diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/administration/boot-problems.xml | 31 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2009.xml | 23 | ||||
-rw-r--r-- | nixos/modules/config/users-groups.nix | 32 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/programs/hamster.nix | 15 | ||||
-rw-r--r-- | nixos/modules/services/mail/dovecot.nix | 35 | ||||
-rw-r--r-- | nixos/modules/services/security/physlock.nix | 1 | ||||
-rw-r--r-- | nixos/modules/system/boot/systemd.nix | 9 | ||||
-rw-r--r-- | nixos/modules/virtualisation/qemu-vm.nix | 2 |
9 files changed, 139 insertions, 10 deletions
diff --git a/nixos/doc/manual/administration/boot-problems.xml b/nixos/doc/manual/administration/boot-problems.xml index 5fa0b29e6d62..badc374ebcfd 100644 --- a/nixos/doc/manual/administration/boot-problems.xml +++ b/nixos/doc/manual/administration/boot-problems.xml @@ -19,9 +19,9 @@ </term> <listitem> <para> - Start a root shell if something goes wrong in stage 1 of the boot process - (the initial ramdisk). This is disabled by default because there is no - authentication for the root shell. + Allows the user to start a root shell if something goes wrong in stage 1 + of the boot process (the initial ramdisk). This is disabled by default + because there is no authentication for the root shell. </para> </listitem> </varlistentry> @@ -51,6 +51,22 @@ </varlistentry> <varlistentry> <term> + <literal>boot.debug1mounts</literal> + </term> + <listitem> + <para> + Like <literal>boot.debug1</literal> or + <literal>boot.debug1devices</literal>, but runs stage1 until all + filesystems that are mounted during initrd are mounted (see + <option><link linkend="opt-fileSystems._name__.neededForBoot">neededForBoot</link></option> + ). As a motivating example, this could be useful if you've forgotten to set + <option><link linkend="opt-fileSystems._name__.neededForBoot">neededForBoot</link></option> + on a file system. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <literal>boot.trace</literal> </term> <listitem> @@ -91,6 +107,15 @@ </para> <para> + Notice that for <literal>boot.shell_on_fail</literal>, + <literal>boot.debug1</literal>, <literal>boot.debug1devices</literal>, and + <literal>boot.debug1mounts</literal>, if you did <emphasis>not</emphasis> + select "start the new shell as pid 1", and you <literal>exit</literal> from + the new shell, boot will proceed normally from the point where it failed, as + if you'd chosen "ignore the error and continue". + </para> + + <para> If no login prompts or X11 login screens appear (e.g. due to hanging dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start rescue mode (described above). (Also note that since most units have a diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index d1eecd65085c..900b1103f2b1 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -614,6 +614,29 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; queued on the kernel side of the netlink socket. </para> </listitem> + <listitem> + <para> + Specifying <link linkend="opt-services.dovecot2.mailboxes">mailboxes</link> in the <package>dovecot2</package> module + as a list is deprecated and will break eval in 21.03. Instead, an attribute-set should be specified where the <literal>name</literal> + should be the key of the attribute. + </para> + <para> + This means that a configuration like this +<programlisting>{ + <link linkend="opt-services.dovecot2.mailboxes">services.dovecot2.mailboxes</link> = [ + { name = "Junk"; + auto = "create"; + } + ]; +}</programlisting> + should now look like this: +<programlisting>{ + <link linkend="opt-services.dovecot2.mailboxes">services.dovecot2.mailboxes</link> = { + Junk.auto = "create"; + }; +}</programlisting> + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 141e43fec39b..7fbbfcec7510 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -600,6 +600,38 @@ in { } ]; + warnings = + builtins.filter (x: x != null) ( + flip mapAttrsToList cfg.users (name: user: + # This regex matches a subset of the Modular Crypto Format (MCF)[1] + # informal standard. Since this depends largely on the OS or the + # specific implementation of crypt(3) we only support the (sane) + # schemes implemented by glibc and BSDs. In particular the original + # DES hash is excluded since, having no structure, it would validate + # common mistakes like typing the plaintext password. + # + # [1]: https://en.wikipedia.org/wiki/Crypt_(C) + let + sep = "\\$"; + base64 = "[a-zA-Z0-9./]+"; + id = "[a-z0-9-]+"; + value = "[a-zA-Z0-9/+.-]+"; + options = "${id}(=${value})?(,${id}=${value})*"; + scheme = "${id}(${sep}${options})?"; + content = "${base64}${sep}${base64}"; + mcf = "^${sep}${scheme}${sep}${content}$"; + in + if (user.hashedPassword != null + && builtins.match mcf user.hashedPassword == null) + then + '' + The password hash of user "${name}" may be invalid. You must set a + valid hash or the user will be locked out of his account. Please + check the value of option `users.users."${name}".hashedPassword`. + '' + else null + )); + }; } diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index c82c70a7b869..448d432853d3 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -126,6 +126,7 @@ ./programs/gpaste.nix ./programs/gnupg.nix ./programs/gphoto2.nix + ./programs/hamster.nix ./programs/iftop.nix ./programs/iotop.nix ./programs/java.nix diff --git a/nixos/modules/programs/hamster.nix b/nixos/modules/programs/hamster.nix new file mode 100644 index 000000000000..ddf26a22fb53 --- /dev/null +++ b/nixos/modules/programs/hamster.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + meta.maintainers = maintainers.fabianhauser; + + options.programs.hamster.enable = + mkEnableOption "Whether to enable hamster time tracking."; + + config = lib.mkIf config.programs.hamster.enable { + environment.systemPackages = [ pkgs.hamster ]; + services.dbus.packages = [ pkgs.hamster ]; + }; +} diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix index 9fbf0c19752c..51cbcbf1cbc8 100644 --- a/nixos/modules/services/mail/dovecot.nix +++ b/nixos/modules/services/mail/dovecot.nix @@ -125,6 +125,8 @@ let mailboxConfig = mailbox: '' mailbox "${mailbox.name}" { auto = ${toString mailbox.auto} + '' + optionalString (mailbox.autoexpunge != null) '' + autoexpunge = ${mailbox.autoexpunge} '' + optionalString (mailbox.specialUse != null) '' special_use = \${toString mailbox.specialUse} '' + "}"; @@ -132,8 +134,9 @@ let mailboxes = { ... }: { options = { name = mkOption { - type = types.strMatching ''[^"]+''; + type = types.nullOr (types.strMatching ''[^"]+''); example = "Spam"; + default = null; description = "The name of the mailbox."; }; auto = mkOption { @@ -148,6 +151,15 @@ let example = "Junk"; description = "Null if no special use flag is set. Other than that every use flag mentioned in the RFC is valid."; }; + autoexpunge = mkOption { + type = types.nullOr types.str; + default = null; + example = "60d"; + description = '' + To automatically remove all email from the mailbox which is older than the + specified time. + ''; + }; }; }; in @@ -323,9 +335,24 @@ in }; mailboxes = mkOption { - type = types.listOf (types.submodule mailboxes); - default = []; - example = [ { name = "Spam"; specialUse = "Junk"; auto = "create"; } ]; + type = with types; let m = submodule mailboxes; in either (listOf m) (attrsOf m); + default = {}; + apply = x: + if isList x then warn "Declaring `services.dovecot2.mailboxes' as a list is deprecated and will break eval in 21.03!" x + else mapAttrsToList (name: value: + if value.name != null + then throw '' + When specifying dovecot2 mailboxes as attributes, declaring + a `name'-attribute is prohibited! The name ${value.name} should + be the attribute key! + '' + else value // { inherit name; } + ) x; + example = literalExample '' + { + Spam = { specialUse = "Junk"; auto = "create"; }; + } + ''; description = "Configure mailboxes and auto create or subscribe them."; }; diff --git a/nixos/modules/services/security/physlock.nix b/nixos/modules/services/security/physlock.nix index 61bcd84f2e64..690eb70079d8 100644 --- a/nixos/modules/services/security/physlock.nix +++ b/nixos/modules/services/security/physlock.nix @@ -107,6 +107,7 @@ in ++ cfg.lockOn.extraTargets; before = optional cfg.lockOn.suspend "systemd-suspend.service" ++ optional cfg.lockOn.hibernate "systemd-hibernate.service" + ++ optional (cfg.lockOn.hibernate || cfg.lockOn.suspend) "systemd-suspend-then-hibernate.service" ++ cfg.lockOn.extraTargets; serviceConfig = { Type = "forking"; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 99892a28115c..a8e51fc09014 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -826,8 +826,13 @@ in config = { warnings = concatLists (mapAttrsToList (name: service: - optional (service.serviceConfig.Type or "" == "oneshot" && service.serviceConfig.Restart or "no" != "no") - "Service ‘${name}.service’ with ‘Type=oneshot’ must have ‘Restart=no’") cfg.services); + let + type = service.serviceConfig.Type or ""; + restart = service.serviceConfig.Restart or "no"; + in optional + (type == "oneshot" && (restart == "always" || restart == "on-success")) + "Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'") + cfg.services); system.build.units = cfg.units; diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index b8d0606be7c1..be06d6feb11f 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -448,7 +448,7 @@ in description = '' An alternate BIOS (such as <package>qboot</package>) with which to start the VM. - Should containin a file named <literal>bios.bin</literal>. + Should contain a file named <literal>bios.bin</literal>. If <literal>null</literal>, QEMU's builtin SeaBIOS will be used. ''; }; |