| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
For systems without internet connections, it doesn't make sense to
require the existence of an /etc/resolv.conf file to disable
resolvconf, so let's expose networking.resolveconf.enable as a public
option that can be set to false.
|
| |
|
|\ |
|
| |
| |
| |
| |
| | |
If `services.tor.client.enable` is set to false (the default), the `SOCKSPort` option is not added to the torrc file but since Tor defaults to listening on port 9050 when the option is not specified, the tor client is not actually disabled. To fix this, simply set `SOCKSPort` to 0, which disables the client.
Use `mkForce` to prevent potentially two different `SOCKSPort` options in the torrc file, with one of them being 0 as this would cause Tor to fail to start. When `services.tor.client.enable` is set to false, this should always be disabled.
|
| |
| |
| |
| | |
- Add adfs and keycloak-oidc providrs
- Sort the list alphabetically
|
|\ \
| | |
| | | |
matrix-synapse: fix release notes and doc for #158605 changes
|
| | | |
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For now at least. I expect someone will find a working type later.
It's incorrect and was causing bad issues. Example test case:
nix-instantiate nixos/release.nix -A tests.xfce.x86_64-linux --dry-run
This is a partial revert of commit b2d803c from PR #162271.
|
|\ \ \ \
| |/ / /
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since b9cfbcafdf0ca9573de1cdc06137c020e70e44a8, the lack of hexdump in
the closure lead to the generation of empty cookie files. This empty
cookie file is making pleroma to crash at startup now we correctly
read it.
We introduce a migration forcing these empty cookies to be
re-generated to something not empty.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We inject the release cookie path to the pleroma derivation in order
to wrap pleroma_ctl with it. Doing this allows us to remove the
systemd-injected RELEASE_COOKIE path, which was sadly
buggy (RELEASE_COOKIE should point to the *content* of the cookie, not
the file containing it).
We take advantage of this to factor out the cookie path.
|
|\ \ \ \
| | | | |
| | | | | |
nixos/nixos-enter: fix resolv.conf error handling and cleanup
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
networking.greTunnels: support ip6gre*
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
mart-w/fix/nixos/paperless-ng-fix-164615-consumation-bug
nixos/paperless-ng: fix #164615
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Add an exception to the `paperless-ng-server` service's
`SystemCallFilter` as the `mbind` syscall is needed when consuming a
document while having a classification model present.
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
NixOS/auto-upgrade: offer the possibility to define a reboot window during which the system may be automatically rebooted
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
which the system may be automatically rebooted
Some systems should not be rebooted at just any time. If the upgrade process takes too long, for instance because of a
slow internet connection, or if the upgrade service is ran during production hours, we want to allow to define a window
outside of which a reboot will not be performed.
The system will then reboot on the next run of the upgrade service which finishes inside the reboot window.
E.g. we can run the update service twice per week, once during the night and once during the day, but reboots are only
allowed during the night. By doing so, a system that is usually shut down during the night will still receive updates
and systems that are turned on 24/7 can be rebooted outside of production hours.
Co-authored-by: Silvan Mosberger <github@infinisil.com>
|
| |_|/ / / /
|/| | | | |
| | | | | |
| | | | | | |
This reverts commit 1c58cdbeed880e99d816c234a954d4cdfc073b6c, since this change was made redundant by 3dc6fab5c9362db2cf079ffa15f2b62b05001747 and in https://github.com/NixOS/nixpkgs/pull/145013 we decided to revert this commit.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Throw an error for options without a type
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Co-Authored-By: Janne Heß <janne@hess.ooo>
|
|\ \ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
It doesn't make sense to have a default value for this that's
incompatible with the default locate implementation. It means that
just doing services.locate.enable = true; generates a warning, even if
you don't care about pruning anything. So only use the default prune
list if the locate implementation supports it (i.e., isn't findutils).
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
nixos: systemd: split off helper functions into systemd-lib
|
| | |_|_|_|_|_|/
| |/| | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
nextcloud21: remove
|
| | |_|_|_|_|/ /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
EOLed by upstream in 2022-02[1].
[1] https://docs.nextcloud.com/server/23/admin_manual/release_schedule.html#older-versions
|
|\ \ \ \ \ \ \ \
| |_|_|_|_|_|/ /
|/| | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
os-release: preserve fields from being excessively quoted
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
(In cases it is unnecessary)
|
|\ \ \ \ \ \ \ \ \
| |_|_|_|/ / / / /
|/| | | | | | | | |
pacemaker: init
|
| | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \
| |_|_|_|/ / / / /
|/| | | | | | | | |
ibus: 1.5.24 -> 1.5.26
|
| | | | | | | | | |
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
When `services.resolved.enable` is set to true, the file /etc/resolv.conf becomes a symlink to /etc/static/resolv.conf, which is a symlink to /run/systemd/resolve/stub-resolv.conf. Without this commit, tor does not have access to this file thanks to systemd confinement. This results in the following warning when tor starts:
```
[warn] Unable to stat resolver configuration in '/etc/resolv.conf': No such file or directory
[warn] Could not read your DNS config from '/etc/resolv.conf' - please investigate your DNS configuration. This is possibly a problem. Meanwhile, falling back to local DNS at 127.0.0.1.
```
To fix this, simply allow read-only access to the file when resolved is in use.
According to https://github.com/NixOS/nixpkgs/pull/161818#discussion_r824820462, the symlink may also point to /run/systemd/resolve/resolv.conf, so allow that as well.
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Remove ancient unfree bitmap fonts from fonts.defaultXFonts
|
| |/ / / / / / / /
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
See https://github.com/NixOS/nixpkgs/issues/160740
|