| Commit message (Collapse) | Author | Age |
|\
| |
| | |
nixos/bash: Improve Emacs detection for PS1
|
| |
| |
| |
| |
| |
| |
| | |
That's one of my itches - when I'm sshing from Emacs' term to a NixOS
machine, it doesn't detect that I'm running emacs and showing a title
escape sequence. This commit fixes it, checking against $TERM to
prevent this from ever bothering anyone again.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* nixos/acme: Fix ordering of cert requests
When subsequent certificates would be added, they would
not wake up nginx correctly due to target units only being triggered
once. We now added more fine-grained systemd dependencies to make sure
nginx always is aware of new certificates and doesn't restart too early
resulting in a crash.
Furthermore, the acme module has been refactored. Mostly to get
rid of the deprecated PermissionStartOnly systemd options which were
deprecated. Below is a summary of changes made.
* Use SERVICE_RESULT to determine status
This was added in systemd v232. we don't have to keep track
of the EXITCODE ourselves anymore.
* Add regression test for requesting mutliple domains
* Deprecate 'directory' option
We now use systemd's StateDirectory option to manage
create and permissions of the acme state directory.
* The webroot is created using a systemd.tmpfiles.rules rule
instead of the preStart script.
* Depend on certs directly
By getting rid of the target units, we make sure ordering
is correct in the case that you add new certs after already
having deployed some.
Reason it broke before: acme-certificates.target would
be in active state, and if you then add a new cert, it
would still be active and hence nginx would restart
without even requesting a new cert. Not good! We
make the dependencies more fine-grained now. this should fix that
* Remove activationDelay option
It complicated the code a lot, and is rather arbitrary. What if
your activation script takes more than activationDelay seconds?
Instead, one should use systemd dependencies to make sure some
action happens before setting the certificate live.
e.g. If you want to wait until your cert is published in DNS DANE /
TLSA, you could create a unit that blocks until it appears in DNS:
```
RequiredBy=acme-${cert}.service
After=acme-${cert}.service
ExecStart=publish-wait-for-dns-script
```
|
|\
| |
| | |
netdata: enable cgroup accounting
|
| | |
|
|\ \
| | |
| | | |
vault: 1.0.2 -> 1.2.2
|
| | | |
|
| | |
| | |
| | | |
Gitlab runner fails to start if HOME is not set.
|
|\ \ \
| | | |
| | | | |
rl-1909: add note about Xfce 4.14
|
| |/ / |
|
|\ \ \
| | | |
| | | | |
magnetico: init package and service
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
nixos-containers: add TimeoutStartSec option
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Default is now 1m instead of global default of 15sec. It is also
configurable.
Fixes issue where start of many containers (40+) fail
https://github.com/NixOS/nixpkgs/issues/65001
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
nixos/x11: provide selected session to custom session
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The custom session script is always executed (when it exists). This change
passes the selected session script and select session name to the custom session
script, so that it can defer to the selected session script based on the value
of the selected session name.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
nixos/treewide: drop dependencies to `keys.target`
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).
As described in the NixOps manual[1], dependencies to keys should be
defined like this now:
``` nix
{
systemd.services.myservice = {
after = [ "secret-key.service" ];
wants = [ "secret-key.service" ];
};
}
```
However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.
[1] https://nixos.org/nixops/manual/#idm140737322342384
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
nixos/systemd: Add suspend-then-hibernate units
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Pretty useful for laptops. I use them with:
```
services.logind.lidSwitch = "suspend-then-hibernate";
environment.etc."systemd/sleep.conf".text = "HibernateDelaySec=8h";
```
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/xfce4-14: init
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is pretty much identical to the xfce test we currently have.
|
| | |_|/ / /
| |/| | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
For security, we don't want the sandbox to be disabled silently.
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
Fix sharing in gnome-control-center
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* No sessionPath!
* add to systemd.packages
This is for the gnome-user-share-webdav.service.
* Update option description
|
| | | | | |
| | | | | |
| | | | | | |
Unfortunately this gives an error when precmd or preexec exists. Removing to avoid that.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/matomo: fixing the configuration path
|
| |/ / / / / |
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/pdns-recursor: implement a `settings` option
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
nixos/systemd: enable systemd cgroup accounting by default
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
If this is the default for OpenShift already, we probably can enable it
as well.
see https://github.com/openshift/machine-config-operator/pull/581
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
systemd defaults DefaultMemoryAccounting and DefaultTasksAccounting to
yes, so no need to enable explicitly
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
moodle: init at 3.7.1
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| |_|_|/ / / / /
|/| | | | | | | |
nixos/update-users-groups.pl: chomp hashedPassword
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
We don’t want any trailing whitespace, otherwise we mess up the
formating of the shadow file. Some things like readFile may have the
trailing new line.
Fixes #66745
|
| | | | | | | | |
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
nixos/gnome3: split up
|
| | | | | | | | | |
|
| | |/ / / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This introduces the following options under the services.gnome3 namespace:
* core-os-services.enable
* core-shell.enable
* core-utilities.enable
* games.enable
The first three are all default enabled by gnome3.enable
and their purpose is to make gnome3 more flexable for users
usecases. In the case of core-utilities and games, it allows
users to easily switch on the default gnome3 applications
and games packages. Previously we had lists in gnome-3/default.nix
but they weren't visible to the user. By having options we have
generated documentation and an interface.
|