- Add option to set user and group name
- Set users home to runtime directory, to avoid mixing of temporal files
like caches
- Allow admin to control LIRC service by avoiding LIRC enabling
- Allow admin to set libDir, by removing setting argument config to default
- Add package to environment, to allow easy access for admins to helper
tools like svdrpsend and vdr -h
- Cleanup Nix code by avoiding with statement
Using `/bin/sh` in udev rules is fine (as it's guaranteed to point to a
(bash) shell on NixOS), and actually is better than hardcoding absolute
paths, at least in cases where these rules are also added to the
(systemd-based) initrd (via boot.initrd.services.udev.rules).
To allow this, we need to update the check routine that assembles the
list of files needing fixup, to explicitly exclude `/bin/sh` occurences.
To do this, we convert the pattern to a PCRE regex (which requires "/"
to be escaped), and add `(?!/bin/sh\b)` as a negative lookahead.
This subsequently allows udev rules to (start using) `/bin/sh` again, so
they'll work in-initrd.
services.udev.path already contains some defaults, these are however
defined in the module implementation, not options.
Update the description to make this more clear.
Was introduced in dde6a4f397
but it doesn't work on my machine:
fwupdmgr[439074]: Failed to connect to daemon: The connection is closed
Creating a persistent user does work however
Add `keyboards` option to define different configurations for different IDs. This creates the appropriate files in `/etc/keyd` instead of just `default.conf` as before.
Add `23.11` release note entry.
Add `mkRemovedOptionModule` for the old API with a note on how to revert the old behavior.
`udevRulesFor` generates a lot of warnings like:
substituteStream(): WARNING: pattern '"/sbin/modprobe' doesn't match anything in file '/nix/store/.../95-dm-notify.rules'
due to the (preemptive) substitution of common paths in the default
udev rules. In this case a file having no matches is not unepected
and poses no issue at all.
Switch to systemdb-hwdb to build the udev hwdb.bin, as "udevadm hwdb" is
deprecated. This fixes an issue where the order of conflicting keys is
not respected. The systemd-hwdb command creates a newer format (v3) of
hwdb.bin that respects the ordering of duplicate keys, with later
values replacing earlier occurrences.
A release note is included, as some mappings may be affected.
The keyd package already exists, but without a systemd service.
Keyd requires write access to /var/run to create its socket. Currently
the directory it uses can be changed with an environment variable, but
the keyd repo state suggests that this may turn into a compile-time
option. with that set, and some supplementary groups added, we can run
the service under DynamicUser.
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>
Since 1.2.0, kanata handles missing keyboards well:
- only one keyboard need to be present when kanata starts;
- if linux-continue-if-no-devs-found is set to yes, all keyboards can
be missing at the beginning;
- all keyboards can be (un)pluged when kanata is running.
For simplicity, linux-continue-if-no-devs-found is set to yes and
systemd patch activation is removed.
this converts meta.doc into an md pointer, not an xml pointer. since we
no longer need xml for manual chapters we can also remove support for
manual chapters from md-to-db.sh
since pandoc converts smart quotes to docbook quote elements and our
nixos-render-docs does not we lose this distinction in the rendered
output. that's probably not that bad, our stylesheet didn't make use of
this anyway (and pre-23.05 versions of the chapters didn't use quote
elements either).
also updates the nixpkgs manual to clarify that option docs support all
extensions (although it doesn't support headings at all, so heading
anchors don't work by extension).
This setting was renamed and moved to the main config file in fwupd 1.8.5:
5d38e0aeea
Without this patch, fwupd tries to migrate the config and crashes when it meets the immutable:
FuEngine migrating OverrideESPMountPoint=/boot to EspLocation
Failed to load daemon: failed to load engine: Failed to create file ?/etc/fwupd/daemon.conf.6HZBZ1?: Read-only file system
The setting was first introduced to the module in 08547ff642 to override the store paths set during build.5d38e0aeea
markdown cannot represent those links. remove them all now instead of in
each chapter conversion to keep the diff for each chapter small and more
understandable.
This brings back the ability to e.g. configure sane-airscan with
`environment.etc."sane.d/airscan.conf".text = ...`.
(AFAICT, sane-airscan loads all config files it finds, so it'll first
load the one from the nixos hardware.sane.* configuration, then the user
specified one in /etc/sane.d/airscan.conf.)
Fixes: 4fbec87a5b ("nixos/sane: point env vars to /etc for quick reload")
Fixes https://github.com/NixOS/nixpkgs/issues/207262
Without this, you get the following error message in the logs:
udisksd[4082]: Failed to load config files: Failed to get contents of the config dir (/etc/libblockdev/conf.d/)Error opening directory “/etc/libblockdev/conf.d/”: No such file or directory. Using the built-in config
It's a very useful backend (that probably should be enabled by default,
like on Ubuntu), let's start by making it easier to discover.
Ref https://github.com/NixOS/nixpkgs/issues/28406.
Point $SANE_CONFIG_DIR and $LD_LIBRARY_PATH to symlinks in /etc, instead
of directly to nix store paths, so that activating a new configuration
takes effect immediately, instead of requiring users to re-login.
The polkit support in pcsclite is entirely optional but package enables
it unconditionally and this breaks connecting to the pcscd daemon on
systems without polkit.
The fix is making this configurable and automatically disabling
`polkitSupport` when the polkit service is disabled.
We are building fwupd daemon with polkit support which means
polkit daemon is required.
Previously polkit was enabled by default via udisks2 but that
stopped with f763710065
breaking the fwupd installed tests as a result.
Let’s add the polkit dependency to the fwupd module to ensure polkit is available.
most of these are hidden because they're either part of a submodule that
doesn't have its type rendered (eg because the submodule type is used in
an either type) or because they are explicitly hidden. some of them are
merely hidden from nix-doc-munge by how their option is put together.
conversions were done using https://github.com/pennae/nix-doc-munge
using (probably) rev f34e145 running
nix-doc-munge nixos/**/*.nix
nix-doc-munge --import nixos/**/*.nix
the tool ensures that only changes that could affect the generated
manual *but don't* are committed, other changes require manual review
and are discarded.
mostly no rendering changes. some lists (like simplelist) don't have an
exact translation to markdown, so we use a comma-separated list of
literals instead.
In version 1.5.5 of fwupd the uefi plugin was renamed to
uefi-capsule. As part of those changes the configuration file was
renamed and changed.
This modules configuration mismatch was generally hidden because
when udisks2 is enabled fwupd will use that instead. Without
udisks2 the following warning is seen:
WARNING: UEFI ESP partition not detected or configured
This was enabled by default in 18a7ce76fc
with the reason that it would be "useful regardless of the desktop
environment.", which I'm not arguing against.
The reason why this should not be enabled by default is that there are a
lot of systems that NixOS runs on that are not desktop systems.
Users on such systems most likely do not want or need this feature and
could even consider this an antifeature.
Furthermore, it is surprising to them to find out that they have this
enabled on their systems.
They might be even more surprised to find that they have polkit enabled
by default, which was a default that was flipped in
a813be071c. For some discussion as to why
see https://github.com/NixOS/nixpkgs/pull/156858.
Evidently, this default is not only surprising to users, but also module
developers, as most if not all modules for desktop environments already
explicity set services.udisks2.enable = true; which they don't need to
right now.
- improve some descriptions
- device -> devices
- add options
- extraArgs
- port
- create a symlink in RUNTIME_DIRECTORY
- grant it read permission of /dev/uinput
- relax network-related restrictions when port is used
- change type of some hardening options to list to align with systemd
- CapabilityBoundingSet
- IPAddressDeny
- SystemCallArchitectures
now nix-doc-munge will not introduce whitespace changes when it replaces
manpage references with the MD equivalent.
no change to the manpage, changes to the HTML manual are whitespace only.
make (almost) all links appear on only a single line, with no
unnecessary whitespace, using double quotes for attributes. this lets us
automatically convert them to markdown easily.
the few remaining links are extremely long link in a gnome module, we'll
come back to those at a later date.
we can't embed syntactic annotations of this kind in markdown code
blocks without yet another extension. replaceable is rare enough to make
this not much worth it, so we'll go with «thing» instead. the module
system already uses this format for its placeholder names in attrsOf
paths.
our xslt already replaces double line breaks with a paragraph close and
reopen. not using explicit para tags lets nix-doc-munge convert more
descriptions losslessly.
only whitespace changes to generated documents, except for two
strongswan options gaining paragraph two breaks they arguably should've
had anyway.
the conversion procedure is simple:
- find all things that look like options, ie calls to either `mkOption`
or `lib.mkOption` that take an attrset. remember the attrset as the
option
- for all options, find a `description` attribute who's value is not a
call to `mdDoc` or `lib.mdDoc`
- textually convert the entire value of the attribute to MD with a few
simple regexes (the set from mdize-module.sh)
- if the change produced a change in the manual output, discard
- if the change kept the manual unchanged, add some text to the
description to make sure we've actually found an option. if the
manual changes this time, keep the converted description
this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
This should be a significant disk space saving for most NixOS
installations. This method is a bit more complicated than doing it in
the postInstall for the firmware derivations, but this way it's
automatic, so each firmware package doesn't have to separately
implement its compression.
Currently, only xz compression is supported, but it's likely that
future versions of Linux will additionally support zstd, so I've
written the code in such a way that it would be very easy to implement
zstd compression for those kernels when they arrive, falling back to
xz for older (current) kernels.
I chose the highest possible level of compression (xz -9) because even
at this level, decompression time is negligible. Here's how long it took
to decompress every firmware file my laptop uses:
i915/kbl_dmc_ver1_04.bin 2ms
regulatory.db 4ms
regulatory.db.p7s 3ms
iwlwifi-7265D-29.ucode 62ms
9d71-GOOGLE-EVEMAX-0-tplg.bin 22ms
intel/dsp_fw_kbl.bin 65ms
dsp_lib_dsm_core_spt_release.bin 6ms
intel/ibt-hw-37.8.10-fw-22.50.19.14.f.bseq 7ms
And since booting NixOS is a parallel process, it's unlikely (but
difficult to measure) that the time to user interaction was held up at
all by most of these.
Fixes (partially?) #148197
First, add the builtin udev rules to /etc/udev/rules.d so they are used.
Then, add all networkd .link units to the initrd. This is done in the
old stage 1 as well so I assume this is needed even when networkd is not
used. I assume this is for things like changing the MAC address.
Also limit the number of udev/lib binaries that is put into the initrd
because the old initrd doesn't use all units either.
One of the valid values for the fan speed is "level disengaged",
however, it is represented as "level disengage" and does not match
what thinkfan expects.
