If you want to be able to use OpenSC with ssh-agent, you need to be able
to add it to the ssh-agent whitelist. This adds an option,
agentPKCS11Whitelist, that exposes the option.
Note that I currently work around this by injecting the parameter into
the agentTimeout option:
programs.ssh.agentTimeout = "1h -P ${pkgs.opensc}/lib/opensc-pkcs11.so";
but I feel that a proper option would be better :)
When having backup jobs that persist to a removable device like an
external HDD, the directory shouldn't be created by an activation script
as this might confuse auto-mounting tools such as udiskie(8).
In this case the job will simply fail, with the former approach
udiskie ran into some issues as the path `/run/media/ma27/backup` was
already there and owned by root.
We had these set so gtk2 can discover themes properly, however we failed
realize that gtk2 already has a patch that makes it search in XDG_DATA_DIRS.
I don't believe any issue is solved by setting these.
This option was added by mistake since `listenAddress` exists by default
for each prometheus-exporter. Using
`services.prometheus.exporters.wireguard.addr` will now cause a warning,
but doesn't break eval.
Having `display-manager` conflict with `plymouth-quit` causes this lock up:
- `plymouth-quit-wait` starts up, waiting for plymouth-quit to run
- `lightdm` starts up
- `plymouth-quit` can't start, it conflicts with lightdm
- `plymouth-quit-wait` keeps waiting on plymouth-quit to kill plymouthd
The idea is having LightDM control when plymouth quits, but communication with
plymouth was broken: https://github.com/NixOS/nixpkgs/pull/71064
Unfortunately having the conflict breaks switching to configurations with
plymouth enabled. So we still need to remove the conflict.
fixes #71034
The rationale for this is that old filesystems have recieved little scrutiny
wrt. security relevant bugs.
Lifted from OpenSUSE[1].
[1]: 8cb42fb665
Co-Authored-By: Renaud <c0bw3b@users.noreply.github.com>
In fact, don't create them at all because Nix does that automatically.
Also remove modules/programs/shell.nix because everything it did is
now done automatically by Nix.
gitlab:db:configure prints the root user's password to stdout on
successful setup, which means it will be logged to the
journal. Silence this informational output. Errors are printed to
stderr and will thus still be let through.
The mime type definitions included with nginx are very incomplete, so
we use a list of mime types from the mailcap package, which is also
used by most other Linux distributions by default.
