Deperecates the interfaces option which was used to generate a host:port
list whereas the port was always hardcoded to 53. This unifies the
listen configuration for plain and TLS sockets and allows to specify a
port without an address for wildcard binds.
This makes ~2.5x speed up of an empty container instantiate, hence reduces
rebuild time of system with many declarative containers.
Note that this doesn't affect production systems much, becaseu those most
likely already include `minimal.nix` profile.
The upstream session files display managers use have no concept of sessions being composed from
desktop manager and window manager. To be able to set upstream session files as default
session, we need a single option. Having two different ways to set default session would be confusing,
though, so we decided to deprecate the old method.
We also created separate script for each session, just like we already had a separate desktop
file for each one, and started using displayManager.sessionPackages mechanism to make the
session handling more uniform.
There's two ways of providing graphical sessions now:
- `displayManager.session` via. `desktopManager.session` and
`windowManager.session`
- `displayManager.sessionPackages`
`sessionPackages` doesn't make a distinction between desktop and window
managers. This makes selecting a session provided by a package using
`desktopManager.default` nonsensical.
We therefor introduce `displayManager.defaultSession` which can select a session
from either `displayManager.session` or `displayManager.sessionPackages`.
It will default to `desktopManager.default + windowManager.default` as before.
If the dm default is "none" it will select the first provided session from
`sessionPackages`.
+ Fixing interrupted descriptions
+ Added more verbose descriptions
+ Addded <literal> to the descriptions
+ uniformly reformated descriptions to break at 80 chars
(cherry picked from commit c7945c8a97)
Having a default session resulted in GDM not remembering the last used
session.
So do not force the session until setSessionScript is made aware of the
last session used.
When 'grafting' '/nix/store/<hash>-loopback.cfg' from disk onto
'/boot/grub/loopback.cfg' on the iso, the parent 'grub' directory does not
exist yet. In this case it is automatically created and inherits its
attributes, including timestamp, from /nix/store.
This is correct/expected/intentional behavior of xorriso, but has the
undesired result of leaking the timestamps of /nix/store into the iso. For
this reason we put the loopback.cfg in a
'/nix/store/<hash>-loopback.cfg/grub/loopback.cfg' instead, so it will inherit
the attributes from the correctly-timestamped
'/nix/store/<hash>-loopback.cfg/grub' directory.
For the same reason we move '/EFI/boot/efi-background.png' down in the list
so it is grafted after its parent '/EFI/boot' directory is created with
the correct timestamp.
fixes #74944
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
Fixes https://github.com/NixOS/nixpkgs/issues/75075.
To summarize the report in the aforementioned issue, at a glance,
it's a different default than what upstream polkit has. Apparently
for 8+ years polkit defaults admin identities as members of
the wheel group [0]. This assumption would be appropriate on NixOS, where
every member of group 'wheel' is necessarily privileged.
[0]: 763faf434b
If no display manager is enabled this will not make any difference, but
if a Wayland compatible display manager like SDDM is enabled, a session
for Sway will be available. Therefore it does make sense to enable this
by default.
This adds the display manager integration mentioned in #57602.
Allow the user to specify the permissions to apply to download folders
used by transmission. This is useful e.g. when they are stored on a
network share and accessed by other users.
This commit also makes the home and config directories 700, as there
is should be no need for wider permissions there.
Only use sudo if we are currently not running as the nextcloud user.
This is problematic when occ is called from a systemd service with
NoNewPrivileges=true
In the process of making UPower.conf customizable (#73968), it came up
that UPower doesn't load its config from /etc by default.
The UPower derivation is modified to make it load its config from /etc
at runtime, but still install the default config to its nix store path
as before.
The UPower module is modified to put the config in /etc.
When session debugging was enabled in GNOME but not in Pantheon
{
services.xserver = {
desktopManager.pantheon = {
enable = true;
};
desktopManager.gnome3 = {
enable = true;
debug = true;
};
};
}
it caused a conflict:
error: The option `environment.sessionVariables.GNOME_SESSION_DEBUG' has conflicting definitions, in `<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>' and `<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>'.
gobject-introspection has nothing to do with graphical systems or GNOME, it is needed for language bindings like Python.
This reverts commit d757135c05
Didn't notice this till I tried removing my custom roon user from the one I was testing with. There's not a 'groups' option for users, only group (primary group) and extraGroups. Use these.
(#68337)
This PR is part of the networking.* namespace cleanup. We feel that
networking.hostConf is rarely used and provides little value compared to
using environment.etc."host.conf" directly.
Provide sensible default: multi on
Samba 3 has been discontinued since Q1/2015. So I think it's time
to just wipe it from the pkgs. FuseSMB is pretty much abandoned,
upstream does not exist and it's also not as useful as it used to
be anyways.
This is a more sane default since we do not magically (without opt-in)
pull in binaries from `~/bin`. That is not really an expected behavior
for many users. Users that still want that behavior can now just flip
that switch.
This PR is part of the networking.* namespace cleanup.
ssmtp used to be configured via `networking.defaultMailServer` which is
sort of misleading since it provides options only for ssmtp. Other
dumb mail relays like nullmailer have always been living under
services.
The intent of this PR is to align ssmtp's options with those of similar
services. Specifically, two renames have been done:
* Rename `networking.defaultMailHost` to `services.ssmtp`.
* Rename `directDelivery` to `enable` because this is what it basically does.
Previously, socket units wouldn't be restarted if they were
changed. To restart the socket, the service the socket is attached
to needs to be stopped first before the socket can be restarted.
osquery was marked as broken since April.
If somebody steps up to fix it, we can always revive it from the
histroy, but there's not much value in shipping completely broken things
in current master.
cc @ma27
As part of the networking.* name space cleanup, connman should be moved
to services.connman. The same will happen for example with
networkmanager in a separate PR.
The binary name was recently changed from openarena-server to oa_ded in
https://github.com/NixOS/nixpkgs/pull/71122 .
That change broke the openarena module and consequently the openarena
test too. This commit fixes both.
As an alternative, we considered reverting the name change in
https://github.com/NixOS/nixpkgs/pull/72824 but we decided oa_ded was
a better name for the binary (it's the name upstream use).
This PR is part of the networking.* namespace cleanup.
The Cisco VPN module is currently of limited value since it just creates
config files but does not manage services. The same functionality can be
achieved by using _environment.etc_ instead.
It would be a different situation if we had a full service module. So if
you are annoyed by this change, please consider write a more featureful
module and put its options unter _services.networking.vpnc_.
Note that this change removes options for *Cisco VPN*, not
*networkmanager-vpn*.
Unfortunately, you can't configure the default user-session
with GDM like lightdm. I've opened a feature request [0]
but I'd like to be able to do this now.
We use a GObject Python script using bindings to AccountsService
to achieve this. I'm hoping the reliable heuristic for session names
is the file's basename. We also have some special logic for which
method to use to set the default session. It seems set_x_session is
deprecated, and thusly the XSession key, but if that method isn't used
when it's an xsession it won't be the default in GDM.
[0]: https://gitlab.gnome.org/GNOME/gdm/issues/535
- Add services.hardware.bluetooth.config option
- Use lib.generators.toINI with both config and extraConfig options
hardware/bluetooth: a couple suggestions
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
This adds an `extraConfig` option to timesyncd for setting additional
options in `/etc/systemd/timesyncd.conf`.
This is similar to things like `services.journald.extraConfig` and
`services.logind.extraConfig`.
The new description should give more clear understanding of when to
edit the option.
I used NixOS to set up a DNS server that is authoritative for certain
zones. The description of the `cacheNetworks` option made me think I
needed to set it to `"any"` to allow people to query the zone I set
up. Reading the source of the module would have clarified my
understanding, but at the time I just read the description and thought
little of it. Later I discovered I was getting tons of DNS requests
and presumably being used for a DNS amplification attack or similar.
I have fixed the problem now, but I would like the option to have a
clearer description so others don't make the same mistake I did.
This has been there since v209 [1]
```
The interface name to use. This option has lower precedence than NamePolicy=, so for this setting to take effect, NamePolicy= must either be unset, empty, disabled, or all policies configured there must fail. Also see the example below with "Name=dmz0".
Note that specifying a name that the kernel might use for another interface (for example "eth0") is dangerous because the name assignment done by udev will race with the assignment done by the kernel, and only one interface may use the name. Depending on the order of operations, either udev or the kernel will win, making the naming unpredictable. It is best to use some different prefix, for example "internal0"/"external0" or "lan0"/"lan1"/"lan3".
```
[1] 43b3a5ef61
most likely, people enabling the lorri module also want to use it,
without explicitly having to add it to users.users.<username>.packages.
cc @curiousleo @Profpatsch
