It was deprecated and removed from all modules in the tree by #18319.
The wireguard module PR (#17933) was still in the review at the time and
the deprecated usage managed to slip inside.
The configuration { services.openssh.enable = true;
services.openssh.forwardX11 = false; } caused
programs.ssh.setXAuthLocation to be set to false, which was not the
intent. The intent is that programs.ssh.setXAuthLocation should be
automatically enabled if needed or if xauth is already available.
The old etcd port 4001 is no longer enabled by default in etcd 3.
The new port is 2379 and is officially assigned by IANA.
There were still some services left that expect etcd on port 4001 by default.
This changes the default to 2379 everywhere.
It should not cause problems for users as the etcd by nix does listen on the new port only by default anyway.
The current default probe config uses the unwrapped fping binary, which
leads to an error because fping must be executed with elevated
permissions.
I fixed this by changing the path to the default binary to the
setuid-wrapped version.
This commit includes two changes:
1. A new `extraConfig` option to allow administrators to set any
vsftpd configuration option that isn't directly supported by this
derivation.
2. Correctly set the `anon_root` vsftpd option to `anonymousUserHome`
In the prestart config of the smokeping service, smokeping is executed
initially. This happens as the user root and writes some files to
$smokepingHome, which can't be overwritten by the smokeping user. This
gives an error message.
I fixed this by moving the chown step after the initial smokeping runs,
so that it also affects the generated files.
The old version would export two lists to a bash builder and do pairwise
processing on the bash side. In the new version we instead generate a
logic free builder on the Nix side. This is not only conceptually
simpler but reduces the amount of code and intermediate values.
`head -cNUM ... | tr -dc SET` might generate output containing fewer
than NUM characters. Given the limited alphabet, this could result in a
fairly weak passphrase. The construction `tr </dev/urandom | head
-cNUM`, however, is sure to give us the full `NUM`.
Currently only for the user services as NixOS handles the named system
instances slightly differently.
syncthing and syncthing-inotify are done the same way.
There are 4 parts to this:
1) Copy in the upstream unit files
2) Make the nixos module use the definition from upstream
3) Enable restarting of all instances (system and user) on resume
4) Allow the traffic in the firewall on default ports if wanted
fixes#18973