Merge remote-tracking branch 'upstream/master' into staging

6 files changed, 17 insertions, 18 deletions

diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml
index 7a9c5a2303c2..caf52195ead7 100644
--- a/nixos/doc/manual/release-notes/rl-1803.xml
+++ b/nixos/doc/manual/release-notes/rl-1803.xml
@@ -82,6 +82,11 @@ following incompatible changes:</para>
 <itemizedlist>
   <listitem>
     <para>
+      <literal>sound.enable</literal> now defaults to false.
+    </para>
+  </listitem>
+  <listitem>
+    <para>
       Dollar signs in options under <option>services.postfix</option> are
       passed verbatim to Postfix, which will interpret them as the beginning of
       a parameter expression. This was already true for string-valued options
@@ -211,11 +216,6 @@ following incompatible changes:</para>
     <itemizedlist>
       <listitem>
         <para>
-          <literal>sound.enable</literal> now defaults to false.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
           <literal>matrix-synapse</literal> uses postgresql by default instead of sqlite.
           Migration instructions can be found <link xlink:href="https://github.com/matrix-org/synapse/blob/master/docs/postgres.rst#porting-from-sqlite"> here </link>.
         </para>
diff --git a/nixos/modules/programs/chromium.nix b/nixos/modules/programs/chromium.nix
index e50e06c7a531..41c49db8c71c 100644
--- a/nixos/modules/programs/chromium.nix
+++ b/nixos/modules/programs/chromium.nix
@@ -36,6 +36,7 @@ in
             "chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet
             "mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot
             "gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
+            "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
           ]
         '';
       };
@@ -78,7 +79,11 @@ in
   ###### implementation
 
   config = lib.mkIf cfg.enable {
+    # for chromium
     environment.etc."chromium/policies/managed/default.json".text = builtins.toJSON defaultProfile;
     environment.etc."chromium/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts;
+    # for google-chrome https://www.chromium.org/administrators/linux-quick-start
+    environment.etc."opt/chrome/policies/managed/default.json".text = builtins.toJSON defaultProfile;
+    environment.etc."opt/chrome/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts;
   };
 }
diff --git a/nixos/modules/services/audio/alsa.nix b/nixos/modules/services/audio/alsa.nix
index 161d873686a8..e3e8bb28c58b 100644
--- a/nixos/modules/services/audio/alsa.nix
+++ b/nixos/modules/services/audio/alsa.nix
@@ -21,7 +21,7 @@ in
 
       enable = mkOption {
         type = types.bool;
-        defaultText = "!versionAtLeast system.stateVersion \"18.03\"";
+        default = false;
         description = ''
           Whether to enable ALSA sound.
         '';
@@ -78,11 +78,7 @@ in
 
   ###### implementation
 
-  config = mkMerge [
-    ({
-      sound.enable = mkDefault (!versionAtLeast config.system.stateVersion "18.03");
-    })
-    (mkIf config.sound.enable {
+  config = mkIf config.sound.enable {
 
     environment.systemPackages = [ alsaUtils ];
 
@@ -128,6 +124,6 @@ in
       ];
     };
 
-  })];
+  };
 
 }
diff --git a/nixos/modules/services/hardware/fwupd.nix b/nixos/modules/services/hardware/fwupd.nix
index 1f4acd21eccf..d8abde2a600a 100644
--- a/nixos/modules/services/hardware/fwupd.nix
+++ b/nixos/modules/services/hardware/fwupd.nix
@@ -8,12 +8,8 @@ let
   cfg = config.services.fwupd;
   originalEtc =
     let
-      isRegular = v: v == "regular";
-      listFiles = d: builtins.attrNames (filterAttrs (const isRegular) (builtins.readDir d));
-      copiedDirs = [ "fwupd/remotes.d" "pki/fwupd" "pki/fwupd-metadata" ];
-      originalFiles = concatMap (d: map (f: "${d}/${f}") (listFiles "${pkgs.fwupd}/etc/${d}")) copiedDirs;
       mkEtcFile = n: nameValuePair n { source = "${pkgs.fwupd}/etc/${n}"; };
-    in listToAttrs (map mkEtcFile originalFiles);
+    in listToAttrs (map mkEtcFile pkgs.fwupd.filesInstalledToEtc);
   extraTrustedKeys =
     let
       mkName = p: "pki/fwupd/${baseNameOf (toString p)}";
diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix
index adb80ea29840..e3c9b5282b8c 100644
--- a/nixos/modules/services/networking/tinc.nix
+++ b/nixos/modules/services/networking/tinc.nix
@@ -178,6 +178,8 @@ in
         preStart = ''
           mkdir -p /etc/tinc/${network}/hosts
           chown tinc.${network} /etc/tinc/${network}/hosts
+          mkdir -p /etc/tinc/${network}/invitations
+          chown tinc.${network} /etc/tinc/${network}/invitations
 
           # Determine how we should generate our keys
           if type tinc >/dev/null 2>&1; then
diff --git a/nixos/release.nix b/nixos/release.nix
index c85150190587..3f6766ad59b8 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -258,7 +258,7 @@ in rec {
   tests.firefox = callTest tests/firefox.nix {};
   tests.firewall = callTest tests/firewall.nix {};
   tests.fleet = callTestOnTheseSystems ["x86_64-linux"] tests/fleet.nix {};
-  #tests.fwupd = callTest tests/fwupd.nix {}; # build during evaluation
+  tests.fwupd = callTest tests/fwupd.nix {};
   #tests.gitlab = callTest tests/gitlab.nix {};
   tests.gitolite = callTest tests/gitolite.nix {};
   tests.gjs = callTest tests/gjs.nix {};