Age | Commit message (Collapse) | Author | Files | Lines |
|
* Markhor is a spiral horned animal that is on the endangered species list
* https://en.wikipedia.org/wiki/Markhor
|
|
services.xserver.extraLayouts fixes
|
|
|
|
It's only supported until February 13, 2020 which is during the 19.09 life cycle.
|
|
Prometheus 1 is no longer supported, instead 'services.prometheus'
now configures the Prometheus 2 service.
|
|
nixos/system-config-printer: init
|
|
|
|
|
|
nixos/doc/manual: Fix Makefile
|
|
We had `./options-to-docbook.xsl` as a dependency for `generated` target but it was moved to a package in https://github.com/NixOS/nixpkgs/pull/66328.
|
|
|
|
|
|
GTK was renamed.
|
|
This plugin is fairly outdated and depends on python2 libraries that
don't receive any updates either (xmpppy for instance[1]).
[1] https://pypi.org/project/xmpppy/
|
|
|
|
* remove kinetic
* release note
* add johanot as maintainer
nixos/ceph: create option for mgr_module_path
- since the upstream default is no longer correct in v14
* fix module, default location for libexec has changed
* ceph: fix test
|
|
nixos/printers: declarative configuration
|
|
sd-image: don't use installer.cloneConfig option that is not imported
|
|
Harmonize Gnome3 Defaults
|
|
|
|
|
|
It's a confusing default for some display managers that will default
to it even when you have defined another display manager.
|
|
This once again allows sd-image.nix to imported standalone to build SD images
of arbitrary NixOS systems.
|
|
Release notes for #67687 (bc08b42da4dbdc1c66385bab7a2eae2935e055c0) [1]
Related issue: #25025 [2]
[1] https://github.com/NixOS/nixpkgs/issues/67687
[2] https://github.com/NixOS/nixpkgs/issues/25025
Suggested-by: @mmahut
Signed-off-by: William Casarin <jb55@jb55.com>
|
|
|
|
|
|
The redis module currently fails to start up, most likely due to running
a chown as non-root in preStart.
While at it, I hardcoded it to use systemd's StateDirectory and
DynamicUser to manage directory permissions, removed the unused
appendOnlyFilename option, and the pidFile option.
We properly tell redis now it's daemonized, and it'll use notify support
to signal readiness.
|
|
|
|
release-notes: mention restricted SysRq key combinations
|
|
|
|
This was missing from #66482.
|
|
installation-device.nix: explain sshd usage, don't include clone-config
|
|
It currently lacks an emoji font-family which means it has to be
disabled for them to function [0]. Additionally it's fallen out of
necessity to ship custom font rendering settings (as far as I'm aware
of).
[0]: https://github.com/NixOS/nixpkgs/pull/67215
|
|
|
|
These have been deprecated for a long time now and has not seen much maintenance.
|
|
|
|
* nixos/acme: Fix ordering of cert requests
When subsequent certificates would be added, they would
not wake up nginx correctly due to target units only being triggered
once. We now added more fine-grained systemd dependencies to make sure
nginx always is aware of new certificates and doesn't restart too early
resulting in a crash.
Furthermore, the acme module has been refactored. Mostly to get
rid of the deprecated PermissionStartOnly systemd options which were
deprecated. Below is a summary of changes made.
* Use SERVICE_RESULT to determine status
This was added in systemd v232. we don't have to keep track
of the EXITCODE ourselves anymore.
* Add regression test for requesting mutliple domains
* Deprecate 'directory' option
We now use systemd's StateDirectory option to manage
create and permissions of the acme state directory.
* The webroot is created using a systemd.tmpfiles.rules rule
instead of the preStart script.
* Depend on certs directly
By getting rid of the target units, we make sure ordering
is correct in the case that you add new certs after already
having deployed some.
Reason it broke before: acme-certificates.target would
be in active state, and if you then add a new cert, it
would still be active and hence nginx would restart
without even requesting a new cert. Not good! We
make the dependencies more fine-grained now. this should fix that
* Remove activationDelay option
It complicated the code a lot, and is rather arbitrary. What if
your activation script takes more than activationDelay seconds?
Instead, one should use systemd dependencies to make sure some
action happens before setting the certificate live.
e.g. If you want to wait until your cert is published in DNS DANE /
TLSA, you could create a unit that blocks until it appears in DNS:
```
RequiredBy=acme-${cert}.service
After=acme-${cert}.service
ExecStart=publish-wait-for-dns-script
```
|
|
rl-1909: add note about Xfce 4.14
|
|
|
|
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).
As described in the NixOps manual[1], dependencies to keys should be
defined like this now:
``` nix
{
systemd.services.myservice = {
after = [ "secret-key.service" ];
wants = [ "secret-key.service" ];
};
}
```
However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.
[1] https://nixos.org/nixops/manual/#idm140737322342384
|
|
nixos/pdns-recursor: implement a `settings` option
|
|
|
|
If this is the default for OpenShift already, we probably can enable it
as well.
see https://github.com/openshift/machine-config-operator/pull/581
|
|
|
|
nixos docs: add release manager section
|
|
|
|
|
|
|
|
nixos/httpd: extraSubservices cleanup
|
|
target
|