People are actively writing release notes already and with this it's
ensured that the contents are actually valid.
Also, when writing release notes for something, I'd like to be able to
see a preview.
Using `/bin/sh` in udev rules is fine (as it's guaranteed to point to a
(bash) shell on NixOS), and actually is better than hardcoding absolute
paths, at least in cases where these rules are also added to the
(systemd-based) initrd (via boot.initrd.services.udev.rules).
To allow this, we need to update the check routine that assembles the
list of files needing fixup, to explicitly exclude `/bin/sh` occurences.
To do this, we convert the pattern to a PCRE regex (which requires "/"
to be escaped), and add `(?!/bin/sh\b)` as a negative lookahead.
This subsequently allows udev rules to (start using) `/bin/sh` again, so
they'll work in-initrd.
* Always use PHP 8.2: at the time of writing, Nextcloud also suggests to
use 8.2 rather than 8.3 in the manual for v28.
One contributing factor is probably that all plugins need new releases
to declare PHP 8.3 support.
* Fix upgradeWarning for installing v27 now that v28 is out.
* Drop upgrade warning for v24. This one is EOL for quite a while
already, so right now everybody should've switched (or carefully
studied the release notes in case they were upgrading from <23.05) and
we can clean up the module a little bit.
v25 was dropped not so long ago, so if it's still referenced (because
somebody didn't declare `services.nextcloud.package` and has
`system.stateVersion = "22.11";`) it's appropriate to still give a
specialized error.
services.udev.path already contains some defaults, these are however
defined in the module implementation, not options.
Update the description to make this more clear.
If we include users with unset groups, we get this very confusing
message, with invalid Nix code:
- The following users have a primary group that is undefined: qyliss
Hint: Add this to your NixOS configuration:
users.groups. = {};
We don't need to include such users in this check, since they'll be
caught anyway by this one:
- users.users.qyliss.group is unset. This used to default to
nogroup, but this is unsafe. For example you can create a group
for this user with:
users.users.qyliss.group = "qyliss";
users.groups.qyliss = {};
I saw this trace when building my system configuration this morning:
```
lazy-options.json> trace: warning: literalExample is deprecated, use literalExpression instead, or use literalMD for a non-Nix description.
```
This warning was introduced in https://github.com/NixOS/nixpkgs/pull/237557.
The option this commit changes was introduced in https://github.com/NixOS/nixpkgs/pull/137003.
This will cause systemd to chown /var/lib/jenkins to the user that
the jenkins systemd service runs as, fixing permission issues when
mounting /var/lib/jenkins from another data volume.
It uses the same logic that garage is using, too, checking for the
prefix.
#264753 mistakenly used the dataDir option to set the -data argument.
This broke existing configurations because -data used to be set to
configDir (implicitly, using the -home option, which is equivalent to
setting -config and -data to the same value).
Fix this by introducing a new databaseDir option sets -data and defaults
to configDir. This maintains the existing behavior by default while
still allowing users to specify separate config and database
directories.
Due to an [issue](https://www.spinics.net/lists/ceph-users/msg77812.html) with the cryptography python library, Ceph Dashboard and other mgr modules are currently broken, which will cause this test to always fail. Removing the check resolves this issue, and brings the test in line wit^Cthe other Ceph tests, which do not contain the dashboard check.
In 759ec111 the ping setuid wrapper was removed in favour of giving
permissions to perform ICMP echo requests to all users.
The problem is that the systemd file that was supposed to change the
`net.ipv4.ping_group_range` sysctl is not always installed, specifically
only if systemd.coredump.enable.
In that case the range is "0 1", which is effectively restricts ping to
only root.
This change explicitely sets the range to "0 2^31-1", as systemd does.
This is necessary to allow the usbhid driver to successfully send
commands to the attached UPS.
It is possible to work around this by explicitly using setting the user
flag (e.g. `upsdrvctl -u root shutdown`), though it is much simpler to
install the udev rules rather than patch things further.
Apologies to the non-flake users; your repl isn't quite as fancy,
but at least evaluates your config exactly as you would expect,
unlike flakes which are only evaluated impurely for now.
This type is necessary to have correct merging behavior for
`allowUnfreePredicate` and `allowInsecurePredicate`
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
- Remove unused `config` argument
- Don't enable the xserver again, since the import `./common/x11.nix` already takes care of that
- Remove an empty line at the end
This commit introduces the possibility to optionally enable the Jitsi
Gateway to SIP (jigasi) module. SIP credentials can be defined in
`services.jigasi.environmentFile`.
Let's test / on ZFS and /boot on ZFS in separate tests since the GRUB integration for ZFS seems to be not very well maintained.
If the test breaks in the future it's easier to figure out that ZFS on /boot is at fault and either fix the issue or disable the test.
The new test creates a ZFS pool where all features not compatible with GRUB2 are disabled. The dataset is then mounted on /boot and we check that the installer correctly generates a bootable configuration.
Try to use as many ZFS features as possible to verify that GRUB can handle them.
Deprecation warning: The standalone 'grafana-server' program is deprecated and will be removed in the future. Please update all uses of 'grafana-server' to 'grafana server'
The error message was:
msg="Failed to read plugin provisioning files from directory" path=/nix/store/gs2cy8n6ndsa1f7msf7ndl8f85xl1pzg-grafana-provisioning/plugins
error="open /nix/store/gs2cy8n6ndsa1f7msf7ndl8f85xl1pzg-grafana-provisioning/plugins: no such file or directory"
I don't use this tool but saw it in the top level and that's not where it should
live.
This could arguably also be seen as a RAID; it's a bit of an in-between.
ServerQuery actually listens on three separate addresses each
corresponding to its own protocol (raw/telnet, ssh, and http). By only
setting `query_addr` we only update what IP we listen on for the raw
protocol, not ssh and http protocols which end up listening on the
default wildcard address.
This change simply makes it so that setting `queryIP` sets the IP for
all three protocols by setting each corresponding option (`query_ip`,
`query_ssh_ip` and `query_http_ip`).
Also make the attribute name to match the domain name.
This is more in line with the home-assistant custom component ecosystem
and allows additional validation between the derivation and the manifest.
Also, at a later time, this will enable us to check for domain conflicts
at eval time.
see https://github.com/lathiat/nss-mdns#:~:text=in%20such%20a%20situation%20causes%20long%20timeouts%20when%20resolving%20hosts
especially:
> libnss_mdns.so.2 resolves both IPv6 and IPv4 addresses, libnss_mdns4.so.2 only IPv4 addresses and
> libnss_mdns6.so.2 only IPv6 addresses. Due to the fact that most mDNS responders only register local IPv4
> addresses via mDNS, most people will want to use libnss_mdns4.so.2 exclusively. Using libnss_mdns.so.2
> or libnss_mdns6.so.2 in such a situation causes long timeouts when resolving hosts since most modern
> Unix/Linux applications check for IPv6 addresses first, followed by a lookup for IPv4.
Fixed conflict in pkgs/applications/graphics/krita/
krita: 5.1.5 -> 5.2.0
7a40fdc288
, and
treewide: use kde mirror everywhere, don't use pname in download urls
aa15f5066d
This is now the default recommendation upstream for linux platforms
> https://doc.qt.io/qt-6.6/qtmultimedia-index.html#ffmpeg-as-the-default-backend
> In this release the FFmpeg framework is set as the default backend on
> Windows, macOS, Android, and Linux except Yocto distribution.
> The version shipped with Qt binary packages is FFmpeg 6.0
> and is tested by the maintainers.
libXrandr is required to compile support QT_WINDOW_CAPTURE_BACKEND=x11
Recent PR 266270[1] modified an assertion related to database settings
of the redmine service. There are two problems with that change:
1. Assert message was not updated to reflect the change in the assert
condition.
2. The new condition applies only to postgresql, not the default
mysql. Therefore, the assertion breaks existing mysql-based
installations without any reason.
This commit fixes these by 1) reverting the modified assertion to the
previous value, making the message match the condition and 2) adding a
new assertion that applies only to postgresql.
[1]: https://github.com/NixOS/nixpkgs/pull/266270
To help users migrate from the previous
settings to new freeform settings type,
the commit at hand adds some
`mkRemovedOptionModule` and `mkRenamedOptionModule`.
These modules are not designed to work
inside an attribute set of submodules.
They create values for `assertions` and
`warnings` to inform the user of required changes.
Also, these informational texts do not contain
the full attribute path of the changed options.
To work around these deficiencies,
we define the required options `assertions` and `warnings`
inside the submodule and later add the values collected
inside these options to the corresponding top-level options.
In the course of doing so, we also add the full attribute path
to the informational texts so the user knows these warning
and error messages refer to the `tsmClient.servers` option.
Also, we have to filter out `warnings`, `assertions`, and
the "old" options when rendering the target config file.
Check for spaces or duplicate names in server config keys.
Since server config keys are case insensitive,
a setting like
```
{
compression = "yes";
Compression = "no";
}
```
would lead to an ambiguous configuration.
`tsm-client` uses a global configuration
file that must contain coordinates for each
server that it is supposed to contact.
This configuration consists of text
lines with key-value pairs.
In the NixOS module, these servers may be declared
with an attribute set, where the attribute name
defines an alias for the server, and the value
is again an attribute set with the settings for
the respective server.
This is organized as an option of type `attrsOf submodule...`.
Before this commit:
Important settings have their own option within
the submodule. For everything else, there is
the "catch-all" option `extraConfig` that may
be used to declare any key-value pairs.
There is also `text` that can be used to
add arbitrary text to each server's
section in the global config file.
After this commit:
`extraConfig` and `text` are gone,
the attribute names and values of each server's attribute
set are translated directly into key-value pairs,
with the following notable rules:
* Lists are translated into multiple lines
with the same key, as such is permitted by
the software for certain keys.
* `null` may be used to override/shadow a value that
is defined elsewhere and hides the corresponding key.
Those "important settings" that have previously been
defined as dedicated options are still defined as such,
but they have been renamed to match their
corresponding key names in the configuration file.
There is a notable exception:
"Our" boolean option `genPasswd` influences the "real"
option `passwordaccess', but the latter one is
uncomfortable to use and might lead
to undesirable outcome if used the wrong way.
So it seems advisable to keep the boolean option
and the warning in its description.
To this end, the value of `getPasswd` itself is
later filtered out when the config file is generated.
The tsm-backup service module and the vm test are adapted.
Migration code will be added in a separate
commit to permit easy reversal later, when the
migration code is no longer deemed necessary.
With the tsm-client 8.1.19.0 release,
IBM renamed the product brand from
"IBM Spectrum Protect" to "IBM Storage Protect":
https://www.ibm.com/support/pages/node/6964770 .
The package already got updated in commits
5ff5b2ae4c and
a4b7a62532 .
The commit at hand updates the modules accordingly.