The required nginx configuration is now really simple, and e.g. SSL/ACME
already required the user to interact with `services.nginx.virtualHosts`.
Therefore, and to reduce complexity, we now leave the web server
configuration to the user.
this lets us *dis*able filesystem explicitly, as is required by e.g. the
zfs-less installer images. currently that specifically is only easily
possible by adding an overlay that stubs out `zfs`, with the obvious
side-effect of also removing tooling that could run without the kernel
module loaded.
...effectively what was planned already in #266270, but it was too late
because the branches were restricted and didn't allow any breaking
changes anymore.
It also suffers from the same issue that we already had when discussing
this the last time[1] when `ensureDBOwnership` was ultimately introduced
as band-aid fix: newly created users don't get CREATE permission on
the `public` schema anymore (since psql 15), even with `ALL PRIVILEGES`.
If one's use-case is more sophisticated than having a single owner, it's
questionable anyways if this module is the correct tool since
permissions aren't dropped on a change to this option or a removal which
is pretty surprising in the context of NixOS.
[1] https://github.com/NixOS/nixpkgs/pull/266270
The new format is based on the existing wrapper and generates an INI file with an unnamed global section at the top as is used by *stunnel* for instance.
Technically the INI format is a subset of this however testing, type checking, and API guarantees profit from two separate generators.
Co-authored-by: tim-tx <tim-tx@users.noreply.github.com>
Signed-off-by: benaryorg <binary@benary.org>
Exposes two options, `path` and `mode`, to configure the location and
permissions on the socket file.
The `mode` needs to be specified as string in octal and will be converted
into a decimal integer, so it correctly passes through the YAML parser
and arrives at the `os.chmod` call in the Twisted codebase. What a fun
detour.
Adds an assertion, that either `path` or `bind_addresses` and `port` are
configured on every listener.
Migrates the default replication listener of the main instance to a UNIX
domain socket, because it is more efficient.
Introduces the `enableRegistrationScript` option, to gracefully disable
the user registration script, when the client listener listens on a UNIX
domain socket, which is something the script does not support.
Currently there are a bunch of really wacky hacks required to get nixpkgs
path correctly set up under flake configs such that `nix run
nixpkgs#hello` and `nix run -f '<nixpkgs>' hello` hit the nixpkgs that
the system was built with. In particular you have to use specialArgs or
an anonymous module, and everyone has to include this hack in their
own configs.
We can do this for users automatically.
I have tested these manually with a basic config; I don't know if it is
even possible to write a nixos test for it since you can't really get a
string-with-context to yourself unless you are in a flake context.
The current build of livebook does not work with the new [Livebook
Teams](https://livebook.dev/teams/) features. The problem can be observed by
running the current version of livebook, adding a new team and going to the team
page. The process will crash and the team page will show a 500 error.
The base of the problem is that the escript build method is not officially
supported. This commit changes the livebook package to use the `mix release`
workflow, which is also the one used to build the official Docker container.
Unfortunately, the binary built with `mix release` does not support command line
arguments like the `escript` binary does. Instead, users need to pass in most of
the configuration as environment variables, as documented
[here](https://hexdocs.pm/livebook/readme.html#environment-variables). As a
result, this commit also changes the Livebook service to reflect this new way of
configuring Livebook.
Finally, the Livebook release configuration specifically excludes the
ERTS (Erlang Runtime System), which means that the resulting release cannot run
without Erlang installed.
I have tested the results (both of the package and the service) locally.
It is probably a good idea to talk about it and leave it to release editors to decide how they want to present this.
Hardware OPAL based is interesting for certain companies with compliance constraints.
There were several modules, critically including NetworkManager, which
were not prepared for this change. Most of the change was good,
however. Let's bring back the dependency and change the assertion to a
warning for now.
doc: add figure definition to bespoke syntax reference
doc: add example definition to bespoke syntax reference
doc: add footnote definition to beskpoke syntax reference
The usage of footnotes in the manuals is not the one documented
in markdown-it-py: https://python-markdown.github.io/extensions/footnotes/
doc: add inline comment definition to beskpoke syntax reference
doc: add typographic replacements to beskpoke syntax reference
doc: Fix rendering of bespoke syntax reference
doc: remove references to DocBook in the NixOS manual
doc: add entry on lack of HTML support
doc: Minor improvement
doc: update typographic replacements entry in beskpoke syntax reference
doc: add link reference definitions to beskpoke syntax reference
doc: fix footnote definition in beskpoke syntax reference
doc: Minor improvements from code review
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Previously we required network-online.target for multi-user.target. This
has made a lot of people very angry and has been widely regarded as a
bad move (or at least, very nonstandard):
15d761a525 (commitcomment-128564097)
This was done because of fragile tests and services declaring
dependencies on multi-user.target when they meant network-online.target.
Let's rip off the bandaid and fix our tests.
This is introduced and enabled by default because the config syntax for
the exporter changed with release 0.23.0.
This should make the breaking config change obvious before services are
deployed with an incompatible old config.
The check is based on the check present in the blackbox-exporter module.
Closes#169733
The issue is that Nextcloud fails to start up after a GC because the
symlink from `override.config.php` is stale.
I'm relatively certain that this is not a bug in the Nix GC - that
would've popped up somewhere else already in the past years - and one of
the reporters seems to confirm that: when they restarted
`nextcloud-setup.service` after the issue appeared, an
`override.config.php` pointing to a different hash was there.
This hints that on a deploy `nextcloud-setup` wasn't restarted properly
and thus replacing the symlink update was missed. This is relatively
hard to trigger due to the nature of the bug unfortunately (you usually
keep system generations for a few weeks and you'll need to change the
configuration - or stdenv - to get a different `override.config.php`),
so getting pointers from folks who are affected is rather complicated.
So I decided to work around this by using systemd-tmpfiles which a lot
of other modules already utilize for this use-case. Now,
`override.config.php` and the directory structure aren't created by
`nextcloud-setup`, but by `systemd-tmpfiles`.
With that, the structure is guaranteed to exist
* on boot, since tmpfiles are always created/applied then
* on config activation, since this is done before services are
(re)started which covers the case for new installations and existing
ones.
Also, the recursive `chgrp` was used as transition tool when we switched
from `nginx` as owning group to a dedicated `nextcloud` group[1][2], but
this was several releases ago, so I don't consider this relevant
anymore.
[1] fd9eb16b24
[2] ca916e8cb3
`beignet` saw no development since 2018 and was never ported from
`llvmPackages_6`. Is it's a library to support `OpenCL` on older GPUs
let's drop it from `nixpkgs`.
Conflicts:
pkgs/development/python-modules/dbt-core/default.nix
pkgs/development/python-modules/dbt-semantic-interfaces/default.nix
Still broken by pydantic 2 bump, though.
The executable file names for `firefox-devedition`, `firefox-beta`,
`firefox-esr` now matches their package names, which is consistent with
the`firefox-*-bin` packages.
The desktop entries are also updated
so that you can have multiple editions of firefox in your app launcher.
