Since the list only gates the platforms the nixpkgs flake exposes
packages to build on, the `hydra` label made little sense. It was also
only used for this purpose, so the `tier*` attributes were largely
unnecessary.
To reflect the intention more accurately, we expose
`lib.systems.flakeExposed` and use it to gate flake.nix's system list.
* Add an option services.nextcloud.nginx.hstsMaxAge for setting the max-age
directive of the Strict-Transport-Security HTTP header.
* Make the Strict-Transport-Security HTTP header in the Nginx virtualhost block
dependant upon the option services.nextcloud.https instead of
services.nextcloud.nginx.recommendedHttpHeaders, as this header makes no sense
when not using HTTPS. (Closes#169465)
This has a number of benefits such as that applying service limits will
actually work since there isn't a layer of indirection (the Docker daemon)
between the systemd service and the container runtime.
This was an annoyance for me as I have editor hooks cleaning up
trailing white space which lead to regenerating parts of the release notes unnecessarily.
We need to move NixOS containers somewhere else so these don't clash
with Podman, Skopeo & other container software in the libpod &
cri-o/cri-u/libcontainer ecosystems.
The state directory move is not strictly a requirement but is good for
consistency.
- Clarify that shellopts are set in every `execute` call (rather than
only `succeed`).
- Add documentation for the `timeout` parameter and its default values.
`fcitx5` and `service.earlyoom` rely on use XDG autostart files to start.
But for X session with only window manager and no desktop manager
(`none` is used), no one can start them.
This options is added to run these autostart files for sessions without
desktop manager to make other services just work.
Until now, this script has used the version of pandoc from unstable.
This means that running the script on the same version of Nixpkgs
could produce different results, and meant that when Pandoc's output
was changed, random PRs were changing the whole manual when they ran
the script to regenerate docs[1][2].
Here I've changed the manual to use a consistent version of pandoc —
the one from the latest release tag, which will avoid this problem in
future. This will avoid this problem in future. The only time we'll
need to worry about pandoc output changes is when we bump the version
used in this script.
I also considered using the version from the current Nixpkgs branch,
but decided against it as it's unlikely that e.g. the person bumping
Pandoc will remember to regenerate the manual.
[1]: https://github.com/NixOS/nixpkgs/pull/162550
[2]: https://github.com/NixOS/nixpkgs/pull/168535