Merge staging-next into staging

Author: nixpkgs-ci[bot]

ci/github-script/check-target-branch.js

@@ -122,7 +122,11 @@ async function checkTargetBranch({ github, context, core, dry }) {
     ].join('\n'),
   )
 
-  if (maxRebuildCount >= 1000 && !isExemptHomeAssistantUpdate) {
+  if (
+    maxRebuildCount >= 1000 &&
+    !isExemptHomeAssistantUpdate &&
+    !isExemptKernelUpdate
+  ) {
     const desiredBranch =
       base === 'master' ? 'staging' : `staging-${split(base).version}`
     const body = [

doc/languages-frameworks/ocaml.section.md

@@ -116,14 +116,14 @@ Here is a second example, this time using a source archive generated with `dune-
   buildDunePackage,
 }:
 
-buildDunePackage (finalAtts: {
+buildDunePackage (finalAttrs: {
   pname = "wtf8";
   version = "1.0.2";
 
   minimalOCamlVersion = "4.02";
 
   src = fetchurl {
-    url = "https://github.com/flowtype/ocaml-wtf8/releases/download/v${finalAtts.version}/wtf8-v${finalAtts.version}.tbz";
+    url = "https://github.com/flowtype/ocaml-wtf8/releases/download/v${finalAttrs.version}/wtf8-v${finalAttrs.version}.tbz";
     hash = "sha256-d5/3KUBAWRj8tntr4RkJ74KWW7wvn/B/m1nx0npnzyc=";
   };
 

nixos/doc/manual/release-notes/rl-2205.section.md

@@ -105,7 +105,7 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - [K40-Whisperer](https://www.scorchworks.com/K40whisperer/k40whisperer.html), a program to control cheap Chinese laser cutters. Available as [programs.k40-whisperer.enable](#opt-programs.k40-whisperer.enable). Users must add themselves to the `k40` group to be able to access the device.
 
-- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust. Available as [services.kanidm](#opt-services.kanidm.enableServer)
+- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust. Available as [services.kanidm](#opt-services.kanidm.server.enable) (renamed to `services.kanidm.server.enable` in 26.05).
 
 - [Maddy](https://maddy.email/), a free an open source mail server. Available as [services.maddy](#opt-services.maddy.enable).
 

nixos/doc/manual/release-notes/rl-2605.section.md

@@ -149,6 +149,11 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>.
 
 - `services.slurm` now supports slurmrestd usage through the `services.slurm.rest` NixOS options.
 
+- `services.kanidm` options for server, client and unix were moved under dedicated namespaces.
+  For each component `enableComponent` and `componentSettings` are now `component.enable` and
+  `component.settings`. The unix module now supports using SSH keys from Kanidm via
+  `services.kanidm.unix.sshIntegration = true`.
+
 - `glibc` has been updated to version 2.42.
 
   This version no longer makes the stack executable when a shared library requires this. A symptom

nixos/modules/security/pam.nix

@@ -772,7 +772,7 @@ let
               }
               {
                 name = "kanidm";
-                enable = config.services.kanidm.enablePam;
+                enable = config.services.kanidm.unix.enable;
                 control = "sufficient";
                 modulePath = "${config.services.kanidm.package}/lib/pam_kanidm.so";
                 settings = {
@@ -1139,7 +1139,7 @@ let
                 }
                 {
                   name = "kanidm";
-                  enable = config.services.kanidm.enablePam;
+                  enable = config.services.kanidm.unix.enable;
                   control = "sufficient";
                   modulePath = "${config.services.kanidm.package}/lib/pam_kanidm.so";
                   settings = {
@@ -1248,7 +1248,7 @@ let
               }
               {
                 name = "kanidm";
-                enable = config.services.kanidm.enablePam;
+                enable = config.services.kanidm.unix.enable;
                 control = "sufficient";
                 modulePath = "${config.services.kanidm.package}/lib/pam_kanidm.so";
               }
@@ -1412,7 +1412,7 @@ let
               }
               {
                 name = "kanidm";
-                enable = config.services.kanidm.enablePam;
+                enable = config.services.kanidm.unix.enable;
                 control = "optional";
                 modulePath = "${config.services.kanidm.package}/lib/pam_kanidm.so";
               }
@@ -2339,7 +2339,7 @@ in
       # Include the PAM modules in the system path mostly for the manpages.
       [ package ]
       ++ lib.optional config.users.ldap.enable pam_ldap
-      ++ lib.optional config.services.kanidm.enablePam config.services.kanidm.package
+      ++ lib.optional config.services.kanidm.unix.enable config.services.kanidm.package
       ++ lib.optional config.services.sssd.enable pkgs.sssd
       ++ lib.optionals config.security.pam.krb5.enable [
         pam_krb5