diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2009.xml | 35 | ||||
-rw-r--r-- | nixos/modules/security/pam.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/snapper.nix | 10 | ||||
-rw-r--r-- | nixos/modules/services/misc/ssm-agent.nix | 23 | ||||
-rw-r--r-- | nixos/modules/services/x11/display-managers/default.nix | 7 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 8 |
6 files changed, 76 insertions, 9 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 8135bb562c84..72e77ad76e11 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -66,6 +66,12 @@ </listitem> <listitem> <para> + Python 3.5 has reached its upstream EOL at the end of September 2020: it + has been removed from the list of available packages. + </para> + </listitem> + <listitem> + <para> Two new options, <link linkend="opt-services.openssh.authorizedKeysCommand">authorizedKeysCommand</link> and <link linkend="opt-services.openssh.authorizedKeysCommandUser">authorizedKeysCommandUser</link>, have been added to the <literal>openssh</literal> module. If you have <literal>AuthorizedKeysCommand</literal> @@ -605,8 +611,8 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; <listitem> <para> In addition to the hostname, the fully qualified domain name (FQDN), - which consists of <literal>${cfg.hostName}</literal> and - <literal>${cfg.domain}</literal> is now added to + which consists of <literal>${networking.hostName}</literal> and + <literal>${networking.domain}</literal> is now added to <literal>/etc/hosts</literal>, to allow local FQDN resolution, as used by the <literal>hostname --fqdn</literal> command and other applications that try to determine the FQDN. These new entries take precedence over entries @@ -626,6 +632,10 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; or digit, and have as interior characters only letters, digits, and hyphen. The maximum length is 63 characters. Additionally it is recommended to only use lower-case characters. + If (e.g. for legacy reasons) a FQDN is required as the Linux kernel network node hostname + (<literal>uname --nodename</literal>) the option + <literal>boot.kernel.sysctl."kernel.hostname"</literal> + can be used as a workaround (but be aware of the 64 character limit). </para> </listitem> <listitem> @@ -1132,8 +1142,10 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0"; </listitem> <listitem> <para> - The <literal>fontconfig</literal> module stopped generating fontconfig 2.10.x config and cache. - Fontconfig 2.10.x was removed from Nixpkgs - it hasn't been used in any nixpkgs package anymore. + The <literal>fontconfig</literal> module stopped generating config and cache files for fontconfig 2.10.x, the <filename>/etc/fonts/fonts.conf</filename> now belongs to the latest fontconfig, just like on other Linux distributions, and we will <link xlink:href="https://github.com/NixOS/nixpkgs/pull/95358">no longer</link> be versioning the config directories. + </para> + <para> + Fontconfig 2.10.x was removed from Nixpkgs since it hasn’t been used in any Nixpkgs package for years now. </para> </listitem> <listitem> @@ -1223,5 +1235,20 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0"; </para> </listitem> </itemizedlist> + <itemizedlist> + <listitem> + <para> + For AMD GPUs, Vulkan can now be used by adding <literal>amdvlk</literal> + to <literal>hardware.opengl.extraPackages</literal>. + </para> + </listitem> + <listitem> + <para> + Similarly, still for AMD GPUs, the ROCm OpenCL stack can now be used by adding + <literal>rocm-opencl-icd</literal> to + <literal>hardware.opengl.extraPackages</literal>. + </para> + </listitem> + </itemizedlist> </section> </section> diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 40bec8d07916..a20d0a243a8e 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -653,7 +653,7 @@ in xlink:href="https://developers.yubico.com/pam-u2f/">here</link>. ''; }; - + appId = mkOption { default = null; type = with types; nullOr str; diff --git a/nixos/modules/services/misc/snapper.nix b/nixos/modules/services/misc/snapper.nix index 6f3aaa973a04..3560d08520b7 100644 --- a/nixos/modules/services/misc/snapper.nix +++ b/nixos/modules/services/misc/snapper.nix @@ -121,6 +121,16 @@ in services.dbus.packages = [ pkgs.snapper ]; + systemd.services.snapperd = { + description = "DBus interface for snapper"; + inherit documentation; + serviceConfig = { + Type = "dbus"; + BusName = "org.opensuse.Snapper"; + ExecStart = "${pkgs.snapper}/bin/snapperd"; + }; + }; + systemd.services.snapper-timeline = { description = "Timeline of Snapper Snapshots"; inherit documentation; diff --git a/nixos/modules/services/misc/ssm-agent.nix b/nixos/modules/services/misc/ssm-agent.nix index 00e806695fd5..e50b07e0b862 100644 --- a/nixos/modules/services/misc/ssm-agent.nix +++ b/nixos/modules/services/misc/ssm-agent.nix @@ -29,8 +29,6 @@ in { config = mkIf cfg.enable { systemd.services.ssm-agent = { - users.extraUsers.ssm-user = {}; - inherit (cfg.package.meta) description; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -43,5 +41,26 @@ in { RestartSec = "15min"; }; }; + + # Add user that Session Manager needs, and give it sudo. + # This is consistent with Amazon Linux 2 images. + security.sudo.extraRules = [ + { + users = [ "ssm-user" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + # On Amazon Linux 2 images, the ssm-user user is pretty much a + # normal user with its own group. We do the same. + users.groups.ssm-user = {}; + users.users.ssm-user = { + isNormalUser = true; + group = "ssm-user"; + }; }; } diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 568aeaceef75..ed9c652fc4c9 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -474,6 +474,13 @@ in ) [dms wms] ); + + # Make xsessions and wayland sessions installed at + # /run/current-system/sw/share as some programs + # have behavior that depends on them being installed + environment.systemPackages = [ + cfg.displayManager.sessionData.desktops + ]; }; imports = [ diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index d369aab54571..e5bd57753683 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -391,6 +391,10 @@ in end with a letter or digit, and have as interior characters only letters, digits, and hyphen. The maximum length is 63 characters. Additionally it is recommended to only use lower-case characters. + If (e.g. for legacy reasons) a FQDN is required as the Linux kernel + network node hostname (uname --nodename) the option + boot.kernel.sysctl."kernel.hostname" can be used as a workaround (but + the 64 character limit still applies). ''; }; @@ -470,7 +474,7 @@ in networking.search = mkOption { default = []; - example = [ "example.com" "local.domain" ]; + example = [ "example.com" "home.arpa" ]; type = types.listOf types.str; description = '' The list of search paths used when resolving domain names. @@ -479,7 +483,7 @@ in networking.domain = mkOption { default = null; - example = "home"; + example = "home.arpa"; type = types.nullOr types.str; description = '' The domain. It can be left empty if it is auto-detected through DHCP. |