This service performs operations that significantly increase the
performance of Nextcloud, can take a while. These are designed however
to not require maintenance mode and can be executed during normal
operation[1].
Make nextcloud-cron a simple unit instead of oneshot: otherwise we risk
that it'll be stopped by the startup timeout (oneshot executes ExecStart
while "activating") which can be an issue for very long running tasks or
if Nextcloud needs to catch up if one task was broken for a while.
[1] https://docs.nextcloud.com/server/29/admin_manual/maintenance/upgrade.html#long-running-migration-steps
Previously you needed to set an devRootTokenID when dev=true despite the option being optional
Caused by wrong default value and not allowing null as value
https://github.com/kanidm/kanidm/releases/tag/v1.2.0
Added updatescript, and removed Cargo.lock as no more git deps.
New release process documented here:
a67d1f5160/book/src/support.md
Re-ordered test and removed anonymous login as logout no longer works:
[info]: Ignoring request to logout session - these sessions are not recorded
Notes:
- barf went into contrib/ and officially unsupported.
- verify was removed entirely.
- the makefile is a bit smarter now and doesn't require many
of the previous workarounds.
This reverts commit e827697fd3.
This seems to cause various issues during system activation, as reported
in https://github.com/NixOS/nixpkgs/issues/302771 for example.
Due to being close to branchoff, revert this for now.
We'll open a tracking issue to collect and sort out remaining issues.
The idea behind that is to enable users and developers of
downstream tools such as home-manager to test Nix master for several
reasons:
* Nix is currently trying to have a `master` branch that's always
releasable[1]. We're still on Nix 2.18 in nixpkgs due to too many
notable regressions. Enabling people to test latest master may help on
that end.
* This uses the most bleeding-edge Nix, but our packaging, so we can
identify issues with our packaging early.
* From what I've seen, most people are using the packages from nixpkgs
anyways instead of the upstream flake, this is far more convenient
anyways.
My plan is to update this once a week. Right now we rely on the
`installCheckPhase` here, but as soon as we have proper regression
testing[2], we may want to add `nixUnstable` there as well (however with
failures being allowed probably).
[1] https://discourse.nixos.org/t/nix-release-schedule-and-roadmap/14204
[2] https://github.com/NixOS/nixpkgs/pull/304332
Since https://github.com/redis/redis/pull/4001 included in 6.2.0
transparent hugepages works when being set to madvise which is the NixOS
and upstream recommended default.
> WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition.
> Being disabled, it can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328.
> To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
This avoids having to use workarounds like the following to retain the
default settings which podman requires to run.
virtualisation.containers.storage.settings = lib.recursiveUpdate options.virtualisation.containers.storage.settings.default {
storage.options.mount_program = lib.getExe pkgs.fuse-overlayfs;
};
Currently there is an issue with $PATH & parallel causing build errors.
It’s probably best to just remove the dependency where bash forking is
good enough here.
I found this while perusing the manual thinking about whether or not to install NixOS on my new laptop. It threw me for a loop for a second but as best I can tell this meant to be ".org" like the rest of the example, and not ".com"
I am deeply saddened at the fact that I need to do this. I have no
interest in re-litigating everything that has happened over the past
weeks and months, but I want to make my position(s) extremely clear:
The thought of any of my work contributing to someone's death by drone
makes me feel physically ill.
Recent communications from senior members of the NixOS community have
made it clear that leadership is unaware or uninterested in the basics
of how to run and moderate a community in a way that is resilient to bad
actors. The recent post by @edolstra is tone-deaf and gives me no
confidence that the Nix/NixOS community is a place that I want to remain
involved in going forward. I am thus choosing to remove myself from such
a community.
I also hereby resign from the ACME team.
See also: #307033
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Before the startup, the matrix-appservice-irc service sets up the
registration file such that it can be used by matrix-synapse. Part of
that setup requires us to change the group of said file so that the home
server can read it. Consequently, we need CAP_CHOWN and require that the
@chown system calls are allowed.
While we supposedly set up both of these, the setup of system calls is
broken as we have both an allow and a deny list of syscalls. But while
the allow list contains "@chown", the deny list contains "@privileged"
which contains "@chown" itself. So ultimately, we end up denying
"@chown".
Fix this issue by specifying "@chown" after the deny list.
I manually audited all `RunCommand` and `exec.LookPath` calls in the incus repo, combined with the following information
/run/wrappers/bin
lxc usable-cub 20240427123718.368 WARN idmap_utils - ../src/lxc/idmap_utils.c:lxc_map_ids:165 - newuidmap binary is missing
iw
lxc 20240427123830.358 ERROR network - ../src/lxc/network.c:lxc_netdev_move_wlan:1679 - Couldn't find the application iw in PATH
minio-client
https://github.com/lxc/incus/pull/777
ceph-client
Added, but could be missing bits to actually work
May need full ceph package for `radosgw-admin` for object storage?
Currently the installWrapper warning is issued if sudo (and sudo-rs)
aren't installed. This is fine, except we get the warning even if we
explicitly turn off installWrapper -- say, for this very reason!
Rather than warning on every build until either sudo is installed or
Akkoma is uninstalled, only warn if cfg.installWrapper is true.
Yall won't miss me. The packages I leave orphaned are trivially updated as dependents need the new versions.
But passively endorsing the direction this organization and its leadership is something I can't do.
To those who still have faith in turning this around, you da real MVP 🖖
* Minor tweaks to note text
* Elide "The" before attribute names at start of notes
* Turn version numbers into code blocks
* Turn branding into attribute names
* Add TODOs
* Turn code-block version numbers into plain text
... following discussion on Matrix.
---------
Co-authored-by: Weijia Wang <9713184+wegank@users.noreply.github.com>
Previously evaluaton would fail if `smtp.to` was not set, since the
default case was not handled.
With the current versions of the python elasticsearch libraries, any
configuration containing the modules default would fail since it's not a
valid URL.
The issue adressed in #279068 is also adressed, thuse closes#279068.
This was achieved using the following command:
sd 'wrapGAppsHook\b' wrapGAppsHook3 (rg -l 'wrapGAppsHook\b')
And then manually reverted the following changes:
- alias in top-level.nix
- function name in wrap-gapps-hook.sh
- comment in postFixup of at-spi2-core
- comment in gtk4
- comment in preFixup of 1password-gui/linux.nix
- comment in postFixup of qgis/unwrapped-ltr.nix and qgis/unwrapped.nix
- comment in postFixup of telegram-desktop
- comment in postFixup of fwupd
- buildCommand of mongodb-compass
- postFixup of xflux-gui
- comment in a patch in kdePackages.kde-gtk-config and plasma5Packages.kde-gtk-config
- description of programs.sway.wrapperFeatures.gtk NixOS option (manual rebuild)
* PHP 8.3 seems supported, so let's go for it!
* The conditions for which Nextcloud will be the default were bogus: for
<24.11 I'd suggest to go for nextcloud29 already. The people on
unstable relying on the condition were on nextcloud28 so the upgrade
will work fine.
Also, it's unstable, so such upgrades are to be expected IMHO.
* Update the release notes to reflect that the new default is Nextcloud
29 and warn that only one major upgrade at a time can be done.
This fixes an issue with the test where olcDbDirectory must be a
subdirectory of /var/lib/openldap, but is not configured as such, so the
test fails.
All other tests pass properly.
Fixes issues described in #208242 for this part of the nixpkgs tree.
There are no behavioral changes in this, it only adjusts the code so
that it is easier to understand.
Also updates my information and contact info.
I no longer use The Hedgehog as my github username or online presence
username, so this fixes that. It also matches my github username, so it
should be easier for others to mention me if needed.
Since with the completion of the docbook migration) it seems unclear
what relevance editing xml in generall and docbook in particular with
Emacs still has to NixOS at all, and people interested in the topic
will presumably look to other resources elsewhere (e.g. to the nXML
mode's actual documenation).
This test renames server_allowedusers to server-allowed-users.
As a side-effect, since IPs are allocated to machines in alphabetical order,
the IP assigned to server-lazy-socket changed, so the corresponding test had
its IP updated.
- `mount-nvidia-binaries`: this option allows users to avoid mounting
nvidia binaries on the container.
- `mount-nvidia-docker-1-directories`: this option allows users to
avoid mounting `/usr/local/nvidia/lib{,64}` on containers.
Add the NixOS option `hardware.nvidia-container-toolkit-cdi-generator.enable`.
This enables the ability to expose GPU's in containers for container
runtimes that support the Container Device Interface (CDI)
Remove `cdi.static` and `cdi.dynamic.nvidia.enable` attributes.
Was previously broken due to a missing runtime dependency.
> Error: Failed to start device "vtpm": Failed to validate environment: Required tool 'swtpm' is missing
Add package to environment.systemPackages, services.dbus.packages, create gnome-remote-desktop user and group (fixes for GNOME 46)
This adds the `g-r-d` package to environment.systemPackages (allowing the usage of the `grdctl` command along with enabling `g-r-d`'s polkit rule), makes its dbus-related files recognizable to dbus, and creates the `gnome-remote-desktop` user and group necessary for systemd's running of the `gnome-remote-desktop-daemon` with the `--system` subcommand and enabling Remote Login.
https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/compare/45.1...46.0
In file included from ../src/grd-settings.c:28:
/nix/store/xxx-freerdp-3.4.0/lib/pkgconfig/../../include/freerdp3/freerdp/freerdp.h:25:10:
fatal error: winpr/stream.h: No such file or directory
25 | #include <winpr/stream.h>
| ^~~~~~~~~~~~~~~~
compilation terminated.
Ugh. So stuff I am aware of here:
- In freerdp3.pc, winpr3 is in Requires.private.
- In https://github.com/FreeRDP/FreeRDP/blob/3.4.0/include/freerdp/freerdp.h#L25 <winpr/stream.h>
is included.
- In GNOME/gnome-remote-desktop@d29909a
<freerdp/freerdp.h> is included in src/grd-settings.c.
- We patched pkg-config in NixOS to not include Requires.private in --cflags according to
mate-desktop/atril issue 351.
- According to https://gitlab.gnome.org/GNOME/gjs/-/issues/571, Requires.private is probably correct
if no data types are exposed in public API.
So to fix this somewhere, if src/grd-settings.c has direct usage of winpr, we can PR to g-r-d declaring
the dep. If freerdp/freerdp.h exposes winpr data types we PR to freerdp and move winpr to Requires.
Probably someone can help me do the check, I am committing this simply to unbreak the build for now.
Changelog-Reviewed-By: Maxine Aubrey <max@ine.dev>
In the initial configuration the enablePHP config option is present. In the following abstracted example the commonConfig doesn't include it anymore.
Previous PRs #88505 and #284906 added the enablePHP config option to the commonConfig. @aanderse commented in https://github.com/NixOS/nixpkgs/pull/88505#issuecomment-632575200 the usage of enablePHP shouldn't be encouraged, `services.phpfpm` should be preferred whenever possible. So we remove the enablePHP config from theses examples.
Without the change the eval fails as:
$ nix build --no-link -f. redlib.tests
error: attribute 'redlib' missing
at pkgs/by-name/re/redlib/package.nix:50:26:
49| passthru.tests = {
50| inherit (nixosTests) redlib;
| ^
51| };
Did you mean redis?
