Maximilian Bosch
b5a12b4b61
nixos/release-notes: fix `slaptest` command for openldap section
...
When running - as suggested - `slaptest -f slapd.conf $TMPDIR` I get the
following result:
[root@ldap:/tmp/tmp.De46ABIbFf]# slaptest -f /nix/store/lks3ihydj40ff6yqvz0k33ycrc9vbyry-slapd.conf $TMPDIR
usage: slaptest [-v] [-d debuglevel] [-f configfile] [-F configdir] [-o <name>[=<value>]] [-n databasenumber] [-u] [-Q]
[root@ldap:/tmp/tmp.De46ABIbFf]# echo $?
1
Adding a `-F` option fixes the issue.
3 years ago
Naïm Favier
a6788be01a
nixos/luksroot: add bypassWorkqueues ( #118114 )
...
https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance
3 years ago
Jonathan Ringer
4d318bcb5a
nixos/doc/releases: remove
...
No one but release managers need to know this information.
Also, it has been moved to https://github.com/NixOS/release-wiki
3 years ago
Sandro Jäckel
140828ce38
nixos/kresd: tell resolveconf to use local resolver
3 years ago
Thomas Depierre
f55c3e2f21
beam-packages: drop erlang R18 R19 R20 and cuter
3 years ago
lassulus
8eb5701aaf
solanum: remove obsolete BANDB settings/patches
3 years ago
Naïm Favier
821ca7d4cc
nixos/nginx: add option rejectSSL exposing ssl_reject_handshake
3 years ago
Francesco Gazzetta
5b42338f4e
docs/release-notes: mention staticjinja
3 years ago
regnat
113823669b
Revert "nixos/nix-daemon: fix sandbox-paths option"
...
This reverts commit aeeee447bc
.
3 years ago
Tom Fitzhenry
81e04717e8
nixos/manual: document how to install over a serial port
...
https://github.com/NixOS/nixpkgs/issues/58198
3 years ago
Ivan Kozik
d95960e275
nixos/bitwarden_rs: fix startup on 32 thread machines
...
LimitNPROC=64 is too low for bitwarden_rs to start on a 32 thread machine.
Remove the limit.
This fixes:
```
bitwarden_rs[38701]: /--------------------------------------------------------------------\
bitwarden_rs[38701]: | Starting Bitwarden_RS |
bitwarden_rs[38701]: |--------------------------------------------------------------------|
bitwarden_rs[38701]: | This is an *unofficial* Bitwarden implementation, DO NOT use the |
bitwarden_rs[38701]: | official channels to report bugs/features, regardless of client. |
bitwarden_rs[38701]: | Send usage/configuration questions or feature requests to: |
bitwarden_rs[38701]: | https://bitwardenrs.discourse.group/ |
bitwarden_rs[38701]: | Report suspected bugs/issues in the software itself at: |
bitwarden_rs[38701]: | https://github.com/dani-garcia/bitwarden_rs/issues/new |
bitwarden_rs[38701]: \--------------------------------------------------------------------/
bitwarden_rs[38701]: [INFO] No .env file found.
bitwarden_rs[38701]: [2021-05-24 03:34:41.121][bitwarden_rs::api::core::sends][INFO] Initiating send deletion
bitwarden_rs[38701]: [2021-05-24 03:34:41.122][start][INFO] Rocket has launched from http://127.0.0.1:8222
bitwarden_rs[38701]: [2021-05-24 03:34:41.126][panic][ERROR] thread 'unnamed' panicked at 'failed to spawn thread: Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }': /build/rustc-1.52.1-src/library/std/src/thread/mod.rs:620
bitwarden_rs[38701]: 0: bitwarden_rs::init_logging::{{closure}}
bitwarden_rs[38701]: 1: std::panicking::rust_panic_with_hook
bitwarden_rs[38701]: 2: std::panicking::begin_panic_handler::{{closure}}
bitwarden_rs[38701]: 3: std::sys_common::backtrace::__rust_end_short_backtrace
bitwarden_rs[38701]: 4: rust_begin_unwind
bitwarden_rs[38701]: 5: core::panicking::panic_fmt
bitwarden_rs[38701]: 6: core::result::unwrap_failed
bitwarden_rs[38701]: 7: hyper::server::listener::spawn_with
bitwarden_rs[38701]: 8: hyper::server::listener::ListenerPool<A>::accept
bitwarden_rs[38701]: 9: std::sys_common::backtrace::__rust_begin_short_backtrace
bitwarden_rs[38701]: 10: core::ops::function::FnOnce::call_once{{vtable.shim}}
bitwarden_rs[38701]: 11: std::sys::unix:🧵 :Thread:🆕 :thread_start
bitwarden_rs[38701]: 12: start_thread
bitwarden_rs[38701]: 13: __GI___clone
bitwarden_rs[38701]: [2021-05-24 03:34:41.126][panic][ERROR] thread 'main' panicked at 'internal error: entered unreachable code: the call to `handle_threads` should block on success': /build/bitwarden_rs-1.20.0-vendor.tar.gz/rocket/src/rocket.rs:751
bitwarden_rs[38701]: 0: bitwarden_rs::init_logging::{{closure}}
bitwarden_rs[38701]: 1: std::panicking::rust_panic_with_hook
bitwarden_rs[38701]: 2: std::panicking::begin_panic_handler::{{closure}}
bitwarden_rs[38701]: 3: std::sys_common::backtrace::__rust_end_short_backtrace
bitwarden_rs[38701]: 4: rust_begin_unwind
bitwarden_rs[38701]: 5: core::panicking::panic_fmt
bitwarden_rs[38701]: 6: rocket:🚀 :Rocket::launch
bitwarden_rs[38701]: 7: bitwarden_rs::main
bitwarden_rs[38701]: 8: std::sys_common::backtrace::__rust_begin_short_backtrace
bitwarden_rs[38701]: 9: std::rt::lang_start::{{closure}}
bitwarden_rs[38701]: 10: std::rt::lang_start_internal
bitwarden_rs[38701]: 11: main
```
3 years ago
Sandro Jäckel
0724518919
nixos/prometheus: init pihole-exporter
3 years ago
Samuel Dionne-Riel
20b023b5ea
iso-image: Improve disk detection
...
This should help in rare hardware-specific situations where the root is
not automatically detected properly.
We search using a marker file. This should help some weird UEFI setups
where the root is set to `(hd0,msdos2)` by default.
Defaulting to `(hd0)` by looking for the ESP **will break themeing**. It
is unclear why, but files in `(hd0,msdos2)` are not all present as they
should be.
This also fixes an issue introduced with cb5c4fcd3c
where rEFInd stopped booting in many cases. This is because it ended up
using (hd0) rather than using the `search` which was happening
beforehand, which in turn uses (hd0,msdos2), which is the ESP.
Putting back the `search` here fixes that.
3 years ago
Samuel Dionne-Riel
c9bb054dd6
iso-image: unqualified root → ($root)
...
This technically changes nothing. In practice `$root` is always the
"CWD", whether searched for automatically or not.
But this serves to announce we are relying on `$root`... I guess...
3 years ago
Samuel Dionne-Riel
15eaed0718
iso-image: change date on all files
...
It may be that in some conditions dates earlier than 1980 on FAT on GRUB
2.06~ish will cause failures
https://github.com/NixOS/nixpkgs/issues/123376#issuecomment-845515035
3 years ago
Samuel Dionne-Riel
f93f0e72e9
iso-image: Force gfxmode
...
https://www.gnu.org/software/grub/manual/grub/html_node/gfxmode.html
3 years ago
Ryan Mulligan
6543c61311
nixos/doc: add 21.11 release notes stub
3 years ago
Ryan Mulligan
7501467903
nixos/doc: convert "Contributing to this manual" to CommonMark
...
Also updates it to mention running md-to-db.sh.
3 years ago
Ryan Mulligan
6c14851943
nixos/doc: add md-to-db.sh, convert "Building Your Own NixOS CD" to CommonMark
3 years ago
Martin Weinelt
d210ed99c4
nixos/tests/botamusique: init
3 years ago
Martin Weinelt
59e5ff4b29
nixos/botamusique: init
3 years ago
Maciej Krüger
eca2b05354
nixos/cinnamon: add cinnamon-translations to systemPackages
...
This allows other cinnamon applications to use the locales
Without this the cinnamon UI is not properly translated
3 years ago
Maciej Krüger
8664c2c743
nixos/cinnamon: add polkit_gnome to fix #124062
3 years ago
Martin Weinelt
79e675444c
nixos/matrix-synapse: protect created files
...
Enforce UMask on the systemd unit to restrict the permissions of files
created. Especially the homeserver signing key should not be world
readable, and media is served through synapse itself, so no other user
needs access to these files.
Use a prestart chmod to fixup the permissions on the signing key.
3 years ago
Kira Bruneau
cd4780fab4
maintainers: rename metadark -> kira-bruneau ( #124035 )
3 years ago
Paul Schyska
9cb76c21ee
nixos/atop: Add defaultText for types.package options
...
see: https://github.com/NixOS/nixpkgs/pull/123053#discussion_r637205826
3 years ago
Paul Schyska
e1a8e85631
nixos/atop: Wait for conditions
...
I had intermittent test failures due to timing issues.
This patch seems to have fixed them.
3 years ago
sohalt
be01cb8b97
nixos/spacenavd: run as user service
3 years ago
Vika
aeeee447bc
nixos/nix-daemon: fix sandbox-paths option
...
In newer versions of Nix (at least on 2.4pre20201102_550e11f) the
`extra-` prefix for config options received a special meaning and the
option `extra-sandbox-paths` isn't recognized anymore. This commit fixes
it.
It doesn't cause a behavior change when using older versions of Nix but
does cause an extra newline to appear in the config, thus changing the
hash.
3 years ago
Jonathan Ringer
5b61edfe47
docs/release-notes: mention ati_drivers_x11 removal
3 years ago
Jonathan Ringer
ced04640c7
nixos/video: remove obsolete ati modules
3 years ago
Jan Tojnar
a420acab1e
release notes: Mention automated gnomeExtensions
...
https://github.com/NixOS/nixpkgs/pull/118232
3 years ago
lassulus
48c16e48aa
nixos/solanum: init
3 years ago
eyJhb
6000f420e8
nixos/znc: fixed chown not working after hardening ( #123883 )
3 years ago
hyperfekt
ef991f9b8b
nixos/filesystems: condition mount-pstore.service on unmounted /sys/fs/pstore
...
For unknown reasons, switching to a system that first introduces this
service has it fail with /sys/fs/pstore already having been mounted.
3 years ago
Kerstin Humm
224df6940f
nixos/mastodon: use rails command instead of rake
...
Co-Authored-By: Izorkin <izorkin@elven.pw>
3 years ago
talyz
2d8a870813
keycloak.tests: Test HTTPS support
3 years ago
talyz
ba00b0946e
nixos/keycloak: Split certificatePrivateKeyBundle into two options
...
Instead of requiring the user to bundle the certificate and private
key into a single file, provide separate options for them. This is
more in line with most other modules.
3 years ago
talyz
dbf91bc2f1
nixos/keycloak: keycloak.database* -> keycloak.database.*
...
Move all database options to their own group / attribute. This makes
the configuration clearer and brings it in line with most other modern
modules.
3 years ago
talyz
83e406e97a
nixos/keycloak: frontendUrl always needs to be suffixed with /
...
In some places, Keycloak expects the frontendUrl to end with `/`, so
let's make sure it always does.
3 years ago
talyz
58614f8416
nixos/keycloak: Add myself to maintainers
3 years ago
talyz
d748c86389
nixos/keycloak: Improve readablility by putting executables in PATH
3 years ago
talyz
8309368e4c
nixos/keycloak: Set umask before copying sensitive files
...
`install` copies the files before setting their mode, so there could
be a breif window where the secrets are readable by other users
without a strict umask.
3 years ago
talyz
c2bebf4ee2
nixos/keycloak: Improve bash error handling
3 years ago
talyz
d6727d28e1
nixos/keycloak: Set the postgresql database password securely
...
Feeding `psql` the password on the command line leaks it through the
`psql` process' `/proc/<pid>/cmdline` file. Using `echo` to put the
command in a file and then feeding `psql` the file should work around
this, since `echo` is a bash builtin and thus shouldn't spawn a new
process.
3 years ago
Thiago Kenji Okada
c96586d63f
nixos/noisetorch: init
...
NoiseTorch needs setcap set to 'cap_sys_resource=+ep' to work correctly
accordingly to the README.md:
https://github.com/lawl/NoiseTorch#download--install
So this PR adds it.
3 years ago
misuzu
b2319b086c
nixos/test-driver: use usb-ehci controller instead of piix3-usb-uhci
...
On my system this change offers ~5X speed up of
nixosTests.boot.biosUsb and nixosTests.boot.uefiUsb tests.
3 years ago
legendofmiracles
af0a54285e
nixos/terraria: open ports in the firewall
3 years ago
Emery Hemingway
520b4a8496
nixos: convert netatalk to settings-style configuration
...
Also, set StateDirectory in systemd.….serviceConfig.
3 years ago
Robert Hensing
dc9cb63de4
nixos/ghostunnel: init
3 years ago