mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-18 02:44:30 +00:00
nixos: fix typos
This commit is contained in:
parent
a31ca7f220
commit
701bcdbead
@ -17,7 +17,7 @@ In any manpage, commands, flags and arguments to the *current* executable should
|
||||
- Use `Cm` to mark literal string arguments, e.g. the `boot` command argument passed to `nixos-rebuild`.
|
||||
- Optional flags or arguments should be marked with `Op`. This includes optional repeating arguments.
|
||||
- Required flags or arguments should not be marked.
|
||||
- Mutually exclusive groups of arguments should be enclosed in curly brackets, preferrably created with `Bro`/`Brc` blocks.
|
||||
- Mutually exclusive groups of arguments should be enclosed in curly brackets, preferably created with `Bro`/`Brc` blocks.
|
||||
|
||||
When an argument is used in an example it should be marked up with `Ar` again to differentiate it from a constant. For example, a command with a `--host name` flag that calls ssh to retrieve the host's local time would signify this thusly:
|
||||
```
|
||||
@ -45,7 +45,7 @@ Larger code blocks or those that cannot be shown inline should use indented lite
|
||||
...
|
||||
.Ed
|
||||
```
|
||||
Contents of code blocks may be marked up further, e.g. if they refer to arguments that will be subsituted into them:
|
||||
Contents of code blocks may be marked up further, e.g. if they refer to arguments that will be substituted into them:
|
||||
```
|
||||
.Bd -literal -offset indent
|
||||
{
|
||||
|
@ -20,7 +20,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- A large number of packages have been converted to use the multiple outputs feature of Nix to greatly reduce the amount of required disk space, as mentioned above. This may require changes to any custom packages to make them build again; see the relevant chapter in the Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions related to multiple-output packages [were changed](https://github.com/NixOS/nixpkgs/pull/14766) late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.)
|
||||
|
||||
- Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to aviod breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html).
|
||||
- Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to avoid breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html).
|
||||
|
||||
- Shell aliases for systemd sub-commands [were dropped](https://github.com/NixOS/nixpkgs/pull/15598): `start`, `stop`, `restart`, `status`.
|
||||
|
||||
@ -28,7 +28,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- `/var/empty` is now immutable. Activation script runs `chattr +i` to forbid any modifications inside the folder. See [ the pull request](https://github.com/NixOS/nixpkgs/pull/18365) for what bugs this caused.
|
||||
|
||||
- Gitlab's maintainance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI.
|
||||
- Gitlab's maintenance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI.
|
||||
|
||||
- `services.xserver.libinput.accelProfile` default changed from `flat` to `adaptive`, as per [ official documentation](https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79).
|
||||
|
||||
|
@ -275,7 +275,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
You can check that backups still work by running `systemctl start mysql-backup` then `systemctl status mysql-backup`.
|
||||
|
||||
- Templated systemd services e.g `container@name` are now handled currectly when switching to a new configuration, resulting in them being reloaded.
|
||||
- Templated systemd services e.g `container@name` are now handled correctly when switching to a new configuration, resulting in them being reloaded.
|
||||
|
||||
- Steam: the `newStdcpp` parameter was removed and should not be needed anymore.
|
||||
|
||||
|
@ -174,7 +174,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- The `openssh` package now includes Kerberos support by default; the `openssh_with_kerberos` package is now a deprecated alias. If you do not want Kerberos support, you can do `openssh.override { withKerberos = false; }`. Note, this also applies to the `openssh_hpn` package.
|
||||
|
||||
- `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatability, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved.
|
||||
- `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatibility, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved.
|
||||
|
||||
- The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual. The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected.
|
||||
|
||||
|
@ -81,7 +81,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
The slurmctld now runs as user `slurm` instead of `root`. If you want to keep slurmctld running as `root`, set `services.slurm.user = root`.
|
||||
|
||||
The options `services.slurm.nodeName` and `services.slurm.partitionName` are now sets of strings to correctly reflect that fact that each of these options can occour more than once in the configuration.
|
||||
The options `services.slurm.nodeName` and `services.slurm.partitionName` are now sets of strings to correctly reflect that fact that each of these options can occur more than once in the configuration.
|
||||
|
||||
- The `solr` package has been upgraded from 4.10.3 to 7.5.0 and has undergone some major changes. The `services.solr` module has been updated to reflect these changes. Please review http://lucene.apache.org/solr/ carefully before upgrading.
|
||||
|
||||
@ -91,7 +91,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- Network interface indiscriminate NixOS firewall options (`networking.firewall.allow*`) are now preserved when also setting interface specific rules such as `networking.firewall.interfaces.en0.allow*`. These rules continue to use the pseudo device "default" (`networking.firewall.interfaces.default.*`), and assigning to this pseudo device will override the (`networking.firewall.allow*`) options.
|
||||
|
||||
- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interferring with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network.
|
||||
- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interfering with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network.
|
||||
|
||||
If the old behaviour is desired, this can be restored by setting the `services.nscd.config` option with the desired caching parameters.
|
||||
|
||||
@ -135,7 +135,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- GitLab Shell previously used the nix store paths for the `gitlab-shell` command in its `authorized_keys` file, which might stop working after garbage collection. To circumvent that, we regenerated that file on each startup. As `gitlab-shell` has now been changed to use `/var/run/current-system/sw/bin/gitlab-shell`, this is not necessary anymore, but there might be leftover lines with a nix store path. Regenerate the `authorized_keys` file via `sudo -u git -H gitlab-rake gitlab:shell:setup` in that case.
|
||||
|
||||
- The `pam_unix` account module is now loaded with its control field set to `required` instead of `sufficient`, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to `pam_unix`. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previosuly shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting `security.pam.services.<name?>.text`.
|
||||
- The `pam_unix` account module is now loaded with its control field set to `required` instead of `sufficient`, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to `pam_unix`. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previously shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting `security.pam.services.<name?>.text`.
|
||||
|
||||
- The `pam_unix` password module is now loaded with its control field set to `sufficient` instead of `required`, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account's password through PAM was not possible: the whole password module verification was exited prematurely by `pam_unix`, preventing `pam_ldap` to manage the password as it should.
|
||||
|
||||
|
@ -194,7 +194,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
`security.acme.preDelay` and `security.acme.activationDelay` options have been removed. To execute a service before certificates are provisioned or renewed add a `RequiredBy=acme-${cert}.service` to any service.
|
||||
|
||||
Furthermore, the acme module will not automatically add a dependency on `lighttpd.service` anymore. If you are using certficates provided by letsencrypt for lighttpd, then you should depend on the certificate service `acme-${cert}.service>` manually.
|
||||
Furthermore, the acme module will not automatically add a dependency on `lighttpd.service` anymore. If you are using certificates provided by letsencrypt for lighttpd, then you should depend on the certificate service `acme-${cert}.service>` manually.
|
||||
|
||||
For nginx, the dependencies are still automatically managed when `services.nginx.virtualhosts.<name>.enableACME` is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all `acme-certificates.target`. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at [NixOS/nixpkgs\#60180](https://github.com/NixOS/nixpkgs/issues/60180).
|
||||
|
||||
|
@ -130,7 +130,7 @@ In addition to 1119 new, 118 updated, and 476 removed options; 61 new modules we
|
||||
|
||||
- [services.cage.enable](options.html#opt-services.cage.enable) Wayland cage service
|
||||
|
||||
- [services.convos.enable](options.html#opt-services.convos.enable) IRC daemon, which can be accessed throught the browser
|
||||
- [services.convos.enable](options.html#opt-services.convos.enable) IRC daemon, which can be accessed through the browser
|
||||
|
||||
- [services.engelsystem.enable](options.html#opt-services.engelsystem.enable) Tool for coordinating volunteers and shifts on large events
|
||||
|
||||
@ -552,7 +552,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- The [jellyfin](options.html#opt-services.jellyfin.enable) module will use and stay on the Jellyfin version `10.5.5` if `stateVersion` is lower than `20.09`. This is because significant changes were made to the database schema, and it is highly recommended to backup your instance before upgrading. After making your backup, you can upgrade to the latest version either by setting your `stateVersion` to `20.09` or higher, or set the `services.jellyfin.package` to `pkgs.jellyfin`. If you do not wish to upgrade Jellyfin, but want to change your `stateVersion`, you can set the value of `services.jellyfin.package` to `pkgs.jellyfin_10_5`.
|
||||
|
||||
- The `security.rngd` service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundent.
|
||||
- The `security.rngd` service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundant.
|
||||
|
||||
- The `hardware.nvidia.optimus_prime.enable` service has been renamed to `hardware.nvidia.prime.sync.enable` and has many new enhancements. Related nvidia prime settings may have also changed.
|
||||
|
||||
|
@ -197,7 +197,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
Android packages are now loaded from a repo.json file created by parsing Android repo XML files. The arguments `repoJson` and `repoXmls` have been added to allow overriding the built-in androidenv repo.json with your own. Additionally, license files are now written to allow compatibility with Gradle-based tools, and the `extraLicenses` argument has been added to accept more SDK licenses if your project requires it. See the androidenv documentation for more details.
|
||||
|
||||
- The attribute `mpi` is now consistently used to provide a default, system-wide MPI implementation. The default implementation is openmpi, which has been used before by all derivations affects by this change. Note that all packages that have used `mpi ? null` in the input for optional MPI builds, have been changed to the boolean input paramater `useMpi` to enable building with MPI. Building all packages with `mpich` instead of the default `openmpi` can now be achived like this:
|
||||
- The attribute `mpi` is now consistently used to provide a default, system-wide MPI implementation. The default implementation is openmpi, which has been used before by all derivations affects by this change. Note that all packages that have used `mpi ? null` in the input for optional MPI builds, have been changed to the boolean input parameter `useMpi` to enable building with MPI. Building all packages with `mpich` instead of the default `openmpi` can now be achieved like this:
|
||||
|
||||
```nix
|
||||
self: super:
|
||||
@ -272,7 +272,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- `environment.defaultPackages` now includes the nano package. If pkgs.nano is not added to the list, make sure another editor is installed and the `EDITOR` environment variable is set to it. Environment variables can be set using `environment.variables`.
|
||||
|
||||
- `services.minio.dataDir` changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements.
|
||||
- `services.minio.dataDir` changed type to a list of paths, required for specifying multiple data directories for using with erasure coding. Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements.
|
||||
|
||||
- All CUDA toolkit versions prior to CUDA 10 have been removed.
|
||||
|
||||
@ -375,7 +375,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- When defining a new user, one of [users.users._name_.isNormalUser](options.html#opt-users.users._name_.isNormalUser) and [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) is now required. This is to prevent accidentally giving a UID above 1000 to system users, which could have unexpected consequences, like running user activation scripts for system users. Note that users defined with an explicit UID below 500 are exempted from this check, as [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) has no effect for those.
|
||||
|
||||
- The `security.apparmor` module, for the [AppArmor](https://gitlab.com/apparmor/apparmor/-/wikis/Documentation) Mandatory Access Control system, has been substantialy improved along with related tools, so that module maintainers can now more easily write AppArmor profiles for NixOS. The most notable change on the user-side is the new option [security.apparmor.policies](options.html#opt-security.apparmor.policies), replacing the previous `profiles` option to provide a way to disable a profile and to select whether to confine in enforce mode (default) or in complain mode (see `journalctl -b --grep apparmor`). Security-minded users may also want to enable [security.apparmor.killUnconfinedConfinables](options.html#opt-security.apparmor.killUnconfinedConfinables), at the cost of having some of their processes killed when updating to a NixOS version introducing new AppArmor profiles.
|
||||
- The `security.apparmor` module, for the [AppArmor](https://gitlab.com/apparmor/apparmor/-/wikis/Documentation) Mandatory Access Control system, has been substantially improved along with related tools, so that module maintainers can now more easily write AppArmor profiles for NixOS. The most notable change on the user-side is the new option [security.apparmor.policies](options.html#opt-security.apparmor.policies), replacing the previous `profiles` option to provide a way to disable a profile and to select whether to confine in enforce mode (default) or in complain mode (see `journalctl -b --grep apparmor`). Security-minded users may also want to enable [security.apparmor.killUnconfinedConfinables](options.html#opt-security.apparmor.killUnconfinedConfinables), at the cost of having some of their processes killed when updating to a NixOS version introducing new AppArmor profiles.
|
||||
|
||||
- The GNOME desktop manager once again installs gnome.epiphany by default.
|
||||
|
||||
|
@ -375,7 +375,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument.
|
||||
|
||||
- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group.
|
||||
- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`hardware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group.
|
||||
|
||||
- The fontconfig service's dpi option has been removed.
|
||||
Fontconfig should use Xft settings by default so there's no need to override one value in multiple places.
|
||||
|
@ -10,7 +10,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
for Flakes, but also marks the `nix` command as experimental which now has to
|
||||
be enabled via the configuration explicitly. For more information and
|
||||
instructions for upgrades, see the
|
||||
relase notes for [nix-2.4](https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html),
|
||||
release notes for [nix-2.4](https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html),
|
||||
[nix-2.5](https://nixos.org/manual/nix/stable/release-notes/rl-2.5.html),
|
||||
[nix-2.6](https://nixos.org/manual/nix/stable/release-notes/rl-2.6.html),
|
||||
[nix-2.7](https://nixos.org/manual/nix/stable/release-notes/rl-2.7.html) and
|
||||
@ -278,11 +278,11 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`.
|
||||
|
||||
Additionally with 2.5 the argon2 module was included in the standard distrubtion and renamed from `pw-argon2` to `argon2`. Remember to update your `olcModuleLoad` entry in `cn=config`.
|
||||
Additionally with 2.5 the argon2 module was included in the standard distribution and renamed from `pw-argon2` to `argon2`. Remember to update your `olcModuleLoad` entry in `cn=config`.
|
||||
|
||||
- `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface.
|
||||
|
||||
- `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`.
|
||||
- `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your environment consider adding `openssh` to it or switching to `gitFull`.
|
||||
|
||||
- `services.k3s.enable` no longer implies `systemd.enableUnifiedCgroupHierarchy = false`, and will default to the 'systemd' cgroup driver when using `services.k3s.docker = true`.
|
||||
This change may require a reboot to take effect, and k3s may not be able to run if the boot cgroup hierarchy does not match its configuration.
|
||||
@ -639,7 +639,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
changes in the database scheme and configuration format.
|
||||
|
||||
- Some top-level settings under [services.epgstation](#opt-services.epgstation.enable)
|
||||
is now deprecated because it was redudant due to the same options being
|
||||
is now deprecated because it was redundant due to the same options being
|
||||
present in [services.epgstation.settings](#opt-services.epgstation.settings).
|
||||
|
||||
- The option `services.epgstation.basicAuth` was removed because basic
|
||||
@ -653,7 +653,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
option now expects options for `config.yml` in EPGStation v2.
|
||||
|
||||
- Existing data for the [services.epgstation](#opt-services.epgstation.enable)
|
||||
module would have to be backed up prior to the upgrade. To back up exising
|
||||
module would have to be backed up prior to the upgrade. To back up existing
|
||||
data to `/tmp/epgstation.bak`, run
|
||||
`sudo -u epgstation epgstation run backup /tmp/epgstation.bak`.
|
||||
To import that data after to the upgrade, run
|
||||
@ -804,7 +804,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
- The `influxdb2` package was split into `influxdb2-server` and
|
||||
`influxdb2-cli`, matching the split that took place upstream. A
|
||||
combined `influxdb2` package is still provided in this release for
|
||||
backwards compatibilty, but will be removed at a later date.
|
||||
backwards compatibility, but will be removed at a later date.
|
||||
|
||||
- The `unifi` package was switched from `unifi6` to `unifi7`.
|
||||
Direct downgrades from Unifi 7 to Unifi 6 are not possible and require restoring from a backup made by Unifi 6.
|
||||
|
@ -205,7 +205,7 @@ In addition to numerous new and upgraded packages, this release includes the fol
|
||||
|
||||
- Linux 4.9 has been removed because it will reach its end of life within the lifespan of 22.11.
|
||||
|
||||
- (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden.
|
||||
- (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintenance burden.
|
||||
Use `configure.packages` instead.
|
||||
- Neovim can not be configured with plug anymore (still works for vim).
|
||||
|
||||
@ -221,7 +221,7 @@ In addition to numerous new and upgraded packages, this release includes the fol
|
||||
|
||||
- `mysql57` has been removed. Please update to `mysql80` or `mariadb`. See the [upgrade guide](https://mariadb.com/kb/en/upgrading-from-mysql-to-mariadb/) for more information.
|
||||
|
||||
- Consequently, `cqrlog` and `amorok` now use `mariadb` instead of `mysql57` for their embedded databases. Running `mysql_upgrade` may be neccesary.
|
||||
- Consequently, `cqrlog` and `amorok` now use `mariadb` instead of `mysql57` for their embedded databases. Running `mysql_upgrade` may be necessary.
|
||||
- `k3s` supports `clusterInit` option, and it is enabled by default, for servers.
|
||||
|
||||
- `percona-server56` has been removed. Please migrate to `mysql` or `mariadb` if possible.
|
||||
|
@ -72,7 +72,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- [stevenblack-blocklist](https://github.com/StevenBlack/hosts), A unified hosts file with base extensions for blocking unwanted websites. Available as [networking.stevenblack](options.html#opt-networking.stevenblack.enable).
|
||||
|
||||
- [Budgie Desktop](https://github.com/BuddiesOfBudgie/budgie-desktop), a familiar, modern desktop environment. Availabe as [services.xserver.desktopManager.budgie](options.html#opt-services.xserver.desktopManager.budgie).
|
||||
- [Budgie Desktop](https://github.com/BuddiesOfBudgie/budgie-desktop), a familiar, modern desktop environment. Available as [services.xserver.desktopManager.budgie](options.html#opt-services.xserver.desktopManager.budgie).
|
||||
|
||||
- [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable).
|
||||
|
||||
@ -88,7 +88,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- [alertmanager-irc-relay](https://github.com/google/alertmanager-irc-relay), a Prometheus Alertmanager IRC Relay. Available as [services.prometheus.alertmanagerIrcRelay](options.html#opt-services.prometheus.alertmanagerIrcRelay.enable).
|
||||
|
||||
- [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Mutiple servers may be configured below [services.tts.servers](#opt-services.tts.servers).
|
||||
- [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Multiple servers may be configured below [services.tts.servers](#opt-services.tts.servers).
|
||||
|
||||
- [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).
|
||||
|
||||
@ -98,7 +98,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- [gonic](https://github.com/sentriz/gonic), a Subsonic music streaming server. Available as [services.gonic](#opt-services.gonic.enable).
|
||||
|
||||
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
|
||||
- [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and receives MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
|
||||
|
||||
- [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable)
|
||||
|
||||
@ -287,7 +287,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- The `nix.readOnlyStore` option has been renamed to `boot.readOnlyNixStore` to clarify that it configures the NixOS boot process, not the Nix daemon.
|
||||
|
||||
- Deprecated `xlibsWrapper` transitional package has been removed in favour of direct use of its constitutents: `xorg.libX11`, `freetype` and others.
|
||||
- Deprecated `xlibsWrapper` transitional package has been removed in favour of direct use of its constituents: `xorg.libX11`, `freetype` and others.
|
||||
|
||||
- The latest available version of Nextcloud is v26 (available as `pkgs.nextcloud26`) which uses PHP 8.2 as interpreter by default. The installation logic is as follows:
|
||||
- If `system.stateVersion` is >=23.05, `pkgs.nextcloud26` will be installed by default.
|
||||
@ -302,7 +302,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
[upstream's release notes](https://github.com/iputils/iputils/releases/tag/20221126)
|
||||
for more details and available replacements.
|
||||
|
||||
- The ppp plugin `rp-pppoe.so` has been renamed to `pppoe.so` in ppp 2.4.9. Starting from ppp 2.5.0, there is no longer a alias for backwards compatiblity. Configurations that use this plugin must be updated accordingly from `plugin rp-pppoe.so` to `plugin pppoe.so`. See [upstream change](https://github.com/ppp-project/ppp/commit/610a7bd76eb1f99f22317541b35001b1e24877ed).
|
||||
- The ppp plugin `rp-pppoe.so` has been renamed to `pppoe.so` in ppp 2.4.9. Starting from ppp 2.5.0, there is no longer a alias for backwards compatibility. Configurations that use this plugin must be updated accordingly from `plugin rp-pppoe.so` to `plugin pppoe.so`. See [upstream change](https://github.com/ppp-project/ppp/commit/610a7bd76eb1f99f22317541b35001b1e24877ed).
|
||||
|
||||
- [services.xserver.videoDrivers](options.html#opt-services.xserver.videoDrivers) now defaults to the `modesetting` driver over device-specific ones. The `radeon`, `amdgpu` and `nouveau` drivers are still available, but effectively unmaintained and not recommended for use.
|
||||
|
||||
@ -567,7 +567,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
The Pipewire config semantics don't really match the NixOS module semantics, so it's extremely awkward to override the default config, especially when lists are involved. Vendoring the configuration files in nixpkgs also creates unnecessary maintenance overhead.
|
||||
|
||||
Also, upstream added a lot of accomodations to allow doing most of the things you'd want to do with a config edit in better ways.
|
||||
Also, upstream added a lot of accommodations to allow doing most of the things you'd want to do with a config edit in better ways.
|
||||
|
||||
#### Migrating your configuration {#sec-release-23.05-migration-pipewire-how}
|
||||
|
||||
|
@ -21,7 +21,7 @@ in
|
||||
in
|
||||
{
|
||||
warnings = lib.mkIf config.xdg.portal.gtkUsePortal [
|
||||
"The option `${lib.showOption from}' defined in ${lib.showFiles fromOpt.files} has been deprecated. Setting the variable globally with `environment.sessionVariables' NixOS option can have unforseen side-effects."
|
||||
"The option `${lib.showOption from}' defined in ${lib.showFiles fromOpt.files} has been deprecated. Setting the variable globally with `environment.sessionVariables' NixOS option can have unforeseen side-effects."
|
||||
];
|
||||
}
|
||||
)
|
||||
|
@ -43,7 +43,7 @@ in
|
||||
};
|
||||
|
||||
unit = mkOption {
|
||||
description = lib.mdDoc "Celcius or Fahrenheit";
|
||||
description = lib.mdDoc "Celsius or Fahrenheit";
|
||||
type = types.enum [ "C" "F" ];
|
||||
default = "C";
|
||||
};
|
||||
|
@ -97,7 +97,7 @@ chroot_add_resolv_conf "$mountPoint" || echo "$0: failed to set up resolv.conf"
|
||||
exec 2>/dev/null
|
||||
fi
|
||||
|
||||
# Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings.
|
||||
# Run the activation script. Set $LOCALE_ARCHIVE to suppress some Perl locale warnings.
|
||||
LOCALE_ARCHIVE="$system/sw/lib/locale/locale-archive" IN_NIXOS_ENTER=1 chroot "$mountPoint" "$system/activate" 1>&2 || true
|
||||
|
||||
# Create /tmp. This is needed for nix-build and the NixOS activation script to work.
|
||||
|
@ -9,10 +9,10 @@ let
|
||||
literalExpression mkRenamedOptionModule mkDefault mkOption trivial types;
|
||||
|
||||
needsEscaping = s: null != builtins.match "[a-zA-Z0-9]+" s;
|
||||
escapeIfNeccessary = s: if needsEscaping s then s else ''"${lib.escape [ "\$" "\"" "\\" "\`" ] s}"'';
|
||||
escapeIfNecessary = s: if needsEscaping s then s else ''"${lib.escape [ "\$" "\"" "\\" "\`" ] s}"'';
|
||||
attrsToText = attrs:
|
||||
concatStringsSep "\n" (
|
||||
mapAttrsToList (n: v: ''${n}=${escapeIfNeccessary (toString v)}'') attrs
|
||||
mapAttrsToList (n: v: ''${n}=${escapeIfNecessary (toString v)}'') attrs
|
||||
) + "\n";
|
||||
|
||||
osReleaseContents = {
|
||||
|
@ -303,7 +303,7 @@ in
|
||||
programs.fish.interactiveShellInit = ''
|
||||
# add completions generated by NixOS to $fish_complete_path
|
||||
begin
|
||||
# joins with null byte to acommodate all characters in paths, then respectively gets all paths before (exclusive) / after (inclusive) the first one including "generated_completions",
|
||||
# joins with null byte to accommodate all characters in paths, then respectively gets all paths before (exclusive) / after (inclusive) the first one including "generated_completions",
|
||||
# splits by null byte, and then removes all empty lines produced by using 'string'
|
||||
set -l prev (string join0 $fish_complete_path | string match --regex "^.*?(?=\x00[^\x00]*generated_completions.*)" | string split0 | string match -er ".")
|
||||
set -l post (string join0 $fish_complete_path | string match --regex "[^\x00]*generated_completions.*" | string split0 | string match -er ".")
|
||||
|
@ -2,7 +2,7 @@
|
||||
let
|
||||
cfg = config.programs.nix-ld;
|
||||
|
||||
# TODO make glibc here configureable?
|
||||
# TODO make glibc here configurable?
|
||||
nix-ld-so = pkgs.runCommand "ld.so" {} ''
|
||||
ln -s "$(cat '${pkgs.stdenv.cc}/nix-support/dynamic-linker')" $out
|
||||
'';
|
||||
|
@ -25,9 +25,9 @@ in
|
||||
type = types.nullOr types.package;
|
||||
default = null;
|
||||
description = mdDoc ''
|
||||
This option provides access to the overriden result of `programs.singularity.package`.
|
||||
This option provides access to the overridden result of `programs.singularity.package`.
|
||||
|
||||
For example, the following configuration makes all the Nixpkgs packages use the overriden `singularity`:
|
||||
For example, the following configuration makes all the Nixpkgs packages use the overridden `singularity`:
|
||||
```Nix
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
@ -42,7 +42,7 @@ in
|
||||
}
|
||||
```
|
||||
|
||||
Use `lib.mkForce` to forcefully specify the overriden package.
|
||||
Use `lib.mkForce` to forcefully specify the overridden package.
|
||||
'';
|
||||
};
|
||||
enableFakeroot = mkOption {
|
||||
|
@ -39,7 +39,7 @@ in
|
||||
config = mkIf cfg.ensureHeadlessSoftwareOpenGL {
|
||||
|
||||
# TurboVNC has builtin support for Mesa llvmpipe's `swrast`
|
||||
# software rendering to implemnt GLX (OpenGL on Xorg).
|
||||
# software rendering to implement GLX (OpenGL on Xorg).
|
||||
# However, just building TurboVNC with support for that is not enough
|
||||
# (it only takes care of the X server side part of OpenGL);
|
||||
# the indiviudual applications (e.g. `glxgears`) also need to directly load
|
||||
|
@ -112,7 +112,7 @@ in
|
||||
(mkRemovedOptionModule [ "services" "cryptpad" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "rtsp-simple-server" ] "Package has been completely rebranded by upstream as mediamtx, and thus the service and the package were renamed in NixOS as well.")
|
||||
|
||||
(mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Plesae use fcitx5 instead")
|
||||
(mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Please use fcitx5 instead")
|
||||
|
||||
# Do NOT add any option renames here, see top of the file
|
||||
];
|
||||
|
@ -53,7 +53,7 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
# give flannel som kubernetes rbac permissions if applicable
|
||||
# give flannel some kubernetes rbac permissions if applicable
|
||||
services.kubernetes.addonManager.bootstrapAddons = mkIf ((storageBackend == "kubernetes") && (elem "RBAC" top.apiserver.authorizationMode)) {
|
||||
|
||||
flannel-cr = {
|
||||
|
@ -337,7 +337,7 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
# Allways include cni plugins
|
||||
# Always include cni plugins
|
||||
services.kubernetes.kubelet.cni.packages = [pkgs.cni-plugins pkgs.cni-plugin-flannel];
|
||||
|
||||
boot.kernelModules = ["br_netfilter" "overlay"];
|
||||
|
@ -207,7 +207,7 @@ in
|
||||
export LABELS_CURRENT="$(cat $LABELS_FILE 2>/dev/null || echo 0)"
|
||||
|
||||
if [ ! -e "$INSTANCE_DIR/.runner" ] || [ "$LABELS_WANTED" != "$LABELS_CURRENT" ]; then
|
||||
# remove existing registration file, so that changing the labels forces a re-registation
|
||||
# remove existing registration file, so that changing the labels forces a re-registration
|
||||
rm -v "$INSTANCE_DIR/.runner" || true
|
||||
|
||||
# perform the registration
|
||||
|
@ -23,7 +23,7 @@ let
|
||||
DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||
}
|
||||
'';
|
||||
description = lib.mdDoc "woodpecker-agent config envrionment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)";
|
||||
description = lib.mdDoc "woodpecker-agent config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)";
|
||||
};
|
||||
|
||||
extraGroups = lib.mkOption {
|
||||
|
@ -28,7 +28,7 @@ in
|
||||
WOODPECKER_GITEA_URL = "https://git.example.com";
|
||||
}
|
||||
'';
|
||||
description = lib.mdDoc "woodpecker-server config envrionment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/server-config)";
|
||||
description = lib.mdDoc "woodpecker-server config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/server-config)";
|
||||
};
|
||||
environmentFile = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
|
@ -164,7 +164,7 @@ in
|
||||
example = [ "--advertise-addr" "[fe80::f6f2:::]" ];
|
||||
description = lib.mdDoc ''
|
||||
Extra CLI arguments passed to {command}`cockroach start`.
|
||||
For the full list of supported argumemnts, check <https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags>
|
||||
For the full list of supported arguments, check <https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -141,7 +141,7 @@ in {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = lib.mdDoc ''
|
||||
Extra configuration. Overrides any other cofiguration.
|
||||
Extra configuration. Overrides any other configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
# TODO: This may file may need additional review, eg which configuartions to
|
||||
# TODO: This may file may need additional review, eg which configurations to
|
||||
# expose to the user.
|
||||
#
|
||||
# I only used it to access some simple databases.
|
||||
|
@ -142,7 +142,7 @@ in
|
||||
User = cfg.user;
|
||||
PIDFile = cfg.pidFile;
|
||||
Type = "forking";
|
||||
TimeoutStartSec=120; # intial creating of journal can take some time
|
||||
TimeoutStartSec=120; # initial creating of journal can take some time
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
|
||||
|
@ -16,7 +16,7 @@ with lib;
|
||||
|
||||
enable = mkEnableOption (lib.mdDoc ''
|
||||
Provides some dbus interfaces that is used for screen zone detecting,
|
||||
thumbnail generating, and sound playing in Deepin Desktop Enviroment.
|
||||
thumbnail generating, and sound playing in Deepin Desktop Environment.
|
||||
'');
|
||||
|
||||
};
|
||||
|
@ -72,7 +72,7 @@ in
|
||||
type = types.str;
|
||||
description = lib.mdDoc ''
|
||||
Password file for the postgresql connection.
|
||||
Must be formated according to PostgreSQL .pgpass standard (see https://www.postgresql.org/docs/current/libpq-pgpass.html)
|
||||
Must be formatted according to PostgreSQL .pgpass standard (see https://www.postgresql.org/docs/current/libpq-pgpass.html)
|
||||
but only one line, no comments and readable by user `nginx`.
|
||||
Ignored if `database.host` is set to `localhost`, as peer authentication will be used.
|
||||
'';
|
||||
|
@ -60,7 +60,7 @@ in
|
||||
default = [ ];
|
||||
example = [ "192.168.1.0/24" "192.168.2.0/24" ];
|
||||
description = lib.mdDoc ''
|
||||
Acess control list for incoming SIP registrations.
|
||||
Access control list for incoming SIP registrations.
|
||||
'';
|
||||
};
|
||||
|
||||
@ -69,7 +69,7 @@ in
|
||||
default = [ ];
|
||||
example = [ "123.45.0.0/16" "123.46.0.0/16" ];
|
||||
description = lib.mdDoc ''
|
||||
Acess control list for incoming SIP traffic.
|
||||
Access control list for incoming SIP traffic.
|
||||
'';
|
||||
};
|
||||
|
||||
@ -78,7 +78,7 @@ in
|
||||
default = [ ];
|
||||
example = [ "10.0.0.0/8" "11.0.0.0/8" ];
|
||||
description = lib.mdDoc ''
|
||||
Acess control list for denying incoming
|
||||
Access control list for denying incoming
|
||||
SIP registrations and traffic.
|
||||
'';
|
||||
};
|
||||
|
@ -1614,7 +1614,7 @@ in
|
||||
|
||||
The following property holds: switching to a configuration
|
||||
(`switch-to-configuration`) that changes the prometheus
|
||||
configuration only finishes successully when prometheus has finished
|
||||
configuration only finishes successfully when prometheus has finished
|
||||
loading the new configuration.
|
||||
'';
|
||||
};
|
||||
|
@ -47,7 +47,7 @@ in {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Whether to disable the prometheus ouput plugin.
|
||||
Whether to disable the prometheus output plugin.
|
||||
'';
|
||||
};
|
||||
http_listen = mkOption {
|
||||
@ -71,7 +71,7 @@ in {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Whether to disable the influxdb ouput plugin.
|
||||
Whether to disable the influxdb output plugin.
|
||||
'';
|
||||
};
|
||||
url = mkOption {
|
||||
|
@ -393,7 +393,7 @@ in {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
Path to a file containg ACL policies.
|
||||
Path to a file containing ACL policies.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -94,7 +94,7 @@ in
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
description = mdDoc ''
|
||||
Wireguard address of this peer (a single IP address, multliple
|
||||
Wireguard address of this peer (a single IP address, multiple
|
||||
addresses or address ranges are not supported).
|
||||
'';
|
||||
example = "10.0.0.42";
|
||||
|
@ -30,7 +30,7 @@ you first need to add documents to an index before you can search for documents.
|
||||
|
||||
- The default nixos package doesn't come with the [dashboard](https://docs.meilisearch.com/learn/getting_started/quick_start.html#search), since the dashboard features makes some assets downloads at compile time.
|
||||
|
||||
- Anonimized Analytics sent to meilisearch are disabled by default.
|
||||
- Anonymized Analytics sent to meilisearch are disabled by default.
|
||||
|
||||
- Default deployment is development mode. It doesn't require a secret master key. All routes are not protected and accessible.
|
||||
|
||||
|
@ -72,7 +72,7 @@ let
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = mdDoc ''
|
||||
Path to your JWT secret used during identity verificaiton.
|
||||
Path to your JWT secret used during identity verificaton.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -10,7 +10,7 @@ let
|
||||
certPaths = builtins.map builtins.dirOf [ cfg.serverSettings.tls_chain cfg.serverSettings.tls_key ];
|
||||
|
||||
# Merge bind mount paths and remove paths where a prefix is already mounted.
|
||||
# This makes sure that if e.g. the tls_chain is in the nix store and /nix/store is alread in the mount
|
||||
# This makes sure that if e.g. the tls_chain is in the nix store and /nix/store is already in the mount
|
||||
# paths, no new bind mount is added. Adding subpaths caused problems on ofborg.
|
||||
hasPrefixInList = list: newPath: lib.any (path: lib.hasPrefix (builtins.toString path) (builtins.toString newPath)) list;
|
||||
mergePaths = lib.foldl' (merged: newPath: let
|
||||
|
@ -173,7 +173,7 @@ let
|
||||
}
|
||||
{
|
||||
assertion = config.usersFile != null -> config.mergedConfig.useacl != false;
|
||||
message = "${showPath [ "settings" "useacl" ]} is required when ${showPath [ "usersFile" ]} is set (Currently defiend as `${config.usersFile}' in ${showFiles options.usersFile.files}).";
|
||||
message = "${showPath [ "settings" "useacl" ]} is required when ${showPath [ "usersFile" ]} is set (Currently defined as `${config.usersFile}' in ${showFiles options.usersFile.files}).";
|
||||
}
|
||||
];
|
||||
})
|
||||
|
@ -35,7 +35,7 @@ in {
|
||||
ipAdresses = lib.mkOption {
|
||||
default = ["0.0.0.0" "::"];
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = lib.mdDoc "IP Adresses to bind to. The default is to bind
|
||||
description = lib.mdDoc "IP Addresses to bind to. The default is to bind
|
||||
to all IPv4 and IPv6 addresses.";
|
||||
};
|
||||
};
|
||||
|
@ -508,7 +508,7 @@ in {
|
||||
type = with lib.types; listOf path;
|
||||
default = [];
|
||||
description = lib.mdDoc ''
|
||||
Extra environment files to pass to all mastodon services. Useful for passing down environemntal secrets.
|
||||
Extra environment files to pass to all mastodon services. Useful for passing down environmental secrets.
|
||||
'';
|
||||
example = [ "/etc/mastodon/s3config.env" ];
|
||||
};
|
||||
|
@ -367,7 +367,7 @@ in {
|
||||
};
|
||||
|
||||
systemd.services.monica-setup = {
|
||||
description = "Preperation tasks for monica";
|
||||
description = "Preparation tasks for monica";
|
||||
before = ["phpfpm-monica.service"];
|
||||
after = optional db.createLocally "mysql.service";
|
||||
wantedBy = ["multi-user.target"];
|
||||
|
@ -31,7 +31,7 @@ in
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Wether to add an entry to `/etc/hosts` for the configured nextcloud domain to point to `localhost` and add `localhost `to nextcloud's `trusted_proxies` config option.
|
||||
Whether to add an entry to `/etc/hosts` for the configured nextcloud domain to point to `localhost` and add `localhost `to nextcloud's `trusted_proxies` config option.
|
||||
|
||||
This is useful when nextcloud's domain is not a static IP address and when the reverse proxy cannot be bypassed because the backend connection is done via unix socket.
|
||||
'';
|
||||
|
@ -556,7 +556,7 @@ in {
|
||||
default = config.services.nextcloud.notify_push.enable;
|
||||
defaultText = literalExpression "config.services.nextcloud.notify_push.enable";
|
||||
description = lib.mdDoc ''
|
||||
Wether to configure nextcloud to use the recommended redis settings for small instances.
|
||||
Whether to configure nextcloud to use the recommended redis settings for small instances.
|
||||
|
||||
::: {.note}
|
||||
The `notify_push` app requires redis to be configured. If this option is turned off, this must be configured manually.
|
||||
|
@ -237,7 +237,7 @@ in {
|
||||
QUEUE_DRIVER = mkDefault "redis";
|
||||
SESSION_DRIVER = mkDefault "redis";
|
||||
WEBSOCKET_REPLICATION_MODE = mkDefault "redis";
|
||||
# Suppport phpredis and predis configuration-style.
|
||||
# Support phpredis and predis configuration-style.
|
||||
REDIS_SCHEME = "unix";
|
||||
REDIS_HOST = config.services.redis.servers.pixelfed.unixSocket;
|
||||
REDIS_PATH = config.services.redis.servers.pixelfed.unixSocket;
|
||||
|
@ -77,7 +77,7 @@ updated to make sure that the
|
||||
on fresh setups.
|
||||
|
||||
If major-releases will be abandoned by upstream, we should check first if those are needed
|
||||
in NixOS for a safe upgrade-path before removing those. In that case we shold keep those
|
||||
in NixOS for a safe upgrade-path before removing those. In that case we should keep those
|
||||
packages, but mark them as insecure in an expression like this (in
|
||||
`<nixpkgs/pkgs/tools/filesystem/garage/default.nix>`):
|
||||
```
|
||||
|
@ -152,7 +152,7 @@ in
|
||||
|
||||
Expressed as a list of attribute sets. Each set must have a key `route`
|
||||
that becomes the section name for that route in the stargazer ini cofig.
|
||||
The remaining keys and vaules become the parameters for that route.
|
||||
The remaining keys and values become the parameters for that route.
|
||||
|
||||
[Refer to upstream docs for other params](https://git.sr.ht/~zethra/stargazer/tree/main/item/doc/stargazer.ini.5.txt)
|
||||
'';
|
||||
|
@ -40,7 +40,7 @@ in
|
||||
description = lib.mdDoc ''
|
||||
Extra Python packages available to Qtile.
|
||||
An example would be to include `python3Packages.qtile-extras`
|
||||
for additional unoffical widgets.
|
||||
for additional unofficial widgets.
|
||||
'';
|
||||
example = literalExpression ''
|
||||
python3Packages: with python3Packages; [
|
||||
|
@ -213,7 +213,7 @@ sub GrubFs {
|
||||
$search .= $matches[0];
|
||||
}
|
||||
|
||||
# BTRFS is a special case in that we need to fix the referrenced path based on subvolumes
|
||||
# BTRFS is a special case in that we need to fix the referenced path based on subvolumes
|
||||
if ($fs->type eq 'btrfs') {
|
||||
my ($status, @id_info) = runCommand("@btrfsprogs@/bin/btrfs", "subvol", "show", @{[$fs->mount]});
|
||||
if ($status != 0) {
|
||||
@ -586,7 +586,7 @@ sub getEfiTarget {
|
||||
if (($grubTarget eq "") || ($grubTargetEfi eq "")) { die }
|
||||
else { return "both" }
|
||||
} elsif (($grub ne "") && ($grubEfi eq "")) {
|
||||
# TODO: It would be safer to disallow non-EFI grub installation if no taget is given.
|
||||
# TODO: It would be safer to disallow non-EFI grub installation if no target is given.
|
||||
# If no target is given, then grub auto-detects the target which can lead to errors.
|
||||
# E.g. it seems as if grub would auto-detect a EFI target based on the availability
|
||||
# of a EFI partition.
|
||||
|
@ -130,7 +130,7 @@ let
|
||||
''}
|
||||
|
||||
# Disable all input echo for the whole stage. We could use read -s
|
||||
# instead but that would ocasionally leak characters between read
|
||||
# instead but that would occasionally leak characters between read
|
||||
# invocations.
|
||||
stty -echo
|
||||
'';
|
||||
@ -861,7 +861,7 @@ in
|
||||
'';
|
||||
description = lib.mdDoc ''
|
||||
Commands that should be run right before we try to mount our LUKS device.
|
||||
This can be useful, if the keys needed to open the drive is on another partion.
|
||||
This can be useful, if the keys needed to open the drive is on another partition.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -445,7 +445,7 @@ lustrateRoot () {
|
||||
mv -v "$d" "$root/old-root.tmp"
|
||||
done
|
||||
|
||||
# Use .tmp to make sure subsequent invokations don't clash
|
||||
# Use .tmp to make sure subsequent invocations don't clash
|
||||
mv -v "$root/old-root.tmp" "$root/old-root"
|
||||
|
||||
mkdir -m 0755 -p "$root/etc"
|
||||
|
@ -16,7 +16,7 @@ let
|
||||
local path="$2"
|
||||
if bcachefs unlock -c $path > /dev/null 2> /dev/null; then # test for encryption
|
||||
prompt $name
|
||||
until bcachefs unlock $path 2> /dev/null; do # repeat until sucessfully unlocked
|
||||
until bcachefs unlock $path 2> /dev/null; do # repeat until successfully unlocked
|
||||
printf "unlocking failed!\n"
|
||||
prompt $name
|
||||
done
|
||||
|
@ -25,7 +25,7 @@ in
|
||||
type = types.listOf types.path;
|
||||
example = [ "/" ];
|
||||
description = lib.mdDoc ''
|
||||
List of paths to btrfs filesystems to regularily call {command}`btrfs scrub` on.
|
||||
List of paths to btrfs filesystems to regularly call {command}`btrfs scrub` on.
|
||||
Defaults to all mount points with btrfs filesystems.
|
||||
If you mount a filesystem multiple times or additionally mount subvolumes,
|
||||
you need to manually specify this list to avoid scrubbing multiple times.
|
||||
|
@ -396,7 +396,7 @@ let
|
||||
'';
|
||||
postStop = ''
|
||||
echo "Cleaning Open vSwitch ${n}"
|
||||
echo "Shuting down internal ${n} interface"
|
||||
echo "Shutting down internal ${n} interface"
|
||||
ip link set ${n} down || true
|
||||
echo "Deleting flows for ${n}"
|
||||
ovs-ofctl --protocols=${v.openFlowVersion} del-flows ${n} || true
|
||||
|
@ -437,7 +437,7 @@ in
|
||||
'';
|
||||
postStop = ''
|
||||
echo "Cleaning Open vSwitch ${n}"
|
||||
echo "Shuting down internal ${n} interface"
|
||||
echo "Shutting down internal ${n} interface"
|
||||
ip link set ${n} down || true
|
||||
echo "Deleting flows for ${n}"
|
||||
ovs-ofctl --protocols=${v.openFlowVersion} del-flows ${n} || true
|
||||
|
@ -43,7 +43,7 @@ in
|
||||
# Passing the terminal device makes bash run non-interactively.
|
||||
# Otherwise we get errors on the terminal because bash tries to
|
||||
# setup things like job control.
|
||||
# Note: calling bash explicitely here instead of sh makes sure that
|
||||
# Note: calling bash explicitly here instead of sh makes sure that
|
||||
# we can also run non-NixOS guests during tests.
|
||||
PS1= exec /usr/bin/env bash --norc /dev/hvc0
|
||||
'';
|
||||
|
Loading…
Reference in New Issue
Block a user