Commit Graph

3621 Commits

Author SHA1 Message Date
Martin Weinelt
35d7617d81
Merge pull request #200354 from mweinelt/kanidm-1.1.0-alpha.10 2022-11-26 22:11:29 +01:00
Flakebi
272ac9ec64 kanidm: add release not for tls requirement 2022-11-26 21:43:12 +01:00
Guillaume Bouchard
d1b6d2d0ab haskellPackages.callHackage: updating all-cabal-hashes do not invalidate callHackage
Packages built with `haskellPackages.callHackage` won't be rebuilt when
updating `all-cabal-hashes`.

The removed comment was keeping a reference to the `cabal2nix` call,
which itself depends on `all-cabal-hashes`, in order to keep this file
during a garbage collection.

The tradeoff is between:

- The current behavior: a mass rebuild, any change of `all-cabal-hashes`
  triggers a rebuild of all the packages built with `callHackage` and
  packages which depend on them. This can take hours, and may happen
  after a "small" unrelated change (i.e. an user is bumping
  `all-cabal-hashes` in order to use a new package from hackage). It
  also have global impacts in a project (long rebuild in CI, new entries
  in cache, developers need to fetch the new entries, ...). In this
  context, `cabal2nix` entries are not garbage collected.
- The new behavior: No mass rebuild, but `cabal2nix` derivations need to
  be recomputed after a garbage collection. This is usually fast (a few
  seconds by call), linear with the number of calls and should not
  happen a lot (i.e. users are not garbage collecting everyday).

See https://github.com/NixOS/nixpkgs/issues/194751 for details.
2022-11-26 19:00:56 +01:00
sternenseemann
7b9b222763 nixos/doc: update RL entry for GNAT update 2022-11-26 14:20:09 +01:00
Leonardo Taglialegne
6d77ca3ffd Fix typo in 22.11 release notes 2022-11-25 16:11:54 +01:00
Robert Hensing
d08a22c7ce
Merge pull request #201937 from panda2134/master
netlify-cli: 6.13.2 -> 12.2.4, esbuild_netlify: 0.13.6 -> 0.14.39
2022-11-24 13:52:52 +00:00
Linus Heckemann
eddfcf8622 amazon-image: fetch metadata only in stage-2
This also removes automatic enablement/mounting of instance store swap
devices and ext3 filesystems. This behaviour is strongly opinionated
and shouldn't be enabled by default.

The unionfs behaviour never took effect anyway, because the AMI
manifest path only exists for instance store-backed AMIs, which have
not been supported by nixpkgs since
84742e2293 (2019).
2022-11-23 17:19:13 +01:00
figsoda
82fe76d1cd carnix,cratesIO: remove 2022-11-22 14:10:25 -05:00
Valentin Gagarin
10ffe1e731
Merge pull request #201084 from wentasah/nixos-doc-fix-install
nixos/doc: fix installing from other distro
2022-11-22 11:13:09 +01:00
panda2134
669067ed04 netlify-cli: update release note for updating netlify-cli 2022-11-22 12:20:11 +08:00
Martin Weinelt
36f58b687c
nixos/evcc: init 2022-11-21 22:40:15 +01:00
Sandro
caf13a5bb1
Merge pull request #182759 from otopetrik/proxmox-image-uefi 2022-11-21 21:34:30 +01:00
Martin Weinelt
b68bd2ee52 23.05 is Stoat 2022-11-21 21:22:27 +01:00
Sandro
3a05360e53
Merge pull request #200082 from panicgh/fetchgit-sparse-checkout 2022-11-21 20:00:56 +01:00
Maximilian Bosch
853d0a3f2b
Merge pull request #199150 from Ma27/grafana-fixup
nixos/grafana: documentation/warning improvements after #191768
2022-11-20 20:53:25 +01:00
Maximilian Bosch
4a73fad515
nixos/doc: also note that external YAML files for grafana will end up in the store 2022-11-20 20:03:38 +01:00
Maximilian Bosch
2580440389
Merge pull request #198470 from RaitoBezarius/nc25-openssl
nextcloud25: use openssl 1.1 as a PHP extension to fix RC4 encryption
2022-11-20 18:32:41 +01:00
Maximilian Bosch
9d7e9c5965
nixos/grafana: allow using both directories or single YAML files for non-Nix provisioning 2022-11-20 18:21:41 +01:00
Maximilian Bosch
b300ec349c
nixos/doc: wording fix 2022-11-20 18:21:40 +01:00
Maximilian Bosch
03b34e85d4
nixos/grafana: we only support single YAML files for provisioning 2022-11-20 18:21:39 +01:00
Maximilian Bosch
afd6199cff
nixos/grafana: re-add legacy notifiers test, mention notifiers in release notes 2022-11-20 18:21:39 +01:00
Maximilian Bosch
252785fd9c
nixos/doc: improve release-notes for services.grafana 2022-11-20 18:21:38 +01:00
Elis Hirwing
14cc62d7e6
Merge pull request #201000 from drupol/php/8.2.0
php82: init at 8.2.0rc6
2022-11-20 16:01:00 +01:00
Martin Weinelt
55ab131ee2
nixos/manual: Don't recommend mkpasswd methods
Instead rely on the default, which at this time is yescrypt.
2022-11-19 14:07:59 +01:00
Sergei Trofimovich
00d016a2f5
Merge pull request #186764 from fricklerhandwerk/remove-syntax-overview
remove Nix language syntax summary
2022-11-18 22:41:54 +00:00
Vladimír Čunát
8ab030e8de
Merge #201359: firefox, thunderbird, librewolf: Enable wayland support by default 2022-11-18 10:49:22 +01:00
Kerstin Humm
d35c9e04e6 mastodon: 3.5.3 -> 4.0.2 2022-11-17 20:05:50 +01:00
Christian Kögler
de60d387a0
Merge pull request #200180 from Korny666/fix_install_chapter
nixos/doc: correct install summary
2022-11-17 17:42:12 +01:00
Martin Weinelt
c156bdf40d
firefox, thunderbird, librewolf: Enable wayland support by default
Enabling Wayland support by default prevents use of XWayland on Wayland
systems, while correctly falling back to X11 when Wayland is
unavailable in the current session.

With the current packaging many people unnecessarily rely on the
`firefox` attribute, which is suggested by nixos-generate-config, which
in turn makes their Firefox use XWayland, when it shouldn't, which
causes bugs with GNOME on Wayland:

https://discourse.nixos.org/t/firefox-all-black-when-first-launched-after-login/21143

Using the Wayland-enabled Firefox was tested on pure X11 systems by
contributors on the #nix-mozilla:nixos.org room and we are confident
this change will not cause severe regressions.

Even better, people can now toggle `MOZ_ENABLE_WAYLAND=<0|1>` in their
environment to override this decision, should they feel the need to do
so.
2022-11-17 11:50:12 +01:00
Maxime Brunet
29b5192b08
automatic-timezoned: init at 1.0.41 2022-11-16 15:26:21 -08:00
Thiago Kenji Okada
eb8b2d7142 nixos/docs: document picom module changes 2022-11-16 20:14:34 +00:00
Pol Dellaiera
1812d1540e
php82: init at 8.2.0rc6 2022-11-16 18:57:26 +01:00
sternenseemann
a110f08f12 ocamlPackages.extlib: rename from ocaml_extlib
This matches the name used in dune and on OPAM.
2022-11-16 14:30:37 +01:00
Vincent Haupert
2f71de984e release-notes: mention new services.github-runners & breaking changes 2022-11-15 23:53:04 -05:00
Nicolas Benes
f6b07f0e2f fetchgit: make sparseCheckout a list of strings
The `sparseCheckout` argument allows the user to specify directories or
patterns of files, which Git uses to filter files it should check-out.

Git expects a multi-line string on stdin ("newline-delimited list", see
`git-sparse-checkout(1)`), but within nixpkgs it is more consistent to
use a list of strings instead. The list elements are joined to a
multi-line string only before passing it to the builder script.

A deprecation warning is emitted if a (multi-line) string is passed to
`sparseCheckout`, but for the time being it is still accepted.
2022-11-15 19:45:33 +01:00
pennae
07e5701aca nixos/manual: re-add mention of mdDoc marker 2022-11-14 16:05:44 +01:00
Michal Sojka
ee8ae2da4c nixos/doc: fix installing from other distro
The nixos-generate-config command mentioned in the manual fails with error:

    nixos-generate-config: no need to specify `/` with `--root`, it is the default

This was introduced in 611b8c4472
(#161034). Now, the command should be called without any arguments.
2022-11-13 22:11:19 +01:00
Pol Dellaiera
364a7d2920
php: switch to nts by default 2022-11-13 11:47:27 +01:00
Robert Schütz
257ec177c8 nixos/syncthing: disallow relative paths
Relative paths are interpreted relative to the working directory, which
is currently unset and thus defaults to `/`. However we want to change
the working directory in a future release such that relative paths are
interpreted relative to `/var/lib/syncthing`.
2022-11-12 11:37:23 -08:00
sternenseemann
880e077b15
Merge pull request #199424 from NixOS/haskell-updates
haskellPackages: update stackage and hackage
2022-11-11 18:18:47 +01:00
Franz Pletz
96edebd788
obs-studio27: remove 2022-11-11 15:36:49 +01:00
Maximilian Bosch
35b146ca31
nixos/nextcloud: fixup openssl compat change
Upon testing the change itself I realized that it doesn't build properly
because

* the `pname` of a php extension is `php-<name>`, not `<name>`.
* calling the extension `openssl-legacy` resulted in PHP trying to compile
  `ext/openssl-legacy` which broke since it doesn't exist:

      source root is php-8.1.12
      setting SOURCE_DATE_EPOCH to timestamp 1666719000 of file php-8.1.12/win32/wsyslog.c
      patching sources
      cdToExtensionRootPhase
      /nix/store/48mnkga4kh84xyiqwzx8v7iv090i7z66-stdenv-linux/setup: line 1399: cd: ext/openssl-legacy: No such file or directory

I didn't encounter that one before because I was mostly interested in
having a sane behavior for everyone not using this "feature" and the
documentation around this. My findings about the behavior with turning
openssl1.1 on/off are still valid because I tested this on `master` with
manually replacing `openssl` by `openssl_1_1` in `php-packages.nix`.

To work around the issue I had to slightly modify the extension
build-system for PHP:

* The attribute `extensionName` is now relevant to determine the output
  paths (e.g. `lib/openssl.so`). This is not a behavioral change for
  existing extensions because then `extensionName==name`.

  However when specifying `extName` in `php-packages.nix` this value is
  overridden and it is made sure that the extension called `extName` NOT
  `name` (i.e. `openssl` vs `openssl-legacy`) is built and installed.

  The `name` still has to be kept to keep the legacy openssl available
  as `php.extensions.openssl-legacy`.

Additionally I implemented a small VM test to check the behavior with
server-side encryption:

* For `stateVersion` below 22.11, OpenSSL 1.1 is used (in `basic.nix`
  it's checked that OpenSSL 3 is used). With that the "default"
  behavior of the module is checked.

* It is ensured that the PHP interpreter for Nextcloud's php-fpm
  actually loads the correct openssl extension.

* It is tested that (encrypted) files remain usable when (temporarily)
  installing OpenSSL3 (of course then they're not decryptable, but on a
  rollback that should still be possible).

Finally, a few more documentation changes:

* I also mentioned the issue in `nextcloud.xml` to make sure the issue
  is at least mentioned in the manual section about Nextcloud. Not too
  much detail here, but the relevant option `enableBrokenCiphersForSSE`
  is referenced.

* I fixed a few minor wording issues to also give the full context
  (we're talking about Nextcloud; we're talking about the PHP extension
  **only**; please check if you really need this even though it's
  enabled by default).

  This is because I felt that sometimes it might be hard to understand
  what's going on when e.g. an eval-warning appears without telling where
  exactly it comes from.
2022-11-11 14:45:46 +01:00
Anderson Torres
d48d7a69aa
Merge pull request #174975 from danth/firefox-module
nixos/firefox: init
2022-11-10 21:31:57 -03:00
github-actions[bot]
a4ffa492ba
Merge master into haskell-updates 2022-11-11 00:17:01 +00:00
Maximilian Bosch
2a63e4f902
Merge pull request #200218 from Ma27/rm-kernel-4.9
linux_4_9: remove
2022-11-10 23:34:56 +01:00
Daniel Thwaites
01b3d0bf25
nixos/firefox: init 2022-11-10 19:07:37 +00:00
Janne Heß
798bc67cff
Merge pull request #200319 from helsinki-systems/feat/redis-module-changes
nixos/redis: misc module changes
2022-11-10 16:03:54 +01:00
sternenseemann
5c044644a6 Merge remote-tracking branch 'origin/master' into haskell-updates 2022-11-10 13:56:56 +01:00
github-actions[bot]
f3a93620b1
Merge master into staging-next 2022-11-10 12:01:27 +00:00
Maximilian Bosch
61128cba67
nixos/nextcloud: minor docs cleanup for openssl change
* s/NextCloud/Nextcloud/g
* `enableBrokenCiphersForSSE` should be enabled by default for any NixOS
  installation from before 22.11 to make sure existing installations
  don't run into the issue. Not the other way round.
* Update release notes to reflect on that.
* Improve wording of the warning a bit: explain which option to change
  to get rid of it.
* Ensure that basic tests w/o `enableBrokenCiphersForSSE` run with
  OpenSSL 3.
2022-11-10 12:17:43 +01:00