Commit Graph

35388 Commits

Author SHA1 Message Date
Raito Bezarius
f902c6a1b9 systemd: add release notes for v254
We add information for 23.11 regarding the v254 release.
This information may be modified before the actual release.
2023-09-13 12:03:48 +02:00
Raito Bezarius
97ee93da10 systemd: apply upstream patch for tmpfiles
This fixes notably the fact that /dev/zfs was not usable anymore as a user,
and potentially other things.

Tracked in systemd upstream under issue number 28653, 28765.
2023-09-13 12:02:41 +02:00
Raito Bezarius
79c3740ee5 nixos/console: use systemd-vconsole-setup.service from upstream for sd initrd
This fixes a bug where the vconsole was not working as intended in systemd stage 1 with systemd v254.

udev rules are now starting with this service instead of whatever happened before.
2023-09-13 12:02:40 +02:00
Raito Bezarius
fe6e299381 systemd: 253.5 -> 254-rc1
This is an early preparation for systemd v254 which causes some patch reflows
and EFI-related cleanups to their new build system with elf2efi, requiring pyelftools
as a Python packge.
2023-09-13 12:02:39 +02:00
Fabián Heredia Montiel
96593e98d8
Merge pull request #254759 from lelgenio/websockify-use-python3
nixos/websockify: use python3 websockify
2023-09-12 11:01:59 -05:00
Artturi
48a57a9884
Merge pull request #254480 from andersk/memtest86plus-name 2023-09-12 18:19:50 +03:00
Maciej Krüger
a48451da5b
Merge pull request #254208 from nbraud/eterm 2023-09-12 16:28:41 +02:00
Maciej Krüger
7163f125e5
Merge pull request #254149 from nbraud/noto-emoji 2023-09-12 16:27:58 +02:00
lelgenio
4f802070e5 nixos/websockify: use python3 websockify 2023-09-12 10:50:57 -03:00
nicoo
3222262ff1 nixos/bash: Drop workarounds for eterm 2023-09-12 13:10:41 +00:00
Maciej Krüger
a4dde5a1a9
Merge pull request #253334 from nbraud/nixos/terminfo 2023-09-12 14:46:08 +02:00
nicoo
c7423cd734 noto-fonts-emoji → noto-fonts-color-emoji
Clarify that the monochrome font is not included, per #221181.

The new name is also coherent with the name of the font,
according to `fontconfig`: Noto Color Emoji.
2023-09-12 12:38:07 +00:00
Martin Weinelt
651bacfe24
Merge pull request #251315 from mrVanDalo/fix/tts
nixos/tts: fix error messages read before text
2023-09-12 12:41:04 +02:00
Edward Tjörnhammar
9b95f21cdb nvidia,nixos/nvidia: add datacenter drivers compatible with default cudaPkgs
For NVLink topology systems we need fabricmanager. Fabricmanager itself is
dependent on the datacenter driver set and not the regular x11 ones, it is also
tightly tied to the driver version. Furhtermore the current cudaPackages
defaults to version 11.8, which corresponds to the 520 datacenter drivers.

Future improvement should be to switch the main nvidia datacenter driver version
on the `config.cudaVersion` since these are well known from:

> https://docs.nvidia.com/deploy/cuda-compatibility/index.html#use-the-right-compat-package

This adds nixos configuration options `hardware.nvidia.datacenter.enable` and
`hardware.nvidia.datacenter.settings` (the settings configure fabricmanager)

Other interesting external links related to this commit are:

* Fabricmanager download site:
    - https://developer.download.nvidia.com/compute/cuda/redist/fabricmanager/linux-x86_64/
* Data Center drivers:
    - https://www.nvidia.com/Download/driverResults.aspx/193711/en-us/

Implementation specific details:

* Fabricmanager is added as a passthru package, similar to settings and
  presistenced.
* Adds `use{Settings,Persistenced,Fabricmanager}` with defaults to preserve x11
  expressions.
* Utilizes mkMerge to split the `hardware.nvidia` module into three comment
  delimited sections:
    1. Common
    2. X11/xorg
    3. Data Center
* Uses asserts to make the configurations mutualy exclusive.

Notes:

* Data Center Drivers are `x86_64` only.
* Reuses the `nvidia_x11` attribute in nixpkgs on enable, e.g. doesn't change it
  to `nvidia_driver` and sets that to either `nvidia_x11` or `nvidia_dc`.
* Should have a helper function which is switched on `config.cudaVersion` like
  `selectHighestVersion` but rather `selectCudaCompatibleVersion`.
2023-09-12 07:17:33 +02:00
Mario Rodas
23e69f92c8
Merge pull request #254324 from marsam/update-postgis
postgresqlPackages.postgis: 3.3.3 -> 3.4.0
2023-09-12 00:15:32 -05:00
Anna Aurora
8a1734ec98 nixos/meme-bingo-web: init service 2023-09-12 02:45:58 +00:00
Maciej Krüger
78e149fba3
Merge pull request #244722 from mdlayher/mdl-dhcp 2023-09-11 21:12:56 +02:00
pennae
7343c13302
Merge pull request #254080 from rnhmjoj/pr-password
nixos/users-groups: rename passwordFile in hashedPasswordFile
2023-09-11 19:51:04 +02:00
datafoo
ade414b6c7 nixos/acme: rename option credentialsFile to environmentFile 2023-09-11 16:34:20 +00:00
datafoo
5f105f8778 nixos/acme: add option to set credential files
This is to leverage systemd credentials for variables suffixed by _FILE.
2023-09-11 16:34:20 +00:00
Maximilian Bosch
863598fdfc
Merge pull request #253427 from Yarny0/sshd-requiredrsasize
nixos/sshd: don't validate mock host key, permit `RequiredRSASize`
2023-09-11 17:40:23 +02:00
Lassulus
38e6d28575
Merge pull request #251323 from saserr/improve-healthchecks
healthchecks: add DB, DB_NAME and support for several _FILE options
2023-09-11 17:30:59 +02:00
mib
2e66f109ed nixos/pam: fix typo in fscrypt enable option
mkEnableOption prepends "Whether to enable" to text, so this became
"Whether to enable Enables fscrypt ..."
2023-09-11 12:06:39 +02:00
K900
a604b522be
Merge pull request #254429 from ctheune/fix-swraid-for-old-init
nixos/swraid: fix regression for old initrd and add test coverage
2023-09-11 09:11:10 +03:00
Artturi
4c22001bbf
Merge pull request #253973 from trofi/bcache-make-optional 2023-09-11 08:10:19 +03:00
Anderson Torres
77671b681c oroborus: remove
Because it is dead.
2023-09-11 01:56:45 +00:00
Anders Kaseorg
191dee486f nixos/systemd-boot: Fix Memtest86+ name.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2023-09-10 18:44:20 -07:00
Doron Behar
cfb7741028
Merge pull request #250501 from miallo/nixos-rebuild/list-generations
nixos-rebuild: Add list-generations
2023-09-10 16:20:14 +00:00
Christian Theune
0e1a8027d1 nixos/swraid: fix regression for old initrd and add test coverage 2023-09-10 17:16:33 +02:00
Florian Klink
688d95b6e6
Merge pull request #254056 from n8henrie/master
Include note about systemd default watchdog reboot time
2023-09-10 16:07:44 +02:00
Yorick
1443ffe21f
Merge pull request #246243 from yu-re-ka/electron-libexec
electron-bin: place electron files in libexec/
2023-09-10 15:43:56 +02:00
Christian Theune
7f341bb450 nixos/swraid: fix monitor service 2023-09-10 15:34:11 +02:00
Sergei Trofimovich
566e32dd42 nixos/bcache: add a boot.bcache.enable kill switch
My system does not use `bcache` and I sould prever my `systemPackages`
not to have bcache tools.

The change does not change the default but proviced usual `enable` knob.
2023-09-10 14:26:53 +01:00
Michael Lohmann
cc625486c4 nixos-rebuild: Add list-generations
Add new command `nixos-rebuild list-generations`. It will show an output
like

```
$ nixos-rebuild list-generations
Generation      Build-date               NixOS version           Kernel  Configuration Revision                    Specialisations
52   (current)  Fri 2023-08-18 08:17:27  23.11.20230817.0f46300  6.4.10  448160aeccf6a7184bd8a84290d527819f1c552c  *
51              Mon 2023-08-07 17:56:41  23.11.20230807.31b1eed  6.4.8   99ef480007ca51e3d440aa4fa6558178d63f9c42  *
```

This also mentions the change in the upcoming release notes
2023-09-10 15:13:04 +02:00
Nick Cao
a1635b3821
Merge pull request #249939 from erdnaxe/galene-fix
nixos/galene: do not restrict AF_NETLINK
2023-09-10 08:49:19 -04:00
Yureka
0ec0e829a5 rl-2311: add note about electron path change 2023-09-10 14:05:55 +02:00
K900
bf58d13eca
Merge pull request #254333 from amarshall/fix-networkd-reload
nixos/networkd: Fix incorrectly treating attrset as list
2023-09-10 12:48:16 +03:00
Pierre Bourdon
bfdf28becf
Merge pull request #251770 from robryk/suidwrapapparm
nixos/security/wrappers: simplifications and a fix for #98863 (respin of #199599)
2023-09-10 09:51:36 +02:00
Andrew Marshall
3f9cc71228 nixos/networkd: Fix incorrectly treating attrset as list
This reverses a [change made during PR review][1] that I did not sufficiently
test, causing [this error][2].

[1]: https://github.com/NixOS/nixpkgs/pull/249643#discussion_r1309151135
[2]: https://github.com/NixOS/nixpkgs/pull/249643#issuecomment-1712707336
2023-09-10 00:54:42 -04:00
Janik
27eedb5601
Merge pull request #246201 from n0emis/zigbee2mqtt-groups-file 2023-09-09 20:19:50 +02:00
Oliver Schmidt
e362fe9c6d security/acme: limit concurrent certificate generations
fixes #232505

Implements the new option `security.acme.maxConcurrentRenewals` to limit
the number of certificate generation (or renewal) jobs that can run in
parallel. This avoids overloading the system resources with many
certificates or running into acme registry rate limits and network
timeouts.

Architecture considerations:
- simplicity, lightweight: Concerns have been voiced about making this
  already rather complex module even more convoluted. Additionally,
  locking solutions shall not significantly increase performance and
  footprint of individual job runs.
  To accomodate these concerns, this solution is implemented purely in
  Nix, bash, and using the light-weight `flock` util. To reduce
  complexity, jobs are already assigned their lockfile slot at system
  build time instead of dynamic locking and retrying. This comes at the
  cost of not always maxing out the permitted concurrency at runtime.
- no stale locks: Limiting concurrency via locking mechanism is usually
  approached with semaphores. Unfortunately, both SysV as well as
  POSIX-Semaphores are *not* released when the process currently locking
  them is SIGKILLed. This poses the danger of stale locks staying around
  and certificate renewal being blocked from running altogether.
  `flock` locks though are released when the process holding the file
  descriptor of the lock file is KILLed or terminated.
- lockfile generation: Lock files could either be created at build time
  in the Nix store or at script runtime in a idempotent manner.
  While the latter would be simpler to achieve, we might exceed the number
  of permitted concurrent runs during a system switch: Already running
  jobs are still locked on the existing lock files, while jobs started
  after the system switch will acquire locks on freshly created files,
  not being blocked by the still running services.
  For this reason, locks are generated and managed at runtime in the
  shared state directory `/var/lib/locks/`.

nixos/security/acme: move locks to /run

also, move over permission and directory management to systemd-tmpfiles

nixos/security/acme: fix some linter remarks in my code

there are some remarks left for existing code, not touching that

nixos/security/acme: redesign script locking flow

- get rid of subshell
- provide function for wrapping scripts in a locked environment

nixos/acme: improve visibility of blocking on locks

nixos/acme: add smoke test for concurrency limitation

heavily inspired by m1cr0man

nixos/acme: release notes entry on new concurrency limits

nixos/acme: cleanup, clarifications
2023-09-09 20:13:18 +02:00
hexchen
15db31b2d9 nixos/decklink: init 2023-09-09 19:45:50 +02:00
Janik
1ffb4e592e
Merge pull request #249964 from ambroisie/woodpecker-improvements 2023-09-09 19:30:34 +02:00
ajs124
0a3aa06b53
Merge pull request #253739 from mweinelt/firefox-102-removal
firefox-esr-102-unwrapped: remove
2023-09-09 19:25:42 +02:00
Lassulus
b4f1091214
Merge pull request #252006 from ajs124/logrotate-extraParams 2023-09-09 19:12:20 +02:00
ajs124
f8df5ffdfe nixos/tt-rss: fix and significantly simplify database setup
the schema files referenced in the current preStart are empty.
other ones exist, but don't apply cleanly either.
calling update.php with --update-schema works for initial setup and
updates. if the database schema is already up to date, it's idempotent.
2023-09-09 19:11:54 +02:00
Janik
eda85eb31d
Merge pull request #251062 from ajs124/restic-wrapper-script 2023-09-09 19:11:33 +02:00
Lassulus
72160fbdc1
Merge pull request #251302 from Mic92/buildbot
nixos/buildbot: support reload, buildbot-www-react: init 3.9
2023-09-09 19:09:06 +02:00
Artturi
b3e16d6e10
Merge pull request #254166 from Artturin/fixthingy1 2023-09-09 19:56:02 +03:00
Yorick
df123af8b8
Merge pull request #248502 from kurnevsky/wstunnel
wstunnel: correct listen option
2023-09-09 18:45:45 +02:00