NixOS 23.11

.gitignore

@@ -9,3 +9,9 @@ outputs
 # Some files generated by CI, to ensure the working tree is clean on CI
 /manpage
 /public
+
+# Created by running IOCs
+.iocsh_history
+
+# Created by running NixOS tests in interactive mode
+.nixos-test-history

doc/nixos/guides/_pre-requisites.md

@@ -18,7 +18,7 @@ For example:
 ``` {.diff filename="flake.nix"}
  {
    # ...
-+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
++  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
 +  inputs.epnix.url = "github:epics-extensions/EPNix";
 
    # ...

doc/nixos/guides/phoebus-alarm.md

@@ -29,15 +29,17 @@ The Phoebus Alarm Logging Service can also be called the Phoebus Alarm Logger.
 # Single server Phoebus Alarm setup
 
 To configure Phoebus Alarm, Phoebus Alarm Logger, Apache Kafka, and ElasticSearch on a single server,
-add this to your configuration:
+add this to your configuration,
+while taking care of replacing the IP address
+and Kafka's `clusterId`:
 
 ``` nix
-{config, lib, ...}: let
-  kafkaPort = toString config.services.apache-kafka.port;
-  # Replace this with your machine's IP address
+{lib, pkgs, ...}: let
+  # Replace this with your machine's external IP address
   # or DNS domain name
   ip = "192.168.1.42";
-  kafkaListenSockAddr = "${ip}:${kafkaPort}";
+  kafkaListenSockAddr = "${ip}:9092";
+  kafkaControllerListenSockAddr = "${ip}:9093";
 in {
   # The Phoebus Alarm server also automatically enables the Phoebus Alarm Logger
   services.phoebus-alarm-server = {
@@ -48,43 +50,48 @@ in {
 
   services.phoebus-alarm-logger.settings."bootstrap.servers" = kafkaListenSockAddr;
 
-  services.elasticsearch = {
-    enable = true;
-    package = pkgs.elasticsearch7;
-  };
-
   # Single-server Kafka setup
   services.apache-kafka = {
     enable = true;
-    logDirs = ["/var/lib/apache-kafka"];
-    # Tell Apache Kafka to listen on this IP address
-    # If you don't have a DNS domain name, it's best to set a specific, non-local IP address.
-    extraProperties = ''
-      listeners=PLAINTEXT://${kafkaListenSockAddr}
-      offsets.topic.replication.factor=1
-      transaction.state.log.replication.factor=1
-      transaction.state.log.min.isr=1
-    '';
+    # Replace with a randomly generated uuid. You can get one by running:
+    # nix shell 'nixpkgs#apacheKafka' -c kafka-storage.sh random-uuid
+    clusterId = "xxxxxxxxxxxxxxxxxxxxxx";
+    formatLogDirs = true;
+    settings = {
+      listeners = [
+        "PLAINTEXT://${kafkaListenSockAddr}"
+        "CONTROLLER://${kafkaControllerListenSockAddr}"
+      ];
+      # Adapt depending on your security constraints
+      "listener.security.protocol.map" = [
+        "PLAINTEXT:PLAINTEXT"
+        "CONTROLLER:PLAINTEXT"
+      ];
+      "controller.quorum.voters" = [
+        "1@${kafkaControllerListenSockAddr}"
+      ];
+      "controller.listener.names" = ["CONTROLLER"];
+
+      "node.id" = 1;
+      "process.roles" = ["broker" "controller"];
+
+      "log.dirs" = ["/var/lib/apache-kafka"];
+      "offsets.topic.replication.factor" = 1;
+      "transaction.state.log.replication.factor" = 1;
+      "transaction.state.log.min.isr" = 1;
+    };
   };
 
-  systemd.services.apache-kafka = {
-    after = ["zookeeper.service"];
-    unitConfig.StateDirectory = "apache-kafka";
-  };
+  systemd.services.apache-kafka.unitConfig.StateDirectory = "apache-kafka";
+
+  # Open kafka to the outside world
+  networking.firewall.allowedTCPPorts = [9092];
 
-  services.zookeeper = {
+  services.elasticsearch = {
     enable = true;
-    extraConf = ''
-      # Port conflicts by default with phoebus-alarm-logger's port
-      admin.enableServer=false
-    '';
+    package = pkgs.elasticsearch7;
   };
 
-  # Open kafka to the outside world
-  networking.firewall.allowedTCPPorts = [
-    config.services.apache-kafka.port
-  ];
-
   # Elasticsearch, needed by Phoebus Alarm Logger, is not free software (SSPL | Elastic License).
   # To accept the license, add the code below:
   nixpkgs.config.allowUnfreePredicate = pkg:
@@ -205,4 +212,3 @@ Here is a list of options you might want to set:
 ::: callout-warning
 Currently, Phoebus Alarm Server only supports plain SMTP.
 :::
-

doc/nixos/tutorials/archiver-appliance.md

@@ -57,7 +57,7 @@ Fill the file with these lines:
 {
   description = "Configuration for running Archiver Appliance in a VM";
 
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
   inputs.epnix.url = "github:epics-extensions/EPNix";
 
   outputs = { self, nixpkgs, epnix }: {
@@ -72,11 +72,7 @@ Fill the file with these lines:
 }
 ```
 
-```{=html}
-<!-- TODO: replace raw html with the kbd shortcode once we are using Quarto 1.3 -->
-<!-- https://quarto.org/docs/authoring/markdown-basics.html#keyboard-shortcuts -->
-```
-Save and quit by typing `<kbd>`{=html}Ctrl-x`</kbd>`{=html}, `<kbd>`{=html}y`</kbd>`{=html}, and `<kbd>`{=html}Enter`</kbd>`{=html},
+Save and quit by typing {{< kbd Ctrl-x >}}, {{< kbd y >}}, and {{< kbd Enter >}},
 and run `nixos-rebuild test` to test your changes.
 
 Some explanations:

flake.nix

@@ -1,12 +1,18 @@
 {
   description = "A Nix flake containing EPICS-related modules and packages";
 
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
-  inputs.bash-lib = {
-    url = "github:minijackson/bash-lib";
-    inputs.nixpkgs.follows = "nixpkgs";
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    bash-lib = {
+      url = "github:minijackson/bash-lib";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    flake-utils.url = "github:numtide/flake-utils";
+    poetry2nix = {
+      url = "github:nix-community/poetry2nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
-  inputs.flake-utils.url = "github:numtide/flake-utils";
 
   outputs = {
     self,
@@ -19,7 +25,11 @@
     systemDependentOutputs = system: let
       pkgs = import nixpkgs {
         inherit system;
-        overlays = [overlay inputs.bash-lib.overlay];
+        overlays = [
+          overlay
+          inputs.bash-lib.overlay
+          inputs.poetry2nix.overlays.default
+        ];
       };
     in {
       packages = flake-utils.lib.flattenTree pkgs.epnix;
@@ -46,7 +56,7 @@
               category = "development tools";
             }
             {
-              package = pkgs.quarto;
+              package = pkgs.quartoMinimal;
               category = "development tools";
             }
             {

ioc/modules/common.nix

@@ -51,6 +51,10 @@ with lib; {
   };
 
   config = {
-    nixpkgs.overlays = [epnix.inputs.bash-lib.overlay epnix.overlays.default];
+    nixpkgs.overlays = [
+      epnix.inputs.poetry2nix.overlays.default
+      epnix.inputs.bash-lib.overlay
+      epnix.overlays.default
+    ];
   };
 }

nixos/modules/phoebus/alarm-logger.nix

@@ -87,8 +87,6 @@ in {
           "bootstrap.servers" = lib.mkOption {
             description = "Location of the Kafka server";
             type = lib.types.str;
-            default = "localhost:${toString config.services.apache-kafka.port}";
-            defaultText = lib.literalExpression ''"localhost:''${toString config.services.apache-kafka.port}"'';
           };
 
           date_span_units = lib.mkOption {

nixos/modules/phoebus/alarm-server.nix

@@ -69,8 +69,6 @@ in {
           "org.phoebus.applications.alarm/server" = lib.mkOption {
             description = "Kafka server host:port";
             type = lib.types.str;
-            default = "localhost:${toString config.services.apache-kafka.port}";
-            defaultText = lib.literalExpression ''"localhost:''${toString config.services.apache-kafka.port}"'';
           };
 
           # Waiting for: https://github.com/ControlSystemStudio/phoebus/issues/2843