| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
This reverts commit df4d0b03efe967e07b227edc004169701e39fd3e, reversing
changes made to b333263534e23f6e5a394193c5cb2c5f793f6525.
It didn't even evaluate!
|
| |\
| |
| | |
nginxlog_exporter: 1.3.0 -> 1.8.1 + module w/ tests
|
| | | |
|
| |\ \
| | |
| | | |
nixos/thermald: Allow switching package
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Sometimes newer versions than what nixpkgs provides is needed for
certain hardware, especially for stable releases where I will backport
this commit.
|
| |\ \ \
| | | |
| | | | |
nixos/lib/make-disk-image.nix: support content mode and ownership
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
nixos/mongodb: fix running initialScript without a set root password
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Co-authored-by: Timo Kaufmann <timokau@zoho.com>
|
| | |_|/ /
|/| | | |
|
| |\ \ \ \
| | | | |
| | | | | |
nixos/manual: fix typo in virtualbox installation guide
|
| | | | | | |
|
| | |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`nixos-rebuild build-vm-with-bootloader` currently fails with the
default NixOS EFI configuration:
$ cat >configuration.nix <<EOF
{
fileSystems."/".device = "/dev/sda1";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}
EOF
$ nixos-rebuild build-vm-with-bootloader -I nixos-config=$PWD/configuration.nix -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-20.09.tar.gz
[...]
insmod: ERROR: could not insert module /nix/store/1ibmgfr13r8b6xyn4f0wj115819f359c-linux-5.4.83/lib/modules/5.4.83/kernel/fs/efivarfs/efivarfs.ko.xz: No such device
mount: /sys/firmware/efi/efivars: mount point does not exist.
[ 1.908328] reboot: Power down
builder for '/nix/store/dx2ycclyknvibrskwmii42sgyalagjxa-nixos-boot-disk.drv' failed with exit code 32
[...]
Fix it by setting virtualisation.useEFIBoot = true in qemu-vm.nix, when
efi is needed.
And remove the now unneeded configuration in
./nixos/tests/systemd-boot.nix, since it's handled globally.
Before:
* release-20.03: successful build, unsuccessful run
* release-20.09 (and master): unsuccessful build
After:
* Successful build and run.
Fixes https://github.com/NixOS/nixpkgs/issues/107255
|
| |\ \ \ \
| | | | |
| | | | | |
nixos/samba-wsdd: fix starting
|
| | | | | | |
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
nixos/acme: lego run when account is missing
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This means that all systems running from master will trigger
new certificate creation on next rebuild. Race conditions around
multiple account creation are fixed in #106857, not this commit.
|
| | | | | | |
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Icecream support
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This adds modules for the icecream scheduler and daemon.
Icecream can be used for distributed compilation, especially in
environments with diverse toolchains, since it sends the complete build
environment to the daemon.
Unfortunatley the daemon can't be run with DynamicUser = true, since the
daemon requires to be started as root in order to accept other build
environments, see [1].
[1]: https://github.com/icecc/icecream#using-icecream-in-heterogeneous-environments
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Initrd improvements
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
lz4 compression is excluded because it doesn't work for a reason which
remains unclear to me.
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
assertions"
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
fadenb/release_notes_wpa_supplicant_breaking_change
nixos/release-notes: Warn on wpa_supplicant changes
|
| | | | | | | | | |
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Module-builtin assertions, disabling assertions and submodule assertions
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Previously the .enable option was used to encode the condition as well,
which lead to some oddness:
- In order to encode an assertion, one had to invert it
- To disable a check, one had to mkForce it
By introducing a separate .check option this is solved because:
- It can be used to encode assertions
- Disabling is done separately with .enable option, whose default can be
overridden without a mkForce
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Previously this option was thought to be necessary to avoid infinite
recursion, but it actually isn't, since the check evaluation isn't fed
back into the module fixed-point.
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This is a fixup of 9728907c
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
wakeonlan service: use powerUpCommands
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
powerDownCommands is supposed to run before shutdown, but the current
implementation only runs before-sleep, thus not enabling wakeonlan on
devices when powering off even if the hardware supports it.
Taking into consideration the possibility of unexpected shutdown, it is
preferable to move the commands to powerUpCommands instead which is
executed at boot time as well as after resume - that should cover all
use cases for wakeonlan.
Fixes #91352
|
| | |_|_|_|_|_|_|/ /
|/| | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This closes issue #88085
|
| |\ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|/ /
|/| | | | | | | | |
|
| | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| |/ / / / / / / /
|/| | | | | | | |
| | | | | | | | |
| | | | | | | | | |
andir/ml2pr/PATCH-nixos-users-groups-createHome-Ensure-HOME-permissions-fix-description
nixos/users-groups: createHome: Ensure HOME permissions, fix description
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
configuration.nix(1) states
users.extraUsers.<name>.createHome
[...] If [...] the home directory already exists but is not
owned by the user, directory owner and group will be changed to
match the user.
i.e. ownership would change only if the user mismatched; the code
however ignores the owner, it is sufficient to enable `createHome`:
if ($u->{createHome}) {
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
chown $u->{uid}, $u->{gid}, $u->{home};
}
Furthermore, permissions are ignored on already existing directories and
therefore may allow others to read private data eventually.
Given that createHome already acts as switch to not only create but
effectively own the home directory, manage permissions in the same
manner to ensure the intended default and cover all primary attributes.
Avoid yet another configuration option to have administrators make a
clear and simple choice between securely managing home directories
and optionally defering management to own code (taking care of custom
location, ownership, mode, extended attributes, etc.).
While here, simplify and thereby fix misleading documentation.
|
| | |_|_|_|/ / / /
|/| | | | | | | |
|
| |\ \ \ \ \ \ \ \ |
|
| | | | | | | | | | |
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Since slurm-20.11.0.1 the dbd server requires slurmdbd.conf to be
in mode 600 to protect the database password. This change creates
slurmdbd.conf on-the-fly at service startup and thus avoids that
the database password ends up in the nix store.
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This reverts commit 8d4d8ef274f2f559c1a91133004f31f041eadd51.
The update script pulls the version info from AUR and they still use the old version.
Sorry...
|