| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | | |_|_|_|_|_|_|/
| | |/| | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Always install noto fonts and hack font.
|
| |\| | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \
| | |_|_|_|/ / / / /
| |/| | | | | | | | |
nixos/nextcloud: remove opcache.enable_cli=1
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Upstream no longer recommends enabling the opcache cli.
See the following:
- https://github.com/nextcloud/documentation/issues/1439
- https://github.com/nextcloud/server/pull/15468
|
| |\| | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
nixos/binfmt: fix race condition between systemd-tmpfiles and systemd-binfmt
|
| | | | |_|_|_|_|/ / /
| | |/| | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
We need to make sure systemd-tmpfiles-setup.service ran before we
start systemd-binft.service. Otherwise it might fail to start
due to non-existant files
Fixes #295365
|
| | |\ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
This is useful for small deployments which do not need 5 spare starman
workers taking 160 MB of RAM each.
|
| |\| | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
nixos/unbound: drop networkmanager since it doesn't support unbound anymore
|
| | | | | | | | | | | | | |
|
| | |\| | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
nixos/networkmanager: drop unbound form dns servers
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
upstream dropped unbound in https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/5da17c689be5e66ea2f63dea6f1846625e652998
|
| | |\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
gotosocial 0.14.1 -> 0.14.2
|
| | | | | | | | | | | | | | |
|
| | | |_|_|_|_|_|_|_|_|/ /
| |/| | | | | | | | | | |
|
| |\| | | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \ \ \ |
|
| | | |\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
nixos/murmur: fix writing registerPassword to config
|
| | | | |/ / / / / / / / / / |
|
| | | |\ \ \ \ \ \ \ \ \ \ \
| | | |_|_|_|/ / / / / / /
| | |/| | | | | | | | | | |
nixos/hoogle: add extraOptions
|
| | | | | | | | | | | | | | |
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Note that this list will stop being updated from now on.
Please use https://nixos.github.io/amis/ and https://nixos.github.io/amis/images.json instead.
We are working on integrating this in the https://nixos.org/ website
These get updated for every channel bump.
|
| |\ \ \ \ \ \ \ \ \ \ \ \ \
| | |/ / / / / / / / / / /
| |/| | | | | | | | | | | |
|
| | | |_|_|_|_|_|_|/ / / /
| |/| | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Fixes a regression introduced in #294754.
|
| | |\ \ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
This release focuses on wayland, lets give that justice
|
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
nixos/iso-image: extremely cursed performance optimization for Hydra
|
| | | | |_|_|/ / / / / / / /
| | |/| | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Right now the worst case chain of events for building an ISO on Hydra is
- copy everything to squashfs builder
- run squashfs builder
- download squashfs from builder
- compress squashfs
- upload squashfs to S3
- copy squashfs to ISO builder
- run ISO builder
- download ISO from builder
- compress ISO
- upload ISO to S3
This inlines the squashfs build into the ISO build, which makes it
- copy everything to ISO builder
- run ISO builder
- download ISO from builder
- compress ISO
- upload ISO to S3
Which should reduce queue runner load by $alot per ISO, which we have four of on small channels
(one release, one test per arch) and a lot more than four of on large channels (with various desktops)
|
| |\| | | | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | |_|/ / / / / / / / / /
| |/| | | | | | | | | | | |
nixos/uki: add ".dtb" section if devicetree is used
|
| | | |/ / / / / / / / / /
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
This ensures a ".dtb" PE section makes it into the UKI so systemd-stub
can install the correct devicetree for use by the Linux kernel. This is
often needed on systems that boot with u-boot since the devicetree used
by u-boot is often a paired down version of what the Linux kernel needs.
On those kinds of boards, the lack of this PE section means that u-boot
will end up installing its internal devicetree into the UEFI
configuration table, which is what the Linux kernel ends up using.
|
| |\| | | | | | | | | | | |
|
| | |/ / / / / / / / / /
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
1. Added openvswitch integration to incus service.
2. Added tests to test openvswitch functionality with incus.
|
| |\| | | | | | | | | | |
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
While `/var/lib/lldap` isn't technically accessible by unprivileged
users thanks to `DynamicUser=true`, a user might prefer and change it to
`DynamicUser=false`.
There is currently also a PR open that intends to make `DynamicUser`
configurable via module option.
As such, `jwt_secret_file`, if bootstrapped by the service start
procedure, might be rendered world-readable due to its permissions
(`0644/-rw-r--r--`) defaulting to the service's umask (`022`) and
`/var/lib/lldap` to `0755/drwxr-xr-x` due to `StateDirectoryMode=0755`.
This would usually be fixed by using `(umask 027; openssl ...)` instead
of just `openssl ...`.
However, it was found that another file (`users.db`), this time
bootstrapped by `lldap` itself, also had insufficient permissions
(`0644/-rw-r--r--`) inherited by the global umask and would be left
world-readable as well.
Due to this, we instead change the service's to `027`.
And to lower the impact for already bootstrapped files on existing
instances like `users.db`, set `StateDirectoryMode=0750`.
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
If not provided, lldap defaults to `secretjwtsecret` as value which is
hardcoded in the code base.
See https://github.com/lldap/lldap/blob/v0.5.0/server/src/infra/configuration.rs#L76-L77
This is really bad, because it is trivially easy to generate an admin
access token/cookie as attacker, if a `jwt_secret` is known.
|
| | |\ \ \ \ \ \ \ \ \ \
| | |_|_|_|_|/ / / / /
| |/| | | | | | | | | |
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Closes #293001
|
| | |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
esdm: update module after 1.0.1 changes
|
| | | | |_|_|/ / / / / /
| | |/| | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
ESDM 1.0.1 fixed bugs related to Linux compatibility layer with CUSE.
During these fixes, the compatibility layer was simplified behind a
target in order to start the necessary services together or none of
them (services.esdm.linuxCompatServices).
Furthermore, a small helper was added to ESDM 1.0.1 in order to deal
with resume/suspend/hibernate (FUSE needs to be unblocked).
Removed options are marked.
Signed-off-by: Markus Theil <theil.markus@gmail.com>
|
| | | | | | | | | | | | |
|
| |\| | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \ \
| | |/ / / / / / / / /
| |/| | | | | | | | | |
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
The generation of the descriptions always used lib explicitly even
thoughit was already specified with 'with'.
Since using `with lib` is discouraged this was also changed to inherit.
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Added the majority of TLS options used for transport encryption.
This uses a submodule since all resources share the same settings.
The documentation can be found under:
https://www.bacula.org/13.0.x-manuals/en/main/Bacula_TLS_Communications_E.html
|
| |\| | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
nixos/yubikey-agent: fix eval error
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
This has been refactored in https://github.com/NixOS/nixpkgs/
pull/133542, but this reference wasn't updated.
|