diff options
Diffstat (limited to 'nixos')
95 files changed, 275 insertions, 164 deletions
diff --git a/nixos/doc/manual/manpages/README.md b/nixos/doc/manual/manpages/README.md index 9923f48239227..05cb83902c742 100644 --- a/nixos/doc/manual/manpages/README.md +++ b/nixos/doc/manual/manpages/README.md @@ -17,7 +17,7 @@ In any manpage, commands, flags and arguments to the *current* executable should - Use `Cm` to mark literal string arguments, e.g. the `boot` command argument passed to `nixos-rebuild`. - Optional flags or arguments should be marked with `Op`. This includes optional repeating arguments. - Required flags or arguments should not be marked. - - Mutually exclusive groups of arguments should be enclosed in curly brackets, preferrably created with `Bro`/`Brc` blocks. + - Mutually exclusive groups of arguments should be enclosed in curly brackets, preferably created with `Bro`/`Brc` blocks. When an argument is used in an example it should be marked up with `Ar` again to differentiate it from a constant. For example, a command with a `--host name` flag that calls ssh to retrieve the host's local time would signify this thusly: ``` @@ -45,7 +45,7 @@ Larger code blocks or those that cannot be shown inline should use indented lite ... .Ed ``` -Contents of code blocks may be marked up further, e.g. if they refer to arguments that will be subsituted into them: +Contents of code blocks may be marked up further, e.g. if they refer to arguments that will be substituted into them: ``` .Bd -literal -offset indent { diff --git a/nixos/doc/manual/release-notes/rl-1609.section.md b/nixos/doc/manual/release-notes/rl-1609.section.md index e9c650cf40724..ad3478d0ca173 100644 --- a/nixos/doc/manual/release-notes/rl-1609.section.md +++ b/nixos/doc/manual/release-notes/rl-1609.section.md @@ -20,7 +20,7 @@ When upgrading from a previous release, please be aware of the following incompa - A large number of packages have been converted to use the multiple outputs feature of Nix to greatly reduce the amount of required disk space, as mentioned above. This may require changes to any custom packages to make them build again; see the relevant chapter in the Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions related to multiple-output packages [were changed](https://github.com/NixOS/nixpkgs/pull/14766) late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.) -- Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to aviod breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html). +- Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to avoid breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html). - Shell aliases for systemd sub-commands [were dropped](https://github.com/NixOS/nixpkgs/pull/15598): `start`, `stop`, `restart`, `status`. @@ -28,7 +28,7 @@ When upgrading from a previous release, please be aware of the following incompa - `/var/empty` is now immutable. Activation script runs `chattr +i` to forbid any modifications inside the folder. See [ the pull request](https://github.com/NixOS/nixpkgs/pull/18365) for what bugs this caused. -- Gitlab's maintainance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI. +- Gitlab's maintenance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI. - `services.xserver.libinput.accelProfile` default changed from `flat` to `adaptive`, as per [ official documentation](https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79). diff --git a/nixos/doc/manual/release-notes/rl-1709.section.md b/nixos/doc/manual/release-notes/rl-1709.section.md index 9f49549901bef..f2ff8b46b83f1 100644 --- a/nixos/doc/manual/release-notes/rl-1709.section.md +++ b/nixos/doc/manual/release-notes/rl-1709.section.md @@ -275,7 +275,7 @@ When upgrading from a previous release, please be aware of the following incompa You can check that backups still work by running `systemctl start mysql-backup` then `systemctl status mysql-backup`. -- Templated systemd services e.g `container@name` are now handled currectly when switching to a new configuration, resulting in them being reloaded. +- Templated systemd services e.g `container@name` are now handled correctly when switching to a new configuration, resulting in them being reloaded. - Steam: the `newStdcpp` parameter was removed and should not be needed anymore. diff --git a/nixos/doc/manual/release-notes/rl-1803.section.md b/nixos/doc/manual/release-notes/rl-1803.section.md index 681894eb13ece..ecf5757bae6c3 100644 --- a/nixos/doc/manual/release-notes/rl-1803.section.md +++ b/nixos/doc/manual/release-notes/rl-1803.section.md @@ -174,7 +174,7 @@ When upgrading from a previous release, please be aware of the following incompa - The `openssh` package now includes Kerberos support by default; the `openssh_with_kerberos` package is now a deprecated alias. If you do not want Kerberos support, you can do `openssh.override { withKerberos = false; }`. Note, this also applies to the `openssh_hpn` package. -- `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatability, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved. +- `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatibility, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved. - The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual. The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected. diff --git a/nixos/doc/manual/release-notes/rl-1903.section.md b/nixos/doc/manual/release-notes/rl-1903.section.md index b43518c471fd2..e83a3911a5cf2 100644 --- a/nixos/doc/manual/release-notes/rl-1903.section.md +++ b/nixos/doc/manual/release-notes/rl-1903.section.md @@ -81,7 +81,7 @@ When upgrading from a previous release, please be aware of the following incompa The slurmctld now runs as user `slurm` instead of `root`. If you want to keep slurmctld running as `root`, set `services.slurm.user = root`. - The options `services.slurm.nodeName` and `services.slurm.partitionName` are now sets of strings to correctly reflect that fact that each of these options can occour more than once in the configuration. + The options `services.slurm.nodeName` and `services.slurm.partitionName` are now sets of strings to correctly reflect that fact that each of these options can occur more than once in the configuration. - The `solr` package has been upgraded from 4.10.3 to 7.5.0 and has undergone some major changes. The `services.solr` module has been updated to reflect these changes. Please review http://lucene.apache.org/solr/ carefully before upgrading. @@ -91,7 +91,7 @@ When upgrading from a previous release, please be aware of the following incompa - Network interface indiscriminate NixOS firewall options (`networking.firewall.allow*`) are now preserved when also setting interface specific rules such as `networking.firewall.interfaces.en0.allow*`. These rules continue to use the pseudo device "default" (`networking.firewall.interfaces.default.*`), and assigning to this pseudo device will override the (`networking.firewall.allow*`) options. -- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interferring with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network. +- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interfering with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network. If the old behaviour is desired, this can be restored by setting the `services.nscd.config` option with the desired caching parameters. @@ -135,7 +135,7 @@ When upgrading from a previous release, please be aware of the following incompa - GitLab Shell previously used the nix store paths for the `gitlab-shell` command in its `authorized_keys` file, which might stop working after garbage collection. To circumvent that, we regenerated that file on each startup. As `gitlab-shell` has now been changed to use `/var/run/current-system/sw/bin/gitlab-shell`, this is not necessary anymore, but there might be leftover lines with a nix store path. Regenerate the `authorized_keys` file via `sudo -u git -H gitlab-rake gitlab:shell:setup` in that case. -- The `pam_unix` account module is now loaded with its control field set to `required` instead of `sufficient`, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to `pam_unix`. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previosuly shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting `security.pam.services.<name?>.text`. +- The `pam_unix` account module is now loaded with its control field set to `required` instead of `sufficient`, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to `pam_unix`. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previously shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting `security.pam.services.<name?>.text`. - The `pam_unix` password module is now loaded with its control field set to `sufficient` instead of `required`, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account's password through PAM was not possible: the whole password module verification was exited prematurely by `pam_unix`, preventing `pam_ldap` to manage the password as it should. diff --git a/nixos/doc/manual/release-notes/rl-1909.section.md b/nixos/doc/manual/release-notes/rl-1909.section.md index 428352388193f..22cef05d4fa75 100644 --- a/nixos/doc/manual/release-notes/rl-1909.section.md +++ b/nixos/doc/manual/release-notes/rl-1909.section.md @@ -194,7 +194,7 @@ When upgrading from a previous release, please be aware of the following incompa `security.acme.preDelay` and `security.acme.activationDelay` options have been removed. To execute a service before certificates are provisioned or renewed add a `RequiredBy=acme-${cert}.service` to any service. - Furthermore, the acme module will not automatically add a dependency on `lighttpd.service` anymore. If you are using certficates provided by letsencrypt for lighttpd, then you should depend on the certificate service `acme-${cert}.service>` manually. + Furthermore, the acme module will not automatically add a dependency on `lighttpd.service` anymore. If you are using certificates provided by letsencrypt for lighttpd, then you should depend on the certificate service `acme-${cert}.service>` manually. For nginx, the dependencies are still automatically managed when `services.nginx.virtualhosts.<name>.enableACME` is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all `acme-certificates.target`. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at [NixOS/nixpkgs\#60180](https://github.com/NixOS/nixpkgs/issues/60180). diff --git a/nixos/doc/manual/release-notes/rl-2009.section.md b/nixos/doc/manual/release-notes/rl-2009.section.md index 6995ef1d406cf..6bb75a04b3e8a 100644 --- a/nixos/doc/manual/release-notes/rl-2009.section.md +++ b/nixos/doc/manual/release-notes/rl-2009.section.md @@ -130,7 +130,7 @@ In addition to 1119 new, 118 updated, and 476 removed options; 61 new modules we - [services.cage.enable](options.html#opt-services.cage.enable) Wayland cage service - - [services.convos.enable](options.html#opt-services.convos.enable) IRC daemon, which can be accessed throught the browser + - [services.convos.enable](options.html#opt-services.convos.enable) IRC daemon, which can be accessed through the browser - [services.engelsystem.enable](options.html#opt-services.engelsystem.enable) Tool for coordinating volunteers and shifts on large events @@ -552,7 +552,7 @@ When upgrading from a previous release, please be aware of the following incompa - The [jellyfin](options.html#opt-services.jellyfin.enable) module will use and stay on the Jellyfin version `10.5.5` if `stateVersion` is lower than `20.09`. This is because significant changes were made to the database schema, and it is highly recommended to backup your instance before upgrading. After making your backup, you can upgrade to the latest version either by setting your `stateVersion` to `20.09` or higher, or set the `services.jellyfin.package` to `pkgs.jellyfin`. If you do not wish to upgrade Jellyfin, but want to change your `stateVersion`, you can set the value of `services.jellyfin.package` to `pkgs.jellyfin_10_5`. -- The `security.rngd` service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundent. +- The `security.rngd` service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundant. - The `hardware.nvidia.optimus_prime.enable` service has been renamed to `hardware.nvidia.prime.sync.enable` and has many new enhancements. Related nvidia prime settings may have also changed. diff --git a/nixos/doc/manual/release-notes/rl-2105.section.md b/nixos/doc/manual/release-notes/rl-2105.section.md index 6244d79e7e781..080ca68d92581 100644 --- a/nixos/doc/manual/release-notes/rl-2105.section.md +++ b/nixos/doc/manual/release-notes/rl-2105.section.md @@ -197,7 +197,7 @@ When upgrading from a previous release, please be aware of the following incompa Android packages are now loaded from a repo.json file created by parsing Android repo XML files. The arguments `repoJson` and `repoXmls` have been added to allow overriding the built-in androidenv repo.json with your own. Additionally, license files are now written to allow compatibility with Gradle-based tools, and the `extraLicenses` argument has been added to accept more SDK licenses if your project requires it. See the androidenv documentation for more details. -- The attribute `mpi` is now consistently used to provide a default, system-wide MPI implementation. The default implementation is openmpi, which has been used before by all derivations affects by this change. Note that all packages that have used `mpi ? null` in the input for optional MPI builds, have been changed to the boolean input paramater `useMpi` to enable building with MPI. Building all packages with `mpich` instead of the default `openmpi` can now be achived like this: +- The attribute `mpi` is now consistently used to provide a default, system-wide MPI implementation. The default implementation is openmpi, which has been used before by all derivations affects by this change. Note that all packages that have used `mpi ? null` in the input for optional MPI builds, have been changed to the boolean input parameter `useMpi` to enable building with MPI. Building all packages with `mpich` instead of the default `openmpi` can now be achieved like this: ```nix self: super: @@ -272,7 +272,7 @@ When upgrading from a previous release, please be aware of the following incompa - `environment.defaultPackages` now includes the nano package. If pkgs.nano is not added to the list, make sure another editor is installed and the `EDITOR` environment variable is set to it. Environment variables can be set using `environment.variables`. -- `services.minio.dataDir` changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements. +- `services.minio.dataDir` changed type to a list of paths, required for specifying multiple data directories for using with erasure coding. Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements. - All CUDA toolkit versions prior to CUDA 10 have been removed. @@ -375,7 +375,7 @@ When upgrading from a previous release, please be aware of the following incompa - When defining a new user, one of [users.users._name_.isNormalUser](options.html#opt-users.users._name_.isNormalUser) and [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) is now required. This is to prevent accidentally giving a UID above 1000 to system users, which could have unexpected consequences, like running user activation scripts for system users. Note that users defined with an explicit UID below 500 are exempted from this check, as [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) has no effect for those. -- The `security.apparmor` module, for the [AppArmor](https://gitlab.com/apparmor/apparmor/-/wikis/Documentation) Mandatory Access Control system, has been substantialy improved along with related tools, so that module maintainers can now more easily write AppArmor profiles for NixOS. The most notable change on the user-side is the new option [security.apparmor.policies](options.html#opt-security.apparmor.policies), replacing the previous `profiles` option to provide a way to disable a profile and to select whether to confine in enforce mode (default) or in complain mode (see `journalctl -b --grep apparmor`). Security-minded users may also want to enable [security.apparmor.killUnconfinedConfinables](options.html#opt-security.apparmor.killUnconfinedConfinables), at the cost of having some of their processes killed when updating to a NixOS version introducing new AppArmor profiles. +- The `security.apparmor` module, for the [AppArmor](https://gitlab.com/apparmor/apparmor/-/wikis/Documentation) Mandatory Access Control system, has been substantially improved along with related tools, so that module maintainers can now more easily write AppArmor profiles for NixOS. The most notable change on the user-side is the new option [security.apparmor.policies](options.html#opt-security.apparmor.policies), replacing the previous `profiles` option to provide a way to disable a profile and to select whether to confine in enforce mode (default) or in complain mode (see `journalctl -b --grep apparmor`). Security-minded users may also want to enable [security.apparmor.killUnconfinedConfinables](options.html#opt-security.apparmor.killUnconfinedConfinables), at the cost of having some of their processes killed when updating to a NixOS version introducing new AppArmor profiles. - The GNOME desktop manager once again installs gnome.epiphany by default. diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 7272e9231582c..159881a0ac4cd 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -375,7 +375,7 @@ In addition to numerous new and upgraded packages, this release has the followin - `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument. -- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group. +- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`hardware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group. - The fontconfig service's dpi option has been removed. Fontconfig should use Xft settings by default so there's no need to override one value in multiple places. diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index e73be3773c9d4..d4581fe9441c8 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -10,7 +10,7 @@ In addition to numerous new and upgraded packages, this release has the followin for Flakes, but also marks the `nix` command as experimental which now has to be enabled via the configuration explicitly. For more information and instructions for upgrades, see the - relase notes for [nix-2.4](https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html), + release notes for [nix-2.4](https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html), [nix-2.5](https://nixos.org/manual/nix/stable/release-notes/rl-2.5.html), [nix-2.6](https://nixos.org/manual/nix/stable/release-notes/rl-2.6.html), [nix-2.7](https://nixos.org/manual/nix/stable/release-notes/rl-2.7.html) and @@ -278,11 +278,11 @@ In addition to numerous new and upgraded packages, this release has the followin - `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`. - Additionally with 2.5 the argon2 module was included in the standard distrubtion and renamed from `pw-argon2` to `argon2`. Remember to update your `olcModuleLoad` entry in `cn=config`. + Additionally with 2.5 the argon2 module was included in the standard distribution and renamed from `pw-argon2` to `argon2`. Remember to update your `olcModuleLoad` entry in `cn=config`. - `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface. -- `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`. +- `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your environment consider adding `openssh` to it or switching to `gitFull`. - `services.k3s.enable` no longer implies `systemd.enableUnifiedCgroupHierarchy = false`, and will default to the 'systemd' cgroup driver when using `services.k3s.docker = true`. This change may require a reboot to take effect, and k3s may not be able to run if the boot cgroup hierarchy does not match its configuration. @@ -639,7 +639,7 @@ In addition to numerous new and upgraded packages, this release has the followin changes in the database scheme and configuration format. - Some top-level settings under [services.epgstation](#opt-services.epgstation.enable) - is now deprecated because it was redudant due to the same options being + is now deprecated because it was redundant due to the same options being present in [services.epgstation.settings](#opt-services.epgstation.settings). - The option `services.epgstation.basicAuth` was removed because basic @@ -653,7 +653,7 @@ In addition to numerous new and upgraded packages, this release has the followin option now expects options for `config.yml` in EPGStation v2. - Existing data for the [services.epgstation](#opt-services.epgstation.enable) - module would have to be backed up prior to the upgrade. To back up exising + module would have to be backed up prior to the upgrade. To back up existing data to `/tmp/epgstation.bak`, run `sudo -u epgstation epgstation run backup /tmp/epgstation.bak`. To import that data after to the upgrade, run @@ -804,7 +804,7 @@ In addition to numerous new and upgraded packages, this release has the followin - The `influxdb2` package was split into `influxdb2-server` and `influxdb2-cli`, matching the split that took place upstream. A combined `influxdb2` package is still provided in this release for - backwards compatibilty, but will be removed at a later date. + backwards compatibility, but will be removed at a later date. - The `unifi` package was switched from `unifi6` to `unifi7`. Direct downgrades from Unifi 7 to Unifi 6 are not possible and require restoring from a backup made by Unifi 6. diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index e92c776b33e3d..97a305573501c 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -205,7 +205,7 @@ In addition to numerous new and upgraded packages, this release includes the fol - Linux 4.9 has been removed because it will reach its end of life within the lifespan of 22.11. -- (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden. +- (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintenance burden. Use `configure.packages` instead. - Neovim can not be configured with plug anymore (still works for vim). @@ -221,7 +221,7 @@ In addition to numerous new and upgraded packages, this release includes the fol - `mysql57` has been removed. Please update to `mysql80` or `mariadb`. See the [upgrade guide](https://mariadb.com/kb/en/upgrading-from-mysql-to-mariadb/) for more information. -- Consequently, `cqrlog` and `amorok` now use `mariadb` instead of `mysql57` for their embedded databases. Running `mysql_upgrade` may be neccesary. +- Consequently, `cqrlog` and `amorok` now use `mariadb` instead of `mysql57` for their embedded databases. Running `mysql_upgrade` may be necessary. - `k3s` supports `clusterInit` option, and it is enabled by default, for servers. - `percona-server56` has been removed. Please migrate to `mysql` or `mariadb` if possible. diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index c5a29ed9f202b..838bda5c914f2 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -72,7 +72,7 @@ In addition to numerous new and upgraded packages, this release has the followin - [stevenblack-blocklist](https://github.com/StevenBlack/hosts), A unified hosts file with base extensions for blocking unwanted websites. Available as [networking.stevenblack](options.html#opt-networking.stevenblack.enable). -- [Budgie Desktop](https://github.com/BuddiesOfBudgie/budgie-desktop), a familiar, modern desktop environment. Availabe as [services.xserver.desktopManager.budgie](options.html#opt-services.xserver.desktopManager.budgie). +- [Budgie Desktop](https://github.com/BuddiesOfBudgie/budgie-desktop), a familiar, modern desktop environment. Available as [services.xserver.desktopManager.budgie](options.html#opt-services.xserver.desktopManager.budgie). - [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable). @@ -88,7 +88,7 @@ In addition to numerous new and upgraded packages, this release has the followin - [alertmanager-irc-relay](https://github.com/google/alertmanager-irc-relay), a Prometheus Alertmanager IRC Relay. Available as [services.prometheus.alertmanagerIrcRelay](options.html#opt-services.prometheus.alertmanagerIrcRelay.enable). -- [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Mutiple servers may be configured below [services.tts.servers](#opt-services.tts.servers). +- [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Multiple servers may be configured below [services.tts.servers](#opt-services.tts.servers). - [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable). @@ -98,7 +98,7 @@ In addition to numerous new and upgraded packages, this release has the followin - [gonic](https://github.com/sentriz/gonic), a Subsonic music streaming server. Available as [services.gonic](#opt-services.gonic.enable). -- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable). +- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and receives MMSes. Available as [services.mmsd](#opt-services.mmsd.enable). - [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable) @@ -199,6 +199,8 @@ In addition to numerous new and upgraded packages, this release has the followin - The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services. This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service` +- The mailman service now defaults to using a randomly generated REST API password instead of a hardcoded one. + - `minio` removed support for its legacy filesystem backend in [RELEASE.2022-10-29T06-21-33Z](https://github.com/minio/minio/releases/tag/RELEASE.2022-10-29T06-21-33Z). This means if your storage was created with the old format, minio will no longer start. Unfortunately minio doesn't provide a an automatic migration, they only provide [instructions how to manually convert the node](https://min.io/docs/minio/windows/operations/install-deploy-manage/migrate-fs-gateway.html). To facilitate this migration we keep around the last version that still supports the old filesystem backend as `minio_legacy_fs`. Use it via `services.minio.package = minio_legacy_fs;` to export your data before switching to the new version. See the corresponding [issue](https://github.com/NixOS/nixpkgs/issues/199318) for more details. - `services.sourcehut.dispatch` and the corresponding package (`sourcehut.dispatchsrht`) have been removed due to [upstream deprecation](https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/). @@ -253,6 +255,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `fail2ban` has been updated to 1.0.2, which has a few breaking changes compared to 0.11.2 ([changelog for 1.0.1](https://github.com/fail2ban/fail2ban/blob/1.0.1/ChangeLog), [changelog for 1.0.2](https://github.com/fail2ban/fail2ban/blob/1.0.2/ChangeLog)) +- `albert` has been updated from 0.17.6 to 0.20.13, and 0.18.0 changed the config format and many plugins ([changelog for 0.18.0](https://github.com/albertlauncher/albert/blob/v0.18.0/CHANGELOG.md)) + - Calling `makeSetupHook` without passing a `name` argument is deprecated. - Top-level buildPlatform,hostPlatform,targetPlatform have been deprecated, use stdenv.X instead. @@ -285,7 +289,7 @@ In addition to numerous new and upgraded packages, this release has the followin - The `nix.readOnlyStore` option has been renamed to `boot.readOnlyNixStore` to clarify that it configures the NixOS boot process, not the Nix daemon. -- Deprecated `xlibsWrapper` transitional package has been removed in favour of direct use of its constitutents: `xorg.libX11`, `freetype` and others. +- Deprecated `xlibsWrapper` transitional package has been removed in favour of direct use of its constituents: `xorg.libX11`, `freetype` and others. - The latest available version of Nextcloud is v26 (available as `pkgs.nextcloud26`) which uses PHP 8.2 as interpreter by default. The installation logic is as follows: - If `system.stateVersion` is >=23.05, `pkgs.nextcloud26` will be installed by default. @@ -300,7 +304,7 @@ In addition to numerous new and upgraded packages, this release has the followin [upstream's release notes](https://github.com/iputils/iputils/releases/tag/20221126) for more details and available replacements. -- The ppp plugin `rp-pppoe.so` has been renamed to `pppoe.so` in ppp 2.4.9. Starting from ppp 2.5.0, there is no longer a alias for backwards compatiblity. Configurations that use this plugin must be updated accordingly from `plugin rp-pppoe.so` to `plugin pppoe.so`. See [upstream change](https://github.com/ppp-project/ppp/commit/610a7bd76eb1f99f22317541b35001b1e24877ed). +- The ppp plugin `rp-pppoe.so` has been renamed to `pppoe.so` in ppp 2.4.9. Starting from ppp 2.5.0, there is no longer a alias for backwards compatibility. Configurations that use this plugin must be updated accordingly from `plugin rp-pppoe.so` to `plugin pppoe.so`. See [upstream change](https://github.com/ppp-project/ppp/commit/610a7bd76eb1f99f22317541b35001b1e24877ed). - [services.xserver.videoDrivers](options.html#opt-services.xserver.videoDrivers) now defaults to the `modesetting` driver over device-specific ones. The `radeon`, `amdgpu` and `nouveau` drivers are still available, but effectively unmaintained and not recommended for use. @@ -565,7 +569,7 @@ In addition to numerous new and upgraded packages, this release has the followin The Pipewire config semantics don't really match the NixOS module semantics, so it's extremely awkward to override the default config, especially when lists are involved. Vendoring the configuration files in nixpkgs also creates unnecessary maintenance overhead. -Also, upstream added a lot of accomodations to allow doing most of the things you'd want to do with a config edit in better ways. +Also, upstream added a lot of accommodations to allow doing most of the things you'd want to do with a config edit in better ways. #### Migrating your configuration {#sec-release-23.05-migration-pipewire-how} diff --git a/nixos/lib/make-iso9660-image.nix b/nixos/lib/make-iso9660-image.nix index 549530965f6e1..2f7dcf519a16f 100644 --- a/nixos/lib/make-iso9660-image.nix +++ b/nixos/lib/make-iso9660-image.nix @@ -47,16 +47,16 @@ assert usbBootable -> isohybridMbrImage != ""; stdenv.mkDerivation { name = isoName; - builder = ./make-iso9660-image.sh; + __structuredAttrs = true; + + buildCommandPath = ./make-iso9660-image.sh; nativeBuildInputs = [ xorriso syslinux zstd libossp_uuid ]; inherit isoName bootable bootImage compressImage volumeID efiBootImage efiBootable isohybridMbrImage usbBootable; - # !!! should use XML. sources = map (x: x.source) contents; targets = map (x: x.target) contents; - # !!! should use XML. objects = map (x: x.object) storeContents; symlinks = map (x: x.symlink) storeContents; diff --git a/nixos/lib/make-iso9660-image.sh b/nixos/lib/make-iso9660-image.sh index 9273b8d3db8dc..34febe9cfe0e6 100644 --- a/nixos/lib/make-iso9660-image.sh +++ b/nixos/lib/make-iso9660-image.sh @@ -1,12 +1,3 @@ -source $stdenv/setup - -sources_=($sources) -targets_=($targets) - -objects=($objects) -symlinks=($symlinks) - - # Remove the initial slash from a path, since genisofs likes it that way. stripSlash() { res="$1" @@ -35,13 +26,13 @@ if test -n "$bootable"; then # The -boot-info-table option modifies the $bootImage file, so # find it in `contents' and make a copy of it (since the original # is read-only in the Nix store...). - for ((i = 0; i < ${#targets_[@]}; i++)); do - stripSlash "${targets_[$i]}" + for ((i = 0; i < ${#targets[@]}; i++)); do + stripSlash "${targets[$i]}" if test "$res" = "$bootImage"; then - echo "copying the boot image ${sources_[$i]}" - cp "${sources_[$i]}" boot.img + echo "copying the boot image ${sources[$i]}" + cp "${sources[$i]}" boot.img chmod u+w boot.img - sources_[$i]=boot.img + sources[$i]=boot.img fi done @@ -66,9 +57,9 @@ touch pathlist # Add the individual files. -for ((i = 0; i < ${#targets_[@]}; i++)); do - stripSlash "${targets_[$i]}" - addPath "$res" "${sources_[$i]}" +for ((i = 0; i < ${#targets[@]}; i++)); do + stripSlash "${targets[$i]}" + addPath "$res" "${sources[$i]}" done diff --git a/nixos/lib/make-squashfs.nix b/nixos/lib/make-squashfs.nix index 170d315fb7517..d1260a48f2294 100644 --- a/nixos/lib/make-squashfs.nix +++ b/nixos/lib/make-squashfs.nix @@ -10,6 +10,7 @@ stdenv.mkDerivation { name = "squashfs.img"; + __structuredAttrs = true; nativeBuildInputs = [ squashfsTools ]; diff --git a/nixos/lib/systemd-lib.nix b/nixos/lib/systemd-lib.nix index a21450708fe5c..eb2bcb9d3b982 100644 --- a/nixos/lib/systemd-lib.nix +++ b/nixos/lib/systemd-lib.nix @@ -289,9 +289,9 @@ in rec { // optionalAttrs (config.requisite != []) { Requisite = toString config.requisite; } // optionalAttrs (config ? restartTriggers && config.restartTriggers != []) - { X-Restart-Triggers = toString config.restartTriggers; } + { X-Restart-Triggers = "${pkgs.writeText "X-Restart-Triggers" (toString config.restartTriggers)}"; } // optionalAttrs (config ? reloadTriggers && config.reloadTriggers != []) - { X-Reload-Triggers = toString config.reloadTriggers; } + { X-Reload-Triggers = "${pkgs.writeText "X-Reload-Triggers" (toString config.reloadTriggers)}"; } // optionalAttrs (config.description != "") { Description = config.description; } // optionalAttrs (config.documentation != []) { diff --git a/nixos/lib/systemd-unit-options.nix b/nixos/lib/systemd-unit-options.nix index 6c53c5e0533d7..9c69bda471bb7 100644 --- a/nixos/lib/systemd-unit-options.nix +++ b/nixos/lib/systemd-unit-options.nix @@ -80,7 +80,7 @@ in rec { description = lib.mdDoc '' Units that want (i.e. depend on) this unit. The default method for starting a unit by default at boot time is to set this option to - '["multi-user.target"]' for system services. Likewise for user units + `["multi-user.target"]` for system services. Likewise for user units (`systemd.user.<name>.*`) set it to `["default.target"]` to make a unit start by default when the user `<name>` logs on. diff --git a/nixos/lib/test-driver/test_driver/machine.py b/nixos/lib/test-driver/test_driver/machine.py index 4b34ac423d1eb..a362e99f98ed3 100644 --- a/nixos/lib/test-driver/test_driver/machine.py +++ b/nixos/lib/test-driver/test_driver/machine.py @@ -133,7 +133,7 @@ def retry(fn: Callable, timeout: int = 900) -> None: class StartCommand: - """The Base Start Command knows how to append the necesary + """The Base Start Command knows how to append the necessary runtime qemu options as determined by a particular test driver run. Any such start command is expected to happily receive and append additional qemu args. @@ -211,7 +211,7 @@ class StartCommand: class NixStartScript(StartCommand): """A start script from nixos/modules/virtualiation/qemu-vm.nix that also satisfies the requirement of the BaseStartCommand. - These Nix commands have the particular charactersitic that the + These Nix commands have the particular characteristic that the machine name can be extracted out of them via a regex match. (Admittedly a _very_ implicit contract, evtl. TODO fix) """ @@ -527,7 +527,7 @@ class Machine: timeout_str = f"timeout {timeout}" # While sh is bash on NixOS, this is not the case for every distro. - # We explicitely call bash here to allow for the driver to boot other distros as well. + # We explicitly call bash here to allow for the driver to boot other distros as well. out_command = ( f"{timeout_str} bash -c {shlex.quote(command)} | (base64 --wrap 0; echo)\n" ) diff --git a/nixos/maintainers/scripts/ec2/amazon-image.nix b/nixos/maintainers/scripts/ec2/amazon-image.nix index 6f6bab8dc3d66..490a79e0b66c1 100644 --- a/nixos/maintainers/scripts/ec2/amazon-image.nix +++ b/nixos/maintainers/scripts/ec2/amazon-image.nix @@ -10,7 +10,7 @@ in { imports = [ ../../../modules/virtualisation/amazon-image.nix ]; - # Amazon recomments setting this to the highest possible value for a good EBS + # Amazon recommends setting this to the highest possible value for a good EBS # experience, which prior to 4.15 was 255. # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html#timeout-nvme-ebs-volumes config.boot.kernelParams = diff --git a/nixos/modules/config/xdg/portal.nix b/nixos/modules/config/xdg/portal.nix index ab6cffe499aa8..e19e5cf28b3bc 100644 --- a/nixos/modules/config/xdg/portal.nix +++ b/nixos/modules/config/xdg/portal.nix @@ -21,7 +21,7 @@ in in { warnings = lib.mkIf config.xdg.portal.gtkUsePortal [ - "The option `${lib.showOption from}' defined in ${lib.showFiles fromOpt.files} has been deprecated. Setting the variable globally with `environment.sessionVariables' NixOS option can have unforseen side-effects." + "The option `${lib.showOption from}' defined in ${lib.showFiles fromOpt.files} has been deprecated. Setting the variable globally with `environment.sessionVariables' NixOS option can have unforeseen side-effects." ]; } ) diff --git a/nixos/modules/hardware/sensor/hddtemp.nix b/nixos/modules/hardware/sensor/hddtemp.nix index b69d012b4d092..1a3d211b858b8 100644 --- a/nixos/modules/hardware/sensor/hddtemp.nix +++ b/nixos/modules/hardware/sensor/hddtemp.nix @@ -43,7 +43,7 @@ in }; unit = mkOption { - description = lib.mdDoc "Celcius or Fahrenheit"; + description = lib.mdDoc "Celsius or Fahrenheit"; type = types.enum [ "C" "F" ]; default = "C"; }; diff --git a/nixos/modules/installer/tools/nixos-enter.sh b/nixos/modules/installer/tools/nixos-enter.sh index 60a86d89abb4f..9141cc2857024 100755 --- a/nixos/modules/installer/tools/nixos-enter.sh +++ b/nixos/modules/installer/tools/nixos-enter.sh @@ -97,7 +97,7 @@ chroot_add_resolv_conf "$mountPoint" || echo "$0: failed to set up resolv.conf" exec 2>/dev/null fi - # Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings. + # Run the activation script. Set $LOCALE_ARCHIVE to suppress some Perl locale warnings. LOCALE_ARCHIVE="$system/sw/lib/locale/locale-archive" IN_NIXOS_ENTER=1 chroot "$mountPoint" "$system/activate" 1>&2 || true # Create /tmp. This is needed for nix-build and the NixOS activation script to work. diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix index 447f8193855f1..780a6b2a83a61 100644 --- a/nixos/modules/misc/version.nix +++ b/nixos/modules/misc/version.nix @@ -9,10 +9,10 @@ let literalExpression mkRenamedOptionModule mkDefault mkOption trivial types; needsEscaping = s: null != builtins.match "[a-zA-Z0-9]+" s; - escapeIfNeccessary = s: if needsEscaping s then s else ''"${lib.escape [ "\$" "\"" "\\" "\`" ] s}"''; + escapeIfNecessary = s: if needsEscaping s then s else ''"${lib.escape [ "\$" "\"" "\\" "\`" ] s}"''; attrsToText = attrs: concatStringsSep "\n" ( - mapAttrsToList (n: v: ''${n}=${escapeIfNeccessary (toString v)}'') attrs + mapAttrsToList (n: v: ''${n}=${escapeIfNecessary (toString v)}'') attrs ) + "\n"; osReleaseContents = { diff --git a/nixos/modules/programs/fish.nix b/nixos/modules/programs/fish.nix index 160adc0cad6d3..478f07d013107 100644 --- a/nixos/modules/programs/fish.nix +++ b/nixos/modules/programs/fish.nix @@ -303,7 +303,7 @@ in programs.fish.interactiveShellInit = '' # add completions generated by NixOS to $fish_complete_path begin - # joins with null byte to acommodate all characters in paths, then respectively gets all paths before (exclusive) / after (inclusive) the first one including "generated_completions", + # joins with null byte to accommodate all characters in paths, then respectively gets all paths before (exclusive) / after (inclusive) the first one including "generated_completions", # splits by null byte, and then removes all empty lines produced by using 'string' set -l prev (string join0 $fish_complete_path | string match --regex "^.*?(?=\x00[^\x00]*generated_completions.*)" | string split0 | string match -er ".") set -l post (string join0 $fish_complete_path | string match --regex "[^\x00]*generated_completions.*" | string split0 | string match -er ".") diff --git a/nixos/modules/programs/gnupg.nix b/nixos/modules/programs/gnupg.nix index cb8d0ecff4cb8..764a67a160c1b 100644 --- a/nixos/modules/programs/gnupg.nix +++ b/nixos/modules/programs/gnupg.nix @@ -10,7 +10,8 @@ let defaultPinentryFlavor = if xserverCfg.desktopManager.lxqt.enable - || xserverCfg.desktopManager.plasma5.enable then + || xserverCfg.desktopManager.plasma5.enable + || xserverCfg.desktopManager.deepin.enable then "qt" else if xserverCfg.desktopManager.xfce.enable then "gtk2" diff --git a/nixos/modules/programs/nix-ld.nix b/nixos/modules/programs/nix-ld.nix index 9a12b4ca5c74f..f0c265f0e5a31 100644 --- a/nixos/modules/programs/nix-ld.nix +++ b/nixos/modules/programs/nix-ld.nix @@ -2,7 +2,7 @@ let cfg = config.programs.nix-ld; - # TODO make glibc here configureable? + # TODO make glibc here configurable? nix-ld-so = pkgs.runCommand "ld.so" {} '' ln -s "$(cat '${pkgs.stdenv.cc}/nix-support/dynamic-linker')" $out ''; diff --git a/nixos/modules/programs/singularity.nix b/nixos/modules/programs/singularity.nix index 4884e5bdf2ddd..05fdb4842c543 100644 --- a/nixos/modules/programs/singularity.nix +++ b/nixos/modules/programs/singularity.nix @@ -25,9 +25,9 @@ in type = types.nullOr types.package; default = null; description = mdDoc '' - This option provides access to the overriden result of `programs.singularity.package`. + This option provides access to the overridden result of `programs.singularity.package`. - For example, the following configuration makes all the Nixpkgs packages use the overriden `singularity`: + For example, the following configuration makes all the Nixpkgs packages use the overridden `singularity`: ```Nix { config, lib, pkgs, ... }: { @@ -42,7 +42,7 @@ in } ``` - Use `lib.mkForce` to forcefully specify the overriden package. + Use `lib.mkForce` to forcefully specify the overridden package. ''; }; enableFakeroot = mkOption { diff --git a/nixos/modules/programs/turbovnc.nix b/nixos/modules/programs/turbovnc.nix index a0e4a36cfd995..511b6badc0417 100644 --- a/nixos/modules/programs/turbovnc.nix +++ b/nixos/modules/programs/turbovnc.nix @@ -39,7 +39,7 @@ in config = mkIf cfg.ensureHeadlessSoftwareOpenGL { # TurboVNC has builtin support for Mesa llvmpipe's `swrast` - # software rendering to implemnt GLX (OpenGL on Xorg). + # software rendering to implement GLX (OpenGL on Xorg). # However, just building TurboVNC with support for that is not enough # (it only takes care of the X server side part of OpenGL); # the indiviudual applications (e.g. `glxgears`) also need to directly load diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index a4a2c316fd6c1..c8e540932efa8 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -112,7 +112,7 @@ in (mkRemovedOptionModule [ "services" "cryptpad" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "rtsp-simple-server" ] "Package has been completely rebranded by upstream as mediamtx, and thus the service and the package were renamed in NixOS as well.") - (mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Plesae use fcitx5 instead") + (mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Please use fcitx5 instead") # Do NOT add any option renames here, see top of the file ]; diff --git a/nixos/modules/services/cluster/kubernetes/flannel.nix b/nixos/modules/services/cluster/kubernetes/flannel.nix index 53003287fc9c9..11c5adc6a8859 100644 --- a/nixos/modules/services/cluster/kubernetes/flannel.nix +++ b/nixos/modules/services/cluster/kubernetes/flannel.nix @@ -53,7 +53,7 @@ in }; }; - # give flannel som kubernetes rbac permissions if applicable + # give flannel some kubernetes rbac permissions if applicable services.kubernetes.addonManager.bootstrapAddons = mkIf ((storageBackend == "kubernetes") && (elem "RBAC" top.apiserver.authorizationMode)) { flannel-cr = { diff --git a/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixos/modules/services/cluster/kubernetes/kubelet.nix index eebacb3f3ef39..fd2dce7ee6a25 100644 --- a/nixos/modules/services/cluster/kubernetes/kubelet.nix +++ b/nixos/modules/services/cluster/kubernetes/kubelet.nix @@ -337,7 +337,7 @@ in }; }; - # Allways include cni plugins + # Always include cni plugins services.kubernetes.kubelet.cni.packages = [pkgs.cni-plugins pkgs.cni-plugin-flannel]; boot.kernelModules = ["br_netfilter" "overlay"]; diff --git a/nixos/modules/services/continuous-integration/gitea-actions-runner.nix b/nixos/modules/services/continuous-integration/gitea-actions-runner.nix index 4b9046c98e8b6..fb70c48991260 100644 --- a/nixos/modules/services/continuous-integration/gitea-actions-runner.nix +++ b/nixos/modules/services/continuous-integration/gitea-actions-runner.nix @@ -207,7 +207,7 @@ in export LABELS_CURRENT="$(cat $LABELS_FILE 2>/dev/null || echo 0)" if [ ! -e "$INSTANCE_DIR/.runner" ] || [ "$LABELS_WANTED" != "$LABELS_CURRENT" ]; then - # remove existing registration file, so that changing the labels forces a re-registation + # remove existing registration file, so that changing the labels forces a re-registration rm -v "$INSTANCE_DIR/.runner" || true # perform the registration diff --git a/nixos/modules/services/continuous-integration/woodpecker/agents.nix b/nixos/modules/services/continuous-integration/woodpecker/agents.nix index caf6c85093424..cc5b903afd595 100644 --- a/nixos/modules/services/continuous-integration/woodpecker/agents.nix +++ b/nixos/modules/services/continuous-integration/woodpecker/agents.nix @@ -23,7 +23,7 @@ let DOCKER_HOST = "unix:///run/podman/podman.sock"; } ''; - description = lib.mdDoc "woodpecker-agent config envrionment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)"; + description = lib.mdDoc "woodpecker-agent config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)"; }; extraGroups = lib.mkOption { diff --git a/nixos/modules/services/continuous-integration/woodpecker/server.nix b/nixos/modules/services/continuous-integration/woodpecker/server.nix index be7786da8505f..cae5ed7cf1161 100644 --- a/nixos/modules/services/continuous-integration/woodpecker/server.nix +++ b/nixos/modules/services/continuous-integration/woodpecker/server.nix @@ -28,7 +28,7 @@ in WOODPECKER_GITEA_URL = "https://git.example.com"; } ''; - description = lib.mdDoc "woodpecker-server config envrionment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/server-config)"; + description = lib.mdDoc "woodpecker-server config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/server-config)"; }; environmentFile = lib.mkOption { type = lib.types.nullOr lib.types.path; diff --git a/nixos/modules/services/databases/clickhouse.nix b/nixos/modules/services/databases/clickhouse.nix index 1f4a39765cd77..dca352ef72fe6 100644 --- a/nixos/modules/services/databases/clickhouse.nix +++ b/nixos/modules/services/databases/clickhouse.nix @@ -48,6 +48,7 @@ with lib; after = [ "network.target" ]; serviceConfig = { + Type = "notify"; User = "clickhouse"; Group = "clickhouse"; ConfigurationDirectory = "clickhouse-server"; @@ -55,6 +56,12 @@ with lib; StateDirectory = "clickhouse"; LogsDirectory = "clickhouse"; ExecStart = "${cfg.package}/bin/clickhouse-server --config-file=/etc/clickhouse-server/config.xml"; + TimeoutStartSec = "infinity"; + }; + + environment = { + # Switching off watchdog is very important for sd_notify to work correctly. + CLICKHOUSE_WATCHDOG_ENABLE = "0"; }; }; diff --git a/nixos/modules/services/databases/cockroachdb.nix b/nixos/modules/services/databases/cockroachdb.nix index 26ccb030b3df2..ff77d30588fef 100644 --- a/nixos/modules/services/databases/cockroachdb.nix +++ b/nixos/modules/services/databases/cockroachdb.nix @@ -164,7 +164,7 @@ in example = [ "--advertise-addr" "[fe80::f6f2:::]" ]; description = lib.mdDoc '' Extra CLI arguments passed to {command}`cockroach start`. - For the full list of supported argumemnts, check <https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags> + For the full list of supported arguments, check <https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags> ''; }; }; diff --git a/nixos/modules/services/databases/couchdb.nix b/nixos/modules/services/databases/couchdb.nix index cdf32654e6638..0a81a8dceeeed 100644 --- a/nixos/modules/services/databases/couchdb.nix +++ b/nixos/modules/services/databases/couchdb.nix @@ -141,7 +141,7 @@ in { type = types.lines; default = ""; description = lib.mdDoc '' - Extra configuration. Overrides any other cofiguration. + Extra configuration. Overrides any other configuration. ''; }; diff --git a/nixos/modules/services/databases/firebird.nix b/nixos/modules/services/databases/firebird.nix index 4c2855345368b..26ed46f0e60c0 100644 --- a/nixos/modules/services/databases/firebird.nix +++ b/nixos/modules/services/databases/firebird.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -# TODO: This may file may need additional review, eg which configuartions to +# TODO: This may file may need additional review, eg which configurations to # expose to the user. # # I only used it to access some simple databases. diff --git a/nixos/modules/services/databases/mongodb.nix b/nixos/modules/services/databases/mongodb.nix index 211133de63fe9..8f3be1492e9e1 100644 --- a/nixos/modules/services/databases/mongodb.nix +++ b/nixos/modules/services/databases/mongodb.nix @@ -142,7 +142,7 @@ in User = cfg.user; PIDFile = cfg.pidFile; Type = "forking"; - TimeoutStartSec=120; # intial creating of journal can take some time + TimeoutStartSec=120; # initial creating of journal can take some time PermissionsStartOnly = true; }; diff --git a/nixos/modules/services/desktops/deepin/dde-api.nix b/nixos/modules/services/desktops/deepin/dde-api.nix index 57b2290dfbc10..472d9860c1089 100644 --- a/nixos/modules/services/desktops/deepin/dde-api.nix +++ b/nixos/modules/services/desktops/deepin/dde-api.nix @@ -16,7 +16,7 @@ with lib; enable = mkEnableOption (lib.mdDoc '' Provides some dbus interfaces that is used for screen zone detecting, - thumbnail generating, and sound playing in Deepin Desktop Enviroment. + thumbnail generating, and sound playing in Deepin Desktop Environment. ''); }; diff --git a/nixos/modules/services/hardware/openrgb.nix b/nixos/modules/services/hardware/openrgb.nix index 12438f01e5241..310615ecc5396 100644 --- a/nixos/modules/services/hardware/openrgb.nix +++ b/nixos/modules/services/hardware/openrgb.nix @@ -34,14 +34,15 @@ in { services.udev.packages = [ cfg.package ]; boot.kernelModules = [ "i2c-dev" ] - ++ lib.optionals (cfg.motherboard == "amd") [ "i2c-piix" ] + ++ lib.optionals (cfg.motherboard == "amd") [ "i2c-piix4" ] ++ lib.optionals (cfg.motherboard == "intel") [ "i2c-i801" ]; systemd.services.openrgb = { description = "OpenRGB server daemon"; wantedBy = [ "multi-user.target" ]; - serviceConfig = { + StateDirectory = "OpenRGB"; + WorkingDirectory = "/var/lib/OpenRGB"; ExecStart = "${cfg.package}/bin/openrgb --server --server-port ${toString cfg.server.port}"; Restart = "always"; }; diff --git a/nixos/modules/services/mail/mailman.nix b/nixos/modules/services/mail/mailman.nix index 9273f71db7d56..ec2a19f58bb11 100644 --- a/nixos/modules/services/mail/mailman.nix +++ b/nixos/modules/services/mail/mailman.nix @@ -44,11 +44,9 @@ let transport_file_type: hash ''; - mailmanCfg = lib.generators.toINI {} - (recursiveUpdate cfg.settings - ((optionalAttrs (cfg.restApiPassFile != null) { - webservice.admin_pass = "#NIXOS_MAILMAN_REST_API_PASS_SECRET#"; - }))); + mailmanCfg = lib.generators.toINI {} (recursiveUpdate cfg.settings { + webservice.admin_pass = "#NIXOS_MAILMAN_REST_API_PASS_SECRET#"; + }); mailmanCfgFile = pkgs.writeText "mailman-raw.cfg" mailmanCfg; @@ -388,6 +386,7 @@ in { environment.etc."mailman3/settings.py".text = '' import os + from configparser import ConfigParser # Required by mailman_web.settings, but will be overridden when # settings_local.json is loaded. @@ -404,10 +403,10 @@ in { with open('/var/lib/mailman-web/settings_local.json') as f: globals().update(json.load(f)) - ${optionalString (cfg.restApiPassFile != null) '' - with open('${cfg.restApiPassFile}') as f: - MAILMAN_REST_API_PASS = f.read().rstrip('\n') - ''} + with open('/etc/mailman.cfg') as f: + config = ConfigParser() + config.read_file(f) + MAILMAN_REST_API_PASS = config['webservice']['admin_pass'] ${optionalString (cfg.ldap.enable) '' import ldap @@ -504,10 +503,14 @@ in { path = with pkgs; [ jq ]; after = optional withPostgresql "postgresql.service"; requires = optional withPostgresql "postgresql.service"; + serviceConfig.RemainAfterExit = true; serviceConfig.Type = "oneshot"; script = '' install -m0750 -o mailman -g mailman ${mailmanCfgFile} /etc/mailman.cfg - ${optionalString (cfg.restApiPassFile != null) '' + ${if cfg.restApiPassFile == null then '' + sed -i "s/#NIXOS_MAILMAN_REST_API_PASS_SECRET#/$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 64)/g" \ + /etc/mailman.cfg + '' else '' ${pkgs.replace-secret}/bin/replace-secret \ '#NIXOS_MAILMAN_REST_API_PASS_SECRET#' \ ${cfg.restApiPassFile} \ diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix index b9cf526b0bbe2..22a4e3c451ab1 100644 --- a/nixos/modules/services/mail/roundcube.nix +++ b/nixos/modules/services/mail/roundcube.nix @@ -72,7 +72,7 @@ in type = types.str; description = lib.mdDoc '' Password file for the postgresql connection. - Must be formated according to PostgreSQL .pgpass standard (see https://www.postgresql.org/docs/current/libpq-pgpass.html) + Must be formatted according to PostgreSQL .pgpass standard (see https://www.postgresql.org/docs/current/libpq-pgpass.html) but only one line, no comments and readable by user `nginx`. Ignored if `database.host` is set to `localhost`, as peer authentication will be used. ''; diff --git a/nixos/modules/services/misc/nitter.nix b/nixos/modules/services/misc/nitter.nix index 2d0d91f95985a..d00efe3dd485a 100644 --- a/nixos/modules/services/misc/nitter.nix +++ b/nixos/modules/services/misc/nitter.nix @@ -45,6 +45,11 @@ let ''; in { + imports = [ + # https://github.com/zedeus/nitter/pull/772 + (mkRemovedOptionModule [ "services" "nitter" "replaceInstagram" ] "Nitter no longer supports this option as Bibliogram has been discontinued.") + ]; + options = { services.nitter = { enable = mkEnableOption (lib.mdDoc "Nitter"); @@ -155,6 +160,22 @@ in description = lib.mdDoc "Use base64 encoding for proxied media URLs."; }; + enableRSS = mkEnableOption (lib.mdDoc "RSS feeds") // { default = true; }; + + enableDebug = mkEnableOption (lib.mdDoc "request logs and debug endpoints"); + + proxy = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc "URL to a HTTP/HTTPS proxy."; + }; + + proxyAuth = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc "Credentials for proxy."; + }; + tokenCount = mkOption { type = types.int; default = 10; @@ -192,12 +213,6 @@ in description = lib.mdDoc "Replace Reddit links with links to this instance (blank to disable)."; }; - replaceInstagram = mkOption { - type = types.str; - default = ""; - description = lib.mdDoc "Replace Instagram links with links to this instance (blank to disable)."; - }; - mp4Playback = mkOption { type = types.bool; default = true; @@ -275,6 +290,12 @@ in default = false; description = lib.mdDoc "Hide tweet replies."; }; + + squareAvatars = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Square profile pictures."; + }; }; settings = mkOption { diff --git a/nixos/modules/services/misc/siproxd.nix b/nixos/modules/services/misc/siproxd.nix index 99b25bdb8e9ed..3890962b7cfb6 100644 --- a/nixos/modules/services/misc/siproxd.nix +++ b/nixos/modules/services/misc/siproxd.nix @@ -60,7 +60,7 @@ in default = [ ]; example = [ "192.168.1.0/24" "192.168.2.0/24" ]; description = lib.mdDoc '' - Acess control list for incoming SIP registrations. + Access control list for incoming SIP registrations. ''; }; @@ -69,7 +69,7 @@ in default = [ ]; example = [ "123.45.0.0/16" "123.46.0.0/16" ]; description = lib.mdDoc '' - Acess control list for incoming SIP traffic. + Access control list for incoming SIP traffic. ''; }; @@ -78,7 +78,7 @@ in default = [ ]; example = [ "10.0.0.0/8" "11.0.0.0/8" ]; description = lib.mdDoc '' - Acess control list for denying incoming + Access control list for denying incoming SIP registrations and traffic. ''; }; diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix index fb3bab7963ea8..19ee3ae6f7da8 100644 --- a/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixos/modules/services/monitoring/prometheus/default.nix @@ -1614,7 +1614,7 @@ in The following property holds: switching to a configuration (`switch-to-configuration`) that changes the prometheus - configuration only finishes successully when prometheus has finished + configuration only finishes successfully when prometheus has finished loading the new configuration. ''; }; diff --git a/nixos/modules/services/monitoring/unpoller.nix b/nixos/modules/services/monitoring/unpoller.nix index f0ced5513d64b..557e2bff4c26b 100644 --- a/nixos/modules/services/monitoring/unpoller.nix +++ b/nixos/modules/services/monitoring/unpoller.nix @@ -47,7 +47,7 @@ in { type = types.bool; default = false; description = lib.mdDoc '' - Whether to disable the prometheus ouput plugin. + Whether to disable the prometheus output plugin. ''; }; http_listen = mkOption { @@ -71,7 +71,7 @@ in { type = types.bool; default = false; description = lib.mdDoc '' - Whether to disable the influxdb ouput plugin. + Whether to disable the influxdb output plugin. ''; }; url = mkOption { diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix index d2851e72a0dd6..78253dd9d112e 100644 --- a/nixos/modules/services/networking/headscale.nix +++ b/nixos/modules/services/networking/headscale.nix @@ -393,7 +393,7 @@ in { type = types.nullOr types.path; default = null; description = lib.mdDoc '' - Path to a file containg ACL policies. + Path to a file containing ACL policies. ''; }; }; diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index a8e6b0fcf6fbe..688f46c4492a9 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -24,7 +24,9 @@ let else device ) folder.devices; - }) cfg.settings.folders; + }) (filterAttrs (_: folder: + folder.enable + ) cfg.settings.folders); updateConfig = pkgs.writers.writeDash "merge-syncthing-config" '' set -efu diff --git a/nixos/modules/services/networking/wgautomesh.nix b/nixos/modules/services/networking/wgautomesh.nix index 93227a9b625d0..7549d82eae0bb 100644 --- a/nixos/modules/services/networking/wgautomesh.nix +++ b/nixos/modules/services/networking/wgautomesh.nix @@ -94,7 +94,7 @@ in address = mkOption { type = types.str; description = mdDoc '' - Wireguard address of this peer (a single IP address, multliple + Wireguard address of this peer (a single IP address, multiple addresses or address ranges are not supported). ''; example = "10.0.0.42"; diff --git a/nixos/modules/services/search/meilisearch.md b/nixos/modules/services/search/meilisearch.md index 98af396117c83..299f56bf82932 100644 --- a/nixos/modules/services/search/meilisearch.md +++ b/nixos/modules/services/search/meilisearch.md @@ -30,7 +30,7 @@ you first need to add documents to an index before you can search for documents. - The default nixos package doesn't come with the [dashboard](https://docs.meilisearch.com/learn/getting_started/quick_start.html#search), since the dashboard features makes some assets downloads at compile time. -- Anonimized Analytics sent to meilisearch are disabled by default. +- Anonymized Analytics sent to meilisearch are disabled by default. - Default deployment is development mode. It doesn't require a secret master key. All routes are not protected and accessible. diff --git a/nixos/modules/services/security/authelia.nix b/nixos/modules/services/security/authelia.nix index 28c5fd0a1df59..cc55260e20f83 100644 --- a/nixos/modules/services/security/authelia.nix +++ b/nixos/modules/services/security/authelia.nix @@ -72,7 +72,7 @@ let type = types.nullOr types.path; default = null; description = mdDoc '' - Path to your JWT secret used during identity verificaiton. + Path to your JWT secret used during identity verificaton. ''; }; diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix index 2f19decb5cb17..7ec7a15987353 100644 --- a/nixos/modules/services/security/kanidm.nix +++ b/nixos/modules/services/security/kanidm.nix @@ -10,7 +10,7 @@ let certPaths = builtins.map builtins.dirOf [ cfg.serverSettings.tls_chain cfg.serverSettings.tls_key ]; # Merge bind mount paths and remove paths where a prefix is already mounted. - # This makes sure that if e.g. the tls_chain is in the nix store and /nix/store is alread in the mount + # This makes sure that if e.g. the tls_chain is in the nix store and /nix/store is already in the mount # paths, no new bind mount is added. Adding subpaths caused problems on ofborg. hasPrefixInList = list: newPath: lib.any (path: lib.hasPrefix (builtins.toString path) (builtins.toString newPath)) list; mergePaths = lib.foldl' (merged: newPath: let diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index 3a66763b583ee..9e685c127da74 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -173,7 +173,7 @@ let } { assertion = config.usersFile != null -> config.mergedConfig.useacl != false; - message = "${showPath [ "settings" "useacl" ]} is required when ${showPath [ "usersFile" ]} is set (Currently defiend as `${config.usersFile}' in ${showFiles options.usersFile.files})."; + message = "${showPath [ "settings" "useacl" ]} is required when ${showPath [ "usersFile" ]} is set (Currently defined as `${config.usersFile}' in ${showFiles options.usersFile.files})."; } ]; }) diff --git a/nixos/modules/services/web-apps/kavita.nix b/nixos/modules/services/web-apps/kavita.nix index e28b204f1bbe7..ca9cd01d403d3 100644 --- a/nixos/modules/services/web-apps/kavita.nix +++ b/nixos/modules/services/web-apps/kavita.nix @@ -35,7 +35,7 @@ in { ipAdresses = lib.mkOption { default = ["0.0.0.0" "::"]; type = lib.types.listOf lib.types.str; - description = lib.mdDoc "IP Adresses to bind to. The default is to bind + description = lib.mdDoc "IP Addresses to bind to. The default is to bind to all IPv4 and IPv6 addresses."; }; }; diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix index 247eb707b15c6..2ad6cd6aae194 100644 --- a/nixos/modules/services/web-apps/mastodon.nix +++ b/nixos/modules/services/web-apps/mastodon.nix @@ -508,7 +508,7 @@ in { type = with lib.types; listOf path; default = []; description = lib.mdDoc '' - Extra environment files to pass to all mastodon services. Useful for passing down environemntal secrets. + Extra environment files to pass to all mastodon services. Useful for passing down environmental secrets. ''; example = [ "/etc/mastodon/s3config.env" ]; }; diff --git a/nixos/modules/services/web-apps/monica.nix b/nixos/modules/services/web-apps/monica.nix index 442044fedb14e..2bff42f7ffa4b 100644 --- a/nixos/modules/services/web-apps/monica.nix +++ b/nixos/modules/services/web-apps/monica.nix @@ -367,7 +367,7 @@ in { }; systemd.services.monica-setup = { - description = "Preperation tasks for monica"; + description = "Preparation tasks for monica"; before = ["phpfpm-monica.service"]; after = optional db.createLocally "mysql.service"; wantedBy = ["multi-user.target"]; diff --git a/nixos/modules/services/web-apps/nextcloud-notify_push.nix b/nixos/modules/services/web-apps/nextcloud-notify_push.nix index d6aeee081fc96..759daa0c50dce 100644 --- a/nixos/modules/services/web-apps/nextcloud-notify_push.nix +++ b/nixos/modules/services/web-apps/nextcloud-notify_push.nix @@ -31,7 +31,7 @@ in type = lib.types.bool; default = false; description = lib.mdDoc '' - Wether to add an entry to `/etc/hosts` for the configured nextcloud domain to point to `localhost` and add `localhost `to nextcloud's `trusted_proxies` config option. + Whether to add an entry to `/etc/hosts` for the configured nextcloud domain to point to `localhost` and add `localhost `to nextcloud's `trusted_proxies` config option. This is useful when nextcloud's domain is not a static IP address and when the reverse proxy cannot be bypassed because the backend connection is done via unix socket. ''; diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 01dca43776892..a8142cf42d759 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -556,7 +556,7 @@ in { default = config.services.nextcloud.notify_push.enable; defaultText = literalExpression "config.services.nextcloud.notify_push.enable"; description = lib.mdDoc '' - Wether to configure nextcloud to use the recommended redis settings for small instances. + Whether to configure nextcloud to use the recommended redis settings for small instances. ::: {.note} The `notify_push` app requires redis to be configured. If this option is turned off, this must be configured manually. diff --git a/nixos/modules/services/web-apps/pixelfed.nix b/nixos/modules/services/web-apps/pixelfed.nix index 817d0f9b60f50..58ac307fd1ed1 100644 --- a/nixos/modules/services/web-apps/pixelfed.nix +++ b/nixos/modules/services/web-apps/pixelfed.nix @@ -237,7 +237,7 @@ in { QUEUE_DRIVER = mkDefault "redis"; SESSION_DRIVER = mkDefault "redis"; WEBSOCKET_REPLICATION_MODE = mkDefault "redis"; - # Suppport phpredis and predis configuration-style. + # Support phpredis and predis configuration-style. REDIS_SCHEME = "unix"; REDIS_HOST = config.services.redis.servers.pixelfed.unixSocket; REDIS_PATH = config.services.redis.servers.pixelfed.unixSocket; diff --git a/nixos/modules/services/web-servers/garage.md b/nixos/modules/services/web-servers/garage.md index b1003e5dae1e1..3a9b85ce06036 100644 --- a/nixos/modules/services/web-servers/garage.md +++ b/nixos/modules/services/web-servers/garage.md @@ -77,7 +77,7 @@ updated to make sure that the on fresh setups. If major-releases will be abandoned by upstream, we should check first if those are needed -in NixOS for a safe upgrade-path before removing those. In that case we shold keep those +in NixOS for a safe upgrade-path before removing those. In that case we should keep those packages, but mark them as insecure in an expression like this (in `<nixpkgs/pkgs/tools/filesystem/garage/default.nix>`): ``` diff --git a/nixos/modules/services/web-servers/stargazer.nix b/nixos/modules/services/web-servers/stargazer.nix index ddb9e7d8ba1f8..f0c3cf8787ebb 100644 --- a/nixos/modules/services/web-servers/stargazer.nix +++ b/nixos/modules/services/web-servers/stargazer.nix @@ -152,7 +152,7 @@ in Expressed as a list of attribute sets. Each set must have a key `route` that becomes the section name for that route in the stargazer ini cofig. - The remaining keys and vaules become the parameters for that route. + The remaining keys and values become the parameters for that route. [Refer to upstream docs for other params](https://git.sr.ht/~zethra/stargazer/tree/main/item/doc/stargazer.ini.5.txt) ''; diff --git a/nixos/modules/services/x11/hardware/libinput.nix b/nixos/modules/services/x11/hardware/libinput.nix index f3391c6e11693..d2a5b5895e0aa 100644 --- a/nixos/modules/services/x11/hardware/libinput.nix +++ b/nixos/modules/services/x11/hardware/libinput.nix @@ -261,7 +261,8 @@ in { services.xserver.libinput = { enable = mkEnableOption (lib.mdDoc "libinput") // { - default = true; + default = config.services.xserver.enable; + defaultText = lib.literalExpression "config.services.xserver.enable"; }; mouse = mkConfigForDevice "mouse"; touchpad = mkConfigForDevice "touchpad"; diff --git a/nixos/modules/services/x11/window-managers/qtile.nix b/nixos/modules/services/x11/window-managers/qtile.nix index b07fd8a904282..a362d5cdbeee9 100644 --- a/nixos/modules/services/x11/window-managers/qtile.nix +++ b/nixos/modules/services/x11/window-managers/qtile.nix @@ -40,7 +40,7 @@ in description = lib.mdDoc '' Extra Python packages available to Qtile. An example would be to include `python3Packages.qtile-extras` - for additional unoffical widgets. + for additional unofficial widgets. ''; example = literalExpression '' python3Packages: with python3Packages; [ diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index c28e530cdc777..c4427149d9c91 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -78,7 +78,7 @@ let ${config.system.systemBuilderCommands} - echo -n "$extraDependencies" > $out/extra-dependencies + cp "$extraDependenciesPath" "$out/extra-dependencies" ${optionalString (!config.boot.isContainer && config.boot.bootspec.enable) '' ${config.boot.bootspec.writer} @@ -98,6 +98,7 @@ let name = "nixos-system-${config.system.name}-${config.system.nixos.label}"; preferLocalBuild = true; allowSubstitutes = false; + passAsFile = [ "extraDependencies" ]; buildCommand = systemBuilder; inherit (pkgs) coreutils; diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl index cfccb93264bfd..27f03f2fb58c8 100644 --- a/nixos/modules/system/boot/loader/grub/install-grub.pl +++ b/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -213,7 +213,7 @@ sub GrubFs { $search .= $matches[0]; } - # BTRFS is a special case in that we need to fix the referrenced path based on subvolumes + # BTRFS is a special case in that we need to fix the referenced path based on subvolumes if ($fs->type eq 'btrfs') { my ($status, @id_info) = runCommand("@btrfsprogs@/bin/btrfs", "subvol", "show", @{[$fs->mount]}); if ($status != 0) { @@ -586,7 +586,7 @@ sub getEfiTarget { if (($grubTarget eq "") || ($grubTargetEfi eq "")) { die } else { return "both" } } elsif (($grub ne "") && ($grubEfi eq "")) { - # TODO: It would be safer to disallow non-EFI grub installation if no taget is given. + # TODO: It would be safer to disallow non-EFI grub installation if no target is given. # If no target is given, then grub auto-detects the target which can lead to errors. # E.g. it seems as if grub would auto-detect a EFI target based on the availability # of a EFI partition. diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index b8f36538e70fe..71036044a2dce 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -130,7 +130,7 @@ let ''} # Disable all input echo for the whole stage. We could use read -s - # instead but that would ocasionally leak characters between read + # instead but that would occasionally leak characters between read # invocations. stty -echo ''; @@ -861,7 +861,7 @@ in ''; description = lib.mdDoc '' Commands that should be run right before we try to mount our LUKS device. - This can be useful, if the keys needed to open the drive is on another partion. + This can be useful, if the keys needed to open the drive is on another partition. ''; }; diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index 387c27d86ebbe..f72342429a6d9 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -445,7 +445,7 @@ lustrateRoot () { mv -v "$d" "$root/old-root.tmp" done - # Use .tmp to make sure subsequent invokations don't clash + # Use .tmp to make sure subsequent invocations don't clash mv -v "$root/old-root.tmp" "$root/old-root" mkdir -m 0755 -p "$root/etc" diff --git a/nixos/modules/tasks/filesystems/bcachefs.nix b/nixos/modules/tasks/filesystems/bcachefs.nix index e3ad52a7b056f..851c09781339e 100644 --- a/nixos/modules/tasks/filesystems/bcachefs.nix +++ b/nixos/modules/tasks/filesystems/bcachefs.nix @@ -16,7 +16,7 @@ let local path="$2" if bcachefs unlock -c $path > /dev/null 2> /dev/null; then # test for encryption prompt $name - until bcachefs unlock $path 2> /dev/null; do # repeat until sucessfully unlocked + until bcachefs unlock $path 2> /dev/null; do # repeat until successfully unlocked printf "unlocking failed!\n" prompt $name done diff --git a/nixos/modules/tasks/filesystems/btrfs.nix b/nixos/modules/tasks/filesystems/btrfs.nix index bd85a1f8d1f3c..82fdd60587106 100644 --- a/nixos/modules/tasks/filesystems/btrfs.nix +++ b/nixos/modules/tasks/filesystems/btrfs.nix @@ -25,7 +25,7 @@ in type = types.listOf types.path; example = [ "/" ]; description = lib.mdDoc '' - List of paths to btrfs filesystems to regularily call {command}`btrfs scrub` on. + List of paths to btrfs filesystems to regularly call {command}`btrfs scrub` on. Defaults to all mount points with btrfs filesystems. If you mount a filesystem multiple times or additionally mount subvolumes, you need to manually specify this list to avoid scrubbing multiple times. diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 6c77596475170..16dc0c44c18d6 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -137,14 +137,15 @@ let awkCmd = "${pkgs.gawk}/bin/awk"; inherit cfgZfs; }) + '' - poolImported "${pool}" && exit - echo -n "importing ZFS pool \"${pool}\"..." - # Loop across the import until it succeeds, because the devices needed may not be discovered yet. - for trial in `seq 1 60`; do - poolReady "${pool}" && poolImport "${pool}" && break - sleep 1 - done - poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. + if ! poolImported "${pool}"; then + echo -n "importing ZFS pool \"${pool}\"..." + # Loop across the import until it succeeds, because the devices needed may not be discovered yet. + for trial in `seq 1 60`; do + poolReady "${pool}" && poolImport "${pool}" && break + sleep 1 + done + poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. + fi if poolImported "${pool}"; then ${optionalString keyLocations.hasKeys '' ${keyLocations.command} | while IFS=$'\t' read ds kl ks; do @@ -159,7 +160,7 @@ let tries=3 success=false while [[ $success != true ]] && [[ $tries -gt 0 ]]; do - ${systemd}/bin/systemd-ask-password "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \ + ${systemd}/bin/systemd-ask-password --timeout=${toString cfgZfs.passwordTimeout} "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \ && success=true \ || tries=$((tries - 1)) done @@ -312,6 +313,16 @@ in an interactive prompt (keylocation=prompt) and from a file (keylocation=file://). ''; }; + + passwordTimeout = mkOption { + type = types.int; + default = 0; + description = lib.mdDoc '' + Timeout in seconds to wait for password entry for decrypt at boot. + + Defaults to 0, which waits forever. + ''; + }; }; services.zfs.autoSnapshot = { diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index f44dafc9706a0..843082ab858e1 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -396,7 +396,7 @@ let ''; postStop = '' echo "Cleaning Open vSwitch ${n}" - echo "Shuting down internal ${n} interface" + echo "Shutting down internal ${n} interface" ip link set ${n} down || true echo "Deleting flows for ${n}" ovs-ofctl --protocols=${v.openFlowVersion} del-flows ${n} || true diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 0fcd3c10219c1..dfa883a2c3360 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -437,7 +437,7 @@ in ''; postStop = '' echo "Cleaning Open vSwitch ${n}" - echo "Shuting down internal ${n} interface" + echo "Shutting down internal ${n} interface" ip link set ${n} down || true echo "Deleting flows for ${n}" ovs-ofctl --protocols=${v.openFlowVersion} del-flows ${n} || true diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index 9c4bbecf48090..67fdc0ea43357 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -43,7 +43,7 @@ in # Passing the terminal device makes bash run non-interactively. # Otherwise we get errors on the terminal because bash tries to # setup things like job control. - # Note: calling bash explicitely here instead of sh makes sure that + # Note: calling bash explicitly here instead of sh makes sure that # we can also run non-NixOS guests during tests. PS1= exec /usr/bin/env bash --norc /dev/hvc0 ''; diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index d62bf0c0fd92d..4d220b9747aa6 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -407,7 +407,7 @@ in { # Ensures the issuer of our cert matches the chain # and matches the issuer we expect it to be. # It's a good validation to ensure the cert.pem and fullchain.pem - # are not still selfsigned afer verification + # are not still selfsigned after verification def check_issuer(node, cert_name, issuer): for fname in ("cert.pem", "fullchain.pem"): actual_issuer = node.succeed( diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 9df91ca6edc59..982f4315ca32d 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -431,6 +431,7 @@ in { magnetico = handleTest ./magnetico.nix {}; mailcatcher = handleTest ./mailcatcher.nix {}; mailhog = handleTest ./mailhog.nix {}; + mailman = handleTest ./mailman.nix {}; man = handleTest ./man.nix {}; mariadb-galera = handleTest ./mysql/mariadb-galera.nix {}; mastodon = discoverTests (import ./web-apps/mastodon { inherit handleTestOn; }); diff --git a/nixos/tests/atop.nix b/nixos/tests/atop.nix index ec10369a24fd6..f9335eecc20e5 100644 --- a/nixos/tests/atop.nix +++ b/nixos/tests/atop.nix @@ -199,7 +199,7 @@ in ]; }; everything = makeTest { - name = "atop-everthing"; + name = "atop-everything"; nodes.machine = { programs.atop = { enable = true; diff --git a/nixos/tests/boot-stage1.nix b/nixos/tests/boot-stage1.nix index 7bef34f4cc3d5..f07802b8c31e3 100644 --- a/nixos/tests/boot-stage1.nix +++ b/nixos/tests/boot-stage1.nix @@ -132,7 +132,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { ''; }) - # This canary process mimicks a storage daemon, which we do NOT want to be + # This canary process mimics a storage daemon, which we do NOT want to be # killed before going into stage 2. For more on root storage daemons, see: # https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/ (mkCmdlineCanary { diff --git a/nixos/tests/cockpit.nix b/nixos/tests/cockpit.nix index 4a4983f9bc4e6..6f86d1e2c464c 100644 --- a/nixos/tests/cockpit.nix +++ b/nixos/tests/cockpit.nix @@ -93,7 +93,7 @@ import ./make-test-python.nix ( password_input = find_element(By.CSS_SELECTOR, 'input#login-password-input') set_value(password_input, "${password}") - log("Submiting credentials for login") + log("Submitting credentials for login") driver.find_element(By.CSS_SELECTOR, 'button#login-button').click() # driver.implicitly_wait(1) @@ -102,7 +102,7 @@ import ./make-test-python.nix ( log("Waiting dashboard to load") wait_title_contains("${user}@server") - log("Waiting for the frontend to initalize") + log("Waiting for the frontend to initialize") sleep(1) log("Looking for that banner that tells about limited access") diff --git a/nixos/tests/dokuwiki.nix b/nixos/tests/dokuwiki.nix index 55908a11f3f4a..ce3102eec7801 100644 --- a/nixos/tests/dokuwiki.nix +++ b/nixos/tests/dokuwiki.nix @@ -143,7 +143,7 @@ in { "curl -sSfL 'http://site2.local/doku.php?id=plugin-list' | (! grep 'plugin:tag')", ) - # Test if theme is applied and working correctly (no weired relative PHP import errors) + # Test if theme is applied and working correctly (no weird relative PHP import errors) machine.succeed( "curl -sSfL 'http://site1.local/doku.php' | grep 'bootstrap3/images/logo.png'", "curl -sSfL 'http://site1.local/lib/exe/css.php' | grep 'bootstrap3'", diff --git a/nixos/tests/elk.nix b/nixos/tests/elk.nix index 5c332cb5f2eea..0122bc440361d 100644 --- a/nixos/tests/elk.nix +++ b/nixos/tests/elk.nix @@ -1,4 +1,4 @@ -# To run the test on the unfree ELK use the folllowing command: +# To run the test on the unfree ELK use the following command: # cd path/to/nixpkgs # NIXPKGS_ALLOW_UNFREE=1 nix-build -A nixosTests.elk.unfree.ELK-6 diff --git a/nixos/tests/enlightenment.nix b/nixos/tests/enlightenment.nix index 2e06eedd9915b..bce14c1ddd5c3 100644 --- a/nixos/tests/enlightenment.nix +++ b/nixos/tests/enlightenment.nix @@ -65,7 +65,7 @@ import ./make-test-python.nix ({ pkgs, ...} : machine.screenshot("wizard7") machine.succeed("xdotool mousemove 512 740 click 1") # Next - machine.wait_for_text("BlusZ") # Bluetooh Management (default) + machine.wait_for_text("BlusZ") # Bluetooth Management (default) machine.screenshot("wizard8") machine.succeed("xdotool mousemove 512 740 click 1") # Next diff --git a/nixos/tests/gnome.nix b/nixos/tests/gnome.nix index 9aa88c4852c07..448a3350240c7 100644 --- a/nixos/tests/gnome.nix +++ b/nixos/tests/gnome.nix @@ -39,7 +39,7 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { }; testScript = { nodes, ... }: let - # Keep line widths somewhat managable + # Keep line widths somewhat manageable user = nodes.machine.config.users.users.alice; uid = toString user.uid; bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${uid}/bus"; diff --git a/nixos/tests/gotify-server.nix b/nixos/tests/gotify-server.nix index e7942b76d8e50..d004f542b39a3 100644 --- a/nixos/tests/gotify-server.nix +++ b/nixos/tests/gotify-server.nix @@ -42,7 +42,7 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { assert title == "Gotify" - # Ensure that the UI responds with a successfuly code and that the + # Ensure that the UI responds with a successful code and that the # response is not empty result = machine.succeed("curl -fsS localhost:3000") assert result, "HTTP response from localhost:3000 must not be empty!" diff --git a/nixos/tests/headscale.nix b/nixos/tests/headscale.nix index d3e861c73008d..a3d0155cad35b 100644 --- a/nixos/tests/headscale.nix +++ b/nixos/tests/headscale.nix @@ -10,7 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { testScript = '' machine.wait_for_unit("headscale") machine.wait_for_open_port(8080) - # Test basic funcionality + # Test basic functionality machine.succeed("headscale namespaces create test") machine.succeed("headscale preauthkeys -u test create") ''; diff --git a/nixos/tests/hockeypuck.nix b/nixos/tests/hockeypuck.nix index d1ef4cbf588a8..2b9dba8720aba 100644 --- a/nixos/tests/hockeypuck.nix +++ b/nixos/tests/hockeypuck.nix @@ -57,7 +57,7 @@ in { # Send the key to our local keyserver machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --keyserver hkp://127.0.0.1:11371 --send-keys " + keyId) - # Recieve the key from our local keyserver to a separate directory + # Receive the key from our local keyserver to a separate directory machine.succeed("GNUPGHOME=$(mktemp -d) gpg --keyserver hkp://127.0.0.1:11371 --recv-keys " + keyId) ''; }) diff --git a/nixos/tests/home-assistant.nix b/nixos/tests/home-assistant.nix index 22a63cc736640..cef0f97c194c0 100644 --- a/nixos/tests/home-assistant.nix +++ b/nixos/tests/home-assistant.nix @@ -64,7 +64,6 @@ in { # include some popular integrations, that absolutely shouldn't break esphome = {}; knx = {}; - matter = {}; shelly = {}; zha = {}; diff --git a/nixos/tests/logrotate.nix b/nixos/tests/logrotate.nix index 94f6ad5103fb2..bcbe89c259ae5 100644 --- a/nixos/tests/logrotate.nix +++ b/nixos/tests/logrotate.nix @@ -38,7 +38,7 @@ import ./make-test-python.nix ({ pkgs, ... }: rec { priority = 2000; shred = true; }; - # using mail somewhere should add --mail to logrotate invokation + # using mail somewhere should add --mail to logrotate invocation sendmail = { mail = "user@domain.tld"; }; diff --git a/nixos/tests/mailman.nix b/nixos/tests/mailman.nix new file mode 100644 index 0000000000000..2806e9166d9ac --- /dev/null +++ b/nixos/tests/mailman.nix @@ -0,0 +1,67 @@ +import ./make-test-python.nix { + name = "mailman"; + + nodes.machine = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ mailutils ]; + + services.mailman.enable = true; + services.mailman.serve.enable = true; + services.mailman.siteOwner = "postmaster@example.com"; + services.mailman.webHosts = [ "example.com" ]; + + services.postfix.enable = true; + services.postfix.destination = [ "example.com" "example.net" ]; + services.postfix.relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ]; + services.postfix.config.local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" "proxy:unix:passwd.byname" ]; + services.postfix.config.transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; + + users.users.user = { isNormalUser = true; }; + + virtualisation.memorySize = 2048; + + specialisation.restApiPassFileSystem.configuration = { + services.mailman.restApiPassFile = "/var/lib/mailman/pass"; + }; + }; + + testScript = { nodes, ... }: let + restApiPassFileSystem = "${nodes.machine.system.build.toplevel}/specialisation/restApiPassFileSystem"; + in '' + def check_mail(_) -> bool: + status, _ = machine.execute("grep -q hello /var/spool/mail/user/new/*") + return status == 0 + + def try_api(_) -> bool: + status, _ = machine.execute("curl -s http://localhost:8001/") + return status == 0 + + def wait_for_api(): + with machine.nested("waiting for Mailman REST API to be available"): + retry(try_api) + + machine.wait_for_unit("mailman.service") + wait_for_api() + + with subtest("subscription and delivery"): + creds = machine.succeed("su -s /bin/sh -c 'mailman info' mailman | grep '^REST credentials: ' | sed 's/^REST credentials: //'").strip() + machine.succeed(f"curl --fail-with-body -sLSu {creds} -d mail_host=example.com http://localhost:8001/3.1/domains") + machine.succeed(f"curl --fail-with-body -sLSu {creds} -d fqdn_listname=list@example.com http://localhost:8001/3.1/lists") + machine.succeed(f"curl --fail-with-body -sLSu {creds} -d list_id=list.example.com -d subscriber=root@example.com -d pre_confirmed=True -d pre_verified=True -d send_welcome_message=False http://localhost:8001/3.1/members") + machine.succeed(f"curl --fail-with-body -sLSu {creds} -d list_id=list.example.com -d subscriber=user@example.net -d pre_confirmed=True -d pre_verified=True -d send_welcome_message=False http://localhost:8001/3.1/members") + machine.succeed("mail -a 'From: root@example.com' -s hello list@example.com < /dev/null") + with machine.nested("waiting for mail from list"): + retry(check_mail) + + with subtest("Postorius"): + machine.succeed("curl --fail-with-body -sILS http://localhost/") + + with subtest("restApiPassFile"): + machine.succeed("echo secretpassword > /var/lib/mailman/pass") + machine.succeed("${restApiPassFileSystem}/bin/switch-to-configuration test >&2") + machine.succeed("grep secretpassword /etc/mailman.cfg") + machine.succeed("su -s /bin/sh -c 'mailman info' mailman | grep secretpassword") + wait_for_api() + machine.succeed("curl --fail-with-body -sLSu restadmin:secretpassword http://localhost:8001/3.1/domains") + machine.succeed("curl --fail-with-body -sILS http://localhost/") + ''; +} diff --git a/nixos/tests/nextcloud/openssl-sse.nix b/nixos/tests/nextcloud/openssl-sse.nix index e1f2706a7348b..659a4311cdddd 100644 --- a/nixos/tests/nextcloud/openssl-sse.nix +++ b/nixos/tests/nextcloud/openssl-sse.nix @@ -73,7 +73,7 @@ in { nextcloudwithopenssl1.succeed("nextcloud-occ status") with subtest("Existing encrypted files cannot be read, but new files can be added"): - # This will succed starting NC26 because of their custom implementation of openssl_seal + # This will succeed starting NC26 because of their custom implementation of openssl_seal read_existing_file_test = nextcloudwithopenssl1.fail if nextcloud_version < 26 else nextcloudwithopenssl1.succeed read_existing_file_test("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file >&2") nextcloudwithopenssl1.succeed("nextcloud-occ encryption:disable") diff --git a/nixos/tests/orangefs.nix b/nixos/tests/orangefs.nix index fe9f9cc37ea03..4e67a7fb8efec 100644 --- a/nixos/tests/orangefs.nix +++ b/nixos/tests/orangefs.nix @@ -62,7 +62,7 @@ in { "sudo -g orangefs -u orangefs pvfs2-server -f /etc/orangefs/server.conf" ) - # start services after storage is formated on all machines + # start services after storage is formatted on all machines for server in server1, server2: server.succeed("systemctl start orangefs-server.service") diff --git a/nixos/tests/signal-desktop.nix b/nixos/tests/signal-desktop.nix index 5e2b648c7cf59..f146804a958de 100644 --- a/nixos/tests/signal-desktop.nix +++ b/nixos/tests/signal-desktop.nix @@ -43,7 +43,7 @@ in { machine.execute("su - alice -c signal-desktop >&2 &") # Wait for the Signal window to appear. Since usually the tests - # are run sandboxed and therfore with no internet, we can not wait + # are run sandboxed and therefore with no internet, we can not wait # for the message "Link your phone ...". Nor should we wait for # the "Failed to connect to server" message, because when manually # running this test it will be not sandboxed. diff --git a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix index 279b9aac8edb6..e6bed6b9218ff 100644 --- a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix +++ b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix @@ -1,6 +1,6 @@ # This test verifies that we can request and assign IPv6 prefixes from upstream # (e.g. ISP) routers. -# The setup consits of three VMs. One for the ISP, as your residential router +# The setup consists of three VMs. One for the ISP, as your residential router # and the third as a client machine in the residential network. # # There are two VLANs in this test: @@ -268,7 +268,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { systemd.targets.network-online.wantedBy = [ "multi-user.target" ]; }; - # This is the client behind the router. We should be receving router + # This is the client behind the router. We should be receiving router # advertisements for both the ULA and the delegated prefix. # All we have to do is boot with the default (networkd) configuration. client = { diff --git a/nixos/tests/systemd-repart.nix b/nixos/tests/systemd-repart.nix index b1d19c2b7cc1d..5d579ae3371d1 100644 --- a/nixos/tests/systemd-repart.nix +++ b/nixos/tests/systemd-repart.nix @@ -9,7 +9,7 @@ with pkgs.lib; let # A testScript fragment that prepares a disk with some empty, unpartitioned # space. and uses it to boot the test with. Takes a single argument `machine` - # from which the diskImage is extraced. + # from which the diskImage is extracted. useDiskImage = machine: '' import os import shutil diff --git a/nixos/tests/unbound.nix b/nixos/tests/unbound.nix index 576287a9fe5d7..f6732390b4347 100644 --- a/nixos/tests/unbound.nix +++ b/nixos/tests/unbound.nix @@ -1,7 +1,7 @@ /* Test that our unbound module indeed works as most users would expect. There are a few settings that we must consider when modifying the test. The - ususal use-cases for unbound are + usual use-cases for unbound are * running a recursive DNS resolver on the local machine * running a recursive DNS resolver on the local machine, forwarding to a local DNS server via UDP/53 & TCP/53 * running a recursive DNS resolver on the local machine, forwarding to a local DNS server via TCP/853 (DoT) @@ -74,7 +74,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: }; }; - # The resolver that knows that fowards (only) to the authoritative server + # The resolver that knows that forwards (only) to the authoritative server # and listens on UDP/53, TCP/53 & TCP/853. resolver = { lib, nodes, ... }: { imports = [ common ]; |