Commit Graph

4574 Commits

Author SHA1 Message Date
Maciej Krüger
7fd7b57ddc
release-notes: mention networking.networkmanager.firewallBackend
Co-authored-by: Florian Klink <flokli@flokli.de>

Co-authored-by: Lin Jian <me@linj.tech>
2023-09-21 16:19:07 +02:00
Maciej Krüger
922926cfbc
Merge pull request #253876 from nbraud/nixos/sudo-rs 2023-09-20 13:55:33 +02:00
nicoo
914bf58369 nixos/{sudo, terminfo}: Adjust defaults for compatibility with sudo-rs 2023-09-18 17:36:15 +00:00
nicoo
717e51a140 nixos/sudo: Make the default rules' options configurable 2023-09-18 17:36:15 +00:00
nicoo
b1eab8ca53 nixos/sudo: Handle root's default rule through extraRules
This makes things more uniform, and simplifies compatibility with sudo-rs.

Moreover, users can not inject rules before this if they need to.
2023-09-18 17:35:45 +00:00
nicoo
0365b05f13 nixos/terminfo: Add config option not to add extra sudo config
This will be necessary for compatibility with `sudo-rs`.
2023-09-18 17:35:06 +00:00
Maximilian Bosch
6b95c618e2
nixos/rl-2311: fix option references for synapse workers 2023-09-18 08:24:38 +02:00
Sophie Tauchert
72a26e2b54
nixos/synapse: add options to configure workers 2023-09-18 08:24:35 +02:00
zaldnoay
6cd38e43cd nixos/frp: init 2023-09-17 14:37:19 +08:00
Christian Theune
697312fb82
nixos/swraid: only warn if swraid was explicitly enabled (#255426)
The default just recently changed in 23.11. Users that had
swraid enabled implicitly by NixOS in previous releases got surprised
by warnings even though they do not actually use software RAID.

Fixes #254807
2023-09-16 12:19:19 +02:00
mdarocha
f773e7cf09 pash: remove
The package is old and fully replaced by PowerShell
2023-09-16 02:55:44 +00:00
nicoo
fe138d36c9 doc: Replace sha256 with hash where appropriate 2023-09-13 17:24:49 +00:00
Ryan Lahfa
eb23738e85
Merge pull request #252283 from flokli/fcc-unlock-extra 2023-09-13 10:18:06 +02:00
Robert Scott
9e64f794d1
Merge pull request #208944 from risicle/ris-dockertools-makeoverridable
dockerTools: use makeOverridable for buildImage family of functions
2023-09-12 23:16:06 +01:00
Florian Klink
5d3ca06db3 nixos/modemmanager: remove enableBundledFccUnlockScripts option
This removes the networking.networkmanager.enableBundledFccUnlockScripts
option, and updates the release notes.
2023-09-12 22:57:31 +02:00
Florian Klink
0bfc763df2 nixos/modemmanager: enableFccUnlock -> enableBundledFccUnlockScripts
PR #155414 introduced an option to support enabling the FCC unlock
scripts that ModemManager provides, but since 1.18.4 doesn't execute
anymore.

However, this option is specifically only about the unlock scripts
provided with ModemManager so far. Rename the option to make this more
obvious.
2023-09-12 16:55:15 +02:00
nicoo
c7423cd734 noto-fonts-emoji → noto-fonts-color-emoji
Clarify that the monochrome font is not included, per #221181.

The new name is also coherent with the name of the font,
according to `fontconfig`: Noto Color Emoji.
2023-09-12 12:38:07 +00:00
Edward Tjörnhammar
9b95f21cdb nvidia,nixos/nvidia: add datacenter drivers compatible with default cudaPkgs
For NVLink topology systems we need fabricmanager. Fabricmanager itself is
dependent on the datacenter driver set and not the regular x11 ones, it is also
tightly tied to the driver version. Furhtermore the current cudaPackages
defaults to version 11.8, which corresponds to the 520 datacenter drivers.

Future improvement should be to switch the main nvidia datacenter driver version
on the `config.cudaVersion` since these are well known from:

> https://docs.nvidia.com/deploy/cuda-compatibility/index.html#use-the-right-compat-package

This adds nixos configuration options `hardware.nvidia.datacenter.enable` and
`hardware.nvidia.datacenter.settings` (the settings configure fabricmanager)

Other interesting external links related to this commit are:

* Fabricmanager download site:
    - https://developer.download.nvidia.com/compute/cuda/redist/fabricmanager/linux-x86_64/
* Data Center drivers:
    - https://www.nvidia.com/Download/driverResults.aspx/193711/en-us/

Implementation specific details:

* Fabricmanager is added as a passthru package, similar to settings and
  presistenced.
* Adds `use{Settings,Persistenced,Fabricmanager}` with defaults to preserve x11
  expressions.
* Utilizes mkMerge to split the `hardware.nvidia` module into three comment
  delimited sections:
    1. Common
    2. X11/xorg
    3. Data Center
* Uses asserts to make the configurations mutualy exclusive.

Notes:

* Data Center Drivers are `x86_64` only.
* Reuses the `nvidia_x11` attribute in nixpkgs on enable, e.g. doesn't change it
  to `nvidia_driver` and sets that to either `nvidia_x11` or `nvidia_dc`.
* Should have a helper function which is switched on `config.cudaVersion` like
  `selectHighestVersion` but rather `selectCudaCompatibleVersion`.
2023-09-12 07:17:33 +02:00
Robert Scott
680dfee171 23.11 release notes: add note on dockerTools & makeOverridable 2023-09-11 21:11:35 +01:00
pennae
7343c13302
Merge pull request #254080 from rnhmjoj/pr-password
nixos/users-groups: rename passwordFile in hashedPasswordFile
2023-09-11 19:51:04 +02:00
Artturi
4c22001bbf
Merge pull request #253973 from trofi/bcache-make-optional 2023-09-11 08:10:19 +03:00
Doron Behar
cfb7741028
Merge pull request #250501 from miallo/nixos-rebuild/list-generations
nixos-rebuild: Add list-generations
2023-09-10 16:20:14 +00:00
Sergei Trofimovich
566e32dd42 nixos/bcache: add a boot.bcache.enable kill switch
My system does not use `bcache` and I sould prever my `systemPackages`
not to have bcache tools.

The change does not change the default but proviced usual `enable` knob.
2023-09-10 14:26:53 +01:00
Michael Lohmann
cc625486c4 nixos-rebuild: Add list-generations
Add new command `nixos-rebuild list-generations`. It will show an output
like

```
$ nixos-rebuild list-generations
Generation      Build-date               NixOS version           Kernel  Configuration Revision                    Specialisations
52   (current)  Fri 2023-08-18 08:17:27  23.11.20230817.0f46300  6.4.10  448160aeccf6a7184bd8a84290d527819f1c552c  *
51              Mon 2023-08-07 17:56:41  23.11.20230807.31b1eed  6.4.8   99ef480007ca51e3d440aa4fa6558178d63f9c42  *
```

This also mentions the change in the upcoming release notes
2023-09-10 15:13:04 +02:00
Yureka
0ec0e829a5 rl-2311: add note about electron path change 2023-09-10 14:05:55 +02:00
Oliver Schmidt
e362fe9c6d security/acme: limit concurrent certificate generations
fixes #232505

Implements the new option `security.acme.maxConcurrentRenewals` to limit
the number of certificate generation (or renewal) jobs that can run in
parallel. This avoids overloading the system resources with many
certificates or running into acme registry rate limits and network
timeouts.

Architecture considerations:
- simplicity, lightweight: Concerns have been voiced about making this
  already rather complex module even more convoluted. Additionally,
  locking solutions shall not significantly increase performance and
  footprint of individual job runs.
  To accomodate these concerns, this solution is implemented purely in
  Nix, bash, and using the light-weight `flock` util. To reduce
  complexity, jobs are already assigned their lockfile slot at system
  build time instead of dynamic locking and retrying. This comes at the
  cost of not always maxing out the permitted concurrency at runtime.
- no stale locks: Limiting concurrency via locking mechanism is usually
  approached with semaphores. Unfortunately, both SysV as well as
  POSIX-Semaphores are *not* released when the process currently locking
  them is SIGKILLed. This poses the danger of stale locks staying around
  and certificate renewal being blocked from running altogether.
  `flock` locks though are released when the process holding the file
  descriptor of the lock file is KILLed or terminated.
- lockfile generation: Lock files could either be created at build time
  in the Nix store or at script runtime in a idempotent manner.
  While the latter would be simpler to achieve, we might exceed the number
  of permitted concurrent runs during a system switch: Already running
  jobs are still locked on the existing lock files, while jobs started
  after the system switch will acquire locks on freshly created files,
  not being blocked by the still running services.
  For this reason, locks are generated and managed at runtime in the
  shared state directory `/var/lib/locks/`.

nixos/security/acme: move locks to /run

also, move over permission and directory management to systemd-tmpfiles

nixos/security/acme: fix some linter remarks in my code

there are some remarks left for existing code, not touching that

nixos/security/acme: redesign script locking flow

- get rid of subshell
- provide function for wrapping scripts in a locked environment

nixos/acme: improve visibility of blocking on locks

nixos/acme: add smoke test for concurrency limitation

heavily inspired by m1cr0man

nixos/acme: release notes entry on new concurrency limits

nixos/acme: cleanup, clarifications
2023-09-09 20:13:18 +02:00
Janik
eda85eb31d
Merge pull request #251062 from ajs124/restic-wrapper-script 2023-09-09 19:11:33 +02:00
nicoo
8bb42ad1af nixos/hail: Remove module 2023-09-08 19:28:49 +00:00
rnhmjoj
5666a378cb
nixos/users-groups: rename passwordFile in hashedPasswordFile
This avoids the possible confusion with `passwordFile` being the file
version of `password`, while it should contain the password hash.

Fixes issue #165858.
2023-09-08 21:19:40 +02:00
pennae
6054951ae5
Merge pull request #253299 from pennae/jack-tools
jack-example-tools: init at 4
2023-09-08 15:23:25 +02:00
Edward Tjörnhammar
b8c871475a nixos/infiniband: add support for configurable guids 2023-09-07 19:59:33 +02:00
Kerstin Humm
fc67d297de nixos/mobilizon: add release notes 2023-09-07 08:59:40 +00:00
Lin Jian
ac4f5079f7 emacsPackages.mu4e: init at 1.10.7
This patch packages mu4e as an Emacs lisp package based on the mu4e
output of the multiple-output package mu, which makes mu4e a good
citizen of Emacs lisp packages in two aspects.

First, mu4e now utilizes the Emacs lisp package infrastructure in
Nixpkgs.  This allows users who want to do AOT native compilation for
non-default Emacs variants[0] to build only mu4e itself instead of the
whole mu package[1].

Second, mu4e now conforms to the Emacs builtin package manager[2].
Without this patch, mu4e autoloaded commands do not work
out-of-the-box[3] because its directory is added to load-path by
site-start.el after the initialization of package-directory-list,
which causes package-activate-all to not load mu4e-autoloads.el.  This
patch fixes this issue when mu4e is installed to Emacs using the
withPackages wrapper[4].

[0]: such as emacs-pgtk
[1]: mu.override { emacs = emacs-pgtk; }
[2]: package.el
[3]: either (require 'mu4e) or (require 'mu4e-autoloads) is needed to
be called before an autoloaded command is called
[4]: emacs-pgtk.pkgs.withPackages (epkgs: [ epkgs.mu4e ])
2023-09-06 16:27:13 +00:00
Weijia Wang
f9d1b02cde
Merge pull request #253510 from schmittlauch/cawbird-remove
cawbird: remove due to being broken and abandoned
2023-09-06 00:28:59 +02:00
Weijia Wang
8ba86153c6
Merge pull request #253391 from MrMebelMan/update/kratos_v1.0.0
kratos: 0.10.1 -> 1.0.0
2023-09-05 23:17:22 +02:00
Trolli Schmittlauch
af66f4fd2a cawbird: remove due to being broken and abandoned
-- dedicated to Larry the bird
2023-09-05 22:12:50 +02:00
Yaya
c04722cf0c rl-2311: Mention faulty GitLab database schema
GitLab instances created or updated between versions [15.11.0, 15.11.2]
have an incorrect database schema. [1] This will become a problem once
upgrading GitLab to >=16.2.0.

A workaround can be found in the GitLab docs: [2]

[1]: https://gitlab.com/gitlab-org/gitlab/-/issues/408835
[2]: https://docs.gitlab.com/ee/update/versions/gitlab_16_changes.html#undefined-column-error-upgrading-to-162-or-later
2023-09-05 13:46:44 +02:00
Vladyslav Burzakovskyy
d284477a2c kratos: 0.10.1 -> 1.0.0 2023-09-05 11:21:19 +02:00
pennae
6e56e31d38 release-notes: add note about jack2 losing its tools
let's spare anyone else using these the adventure of finding out why
their scripts broke and where the tools went.
2023-09-04 21:06:07 +02:00
rnhmjoj
b058de4ac8
nixos/release-notes: reword the Jool note 2023-09-04 18:47:05 +02:00
Mario Rodas
4f2c276497
Merge pull request #244093 from adamcstephens/lxd/vm
lxd: Add VM image and server support for QEMU VMs
2023-09-03 22:02:54 -05:00
pacien
12aaefa78d release-notes: add entry for new stalwart-mail module 2023-09-03 22:18:50 -04:00
Adam Stephens
efd1605be6
nixos/lxd: add virtual-machine support, image and module 2023-09-03 20:06:44 -04:00
Jonas Chevalier
9ace789629
Merge pull request #249103 from yaxitech/github-runner-v2.308.0
github-runner: 2.307.1 -> 2.308.0
2023-09-01 16:31:29 +02:00
Emery Hemingway
55c8f51af5 nixos/nncp: add caller and daemon services 2023-08-29 21:31:19 +01:00
Martin Weinelt
73c5a5a778
nixos/prometheus/unbound-exporter: update for new package
The command line interface changed slightly, but still supports the TCP
as well as the UDS control interface.
2023-08-28 23:21:52 +02:00
ajs124
dbb69f82c6 nixos/restic: add wrapper scripts that set parameters for backup
and use in test
2023-08-28 15:17:37 +02:00
Pol Dellaiera
df24943cc0
Merge pull request #249765 from NixOS/nixos/modules/honk-init
nixos/honk: init
2023-08-28 10:40:23 +02:00
Janne Heß
fd454fe4b6
Merge pull request #250316 from helsinki-systems/feat/stc-improve-mount-units
nixos/switch-to-configuration: Improve mount unit handling
2023-08-28 09:18:44 +02:00
Maciej Krüger
dc3f8728b9
release-notes: add networking.nftables.tables news 2023-08-28 00:40:14 +02:00