| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
In 759ec111 the ping setuid wrapper was removed in favour of giving
permissions to perform ICMP echo requests to all users.
The problem is that the systemd file that was supposed to change the
`net.ipv4.ping_group_range` sysctl is not always installed, specifically
only if systemd.coredump.enable.
In that case the range is "0 1", which is effectively restricts ping to
only root.
This change explicitely sets the range to "0 2^31-1", as systemd does.
(cherry picked from commit cdc24ab40989d45fab2779d9df243aba5f3cfe3c)
|
|
[Backport release-23.11] nixos/keycloak: Allow setting `hostname-url`
|
|
(cherry picked from commit 04c2893d58e7fc78f1f0b287058cdbb45db24acb)
|
|
based on https://community.home-assistant.io/t/ui-lovelace-yaml-and-custom-resources/240178/4
Tested on a home-assistant server and before the card was not loaded at all.
After this it threw an error that my config is wrong.
(cherry picked from commit 663dbfb82d631c8fcc4b6c46a4db3760a99e1c36)
|
|
writable lovelace config
error message before was:
cp: not writing through dangling symlink '/var/lib/hass/ui-lovelace.yaml'
(cherry picked from commit 57bfbc781c39b51aa440f0d1aebead78eab9bdf4)
|
|
(cherry picked from commit b097e95193746184b0dbf32ebc0af79bd8852c66)
|
|
Only append the .js extension to the card pname, not to the specified
entrypoint.
(cherry picked from commit d809a6f9c30d6d7dd0a87025553c28067810edf0)
|
|
[Backport release-23.11] nixos/caddy: use caddyfile adapter by default with explicit configFile
|
|
This avoids computing the prio more than necessary.
The test evaluates to the same derivation hash.
(cherry picked from commit 7438f4e0de4f41a562c4292a035f406129208bfd)
|
|
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
(cherry picked from commit 58f091d5ac33943664b7567d68a6777ddc775df1)
|
|
The --rsyncable option changes the behavior of gzip/zstd so that the
resulting files can be incrementally backed up easily. Tools like Borg,
rsync and xdelta can make use their deduplication/diff mechanisms more
easily.
In my local testing, this resulted in a 2% size increase for backup
files.
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
(cherry picked from commit 40c3d65bdff49b818073d7c92cf0ec6d7fab2bba)
|
|
ServerQuery actually listens on three separate addresses each
corresponding to its own protocol (raw/telnet, ssh, and http). By only
setting `query_addr` we only update what IP we listen on for the raw
protocol, not ssh and http protocols which end up listening on the
default wildcard address.
This change simply makes it so that setting `queryIP` sets the IP for
all three protocols by setting each corresponding option (`query_ip`,
`query_ssh_ip` and `query_http_ip`).
(cherry picked from commit ed67e22139a4e01338ce8b56ca2a3d4711d0199e)
|
|
systemd would previously create a nonoperational
"/var/lib/transmission/watch-dir" directory due to a typo in the
StateDirectory array ("watch-dir" -> "watchdir")
I have corrected this by using the pre-declared constants for these
folder names.
(cherry picked from commit d5260c5544b9dfbe35392d7b4e03ee57d7205628)
|
|
Otherwise it shows a deprecation warning, which is escalated to
an error. For context, see
https://github.com/NixOS/nixpkgs/pull/139075#discussion_r733615550
(cherry picked from commit 2d0f4a7ec19082248094eb04a35c93c94b1d35d5)
|
|
(cherry picked from commit 85fcb9b4ef555af76ab54f88e27d9f4c28aec512)
|
|
[Backport release-23.11] nixos/ejabberd: ensure erlang cookie is made
|
|
[Backport release-23.11] greetd: create cache dir for tuigreet
|
|
(cherry picked from commit de0e28497657771ae16cce96bb946cdb1439ae3b)
|
|
(cherry picked from commit 9f1f87b6125c229e199a874ea4be90a2ea06c185)
|
|
(cherry picked from commit 2db2f446c27b7be976822cf4d502857a0f522b2f)
|
|
[Backport release-23.11] nixos/teeworlds: reduce closure size
|
|
[Backport release-23.11] tomcat10: 10.1.15 -> 10.1.16
|
|
(cherry picked from commit 4b0b3413b48d303bfd5714c7161cb3a574bee38f)
|
|
Use `teeworlds-server` instead of `teeworlds`.
We don't need an entire GUI program just to run the server.
(cherry picked from commit efca3c0329531a2bdba8a018dff91434257112a3)
|
|
Apply the same fix as found in `couchdb` and `rabbitmq`.
(cherry picked from commit 2ca79e7f9d14ebc34495affc576eccd4f17aa5e2)
|
|
(cherry picked from commit 3e4e76e6769bab6fa7f1f6f9d63967147e701ac8)
|
|
(cherry picked from commit ad277ea47e17e3073ba61af07284d1dff8d1601e)
|
|
configFile
(cherry picked from commit 3c6b3d71fa696da5c170c0ff44eaa8c51999a80c)
|
|
(cherry picked from commit 9a5f5ee7d3bae6c42b95c5b0f5d2a1bb5243a5d5)
|
|
[Backport release-23.11] nixos/mastodon; Releasenotes and (possibly) better error messages for `streamingProcesses`
|
|
[Backport release-23.11] nixos/redmine: Fix database assertions
|
|
Explicitly declaring that option is now necessary, but wasn't in the module shipped with 23.05.
(cherry picked from commit cbf69c83d3b2bdc5eca341aa9e44e0406794af81)
|
|
Recent PR 266270[1] modified an assertion related to database settings
of the redmine service. There are two problems with that change:
1. Assert message was not updated to reflect the change in the assert
condition.
2. The new condition applies only to postgresql, not the default
mysql. Therefore, the assertion breaks existing mysql-based
installations without any reason.
This commit fixes these by 1) reverting the modified assertion to the
previous value, making the message match the condition and 2) adding a
new assertion that applies only to postgresql.
[1]: https://github.com/NixOS/nixpkgs/pull/266270
(cherry picked from commit 8667baf161e3f705f56c1bdd9cc48f187a3627a6)
|
|
Allow VRRP and AH (authentication packets) through the firewall
automatically if the option is set.
(cherry picked from commit 24d9151d15168867b87669ee663e4d15a23ded91)
|
|
(cherry picked from commit 6f33e6e4ab2e47124e8c1160c574f9c60c40a523)
|
|
(cherry picked from commit b1b67e980a9a8e6227d5f71f8b036e17c7716f0d)
|
|
The pre-start script requires @chown; the service fails without it.
(cherry picked from commit dffba14043168d767a12ff86c39464b8503d3d29)
|
|
(cherry picked from commit 87b3a98c36607596f9c4fc1fa5d51ffd9b12894f)
|
|
[Backport release-23.11] zfs_2_1: init at 2.1.13
|
|
see: https://github.com/NixOS/nixpkgs/issues/180806
(cherry picked from commit 1b5617e25bc7b4f2390898e895792be5f0e68c6e)
|
|
Runs dbus-update-activation-environment and systemctl import-environment on session start
to ensure xdg portals work, and user services have correct PATH / XDG env vars.
Matches behavior of Plasma/Gnome sessions.
(cherry picked from commit d47bb3261f54f5285b0f0714cd4f3f7452f89017)
|
|
[Backport release-23.11] nixos/mediawiki: update url option defaultText
|
|
[Backport release-23.11] nixos/syncoid: use string type for sshKey options
|
|
This fixes the following error:
```
error: failed processing files:
FailedJobs(
"static/404.html": Permission denied (os error 13) at path "/build/static/.tmpRMzDXu"
)
```
(cherry picked from commit 3e5dc7174ede2897c5da25bb7863b2df52400a0c)
|
|
[Backport release-23.11] darwin.linux-builder: Disable evaluation
|
|
This re-introduces the old stable ZFS version we had in the past following
the many predicted issues of ZFS 2.2.x series, that is much more stable
than any further ZFS version at the moment.
I am also removing myself from maintenance of any further ZFS versions as I am
planning to quit ZFS maintenance at some point.
In the meantime, for users like me who depend on ZFS for critical operations, here is a ZFS version
that is known to work for LTS kernels.
(cherry picked from commit e04c0b0d99fb66e4ab52dc47840f237f92242c4f)
|
|
(cherry picked from commit 9f563e21ac4dfb62ca57ff5b5893e86e497cfd72)
|
|
ShamrockLee/backport-23.11-apptainer-localstatedir
[Backport 23.11] apptainer, singularity: use self-contained LOCALSTATEDIR by default
|
|
(cherry picked from commit 4e6fc83b980ebd91d7cb3b24e5a2927f1d158520)
|
|
(cherry picked from commit 5476b490d4c47655ee6345a120b663fa5351ee07)
|
