| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
nixos/xdg/portal: fix loading portals from systemd service
|
|
|
|
|
|
This will prevent nscd from complaining /etc/netgroup being absent.
Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
|
|
`nufraw` is used to manipulate raw images.
`nufraw-thumbnailer` is used to generate thumbnails for raw images.
relates #108444
|
|
nixos/console: fix Before= on the systemd-vconsole-setup unit
|
|
aneeshusa/allow-mutable-shells-for-declarative-users
nixos/users: Allow mutable shells for declarative users
|
|
This closes issue #88085
|
|
configuration.nix(1) states
users.extraUsers.<name>.createHome
[...] If [...] the home directory already exists but is not
owned by the user, directory owner and group will be changed to
match the user.
i.e. ownership would change only if the user mismatched; the code
however ignores the owner, it is sufficient to enable `createHome`:
if ($u->{createHome}) {
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
chown $u->{uid}, $u->{gid}, $u->{home};
}
Furthermore, permissions are ignored on already existing directories and
therefore may allow others to read private data eventually.
Given that createHome already acts as switch to not only create but
effectively own the home directory, manage permissions in the same
manner to ensure the intended default and cover all primary attributes.
Avoid yet another configuration option to have administrators make a
clear and simple choice between securely managing home directories
and optionally defering management to own code (taking care of custom
location, ownership, mode, extended attributes, etc.).
While here, simplify and thereby fix misleading documentation.
|
|
Only set Before=display-manager.service if it is actually present.
On headless systems, `systemctl list-units --state not-found` will
otherwise show display-manager.service.
Reported-In: https://github.com/NixOS/nixpkgs/issues/88597
|
|
config.users.ldap: do not include nss module if turned off
|
|
nixos/ldap: restart nslcd when configuration changes
|
|
This allows capping the total amount of memory that will be used for
zram-swap, in addition to the percentage-based calculation, which is
useful when blanket-applying a configuration to many machines.
This is based off the strategy used by Fedora for their rollout of
zram-swap-by-default in Fedora 33
(https://fedoraproject.org/wiki/Changes/SwapOnZRAM), which caps the
maximum amount of memory used for zram at 4GiB.
In future it might be good to port this to the systemd zram-generator,
instead of using this separate infrastructure.
|
|
|
|
nixos/malloc: fix Scudo
|
|
nixos/update-user-groups: Fix encoding issues + atomic writes
|
|
Fixes segmentation faults.
https://github.com/NixOS/nixpkgs/issues/100799
|
|
pulseaudio: add hsphfpd support
|
|
nixos/jack,pulseaudio: fix pulse connection to jackd service
|
|
|
|
.ttc fonts are used by noto-fonts-cjk
|
|
Generating password hashes, e.g. when adding new users to the system
configuration, should work out-of-the-box and offline.
|
|
|
|
|
|
|
|
networkmanager-sstp: init at unstable-2020-04-20, bump sstp from 1.0.12 to 1.0.13
|
|
|
|
This attribute is a generalized version of cryptHomeLuks for creating an
entry in /etc/security/pam_mount.conf.xml. It lets the configuration
control all the attributes of the <volume> entry, instead of just the
path. The default path remains the value of cryptHomeLuks, for
compatibility.
|
|
|
|
This reverts commit fb6d63f3fdd95a5468d43a0693c8ca7c1894363f.
I really hope this finally fixes #99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011
Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
|
|
|
|
- Add option `programs.xwayland.defaultFontPath`
- Modify sway to enable Xwayland
|
|
This will let Xwayland use the global font folder as font path
|
|
Renaming enableFontDir to fontDir.enable
|
|
|
|
|
|
- Fix wrong order in which font indexes are created
mkfontdir requires the file fonts.scale to consider scalable fonts,
thus, mkfontscale should be run before
- Search more font formats, in particular, bit-mapped formats
|
|
|
|
|
|
apparmor: fix and improve the service
|
|
|
|
|
|
Having the .tmp suffix is broken w.r.t. to multiple writers,
as they would overwrite existing files. using the atomic flag
will make write_file to create a unique temporary file it gets renamed
to its target.
|
|
The issue here is that updateFile expects a unicode string while
encode_json returns a binary string unlike to_json.
|
|
Ideally we would treat everything as bytes however our database is
already utf-8 encoded so we need to stay compatible.
|
|
This hook moves systemd user service file from `lib/systemd/user` to
`share/systemd/user`. This is to allow systemd to find the user
services when installed into a user profile. The `lib/systemd/user`
path does not work since `lib` is not in `XDG_DATA_DIRS`.
|
|
nixos/config: add defaultPackages option
|
|
This fixes the case when Jack Audio Daemon is running
as a service via `services.jack.jackd` and Pulseaudio
running as a *user* service.
Two issues prevented connecting `pulse` with `jackd`:
* Missing `JACK_PROMISCUOUS_SERVER` environment variable for `pulse` user service,
resulting in `pulse` trying to access `jackd` as if it was running as part of
the users session.
* `jackd` not being able to access socket created by `pulse` due to socket
created using user ID and `users` group. Change allows `jackd` to access
the socket created by `pulse` correctly.
`pulse` now also autoloads `module-jack-sink` and `module-jack-source`
if `services.jack.jackd.enable` is set.
The default `pulse` package is now set to `pulseaudioFull` automatically
if `services.jack.jackd.enable` is set.
|
|
readd perl (used in shell scripts), rsync (needed for NixOps) and strace (common debugging tool)
they where previously removed in https://github.com/NixOS/nixpkgs/pull/91213
Co-authored-by: Timo Kaufmann <timokau@zoho.com>
Co-authored-by: 8573 <8573@users.noreply.github.com>
|
