| Commit message (Collapse) | Author | Age |
|
|
|
| |
(cherry picked from commit c37347af7eaa0177e3a374dd94158ff546f20fdb)
|
|
|
|
| |
(cherry picked from commit 751c2ed6e4af9e525fe57b7c0f0ee8a611eab9fa)
|
|
|
|
|
|
|
|
|
| |
This option has been deprecated for a long time because is redundant
(users.users.root.initialHashedPassword exists).
Moreover, being of type string, it required to handle the special value
"!" separately, instead of using just `null`.
(cherry picked from commit a6ed7d4845f1142f36b2c461d5a721bc68eb7d48)
|
|
|
|
|
|
|
| |
SJW brigade represent. ;)
Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
(cherry picked from commit 517be841352ec3e6b236e7cdfb1fbd8e26bf49cb)
|
|
|
|
|
|
| |
This is the last nixos-unstable release before 13b2903169f, which I'm a
bit nervous about. So I want the update including that one to be as
small as possible, hence going to this one first.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This needs to be defined as an attribute set two layers deep so that
multiple settings in the same namespace, declared in two different
modules, will be merged together.
For example, the following previously wouldn't be merged properly:
{ ... }:
{
imports = [ (
{ ... }: {
services.public-inbox.config.publicinbox.listid = "foo.example.com;
}
) ];
services.public-inbox.config.publicinbox.css =
"https://example.com/pi.css";
}
|
|
|
|
|
|
|
| |
A *good* fix for this problem looks to be a long way off. But I need
my certificates to not expire until that happens.
Fixes: https://github.com/NixOS/nixpkgs/issues/48845
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We don't want /srv on NixOS, and /home is already created by
users-groups.nix.
Furthermore, systemd tmpfiles are set up post-activation, and so
there's absolutely no way for a user to override them. They can't
even set their own rules in systemd.tmpfiles, because "home.conf"
comes before "nixos.conf" lexicographically, and so systemd always
picks the "home.conf" ones.
|
|
|
|
| |
For man pages.
|
|
|
|
| |
This way, we can use StateDirectory instead of a tmpfile rule.
|
| |
|
|
|
|
|
|
| |
# Conflicts:
# nixpkgs/pkgs/build-support/rust/default.nix
# nixpkgs/pkgs/development/go-modules/generic/default.nix
|
| |
|
| |
|
|
|
|
| |
Warns about loaOf deprecation warning.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This caused the service to fail because it couldn't find its
gpghomedir.
|
| |
|
|
|
|
|
|
|
|
|
| |
This module encapsulates pretty much all of public-inbox's
functionality. While there are a lot of options, they're only exposed
for things that either I think have a high chance of being something a
large proportion of users need to set, or if the module needs to do
some special setup to accomodate them. All other public-inbox
configuration can be set through the `config' options.
|
|
|
|
|
| |
This will allow users to provide other archiver plugins than the
default mailman-hyperkitty.
|
|
|
|
|
|
| |
Mailman will read its config file from either location, but
mailman-web will only read its config from /etc/mailman3/settings.py.
So, use /etc/mailman3 for mailman.cfg as well, for symmetry.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, some files were copied into the Nixpkgs tree, which meant
we wouldn't easily be able to update them, and was also just messy.
The reason it was done that way before was so that a few NixOS
options could be substituted in. Some problems with doing it this way
were that the _package_ changed depending on the values of the
settings, which is pretty strange, and also that it only allowed those
few settings to be set.
In the new model, mailman-web is a usable package without needing to
override, and I've implemented the NixOS options in a much more
flexible way. NixOS' mailman-web config file first reads the
mailman-web settings to use as defaults, but then it loads another
configuration file generated from the new services.mailman.webSettings
option, so _any_ mailman-web Django setting can be customised by the
user, rather than just the three that were supported before. I've
kept the old options, but there might not really be any good reason to
keep them.
It also meant that one hard-coded SECRET_KEY was included in the Nix
store, AND SHARED BETWEEN ALL NIXOS USERS! As part of this change,
the secret key will now be generated along with the Hyperkitty API key
the first time the service is run, and it will never be stored in the
Nix store.
|
|
|
|
|
| |
Also, mailman looks in /etc/mailman.cfg by default, so setting
MAILMAN_CONFIG_FILE isn't required either.
|
|
|
|
| |
I used this to set up ARC. I'm sure there are other usecases too.
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's likely that a user might want to set multiple values for
relay_domains, transport_maps, and local_recipient_maps, and the order
is significant. This means that there's no good way to set these
across multiple NixOS modules, and they should probably all be set
together in the user's Postfix configuration.
So, rather than setting these in the Mailman module, just make the
Mailman module check that the values it needs to occur somewhere, and
advise the user on what to set if not.
|
| |
|
|
|
|
|
|
|
| |
Supporting a path here is important because it allows e.g. fetching a
configuration from a URL. To do this and provide the configuration as
a string, IFD would be necessary. It's just written into a path
anyway.
|
|
|
|
|
|
| |
Using a custom path in the Nix store meant that users of the module
couldn't add their own config files, which is a desirable feature. I
don't think avoiding /etc buys us anything.
|
|
|
|
|
|
| |
This is basically an alias for a special case of postqueue, which
already has a setgid wrapper. Would be silly to allow postqueue -p
but not mailq.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This replaces all Mailman secrets with ones that are generated the
first time the service is run. This replaces the hyperkittyApiKey
option, which would lead to a secret in the world-readable store.
Even worse were the secrets hard-coded into mailman-web, which are not
just world-readable, but identical for all users!
services.mailman.hyperkittyApiKey has been removed, and so can no
longer be used to determine whether to enable Hyperkitty. In its
place, there is a new option, services.mailman.hyperkitty.enable. For
consistency, services.mailman.hyperkittyBaseUrl has been renamed to
services.mailman.hyperkitty.baseUrl.
|
|
|
|
|
| |
A default of example.com is useful to nobody. The correct value of
this depends on the system.
|
|
|
|
| |
Not everybody is using Apache.
|
|
|
|
|
| |
There's no need to construct the PYTHONPATH ourselves -- uwsgi can do
it for us.
|
|
|
|
|
| |
Hopefully this should fix service failures I've been getting when
rebuilding a running system.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
(cherry picked from commit d0dba96e1d9365ce3a161a7feda50266fe4bcce8)
|
|
|
|
| |
(cherry picked from commit a7941fe21044a2c7656270111a78d9c23746611e)
|
|
|
|
| |
(cherry picked from commit 1cb5cff61138cafe3ce6a4651251c16d42fca93e)
|
|
|
|
|
|
|
|
| |
When mailman-web restarts, it removes the generated "static" directory. This
breaks a currently running httpd process, which needs a re-start, too, to
obtain a new handle for the newly generated path.
(cherry picked from commit 0cc37b3cfa64ffca70347566f0823010d48bbd97)
|