Diverse System and Software Updates

- Nginx will use the value of `sslTrustedCertificate` if provided for a virtual host, even if `enableACME` is set. This is useful for providers not using the same certificate to sign OCSP responses and server certificates. - `lib.formats.yaml`'s `generate` will not generate JSON anymore, but instead use more of the YAML-specific syntax. - MariaDB was upgraded from 10.5.x to 10.6.x. Please read the [upstream release notes](https://mariadb.com/kb/en/changes-improvements-in-mariadb-106/) for changes and upgrade instructions. - The MariaDB C client library, also known as libmysqlclient or mariadb-connector-c, was upgraded from 3.1.x to 3.2.x. While this should hopefully not have any impact, this upgrade comes with some changes to default behavior, so you might want to review the [upstream release notes](https://mariadb.com/kb/en/changes-and-improvements-in-mariadb-connector-c-32/). - GNOME desktop environment now enables `QGnomePlatform` as the Qt platform theme, which should avoid crashes when opening file chooser dialogs in Qt apps by using XDG desktop portal. Additionally, it will make the apps fit better visually. - `rofi` has been updated from '1.6.1' to '1.7.0', one important thing is the removal of the old xresources based configuration setup. Read more [in rofi's changelog](https://github.com/davatorium/rofi/blob/cb12e6fc058f4a0f4f/Changelog#L1). - ipfs now defaults to not listening on you local network. This setting was change as server providers won't accept port scanning on their private network. If you have several ipfs instances running on a network you own, feel free to change the setting `ipfs.localDiscovery = true;`. localDiscovery enables different instances to discover each other and share data. - `lua` and `luajit` interpreters have been patched to avoid looking into /usr/lib directories, thus increasing the purity of the build. - Three new options, [xdg.mime.addedAssociations](#opt-xdg.mime.addedAssociations), [xdg.mime.defaultApplications](#opt-xdg.mime.defaultApplications), and [xdg.mime.removedAssociations](#opt-xdg.mime.removedAssociations) have been added to the [xdg.mime](#opt-xdg.mime.enable) module to allow the configuration of `/etc/xdg/mimeapps.list`. - Kopia was upgraded from 0.8.x to 0.9.x. Please read the [upstream release notes](https://github.com/kopia/kopia/releases/tag/v0.9.0) for changes and upgrade instructions. - The `systemd.network` module has gained support for the FooOverUDP link type. - The `networking` module has a new `networking.fooOverUDP` option to configure Foo-over-UDP encapsulations. - `networking.sits` now supports Foo-over-UDP encapsulation. - The `virtualisation.libvirtd` module has been refactored and updated with new options: - `virtualisation.libvirtd.qemu*` options (e.g.: `virtualisation.libvirtd.qemuRunAsRoot`) were moved to [`virtualisation.libvirtd.qemu`](options.html#opt-virtualisation.libvirtd.qemu) submodule, - software TPM1/TPM2 support (e.g.: Windows 11 guests) ([`virtualisation.libvirtd.qemu.swtpm`](options.html#opt-virtualisation.libvirtd.qemu.swtpm)), - custom OVMF package (e.g.: `pkgs.OVMFFull` with HTTP, CSM and Secure Boot support) ([`virtualisation.libvirtd.qemu.ovmf.package`](options.html#opt-virtualisation.libvirtd.qemu.ovmf.package)).

This chunk covers multiple system and software updates. Nginx now favors `sslTrustedCertificate` over ACME; `lib.formats.yaml` generates YAML-specific syntax. MariaDB and its C client were upgraded to 10.6.x and 3.2.x respectively, with users advised to review release notes. GNOME integrates Qt apps better via `QGnomePlatform`, preventing file chooser crashes. Rofi 1.7.0 removes xresources config. IPFS disables local discovery by default for security. Lua/LuaJIT purity improved by avoiding `/usr/lib`. New `xdg.mime` options allow configuring `/etc/xdg/mimeapps.list`. Kopia upgraded to 0.9.x, requiring release notes review. FooOverUDP support added to `systemd.network`, `networking`, and `networking.sits`. `virtualisation.libvirtd` was refactored, adding a `qemu` submodule, software TPM, and custom OVMF package options.