This simplifies the setup to receive emails from the ZFS Event Daemon
by relying on the sendmail wrapper defined by other modules such as
msmtp or Postfix.
This is more similar to how other modules like smartd deal with email
configuration.
The user is no longer required to define and rebuild their own ZFS
package to add email support.
GitHub: closes https://github.com/NixOS/nixpkgs/issues/132464
Convert the `ipfsMountDir` and `ipnsMountDir` settings to RFC42-style settings.
I don't know why I didn't already do this in a255c43f44, I guess I just missed it.
This fixes a panic of the kubo daemon which could occur under certain conditions when the daemon was starting.
It was caused by the `ipfs.service` unit not depending on the `ipfs-api.socket` and `ipfs-gateway.socket` units with `Wants=`. This allows the `ipfs.service` to be started manually or by `nixos-rebuild` without the sockets being set up before that. When that happens, the daemon won't know about these sockets and will only use what is set in `services.kubo.settings.Addresses.Gateway` and `services.kubo.settings.Addresses.API`. By default the `API` is an empty list in NixOS though. The daemon doesn't like this at all and panics on startup, see https://github.com/ipfs/kubo/issues/10056.
With this commit, starting `ipfs.service` will first set up the two sockets before starting the actual service.
Adding the `Sockets=` option implicitly adds a `Wants=` for the sockets and this is exactly what we need. See https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#Implicit%20Dependencies . This can be checked with `systemctl show ipfs.service`.
This should probably be upstreamed to the unit file in the Kubo repo.
The problem can be reproduced in the following way:
- Add `services.kubo.enable = true` to `/etc/nixos/configuration.nix`
- `sudo nixos-rebuild switch` (this may already fail, not sure why it's not deterministic for me)
- `sudo systemctl stop ipfs-api.socket`
- `sudo systemctl stop ipfs-gateway.socket`
- `sudo systemctl stop ipfs.service`
- `sudo systemctl start ipfs.service`
Fixes#248447.
The previous code did not apply any changes to the upstream defaults on being presented with an empty list.
This changes the code to use the above behaviour on a `null` value while an empty list is passed through as normal which yields a systemd configuration line with empty value which resets it to an empty value.
Signed-off-by: benaryorg <binary@benary.org>
This reverts commit 413011ddf4.
Using separate lockfile directories prevents the different kea daemons
from using the interprocess sync lockfile.
Keeping the runtime directory around might be the better approach.
we previously defined a custom type for `boot.kernel.sysctl."net.core.rmem_max"`
to resolve to the highest value set. this patch adds the same behavior to
`"net.core.wmem_max"`.
as this changes the type from a string to an integer, which is a breaking
change this patch also includes a release note and updates the transmission
module to use a number for `wmem_max`.
This fixes the following eval error:
```
error: nodePackages.node-red cannot be found in pkgs
```
when having `services.node-red.enable = true;` without specifying
`services.node-red.package`, just like the nixos VM test.
Follow-up of f509382c11, which attempted
to fix this as well.
Breakage introduced in 0a37316d6c.
People are actively writing release notes already and with this it's
ensured that the contents are actually valid.
Also, when writing release notes for something, I'd like to be able to
see a preview.
Using `/bin/sh` in udev rules is fine (as it's guaranteed to point to a
(bash) shell on NixOS), and actually is better than hardcoding absolute
paths, at least in cases where these rules are also added to the
(systemd-based) initrd (via boot.initrd.services.udev.rules).
To allow this, we need to update the check routine that assembles the
list of files needing fixup, to explicitly exclude `/bin/sh` occurences.
To do this, we convert the pattern to a PCRE regex (which requires "/"
to be escaped), and add `(?!/bin/sh\b)` as a negative lookahead.
This subsequently allows udev rules to (start using) `/bin/sh` again, so
they'll work in-initrd.
* Always use PHP 8.2: at the time of writing, Nextcloud also suggests to
use 8.2 rather than 8.3 in the manual for v28.
One contributing factor is probably that all plugins need new releases
to declare PHP 8.3 support.
* Fix upgradeWarning for installing v27 now that v28 is out.
* Drop upgrade warning for v24. This one is EOL for quite a while
already, so right now everybody should've switched (or carefully
studied the release notes in case they were upgrading from <23.05) and
we can clean up the module a little bit.
v25 was dropped not so long ago, so if it's still referenced (because
somebody didn't declare `services.nextcloud.package` and has
`system.stateVersion = "22.11";`) it's appropriate to still give a
specialized error.
services.udev.path already contains some defaults, these are however
defined in the module implementation, not options.
Update the description to make this more clear.
If we include users with unset groups, we get this very confusing
message, with invalid Nix code:
- The following users have a primary group that is undefined: qyliss
Hint: Add this to your NixOS configuration:
users.groups. = {};
We don't need to include such users in this check, since they'll be
caught anyway by this one:
- users.users.qyliss.group is unset. This used to default to
nogroup, but this is unsafe. For example you can create a group
for this user with:
users.users.qyliss.group = "qyliss";
users.groups.qyliss = {};
I saw this trace when building my system configuration this morning:
```
lazy-options.json> trace: warning: literalExample is deprecated, use literalExpression instead, or use literalMD for a non-Nix description.
```
This warning was introduced in https://github.com/NixOS/nixpkgs/pull/237557.
The option this commit changes was introduced in https://github.com/NixOS/nixpkgs/pull/137003.
This will cause systemd to chown /var/lib/jenkins to the user that
the jenkins systemd service runs as, fixing permission issues when
mounting /var/lib/jenkins from another data volume.
It uses the same logic that garage is using, too, checking for the
prefix.
#264753 mistakenly used the dataDir option to set the -data argument.
This broke existing configurations because -data used to be set to
configDir (implicitly, using the -home option, which is equivalent to
setting -config and -data to the same value).
Fix this by introducing a new databaseDir option sets -data and defaults
to configDir. This maintains the existing behavior by default while
still allowing users to specify separate config and database
directories.
Due to an [issue](https://www.spinics.net/lists/ceph-users/msg77812.html) with the cryptography python library, Ceph Dashboard and other mgr modules are currently broken, which will cause this test to always fail. Removing the check resolves this issue, and brings the test in line wit^Cthe other Ceph tests, which do not contain the dashboard check.
In 759ec111 the ping setuid wrapper was removed in favour of giving
permissions to perform ICMP echo requests to all users.
The problem is that the systemd file that was supposed to change the
`net.ipv4.ping_group_range` sysctl is not always installed, specifically
only if systemd.coredump.enable.
In that case the range is "0 1", which is effectively restricts ping to
only root.
This change explicitely sets the range to "0 2^31-1", as systemd does.
This is necessary to allow the usbhid driver to successfully send
commands to the attached UPS.
It is possible to work around this by explicitly using setting the user
flag (e.g. `upsdrvctl -u root shutdown`), though it is much simpler to
install the udev rules rather than patch things further.
Apologies to the non-flake users; your repl isn't quite as fancy,
but at least evaluates your config exactly as you would expect,
unlike flakes which are only evaluated impurely for now.
This type is necessary to have correct merging behavior for
`allowUnfreePredicate` and `allowInsecurePredicate`
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
- Remove unused `config` argument
- Don't enable the xserver again, since the import `./common/x11.nix` already takes care of that
- Remove an empty line at the end
This commit introduces the possibility to optionally enable the Jitsi
Gateway to SIP (jigasi) module. SIP credentials can be defined in
`services.jigasi.environmentFile`.
Let's test / on ZFS and /boot on ZFS in separate tests since the GRUB integration for ZFS seems to be not very well maintained.
If the test breaks in the future it's easier to figure out that ZFS on /boot is at fault and either fix the issue or disable the test.
The new test creates a ZFS pool where all features not compatible with GRUB2 are disabled. The dataset is then mounted on /boot and we check that the installer correctly generates a bootable configuration.
Try to use as many ZFS features as possible to verify that GRUB can handle them.
Deprecation warning: The standalone 'grafana-server' program is deprecated and will be removed in the future. Please update all uses of 'grafana-server' to 'grafana server'
The error message was:
msg="Failed to read plugin provisioning files from directory" path=/nix/store/gs2cy8n6ndsa1f7msf7ndl8f85xl1pzg-grafana-provisioning/plugins
error="open /nix/store/gs2cy8n6ndsa1f7msf7ndl8f85xl1pzg-grafana-provisioning/plugins: no such file or directory"
