Commit Graph

866 Commits

Author SHA1 Message Date
Philip Taron
82ab56b332
nixos/locate: update hardening from upstream (#362126) 2024-12-06 12:51:10 -08:00
K900
10f4a9ab75
linux/common-config: enable support for crashkernel dumps (#347932) 2024-12-06 10:15:20 +03:00
Sandro Jäckel
578e4012fd
nixos/locate: update hardening from upstream 2024-12-04 15:38:37 +01:00
Doron Behar
32ad523bd5
nixos/documentation: Link Devhelp files (#218123) 2024-12-01 11:25:40 +02:00
Fernando Rodrigues
02e1f93cb4
nixos/version: add extraOSReleaseArgs and extraLSBReleaseArgs
A free-form `attrsOf str` option that is merged with the /etc/os-release
builder, allowing downstreams to customise arbitrary os-release fields.
This is separate from the variant option, as using an attribute set
merge means one gets an infinte recursion when making extraOSReleaseArgs
a recursive set, and the variant attribute is useful to define elsewhere
or multiple times.

Ditto for /etc/lsb-release.

Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
2024-11-29 19:58:29 -03:00
Fernando Rodrigues
b4d7b9ade2
nixos/version: use 24-bit ANSI colour code
It's almost 2025; we don't need to use 3-bit colour anymore. Let's use
the proper colour code for NixOS' light blue:
ea1384e183/logo/README.md (colours)

Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
2024-11-29 19:56:30 -03:00
jopejoe1
bf5d64a130
nixos/os-release: make default_hostname distribution default (#359571) 2024-11-29 22:54:21 +00:00
Juanjo Presa
5a6ea278da nixos/os-release: make default_hostname distroId 2024-11-28 13:25:47 +01:00
Felix Buehler
9a8512f460 nixos/meta: remove with lib; 2024-11-27 22:26:56 +01:00
Felix Buehler
0334b1bf8e nixos/label: remove with lib; 2024-11-27 22:26:56 +01:00
Felix Buehler
4feff6c9b5 nixos/crashdump: remove with lib; 2024-11-27 22:26:56 +01:00
Felix Buehler
650b7695e0 nixos/assertions: remove with lib; 2024-11-27 22:26:56 +01:00
Sefa Eyeoglu
d8b5f031dc
nixos/crashdump: remove redundant kernel patch
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
2024-11-24 13:21:20 +01:00
Tristan Ross
f49e820fbc
24.11 beta release 2024-11-14 09:02:09 -08:00
MidAutumnMoon
ab526e04fe
nixos/ids: explain *why* uids/gids shouldn't be above "399" 2024-11-06 14:13:02 +08:00
Johannes Jöns
846ec9d5ef
nixos/os-release: add additional info (#338461) 2024-10-31 22:09:55 +01:00
jopejoe1
3dec4d4a9e nixos/os-release: add additional info 2024-10-30 20:24:40 +01:00
Tomo
76c7c2dd88 nodePackages.shout: drop
shout has been deprecated since 2016:
90a62c56af

Also, move the top-level `shout` alias to `pkgs/top-level/aliases.nix`.

Part of #229475
2024-10-19 17:53:20 +00:00
Maximilian Bosch
875f00ed40
gogs: remove
Upstream development has stalled and several critical vulnerabilities
that weren't addressed within a year[1][2].

Back then it was fair to mark it as insecure, but given nothing has
happened since, it's time to remove it.

[1] https://forgejo.org/2023-11-release-v1-20-5-1/
[2] https://github.com/gogs/gogs/issues/7777
2024-10-12 10:36:06 +02:00
r-vdp
70119aa60f
nixis/uinput: use a fixed GID for the uinput group 2024-10-05 10:21:26 +02:00
r-vdp
469f505813
nixos/{uinput,ids}: format 2024-10-05 10:21:01 +02:00
Matt Sturgeon
6d9dfef94f
nixos/nixpkgs: show definition files in config assertion 2024-09-20 10:42:45 +01:00
Matt Sturgeon
1bd4da1848
nixos/nixpkgs: fix config assertion text
The assertion message should include the `nixpkgs.config` value, however
it currently includes the entire `nixpkgs.config` _option_.

This means the type, declarations, definitions, etc were all printed.
2024-09-20 10:42:05 +01:00
Felix Buehler
22cbc6c0f6 nixos/nixpkgs: fix incorrect lib usage 2024-09-16 21:07:34 +02:00
Felix Buehler
30c85fe74d nixos/wordlist: remove with lib; 2024-09-15 10:43:46 +02:00
Felix Buehler
609e57485d nixos/nixpkgs: remove with lib; 2024-09-15 10:43:45 +02:00
Felix Buehler
6af918a564 nixos/flake: remove with lib; 2024-09-15 10:43:45 +02:00
Martin Weinelt
ad601344e1
Revert "nixos/version: validate system.stateVersion" (#339671)
This broke the eval of the ISOs on nixos/unstable-small and likely nixos/trunk-combined. See #339671 for details.
2024-09-05 03:22:20 +02:00
Johannes Jöns
3df1783166
nixos/version: validate system.stateVersion (#317858) 2024-09-04 18:09:57 +00:00
tilpner
03faf8f3bb
nixos/version: validate system.stateVersion 2024-08-24 15:54:47 +02:00
Emily
7ec755257a hydron: drop
This package was marked as vulnerable in
<https://github.com/NixOS/nixpkgs/pull/255959>, almost a year ago and
over a year after the project was archived upstream. The package and
module are unusable without bypassing a security warning in 23.05,
23.11, and 24.05.

Given that the package is intended as an organizer for
potentially‐untrusted media files, the vulnerability is critical and
leads to remote code execution, and there is basically no prospect
of upstream releasing a fix, remove the package and module entirely
for 24.11.
2024-08-03 20:27:19 +01:00
Maximilian Güntner
23e62062bc
nixos/mxisd: remove module
mxisd and ma1sd are both unmaintained
2024-07-12 11:44:59 +02:00
Sandro Jäckel
dd743c70ee
nixos/locate: persist updatedb timer 2024-07-05 20:12:15 +02:00
éclairevoyant
7d8742da87
treewide: fix mkEnableOption usage 2024-06-14 02:41:42 -04:00
Sandro Jäckel
8e66b653e8
nixos/locate: drop with lib{,.types}, misc cleanup 2024-06-11 00:44:19 +02:00
Sandro Jäckel
dec5ef74b0
nixos/locate: only set LOCATE_PATH for findutils locate
For plocate/mlocate it causes the results to be printed twice.
2024-06-11 00:10:09 +02:00
nikstur
acba687721 nixos/version: remove strict type constraints from image options
This constraints aren't super useful because they arent really enforced
by the software, so it's hard to get them right and we've gotten them
wrong multiple times in the past. It's better to remove them altogether
in the spirit of RFC 42.
2024-05-29 16:13:41 +02:00
nikstur
ff776981fe nixos/version: support UAPI Version Format in IMAGE_VERSION field
Add '~' and '^' to the supported characters for the field. These
characters are needed to be able to define all versions that are
compatible with the UAPI Version Format specification.

One example where this is used is the `%A` flag in systemd.unit. If we
don't allow these other characters, we for example cannot declare a
pre-relase version.

systemd, as far as I can tell, doesn't enforce any restrictions on the
os-release fields.

https://uapi-group.org/specifications/specs/version_format_specification/
2024-05-16 15:37:41 +02:00
emilylange
2872e10333
nixos/manual: apply cfg.warningsAreErrors to nix eval as well
This change makes `baseOptionsJSON` (`lazy-option.json`) take
our existing `documentation.nixos.options.warningsAreErrors` option into
account to then set the `NIX_ABORT_ON_WARN` environment variable within
its build sandbox accordingly.

Given `documentation.nixos.options.warningsAreErrors` default to true,
our nixpkgs CI check that builds the NixOS manual for each PR, will now
fail when something raises a warning, e.g. as part of the `lib.mdDoc`
deprecation.

This should prevent new PRs with lib.mdDoc from getting merged.

Previously, the manual would build successfully, even if an eval warning
was raised.
2024-04-21 18:01:26 +02:00
Valentin Gagarin
e6057cfd59 doc: link to Nixpkgs manual for global configuration options
Co-authored-by: Dominic Mills <dominic.millz27@gmail.com>
2024-04-15 17:00:26 +02:00
stuebinm
6afb255d97 nixos: remove all uses of lib.mdDoc
these changes were generated with nixq 0.0.2, by running

  nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
  nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
  nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix

two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.

Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
2024-04-13 10:07:35 -07:00
Philip Taron
58f791c765
nixos/documentation: avoid top-level with ...; in nixos/modules/misc/documentation.nix 2024-04-01 18:29:29 -07:00
aleksana
b60f6b118b nixos/mandoc: add leading slash to manPath 2024-03-20 00:56:18 +01:00
aleksana
da089cf63a nixos/mandoc: fix invalid manpath directory and add cachePath option 2024-03-20 00:56:18 +01:00
Jared Baur
3794246066
nixos/nixpkgs: fix determination for cross-compiled nixos system
Since the output of `lib.systems.elaborate` contains functions, an
equality check with `==` does not suffice, `lib.systems.equals` should
be used instead.
2024-03-01 09:05:08 -08:00
Ryan Lahfa
5337ff6a80
Merge pull request #254405 from lf-/jade/nix-path-flakes
nixos/flake: set up NIX_PATH and system flake registry automatically
2024-02-25 21:08:19 +01:00
Sandro
756e574ebd
Merge pull request #282971 from wegank/restya-board-drop
restya-board: drop
2024-02-10 17:28:05 +01:00
Peter Hoeg
9a113b42b3 nixos/version: add ANSI_COLOR 2024-02-08 00:14:53 +01:00
Weijia Wang
29b534a3d4 restya-board: drop 2024-02-07 01:33:05 +01:00
Jade Lovelace
e456032add nixos/flake: put nixpkgs in NIX_PATH and system registry for flake configs
Currently there are a bunch of really wacky hacks required to get nixpkgs
path correctly set up under flake configs such that `nix run
nixpkgs#hello` and `nix run -f '<nixpkgs>' hello` hit the nixpkgs that
the system was built with. In particular you have to use specialArgs or
an anonymous module, and everyone has to include this hack in their
own configs.

We can do this for users automatically.

I have tested these manually with a basic config; I don't know if it is
even possible to write a nixos test for it since you can't really get a
string-with-context to yourself unless you are in a flake context.
2024-02-03 20:44:38 -08:00