Age | Commit message (Collapse) | Author |
|
stdenv: warn about use of inherited lib
|
|
By default, restic determines the location of the cache based on the XDG
base dir specification, which is `~/.cache/restic` when the environment
variable `$XDG_CACHE_HOME` isn't set.
As restic is executed as root by default, this resulted in the cache being
written to `/root/.cache/restic`, which is not quite right for a system
service and also meant, multiple backup services would use the same cache
directory - potentially causing issues with locking, data corruption,
etc.
The goal was to ensure, restic uses the correct cache location for a
system service - one cache per backup specification, using `/var/cache`
as the base directory for it.
systemd sets the environment variable `$CACHE_DIRECTORY` once
`CacheDirectory=` is defined, but restic doesn't change its behavior
based on the presence of this environment variable.
Instead, the specifier [1] `%C` can be used to point restic explicitly
towards the correct cache location using the `--cache-dir` argument.
Furthermore, the `CacheDirectoryMode=` was set to `0700`, as the default
of `0755` is far too open in this case, as the cache might contain
sensitive data.
[1] https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers
|
|
|
|
Since release 20.09 `rngd.enable` defaults to false, so this setting is redundant.
Also fix the `qemu-quest` section of the manual that incorrectly claimed
that `rngd` was enabled.
|
|
nixos/acme: Fixes for account creation and remove tmpfiles usage
|
|
OSS Emulation is considered incomplete so disabling it by default.
Using user level alsa-oss library (nix-env -iA nixos.alsaOss) over
this kernel module is recommended.
|
|
Turned the freetext suggestion about opening the build output
into a copy-pastable xdg-open line.
Renamed title to 'Contributing to this manual'.
|
|
Use mpi attribute consistently to provide a default MPI implementation
|
|
Second attempt of 8929989614589ee3acd070a6409b2b9700c92d65; see that
commit for details.
This reverts commit 0bc275e63423456d6deb650e146120c39c1e0723.
|
|
|
|
This is a stdenv-rebuild, and should not be merged
into master
This reverts commit 8929989614589ee3acd070a6409b2b9700c92d65.
|
|
lib: Clean up how linux and gcc config is specified
|
|
The `platform` field is pointless nesting: it's just stuff that happens
to be defined together, and that should be an implementation detail.
This instead makes `linux-kernel` and `gcc` top level fields in platform
configs. They join `rustc` there [all are optional], which was put there
and not in `platform` in anticipation of a change like this.
`linux-kernel.arch` in particular also becomes `linuxArch`, to match the
other `*Arch`es.
The next step after is this to combine the *specific* machines from
`lib.systems.platforms` with `lib.systems.examples`, keeping just the
"multiplatform" ones for defaulting.
|
|
nixos/libinput: separate settings by mouse/touchpad
|
|
|
|
rl-2003: mention grub 2.04 update
|
|
|
|
|
|
|
|
|
|
|
|
nixos/networking: make /etc/netgroup by default
|
|
nixos/uwsgi: run with capabilities instead of root
|
|
|
|
|
|
|
|
fish-foreign-env: remove alias to incompatible package
|
|
This will prevent nscd from complaining /etc/netgroup being absent.
Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
|
|
The fish-foreign-env and the fishPlugins.foreign-env packages aren't
compatible due to changes in directory layout.
It's better to remove the alias so that the evaluation explicitly fails
instead of allowing silent runtime breakage.
GitHub: see https://github.com/NixOS/nixpkgs/pull/107834#issuecomment-756995696
GitHub: see https://github.com/LnL7/nix-darwin/issues/269
GitHub: see https://github.com/nix-community/home-manager/issues/1701
GitHub: see https://github.com/nix-community/home-manager/issues/1702
|
|
Revert "nixos/gnome3: don't install epiphany default"
|
|
|
|
nixos/tor: improve type-checking and hardening
|
|
|
|
And relocate the installed fish functions to the `vendor_functions.d` so
that they're automatically loaded.
|
|
Enabling the profile can lead to hard-to-debug issues, which should be
warned about in addition to the cost in features and performance.
See https://github.com/NixOS/nixpkgs/issues/108262 for an example.
|
|
androidenv did not previously write license files, which caused certain
gradle-based Android tools to fail. Restructure androidenv's list of
Android packages into a single repo.json file to prevent duplication
and enable us to extract the EULA texts, which we then hash with
builtins.hashString to produce the license files that Android gradle
tools look for.
Remove includeDocs and lldbVersions, as these have been removed
from the Android package repositories.
Improve documentation and examples.
|
|
Fixes #77395.
Fixes #82790.
|
|
prometheus-json-exporter: unstable-2017-10-06 -> 0.2.0
|
|
* Content of `programlisting` shouldn't be indented, otherwise it's
weirdly indented in the output.
* Use `<xref linkend=.../>` in the release notes: then users can
directly go to the option documentation when reading release notes.
* Don't use docbook tags in `mkRemovedOptionModule`: it's only used
during evaluation where docbook isn't rendered.
|
|
|
|
|
|
|
|
This reverts commit f19b7b03a03b7f1d5beb44471eb9298de4b9e186, reversing
changes made to 572a864d024b0c91ac39133f35364362b2376c07.
Sorry. I pushed the wrong staging-next (the one that had my master
merged in). This was not intended.
|
|
|
|
There are two use case for this flag:
1. NixOS developer usually use a nixpkgs checkout for development.
Copying nixpkgs everytime when rebuilding NixOS is way to slow, even
with NVME disks.
2. Folks migrating from impure configuration in a sufficient complex
infrastructure need this flag to gradually migrate to NixOS flakes.
|
|
|
|
The instructions on recreating the cert were missing --what=state.
Also added a note on ensuring the group of manual certs is correct.
|
|
|
|
|
|
|