Commit Graph

32935 Commits

Author SHA1 Message Date
Emily
56dea6da87 nixos: switch to switch-to-configuration-ng by default
The Rust `switch-to-configuration-ng` rewrite was carefully written
to be compatible with the original Perl script, has been checked
against NixOS VM tests, and has been available on an opt‐in basis
for testing for the 24.05 release cycle.

The next step towards replacing the Perl script entirely is to
switch it on by default so that we can get real‐world testing from
a much greater number of users. Maintaining two implementations in
parallel is becoming a burden; we are having to adjust the systemd
service activation behaviour slightly to fix a long‐standing bug,
and backporting the changes to the Perl script is an unpleasant
process. We will do it anyway to ensure that the Rust and Perl
implementations keep parity with each other throughout the 24.11
release cycle, but we think the time has come to flip the switch.

Taking this step now will give us two to three months to test this in
the wild before the 24.11 release and gain confidence that there are
no regressions. If any non‐trivial problems arise before the final
release, we will revert to the Perl implementation by default. Doing
this switch ASAP will help to disentangle any problems that might
arise from the Rust implementation from problems that arise from the
systemd service activation changes, or the upcoming switch to using
systemd in stage 1 by default.

The main concern that was raised about replacing the Perl script in the
PR that added `switch-to-configuration-ng` was that it is currently
possible to run NixOS on systems that cannot natively host a Rust
compiler. This does not apply to any platforms that have official
support from NixOS, and as far as I know we do not know of any such
systems with users that are not cross‐compiling anyway.

My understanding is that these systems are already broken by default
anyway, as `systemd.shutdownRamfs.enable` is on by default and uses
`make-initrd-ng`, which is also written in Rust. Switching the default
while keeping the Perl implementation around will give us at least
an entire release cycle to find out if there are any users that will
be affected by this and decide what to do about it if so.

There is currently one known inconsistency between
the Perl and Rust implementations, as documented in
<https://github.com/NixOS/nixpkgs/issues/312297>; the Rust
implementation has more accurate handling of failed systemd units.

We slightly adjust the semantics of `system.switch.enable{,Ng}` to
not conflict with each other, so that `system.switch.enableNg` is
on by default, but turning off `system.switch.enable` still results
in no `switch-to-configuration` implementation being used. This
won’t break the configuration of anyone who already opted in to
`system.switch.enableNg` and is probably how the option should have
worked to begin with.
2024-09-06 08:35:43 +01:00
Aleksana
3be36da2d2
unl0kr: remove tomfitzhenry@ as maintainer (#333616) 2024-09-06 12:50:55 +08:00
Yt
fcc6387b76
nixos/stalwart-mail: package and configure webadmin (#314820) 2024-09-06 01:03:27 +00:00
Felix Bühler
d7a108054a
nixos/security.acme: remove with lib; (#339101) 2024-09-06 00:08:41 +02:00
Will Fancher
a96e54fe52
initrd: use the new tmpfiles options to create tmpfiles config (#339503) 2024-09-05 17:02:30 -04:00
Will Fancher
5a575e88b6
Revert "nixos: support dm-verity" 2024-09-05 15:56:49 -04:00
Nick Cao
8edc668914
matrix: migrated links to new element-hq org (#339817) 2024-09-05 15:56:44 -04:00
Philip Taron
2dd2a33447
nixos/installer: drop support for ReiserFS and JFS (#339821) 2024-09-05 11:30:06 -07:00
Martin Weinelt
cd601fe2ed
matrix-appservice-irc: 2.0.1 -> 3.0.0 (#339603) 2024-09-05 20:08:28 +02:00
Philip Taron
9c5c04ca43
nixos/services.ceph: remove with lib; (#339093) 2024-09-05 10:38:52 -07:00
Emily
7b9bb0a9a1 nixos/installer: drop support for ReiserFS and JFS
ReiserFS has not been actively maintained for many years. It has been
marked as obsolete since Linux 6.6, and is scheduled for removal
in 2025. A warning is logged informing users of this every time a
ReiserFS file system is mounted. It suffers from unfixable issues
like the year 2038 problem.

JFS is a slightly more ambiguous case. It also has not been actively
maintained for years; even in 2008 questions were being raised
about its maintenance state  and IBM’s commitment to it, and some
enterprise distributions were opting not to ship support for it as
a result. It will [indefinitely postpone journal writes], leading
to data loss over potentially arbitrary amounts of time. Kernel
developers [considered marking it as deprecated] last year, but
no concrete decision was made. There have been [occasional fixes]
to the code since then, but even the developer of much of those was
not opposed to deprecating it.

[considered marking it as deprecated]: https://lore.kernel.org/lkml/Y8DvK281ii6yPRcW@infradead.org/
[indefinitely postpone journal writes]: https://www.usenix.org/legacy/events/usenix05/tech/general/full_papers/prabhakaran/prabhakaran.pdf
[occasional fixes]: https://www.phoronix.com/news/JFS-Linux-6.7-Improvements

Regardless of whether JFS should be removed from the kernel, with all
the implications for existing installations that entails, I think
it’s safe to say that no new Linux installation should be using
either of these file systems, and that it’s a waste of space and
potential footgun to be shipping support for them on our standard
installation media. We’re lagging behind other distributions on
this decision; neither is supported by Fedora’s installation media.

(It also just so happens that `jfsutils` is the one remaining package
in the minimal installer ISO that has reproducibility issues, due to
some cursed toolchain bug, but I’m not trying to Goodhart’s law
this or anything. I just think we shouldn’t be shipping it anyway.)
2024-09-05 16:00:35 +01:00
paumr
0088e7d130 matrix: migrated links to new element-hq org
The vector-im GitHub organisation has been renamed to element-hq:
1d586281f0/profile/README.md
2024-09-05 16:40:06 +02:00
Emily
8b16862469
brightboxImage: remove, as it seems unmaintained (#339790) 2024-09-05 14:20:39 +01:00
phaer
74180c6159 brightboxImage: remove, as it seems unmaintained
...and is broken/flaky on master, due to custom script with mknod usage.
2024-09-05 14:40:29 +02:00
K900
1e41473cf0
nixos/orca: init, enable by default on Plasma (#339069) 2024-09-05 14:01:33 +03:00
nikstur
f349590f46
auditd: fix service ordering (#339465) 2024-09-05 11:19:14 +02:00
K900
5a4ee0a587 nixos/pantheon: switch to Orca module 2024-09-05 11:52:53 +03:00
K900
69d2dc4d43 nixos/gnome: switch to Orca module 2024-09-05 11:52:53 +03:00
K900
029879164d nixos/cinnamon: switch to Orca module 2024-09-05 11:48:46 +03:00
Ryan Horiguchi
737d1ffb22 netdata: 1.46.1 -> 1.47.0 2024-09-05 10:19:35 +02:00
Tom Fitzhenry
752afd12e7 unl0kr: remove tomfitzhenry@ as maintainer 2024-09-05 18:10:59 +10:00
r-vdp
38d73e0c07
auditd: add a dependency on systemd-tmpfiles-setup
This is needed so that:
- users have been created (when using systemd-sysusers or userborn)
- /run and /var/run exist
2024-09-05 10:05:18 +02:00
K900
cda3c82d92 nixos/plasma5: enable Orca by default 2024-09-05 10:55:34 +03:00
K900
0f03350dc9 nixos/plasma6: enable Orca by default 2024-09-05 10:55:34 +03:00
K900
64da401049 nixos/orca: init very simple module 2024-09-05 10:55:34 +03:00
r-vdp
6ccc6bf4d2
initrd: emit a warning when tmpfiles config is created manually 2024-09-05 09:55:29 +02:00
Azat Bahawi
187f4340c6
nixos/endlessh-go: allow overriding package (#339459) 2024-09-05 07:48:21 +00:00
Moritz Sanft
d0213a75e0
nixos: support dm-verity 2024-09-05 08:42:53 +02:00
Jonas Heinrich
880bd89c4d nixos/stalwart-mail: package and configure webadmin 2024-09-05 08:33:58 +02:00
Vivek Revankar
15b474ae05 nixos/endlessh-go: allow overriding package
allow overriding the endlessh-go package used in the service
2024-09-04 22:28:54 -07:00
rewine
0daec7844f
deepin desktop environment: 2024.09 update (#338402) 2024-09-05 10:08:27 +08:00
Martin Weinelt
ad601344e1
Revert "nixos/version: validate system.stateVersion" (#339671)
This broke the eval of the ISOs on nixos/unstable-small and likely nixos/trunk-combined. See #339671 for details.
2024-09-05 03:22:20 +02:00
Felix Buehler
03a0f9debe nixos/security.acme: remove with lib; 2024-09-05 00:28:18 +02:00
Felix Bühler
d7ed3794f0
nixos/services.unpoller: remove with lib; (#339094) 2024-09-04 23:52:53 +02:00
Emily
42e6ee04b1
nixos/*: use pipewire by default (#339209) 2024-09-04 22:42:18 +01:00
Martin Weinelt
d3df411913
nixos/matrix-appservice-irc: media proxying support
Adds required options for serving authenticated media and the key
generation logic.
2024-09-04 21:05:50 +02:00
Johannes Jöns
3df1783166
nixos/version: validate system.stateVersion (#317858) 2024-09-04 18:09:57 +00:00
Philip Taron
271d117596
treewide: fix eval related to with lib; removal (#339356) 2024-09-04 09:42:58 -07:00
Maciej Krüger
bf757cefa9
Revert "nixos/firewall: fix reverse path check failures with IPsec" (#339393) 2024-09-04 18:39:17 +02:00
éclairevoyant
f6306c0961
treewide: fix eval related to with lib; removal 2024-09-04 12:21:09 -04:00
Florian Klink
bcc7693c76
nixos/timesyncd: allow NTP servers advertised by DHCP to be used (#335755) 2024-09-04 22:53:48 +07:00
Aleksana
43aabb266d
nixos/github-runner: fix build failure (#339452) 2024-09-04 22:15:57 +08:00
r-vdp
d558554243
initrd: use the new tmpfiles options to create tmpfiles config
Otherwise we get a clash when generating the initrd since the initrd tmpfiles
options create a symlink at /etc/tmpfiles.d/ and any subsequent writes inside
this directory because of initrd.systemd.contents will cause a permission denied
error.
2024-09-04 14:39:03 +02:00
K900
e90bac5a65 nixos/plasma5: clean up pulseaudio-related things 2024-09-04 13:56:51 +03:00
K900
5a0ceb9243 nixos/pantheon: don't enable Pulseaudio 2024-09-04 13:56:50 +03:00
K900
c6777a9dd8 nixos/lomiri: don't enable Pulseaudio 2024-09-04 13:56:50 +03:00
K900
78d6adf386 nixos/installer: don't enable Pulseaudio 2024-09-04 13:56:50 +03:00
K900
644cf688b3 nixos/graphical: don't enable Pulseaudio 2024-09-04 13:56:42 +03:00
K900
2ed8e5f614 nixos/gnome: don't enable Pulseaudio 2024-09-04 13:56:42 +03:00
K900
8c2dd1b1be nixos/deepin: don't enable Pulseaudio 2024-09-04 13:56:42 +03:00