Many terminal packages don't cross compile, so the `terminfo`
NixOS module was not usable for nixos configurations that are
cross-compiled.
Terminfo files (AFAIK) are small files that contain data about
terminal capability, so they should never have any runtime
dependencies that would cause any executables or otherwise
incompatible outputs from the `buildPlatform` to leak into the
nixos config's closure.
Conflicts in luaPackages.luarocks-nix:
- 8b563cd9f9 switched to the new version format (prefixed by 0 since there was no relevant last tag in the branch).
bc4f6fa543 bumped version and switched to the new version format. But the tag used is not part of the branch the commit comes from (master).
Used the new version but replaced the tag prefix with 0.
- b73ec84b9e removed meta (it is already set in the overridden luarocks). But that would cause the update script to try to update the overridden luarocks (as did the previously used old.meta).
bf311d950e modified meta to fix the update script properly.
Kept the meta from the latter since it allows update script to work.
This sets the exception handler to show the full exception on startup.
We don't think it does anything else, with respect to logging, for
instance. Everything else can be configured in the config file, and this
is plain reasonable to simply always enable in our view.
This commit fixes the requirement to provide a pruneOption to ensure
that the check command is run when a check option is set. This is useful
for check-only configurations. The option is implicitly set if checkOpts
are given by default.
This makes kwin_wayland successfully gain SCHED_RR priority, which
significantly improves the rendering lag, ie. cursor movement and
desktop animations, under heavy CPU load like on compilation.
This was already enabled for plasma5 but is not for plasma6 somehow.
These have been deprecated since NixOS 20.03.
Also fixes evaluation error caused by moving
the `defaultSessionFromLegacyOptions` variable
in 6be2bfcc32
and turn it in to a list.
The current setting of system.forbiddenDependenciesRegex is a string, meaning only one such regex as any additional setting would result in conflicts.
As maintainers have already started using this setting eg. in profiles, it would be good if this setting would accept a list of regex to allow the end
user to make use of it in addition to package maintainers.
Closes#233865. Currently, the documentation for `boot.loader.grub.theme` misleadingly implies that it needs a package for a grub theme instead of a path to a grub theme.
This service performs operations that significantly increase the
performance of Nextcloud, can take a while. These are designed however
to not require maintenance mode and can be executed during normal
operation[1].
Make nextcloud-cron a simple unit instead of oneshot: otherwise we risk
that it'll be stopped by the startup timeout (oneshot executes ExecStart
while "activating") which can be an issue for very long running tasks or
if Nextcloud needs to catch up if one task was broken for a while.
[1] https://docs.nextcloud.com/server/29/admin_manual/maintenance/upgrade.html#long-running-migration-steps
Previously you needed to set an devRootTokenID when dev=true despite the option being optional
Caused by wrong default value and not allowing null as value
https://github.com/kanidm/kanidm/releases/tag/v1.2.0
Added updatescript, and removed Cargo.lock as no more git deps.
New release process documented here:
a67d1f5160/book/src/support.md
Re-ordered test and removed anonymous login as logout no longer works:
[info]: Ignoring request to logout session - these sessions are not recorded
Notes:
- barf went into contrib/ and officially unsupported.
- verify was removed entirely.
- the makefile is a bit smarter now and doesn't require many
of the previous workarounds.
This is a breaking change that converts the 'src' csv column (a git URI) to a 'rockspec'
fullpath uri.
before this, luarocks-nix would clone the repo and look for rockspecs
with a brittle algorithm. This removes the ambiguity on which rockspec
to package while allowing to remove a bunch of brittle code from
luarocks-nix.
This reverts commit e827697fd3.
This seems to cause various issues during system activation, as reported
in https://github.com/NixOS/nixpkgs/issues/302771 for example.
Due to being close to branchoff, revert this for now.
We'll open a tracking issue to collect and sort out remaining issues.
The idea behind that is to enable users and developers of
downstream tools such as home-manager to test Nix master for several
reasons:
* Nix is currently trying to have a `master` branch that's always
releasable[1]. We're still on Nix 2.18 in nixpkgs due to too many
notable regressions. Enabling people to test latest master may help on
that end.
* This uses the most bleeding-edge Nix, but our packaging, so we can
identify issues with our packaging early.
* From what I've seen, most people are using the packages from nixpkgs
anyways instead of the upstream flake, this is far more convenient
anyways.
My plan is to update this once a week. Right now we rely on the
`installCheckPhase` here, but as soon as we have proper regression
testing[2], we may want to add `nixUnstable` there as well (however with
failures being allowed probably).
[1] https://discourse.nixos.org/t/nix-release-schedule-and-roadmap/14204
[2] https://github.com/NixOS/nixpkgs/pull/304332
Since https://github.com/redis/redis/pull/4001 included in 6.2.0
transparent hugepages works when being set to madvise which is the NixOS
and upstream recommended default.
> WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition.
> Being disabled, it can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328.
> To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
This avoids having to use workarounds like the following to retain the
default settings which podman requires to run.
virtualisation.containers.storage.settings = lib.recursiveUpdate options.virtualisation.containers.storage.settings.default {
storage.options.mount_program = lib.getExe pkgs.fuse-overlayfs;
};
Currently there is an issue with $PATH & parallel causing build errors.
It’s probably best to just remove the dependency where bash forking is
good enough here.
I found this while perusing the manual thinking about whether or not to install NixOS on my new laptop. It threw me for a loop for a second but as best I can tell this meant to be ".org" like the rest of the example, and not ".com"
I am deeply saddened at the fact that I need to do this. I have no
interest in re-litigating everything that has happened over the past
weeks and months, but I want to make my position(s) extremely clear:
The thought of any of my work contributing to someone's death by drone
makes me feel physically ill.
Recent communications from senior members of the NixOS community have
made it clear that leadership is unaware or uninterested in the basics
of how to run and moderate a community in a way that is resilient to bad
actors. The recent post by @edolstra is tone-deaf and gives me no
confidence that the Nix/NixOS community is a place that I want to remain
involved in going forward. I am thus choosing to remove myself from such
a community.
I also hereby resign from the ACME team.
See also: #307033
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Before the startup, the matrix-appservice-irc service sets up the
registration file such that it can be used by matrix-synapse. Part of
that setup requires us to change the group of said file so that the home
server can read it. Consequently, we need CAP_CHOWN and require that the
@chown system calls are allowed.
While we supposedly set up both of these, the setup of system calls is
broken as we have both an allow and a deny list of syscalls. But while
the allow list contains "@chown", the deny list contains "@privileged"
which contains "@chown" itself. So ultimately, we end up denying
"@chown".
Fix this issue by specifying "@chown" after the deny list.
I manually audited all `RunCommand` and `exec.LookPath` calls in the incus repo, combined with the following information
/run/wrappers/bin
lxc usable-cub 20240427123718.368 WARN idmap_utils - ../src/lxc/idmap_utils.c:lxc_map_ids:165 - newuidmap binary is missing
iw
lxc 20240427123830.358 ERROR network - ../src/lxc/network.c:lxc_netdev_move_wlan:1679 - Couldn't find the application iw in PATH
minio-client
https://github.com/lxc/incus/pull/777
ceph-client
Added, but could be missing bits to actually work
May need full ceph package for `radosgw-admin` for object storage?
Currently the installWrapper warning is issued if sudo (and sudo-rs)
aren't installed. This is fine, except we get the warning even if we
explicitly turn off installWrapper -- say, for this very reason!
Rather than warning on every build until either sudo is installed or
Akkoma is uninstalled, only warn if cfg.installWrapper is true.
Yall won't miss me. The packages I leave orphaned are trivially updated as dependents need the new versions.
But passively endorsing the direction this organization and its leadership is something I can't do.
To those who still have faith in turning this around, you da real MVP 🖖
* Minor tweaks to note text
* Elide "The" before attribute names at start of notes
* Turn version numbers into code blocks
* Turn branding into attribute names
* Add TODOs
* Turn code-block version numbers into plain text
... following discussion on Matrix.
---------
Co-authored-by: Weijia Wang <9713184+wegank@users.noreply.github.com>
Previously evaluaton would fail if `smtp.to` was not set, since the
default case was not handled.
With the current versions of the python elasticsearch libraries, any
configuration containing the modules default would fail since it's not a
valid URL.
The issue adressed in #279068 is also adressed, thuse closes#279068.
This was achieved using the following command:
sd 'wrapGAppsHook\b' wrapGAppsHook3 (rg -l 'wrapGAppsHook\b')
And then manually reverted the following changes:
- alias in top-level.nix
- function name in wrap-gapps-hook.sh
- comment in postFixup of at-spi2-core
- comment in gtk4
- comment in preFixup of 1password-gui/linux.nix
- comment in postFixup of qgis/unwrapped-ltr.nix and qgis/unwrapped.nix
- comment in postFixup of telegram-desktop
- comment in postFixup of fwupd
- buildCommand of mongodb-compass
- postFixup of xflux-gui
- comment in a patch in kdePackages.kde-gtk-config and plasma5Packages.kde-gtk-config
- description of programs.sway.wrapperFeatures.gtk NixOS option (manual rebuild)
