| Commit message (Collapse) | Author | Age |
... | |
| | | | | | | | | | | | |
|
|\| | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
nixos/nginx: fix mincore filtering
|
| | |\ \ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | | | | |
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Mincore is a syscall, not a group.
|
|\| | | | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
opentelemetry-collector: 0.40.0 -> 0.43.1, opentelemetry-collector-contrib: init at 0.43.0
|
| | | |_|_|_|_|_|_|/ / / / / /
| | |/| | | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \
| | |_|_|_|/ / / / / / / / / /
| |/| | | | | | | | | | | | | |
nixos/dhcpd: switch to DynamicUser [v2]
|
| | | | | | | | | | | | | | | |
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
Since dhcpd has been hardened (DynamicUser → NoNewPrivileges) it can't
use a setcap wrapper. Instead, we add the net_admin capability to it's
ambient set and run `ip route` directly. This is also safer that giving
everyone permisison to change the routing table.
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
This reverts commit 0e5dab9db7d183e762310478fc1da46a7db58778,
thus bringing back dd9883b2fbd2b9ea01d53654d383b29b4d68d05a.
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| |/ / / / / / / / / / / / / /
|/| | | | | | | | | | | | | | |
GNOME: 41.2 → 41.3
|
| | |_|_|_|_|_|_|_|_|/ / / /
| |/| | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Remove nvidiaWayland NixOS option since it was severely out of date.
https://ftp.gnome.org/pub/GNOME/sources/gdm/41/gdm-41.3.news
|
| | | | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
nixos/wireless: enable PMF by default
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
It turns out it's actually possible to fall back to WPA2 in case the
authentication fails with WPA3. This was suggested to me in the hostapd
mailing list: add another network block with only WPA2 and lower
priority, for each network with WPA3. For clients with missing/broken
WPA3, wpa_supplicant will:
1. try the network block with higher priority first
2. fail and temporarily disable the network block
3. try the fallback network block and connect
This takes a little more time (still <5s) because wpa_supplicant
retries a couple times before disabling the network block, but it allows
old client to gracefully fall back to WPA2 on mixed WPA2/WPA3 networks.
To avoid downgrade attacks, clients with proper WPA3 should disable
this; in the future we may want to disable this option by default.
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
Alternative solution to PR #152443.
This fixes authentication failures to WPA3 networks (issue #151729)
by enabling protected management frames.
Note: old client without 802.11w support will still fail.
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
nixos/systemd: only use cryptsetup units if systemd was built with it
|
| | | | | | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
nixos/smartctl-exporter: fix typo in rawio capab
|
| | |_|/ / / / / / / / / / / / /
| |/| | | | | | | | | | | | | | |
|
|/ / / / / / / / / / / / / / /
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
* nixos/nftables: Allow use with iptables
Since iptables and nftables do not actually conflict with each other, there's no real reason to artificially prevent people from combining them.
In fact, this practice is known to cause issues like #88643, which is fixed by this commit.
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
https://github.com/NixOS/nixpkgs/commit/3a1e1f062432fbc867502187972b37f7a6f9fe63 adds a poststart script that
checks if ES successfully started by curling the HTTP endpoint. On nodes with a lot of data or slower disks,
this might take longer than the default systemd startup timeout of 90 seconds.
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
nixos/gnome: Remove warning for fixed nixos-rebuild switch bug
|
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
https://github.com/NixOS/nixpkgs/issues/44344 was fixed years ago.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
`vimPlugins.onedark-nvim` now refers to navarasu/onedark.nvim (formerly
refers to olimorris/onedarkpro.nvim).
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|/ / / / / / / / / /
|/| | | | | | | | | | | | | | | | |
|
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
Changes:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-37.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-36.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-35.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-34.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-33.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-32.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-31.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-30.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-29.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
nixos/nix-daemon: fix config validation with 2.3
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
--option experimental-features is no understood by Nix 2.3.
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | |
plausible: 1.4.0 -> 1.4.3
|
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | |
ChangeLog: https://github.com/plausible/analytics/blob/v1.4.3/CHANGELOG.md#unreleased
Also makes the option `services.plausible.releaseCookiePath` mandatory[1]: since Elixir
1.13 the `RELEASE_COOKIE` env-var *must* be set, otherwise the startup
fails[2]. Since we drop `$out/releases/COOKIE` in the `fixupPhase` of
`mixRelease` and Elixir seems to always attempt to generate such a
file[3], I figured it's reasonable to just make it mandatory now.
Closes #155575
[1] https://nixos.org/manual/nixos/stable/options.html#opt-services.plausible.releaseCookiePath
[2] https://github.com/elixir-lang/elixir/commit/f24eb2c1ef3cfb345e9420945c57f276148c0a89 /
https://github.com/elixir-lang/elixir/issues/11114
[3] https://hexdocs.pm/mix/Mix.Tasks.Release.html, see `:cookie`
|
| |_|_|_|_|_|_|_|_|_|_|_|_|_|/ / / /
|/| | | | | | | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| |_|_|/ / / / / / / / / / / / / / /
|/| | | | | | | | | | | | | | | | | |
dhcpcd: fix !enablePrivSep build, nixos/dhcpcd: assert if dhcpcd would crash
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | |
dhcpcd does not run properly with some of the hardened system mallocs
that are currently available. assert when an incompatible configuration
is detected, as a switch into such a config from eg auto-update can take
hosts offline.
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | |
nixos/nix-daemon: Fix misspelled old option name
|
| | |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|/
| |/| | | | | | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | |
nixos/tests/install: Fix after sandboxed-docs change fc614c3
|
| | | | | | | | | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| |_|/ / / / / / / / / / / / / / / / /
|/| | | | | | | | | | | | | | | | | | |
Promtail package
|
| | | | | | | | | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | | | | | | | | | | |
|
| | | | | | | | | | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|/ / / / / / / / / / / / / /
|/| | | | | | | | | | | | | | | | | | | |
gnome-2048: init at 3.38.2
|