| Age | Commit message (Collapse) | Author |
|---|
|
|
|
the conversion procedure is simple:
- find all things that look like options, ie calls to either `mkOption`
or `lib.mkOption` that take an attrset. remember the attrset as the
option
- for all options, find a `description` attribute who's value is not a
call to `mdDoc` or `lib.mdDoc`
- textually convert the entire value of the attribute to MD with a few
simple regexes (the set from mdize-module.sh)
- if the change produced a change in the manual output, discard
- if the change kept the manual unchanged, add some text to the
description to make sure we've actually found an option. if the
manual changes this time, keep the converted description
this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
|
|
|
|
This has been synonymous for ~5y.
|
|
|
|
Maximum password length per cjdns code is somehwhere less than that, see
https://github.com/cjdelisle/cjdns/blob/ecd01e7681d9b7a06d2673e49fcf9a76a580cb52/client/AdminClient.c#L80
Currently we generate 96 char long passwords that don't work
This changes it so password length is just 32 chars long
|
|
These were broken since 2016:
https://github.com/systemd/systemd/commit/f0367da7d1a61ad698a55d17b5c28ddce0dc265a
since StartLimitIntervalSec got moved into [Unit] from [Service].
StartLimitBurst has also been moved accordingly, so let's fix that one
too.
NixOS systems have been producing logs such as:
/nix/store/wf98r55aszi1bkmln1lvdbp7znsfr70i-unit-caddy.service/caddy.service:31:
Unknown key name 'StartLimitIntervalSec' in section 'Service', ignoring.
I have also removed some unnecessary duplication in units disabling
rate limiting since setting either interval or burst to zero disables it
(https://github.com/systemd/systemd/blob/ad16158c10dfc3258831a9ff2f1a988214f51653/src/basic/ratelimit.c#L16)
|
|
|
|
|
|
|
|
|
|
service failed to start because of MemoryDenyWriteExecute = true,
which seems not to work on i686
|
|
The service can run certain components with reduced privileges, but for
that it needs the setuid capability.
|
|
20e81f7c0d56e0b179115ca72a85b81ff637d909 prevented key generation in
`preStart`, leaving the service broken for the case where the user has
no pre-existing key.
Eventually, we ought to store the state elsewhere so that `/etc` can be
read-only but for now we fix this the easy way.
|
|
Enabling this incurs a heavy eval-time cost, but it's a nice usability
enhancement; satisfy both concerns by making it optional (default
false).
|
|
This reverts commit 60ded3f3632d221ca3f82a52392e155517880456.
We want to make this optional instead.
|
|
|
|
Generating IPv6 addresses at eval time required building cjdns.
Fix #20422
|
|
|
|
|
|
The old version would export two lists to a bash builder and do pairwise
processing on the bash side. In the new version we instead generate a
logic free builder on the Nix side. This is not only conceptually
simpler but reduces the amount of code and intermediate values.
|
|
`head -cNUM ... | tr -dc SET` might generate output containing fewer
than NUM characters. Given the limited alphabet, this could result in a
fairly weak passphrase. The construction `tr </dev/urandom | head
-cNUM`, however, is sure to give us the full `NUM`.
|
|
|
|
- types.string -> str, string is deprecated
- change type of confFile option to nullOr path, makes more sense
|
|
|
|
|
|
|
|
|
|
|
|
filter extraneous attributes from config modules
|
|
|
|
|
|
package installs to .../bin
fix service module to look in .../bin
Closes #4240
|
|
systemd service wants network-interfaces.target rather than network.target
assertion on config.networking.enableIPv6
|
|
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
|
|
build system is now nodejs based
new nixos module to start cjdns
|
