- Fixed the `systemPackages` definition: it contained just the package
name without preceding `pkgs`
- Removed `lib.mdDoc` usage in accordance with #303841
these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
%u modifier can be used to get the username in systemd config
$USER var expansion does not work without manually importing $USER
Should fix opening links in home manager/user profile programs
A userspace tool for setting and getting AMD CPU power
and performance parameters.
The module adds `ryzen_monitor_ng` to `environment.systemPackages` and
enables the `ryzen-smu` module, as `ryzen_monitor_ng` requires the
`ryzen_smu` kernel module to function.
If user chooses, they can `exec-once=dbus-update-activation-environment --systemd --all` in hyprland.conf
To import all path variables from the system's environment to systemd's environment
Also set option example to false
This commit adds systemd.setPath.enable option to hyprland module
which sets the systemd path to include the current system's bin
This is needed in Hyprland only setups, where opening links in applications like VS code do not work.
Update derivation to not install old shell-completions
Update module to load completion for bash, fish (new) and zsh (or oh-my-zsh plugin) with changed way through fzf-binary
Added change to release note as it is backwards-incompatible.
"Update History" (release notes):
https://www.ibm.com/support/pages/node/6998343
...does not list any security-relevant changes
(mostly trademark name changes).
Also, all URLs in package and module comments are updated.
This sets a standard for Steam compat tools in NixOS where they must have the
compat tool in a special steamcompattool output.
proton-ge-bin was adjusted to conform with it.
Just moved to hyprland module to programs/wayland.
This has no effect on the module side (still accessed the same way in
the module `programs.hyprland`) just moved to be inline with other
wayland compositors.
Also edit the module list to reflect where the file is located.
The pre-start script was actually trying to convert these leftover
`*.new` and even `*.new.new` files, and failing to do so because the
`*.new.new` files were being overwritten and removed before they were
converted.
"Update History" (release notes):
https://www.ibm.com/support/pages/node/6998343
At the time of this writing,
the "APAR" links of the "Update History" lead to 404.
However, the abstracts indicate that
this update is not security critical.
Note that this update changed the GUI window title
to "IBM Storage Protect"
(the product itself was renamed with version 8.1.19.0 already).
The commit at hand adapts the GUI vm test accordingly.
Also, all URLs in package and module comments are updated.
To help users migrate from the previous
settings to new freeform settings type,
the commit at hand adds some
`mkRemovedOptionModule` and `mkRenamedOptionModule`.
These modules are not designed to work
inside an attribute set of submodules.
They create values for `assertions` and
`warnings` to inform the user of required changes.
Also, these informational texts do not contain
the full attribute path of the changed options.
To work around these deficiencies,
we define the required options `assertions` and `warnings`
inside the submodule and later add the values collected
inside these options to the corresponding top-level options.
In the course of doing so, we also add the full attribute path
to the informational texts so the user knows these warning
and error messages refer to the `tsmClient.servers` option.
Also, we have to filter out `warnings`, `assertions`, and
the "old" options when rendering the target config file.
Check for spaces or duplicate names in server config keys.
Since server config keys are case insensitive,
a setting like
```
{
compression = "yes";
Compression = "no";
}
```
would lead to an ambiguous configuration.
`tsm-client` uses a global configuration
file that must contain coordinates for each
server that it is supposed to contact.
This configuration consists of text
lines with key-value pairs.
In the NixOS module, these servers may be declared
with an attribute set, where the attribute name
defines an alias for the server, and the value
is again an attribute set with the settings for
the respective server.
This is organized as an option of type `attrsOf submodule...`.
Before this commit:
Important settings have their own option within
the submodule. For everything else, there is
the "catch-all" option `extraConfig` that may
be used to declare any key-value pairs.
There is also `text` that can be used to
add arbitrary text to each server's
section in the global config file.
After this commit:
`extraConfig` and `text` are gone,
the attribute names and values of each server's attribute
set are translated directly into key-value pairs,
with the following notable rules:
* Lists are translated into multiple lines
with the same key, as such is permitted by
the software for certain keys.
* `null` may be used to override/shadow a value that
is defined elsewhere and hides the corresponding key.
Those "important settings" that have previously been
defined as dedicated options are still defined as such,
but they have been renamed to match their
corresponding key names in the configuration file.
There is a notable exception:
"Our" boolean option `genPasswd` influences the "real"
option `passwordaccess', but the latter one is
uncomfortable to use and might lead
to undesirable outcome if used the wrong way.
So it seems advisable to keep the boolean option
and the warning in its description.
To this end, the value of `getPasswd` itself is
later filtered out when the config file is generated.
The tsm-backup service module and the vm test are adapted.
Migration code will be added in a separate
commit to permit easy reversal later, when the
migration code is no longer deemed necessary.
With the tsm-client 8.1.19.0 release,
IBM renamed the product brand from
"IBM Spectrum Protect" to "IBM Storage Protect":
https://www.ibm.com/support/pages/node/6964770 .
The package already got updated in commits
5ff5b2ae4c and
a4b7a62532 .
The commit at hand updates the modules accordingly.
Instead of the `defaultSwayPackage` variable that overrides `pkgs.sway`, use a
function that will override the user-defined package, but only if the package
contains the necessary arguments.
In my case I'd like to be able to add `-m last` to `cage` to make sure
that the login form from regreet isn't displayed half on my external
monitor and half on my laptop screen, but on the last connected monitor
only.
That's basically the issue described in #226586, though it's not a
proper fix since the login form is shown on one monitor only.
I noticed that openvpn3 is been clobbering my `/etc/resolv.conf` file. I
dug around a bit, and it turns out that upstream actually does have
support for systemd-resolved. I think it makes sense for us to
automatically enable that feature if the system is configured to use
systemd-resolved.
I opted to not change the default behavior of `pkgs.openvpn3`, but can
easily be convinced to change that if folks think I should.
Otherwise, in non-interactive contexts (e.g. systemd units), this
entry (the default) won't be in the list. Only the profile relative
ones would be, since they were already using session variables. This
is clearly not the correct behavior.
* `sort (<)` also works for strings (TIL!), so no need for comparing
length and whether all keys from `cfg.settings` exist in `cfg.order`
(slightly less overhead).
* Don't build another piece of JSON (`orderedSections`), simply use
`cfg.settings`/`cfg.order` with `__structuredAttrs` to ensure a
properly ordered TOML.
This also has the upside of not having to do quote hackery.
* Also, a freeform submodule isn't strictly needed because we don't have
any special options defined, so replacing that with
`attrsOf format.type`.
Co-authored-by: Silvan Mosberger <github@infinisil.com>
and remove nano from environment.defaultPackages. In addition also cleanup the file in general.
This is a follow up to #220481
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>
Prior to this commit the derivation assumed a user's primary group has
the same name as the user themselves. This is standard on linux but not
necessary (and indeed I believe not the default on NixOS).
Closes#232184
Rather than using `priority` with `sortProperties`, a new option called
`order` defines the ordering of the sections. I.e.
order = [ "global" "uptime" "banner" ]
means that `uptime` comes before `banner`. Please note that `global` is
for global settings and not a section. I figured that it'd be too much
magic to hide this in the implementation and ask the user to specify the
order of _each_ section in `settings` instead.
OTOH this makes the intent way clearer than priorities. Also, this
remains opt-in, the option defaults to `attrNames cfg.settings`, i.e.
all sections ordered alphabetically.
Closes#234802
The problem here is that with e.g.
{
uptime.prefix = "Up";
banner.command = "hostname | figlet -f slant";
}
`banner` still appears before `uptime` in the final motd text because
Nix sorts attribute names alphabetically internally.
To work around this without breaking compatibility or losing the
property to override individual sections in other modules - e.g.
{
banner.color = mkForce "blue";
}
I decided to introduce an option `priority` here, similar to the
priority field for `nginx`[1] and with the same semantics (i.e. higher
value means lower priority).
Internally a bunch of env vars are generated, i.e. `env0` to `envN` for
`N` sections with each of them containing a declaration for the TOML,
i.e. `env0` contains `{ uptime.prefix = "Up"; }` and `env1` contains
`{ banner.command = "hostname | figlet -f slant"; }` if `uptime.priority`
is set to a value below 1000.
In this order, the declarations are concatenated together by `jq(1)`
which doesn't sort keys alphabetically which results in a JSON
representation with `uptime` before `banner`. This is finally piped to
`json2toml` which converts this into TOML for rust-motd.
[1] https://nixos.org/manual/nixos/unstable/options#opt-services.nginx.virtualHosts._name_.locations._name_.priority
Use "$out/var/lib" as LOCALSTATEDIR configuration value
by default intsead of "/var/lib"
as a way toward top-level-directory independent runtime.
Add input argument externalLocalStateDir to optionally specify the
path to external LOCALSTATEDIR if not null.
Add NixOS module option
programs.singularity.enableExternalLocalStateDir (default to true)
to use "/var/lib" as LOCALSTATEDIR.
We set[1] ASPELL_CONF to the last nix profile containing lib/aspell in
2013. In 2017, aspell is patched[2] to search NIX_PROFILES, which
makes [1] not needed any more.
Deleting it is also agreed in this discussion[3].
[1]: 0192c02720
[2]: ba4cefe4ae
[3]: https://github.com/NixOS/nixpkgs/pull/30234
remove `with lib;`
profiles option now accepts packages in addition to paths.
profiles option is no longer internal.
cfgDir definition has been inlined.
pulled GIO_EXTRA_MODULES inside mkif.
removed pointless comments with section headings.
defined profiles are now turned into package, allowing to simplify the db update logic.
If other sockets are enabled, such as gpg-agent-browser.socket,
those should be started before gpg-agent.service as well.
Change-Id: I29d3f4b19db9e687425b594dcef863a88ec296c9
Since Linux 5.7 it's possible to set `SO_BINDTODEVICE` via `setsockopt(2)`
as unprivileged user if this operation doesn't imply escaping a VRF
interface[1].
Dropping the wrapper is actually desirable because `captive-browser`
itself doesn't drop capabilities and as a result, the capabilities are
passed on to `chromium` itself[2].
For older kernels, this is still necessary, hence the wrapper will only
be added nowadays if the kernel is older than 5.7.
[1] c427bfec18
[2] 08450562e5/bind_device_linux.go (L11-L14)
and because our setcap wrapper makes all capabilities
inheritable.
