { maintainers = pkgs.preload.meta.maintainers; };
+
+  options.services.preload = {
+    enable = mkEnableOption "preload";
+    package = mkPackageOption pkgs "preload" { };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.preload = {
+      description = "Loads data into ram during idle time of CPU.";
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        EnvironmentFile = "${cfg.package}/etc/conf.d/preload";
+        ExecStart = "${getExe cfg.package} --foreground $PRELOAD_OPTS";
+        Type = "simple";
+        # Only preload data during CPU idle time
+        IOSchedulingClass = 3;
+        DynamicUser = true;
+        StateDirectory = "preload";
+      };
+    };
+  };
+}
diff --git a/nixos/modules/services/search/sonic-server.nix b/nixos/modules/services/search/sonic-server.nix
new file mode 100644
index 000000000000..ac186260fa97
--- /dev/null
+++ b/nixos/modules/services/search/sonic-server.nix
@@ -0,0 +1,77 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.sonic-server;
+
+  settingsFormat = pkgs.formats.toml { };
+  configFile = settingsFormat.generate "sonic-server-config.toml" cfg.settings;
+
+in {
+  meta.maintainers = [ lib.maintainers.anthonyroussel ];
+
+  options = {
+    services.sonic-server = {
+      enable = lib.mkEnableOption (lib.mdDoc "Sonic Search Index");
+
+      package = lib.mkPackageOptionMD pkgs "sonic-server" { };
+
+      settings = lib.mkOption {
+        type = lib.types.submodule { freeformType = settingsFormat.type; };
+        default = {
+          store.kv.path = "/var/lib/sonic/kv";
+          store.fst.path = "/var/lib/sonic/fst";
+        };
+        example = {
+          server.log_level = "debug";
+          channel.inet = "[::1]:1491";
+        };
+        description = lib.mdDoc ''
+          Sonic Server configuration options.
+
+          Refer to
+          <https://github.com/valeriansaliou/sonic/blob/master/CONFIGURATION.md>
+          for a full list of available options.
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.sonic-server.settings = lib.mapAttrs (name: lib.mkDefault) {
+      server = {};
+      channel.search = {};
+      store = {
+        kv = {
+          path = "/var/lib/sonic/kv";
+          database = {};
+          pool = {};
+        };
+        fst = {
+          path = "/var/lib/sonic/fst";
+          graph = {};
+          pool = {};
+        };
+      };
+    };
+
+    systemd.services.sonic-server = {
+      description = "Sonic Search Index";
+
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+
+        ExecStart = "${lib.getExe cfg.package} -c ${configFile}";
+        DynamicUser = true;
+        Group = "sonic";
+        LimitNOFILE = "infinity";
+        Restart = "on-failure";
+        StateDirectory = "sonic";
+        StateDirectoryMode = "750";
+        User = "sonic";
+      };
+    };
+  };
+}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index dba394a91d64..1e11cc220805 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -766,6 +766,7 @@ in {
   sogo = handleTest ./sogo.nix {};
   solanum = handleTest ./solanum.nix {};
   sonarr = handleTest ./sonarr.nix {};
+  sonic-server = handleTest ./sonic-server.nix {};
   sourcehut = handleTest ./sourcehut.nix {};
   spacecookie = handleTest ./spacecookie.nix {};
   spark = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./spark {};
diff --git a/nixos/tests/gvisor.nix b/nixos/tests/gvisor.nix
index 77ff29341bed..7f130b709fc9 100644
--- a/nixos/tests/gvisor.nix
+++ b/nixos/tests/gvisor.nix
@@ -1,6 +1,6 @@
 # This test runs a container through gvisor and checks if simple container starts
 
-import ./make-test-python.nix ({ pkgs, ...} : {
+import ./make-test-python.nix ({ pkgs, ... }: {
   name = "gvisor";
   meta = with pkgs.lib.maintainers; {
     maintainers = [ andrew-d ];
@@ -9,21 +9,21 @@ import ./make-test-python.nix ({ pkgs, ...} : {
   nodes = {
     gvisor =
       { pkgs, ... }:
-        {
-          virtualisation.docker = {
-            enable = true;
-            extraOptions = "--add-runtime runsc=${pkgs.gvisor}/bin/runsc";
-          };
+      {
+        virtualisation.docker = {
+          enable = true;
+          extraOptions = "--add-runtime runsc=${pkgs.gvisor}/bin/runsc";
+        };
 
-          networking = {
-            dhcpcd.enable = false;
-            defaultGateway = "192.168.1.1";
-            interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
-              { address = "192.168.1.2"; prefixLength = 24; }
-            ];
-          };
+        networking = {
+          dhcpcd.enable = false;
+          defaultGateway = "192.168.1.1";
+          interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
+            { address = "192.168.1.2"; prefixLength = 24; }
+          ];
         };
-    };
+      };
+  };
 
   testScript = ''
     start_all()
@@ -31,13 +31,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
     gvisor.wait_for_unit("network.target")
     gvisor.wait_for_unit("sockets.target")
 
-    # Start by verifying that gvisor itself works
-    output = gvisor.succeed(
-        "${pkgs.gvisor}/bin/runsc -alsologtostderr do ${pkgs.coreutils}/bin/echo hello world"
-    )
-    assert output.strip() == "hello world"
-
-    # Also test the Docker runtime
+    # Test the Docker runtime
     gvisor.succeed("tar cv --files-from /dev/null | docker import - scratchimg")
     gvisor.succeed(
         "docker run -d --name=sleeping --runtime=runsc -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
diff --git a/nixos/tests/sonic-server.nix b/nixos/tests/sonic-server.nix
new file mode 100644
index 000000000000..bb98047619b2
--- /dev/null
+++ b/nixos/tests/sonic-server.nix
@@ -0,0 +1,22 @@
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
+  name = "sonic-server";
+
+  meta = {
+    maintainers = with lib.maintainers; [ anthonyroussel ];
+  };
+
+  nodes.machine = { pkgs, ... }: {
+    services.sonic-server.enable = true;
+  };
+
+  testScript = ''
+    machine.start()
+
+    machine.wait_for_unit("sonic-server.service")
+    machine.wait_for_open_port(1491)
+
+    with subtest("Check control mode"):
+      result = machine.succeed('(echo START control; sleep 1; echo PING; echo QUIT) | nc localhost 1491').splitlines()
+      assert result[2] == "PONG", f"expected 'PONG', got '{result[2]}'"
+  '';
+})