Since we moved gsettings-desktop-schemas to top-level, gnome3.glib-networking was the same as glib-networking.
We could try to make the top-level variant not depend on gsettings-desktop-schemas again but that is probably
pointless, as the dependency is rather small compared to things like libproxy. Instead, we will just drop
the package in gnome3 attr set and always rely on the top-level expression.
Since https://github.com/NixOS/nixpkgs/pull/61321, local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
The redis module currently fails to start up, most likely due to running
a chown as non-root in preStart.
While at it, I hardcoded it to use systemd's StateDirectory and
DynamicUser to manage directory permissions, removed the unused
appendOnlyFilename option, and the pidFile option.
We properly tell redis now it's daemonized, and it'll use notify support
to signal readiness.
In fontconfig’s 60-generic.conf, order of preference is estabilished for emoji
font family. Because fontconfig parses the config files in lexicographic order,
appending each <prefer> from <alias> element to the family’s prefer list
(to be prepended before the family) [1], our font family defaults stored
in 52-nixos-default-fonts.conf will take precedence. That is, of course, unless
the default „weak“ binding [2] is used. Emoji family binds strongly [3],
so we need to set binding to “same” for our <alias>es to be considered before
the ones from 60-generic.conf.
By default, we will set the option to all emoji fonts supported by fontconfig,
so that emoji works for user if they have at least one emoji font installed.
If they have multiple emoji fonts installed, we will use the fontconfig’s
order of preference [4].
[1]: https://github.com/bohoomil/fontconfig-ultimate/issues/51#issuecomment-64678322
[2]: https://www.freedesktop.org/software/fontconfig/fontconfig-user.html#AEN25
[3]: cc8442dec8
[4]: c41c922018
With local-fs.target part of sysinit.target
(https://github.com/NixOS/nixpkgs/pull/61321), we don't need to add it
explicitly to certain units anymore, and can change dependencies like
they are in other distros (I picked from Google's official CentOS 7
image here).
Like them, use StandardOutput=journal+console to pipe google-*.service
output to the serial console as well.
It turns out that checking for the last mount time of an ext4 file
system isn't a very reliable way to check whether the file system was
properly unmounted.
When creating that test in the first place (88530e02b6),
I was reluctant to inspect the file system when the VM is down and was
searching for a way to check for a clean unmount *after* the file system
was mounted again to make sure we don't need to create a 512 MB raw
image on the host.
Fortunately however, when converting from qcow2, qemu-img actually
writes a sparse file, so for most file systems (that is, file systems
supporting sparse files) this shouldn't waste a lot of disk space.
So when investigating the flakiness, I found that whenever the test is
failing, the unmount of /test-x-initrd-mount was done *before* the final
step during which systemd remounts+unmounts all the remaining file
systems.
I haven't investigated why this is the case, but the test is a
regression test for https://github.com/NixOS/nixpkgs/issues/35268, which
actually didn't unmount the file system *at* *all*, so really all we
need to take care here is whether the unmount has happened and not
*how*.
To make sure that checking the filesystem state is enough for this, I
temporarily replaced the $machine->shutdown call with $machine->crash
and verified that the file system state is "not clean".
Signed-off-by: aszlig <aszlig@nix.build>
Fixes: https://github.com/NixOS/nixpkgs/issues/67555
Adds:
- gnome-color-manager
- services.avahi
It appears that GeoClue requires its daemon and IIRC has
been default enabled in other distros for a while.
- orca
It's the default screen-reader.
It currently lacks an emoji font-family which means it has to be
disabled for them to function [0]. Additionally it's fallen out of
necessity to ship custom font rendering settings (as far as I'm aware
of).
[0]: https://github.com/NixOS/nixpkgs/pull/67215
Any system uid will do, so we let the system allocate
one for us. The 'mailman' group is gone entirely since
we don't need it. Users who wish to run the 'mailman'
administration utility can do so via 'sudo':
$ sudo -u mailman mailman info
Also, simplify the syntax of our user.users entry to
rely on an attribute set rather than a list.
That's one of my itches - when I'm sshing from Emacs' term to a NixOS
machine, it doesn't detect that I'm running emacs and showing a title
escape sequence. This commit fixes it, checking against $TERM to
prevent this from ever bothering anyone again.
* nixos/acme: Fix ordering of cert requests
When subsequent certificates would be added, they would
not wake up nginx correctly due to target units only being triggered
once. We now added more fine-grained systemd dependencies to make sure
nginx always is aware of new certificates and doesn't restart too early
resulting in a crash.
Furthermore, the acme module has been refactored. Mostly to get
rid of the deprecated PermissionStartOnly systemd options which were
deprecated. Below is a summary of changes made.
* Use SERVICE_RESULT to determine status
This was added in systemd v232. we don't have to keep track
of the EXITCODE ourselves anymore.
* Add regression test for requesting mutliple domains
* Deprecate 'directory' option
We now use systemd's StateDirectory option to manage
create and permissions of the acme state directory.
* The webroot is created using a systemd.tmpfiles.rules rule
instead of the preStart script.
* Depend on certs directly
By getting rid of the target units, we make sure ordering
is correct in the case that you add new certs after already
having deployed some.
Reason it broke before: acme-certificates.target would
be in active state, and if you then add a new cert, it
would still be active and hence nginx would restart
without even requesting a new cert. Not good! We
make the dependencies more fine-grained now. this should fix that
* Remove activationDelay option
It complicated the code a lot, and is rather arbitrary. What if
your activation script takes more than activationDelay seconds?
Instead, one should use systemd dependencies to make sure some
action happens before setting the certificate live.
e.g. If you want to wait until your cert is published in DNS DANE /
TLSA, you could create a unit that blocks until it appears in DNS:
```
RequiredBy=acme-${cert}.service
After=acme-${cert}.service
ExecStart=publish-wait-for-dns-script
```
The custom session script is always executed (when it exists). This change
passes the selected session script and select session name to the custom session
script, so that it can defer to the selected session script based on the value
of the selected session name.
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).
As described in the NixOps manual[1], dependencies to keys should be
defined like this now:
``` nix
{
systemd.services.myservice = {
after = [ "secret-key.service" ];
wants = [ "secret-key.service" ];
};
}
```
However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.
[1] https://nixos.org/nixops/manual/#idm140737322342384
This introduces the following options under the services.gnome3 namespace:
* core-os-services.enable
* core-shell.enable
* core-utilities.enable
* games.enable
The first three are all default enabled by gnome3.enable
and their purpose is to make gnome3 more flexable for users
usecases. In the case of core-utilities and games, it allows
users to easily switch on the default gnome3 applications
and games packages. Previously we had lists in gnome-3/default.nix
but they weren't visible to the user. By having options we have
generated documentation and an interface.
Pretty useful for laptops. I use them with:
```
services.logind.lidSwitch = "suspend-then-hibernate";
environment.etc."systemd/sleep.conf".text = "HibernateDelaySec=8h";
```
We don’t want any trailing whitespace, otherwise we mess up the
formating of the shadow file. Some things like readFile may have the
trailing new line.
Fixes#66745
For some reason nm-applet has to be running for an authentication
dialog to be spawned by wingpanel-indicator-network.
This also fixes storing NetworkManager secrets in the keyring, but this
is still broken because we lack the proper PAM configuration.
When NetworkManager is configured to not manage all interfaces, it's
perfectly fine to have the rest be managed by the standard nixos
wireless scripts.
I use
networking.networkmanager.unmanaged = [
"*" "except:type:wwan" "except:type:gsm"
];
to control everything using networking.wireless except for the mobile
LTE modem which only works with NetworkManager.
Fix the following error when opening Background panel in GNOME Settings:
URI '/nix/store/…-simple-dark-gray-2016-02-19/share/artwork/gnome/nix-wallpaper-simple-dark-gray.png' is invalid
Previously, we were only adding profile-relative paths to XDG_CONFIG_DIRS
variable. That required very ugly hacks like
https://github.com/NixOS/nixpkgs/issues/33282#issuecomment-524550842
to be able to configure XDG stuff.
Now, we are prepending the variable with /etc/xdg, allowing us to
simply use `environment.etc."xdg/…"` options.
There ver very many conflicts, basically all due to
name -> pname+version. Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job. There might be some fallback to these
conflicts, but I believe it should be minimal.
Hydra nixpkgs: ?compare=1538299
This adds a new ``onBoot`` option that allows specifying the action taken on
guests when the host boots. Specifying "start" ensures all guests that were
running prior to shutdown are started, regardless of their autostart settings.
Specifying "ignore" will make libvirtd ignore such guests. Any guest marked as
autostart will still be automatically started by libvirtd.
For a long time, TRAMP has not worked with ZSH NixOS servers. I
thought I fixed this in 0740f57e63af61694d14796286cb9204, but now
realize that was only half the problem. For TRAMP to start working
again ‘unsetopt zle’ was needed, otherwise the connection would hang.
In addition, I have a few more settings added that can apparenty
interfere with these settings.
This module obsoletes services.gnome3.gnome-terminal-server
as that's a confusing option for users, and sounds internal.
It's much simpler to have a gnome-terminal module.
This module correctly includes the vte.sh script
required for vte terminals like gnome-terminal to show the
CWD in the window title and preserved across instances.
This is achieved with the options:
* programs.bash.vteIntegration
* programs.zsh.vteIntegration
as it's best to keep this configuration unguarded by gnome3.enable
to support other vte terminals (such as elementary-terminal).
Note the distinction between Zsh and Bash doesn't include
a different script, as this script only supports those two shells.
* nginx: expose generated config and allow nginx reloads
Fixes: https://github.com/NixOS/nixpkgs/issues/15906
Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476
This add 2 new features: ability to review generated Nginx config
(and NixOS has sophisticated generation!) and reloading
of nginx on config changes. This preserves nginx restart on package
updates.
I've modified nginx test to use this new feature and check reload/restart
behavior.
* rename to enableReload
* add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone`
boot.kernelPackages: check for conflicts
It's currently possible to set conflicting `boot.kernelPackages` several times.
Nixos now warns when this is the case instead of just picking one.
systemd provides two sysctl snippets, 50-coredump.conf and
50-default.conf.
These enable:
- Loose reverse path filtering
- Source route filtering
- `fq_codel` as a packet scheduler (this helps to fight bufferbloat)
This also configures the kernel to pass coredumps to `systemd-coredump`.
These sysctl snippets can be found in `/etc/sysctl.d/50-*.conf`,
and overridden via `boot.kernel.sysctl`
(which will place the parameters in `/etc/sysctl.d/60-nixos.conf`.
Let's start using these, like other distros already do for quite some
time, and remove those duplicate `boot.kernel.sysctl` options we
previously did set.
In the case of rp_filter (which systemd would set to 2 (loose)), make
our overrides to "1" more explicit.
sysctl.d(5) recommends prefixing all filenames in /etc/sysctl.d with a
two-digit number and a dash, to simplify the ordering of the files.
Some packages provide custom files, often with "50-" prefix.
To ensure user-supplied configuration takes precedence over the one
specified via `boot.kernel.sysctl`, prefix the file generated there with
"60-".
* Regenerated all patches for 1.4.2 and resolved
any conflicts.
* fix-test-paths.patch doesn't copy the whole locale archive
because we have C.UTF8 now.
* nixos/flatpak creates a Flatpak system helper user
Change introduced in 1.3.2.
Changes:
See https://github.com/flatpak/flatpak/releases/tag/1.3.1 through
1.4.2.