As described in https://github.com/NixOS/nixpkgs/pull/394017,
grafana-agent does not build with Go 1.23 anymore, and Go 1.22 has been
removed.
grafana-agent has been deprecated by Grafana (in favour of Grafana
Alloy), and will be EOL on 2025-11-01, which would be part of the
upcoming 25.05 release.
Instead of leaving us with a broken package, drop it alltogether, and
add release notes.
e-imzo: (fix, to be squashed) formatted accordingly using `nixfmt`
e-imzo: (fix, to be squashed) removed lib from options by @ FliegendeWurst
e-imzo: (fix, to be squashed) use lib.getExe as mainProgram is defined by @FliegendeWurst
e-imzo: (fix, to be squashed) formatted with `nixfmt-rfc-style` suggestion by @FliegendeWurst
Co-Authored-By: Arne Keller <arne.keller@posteo.de>
prefect: add dburl to worker
prefect: use same state directory
prefect: fix worker environment
prefect: create user
prefect: use datadir for sqlite url
prefect: make datadir writable
prefect: don't protect home
prefect fix sqlite url
prefect: fix state directory
prefect: user should not be systemuser
prefect: set to normal user
add prefect to systempackages
try user with same name
prefect use prefect_home
do not set database url
revert to dynamic user
prefect: add tests
prefect: fix port to string
By enabling this module, the jlink system group is created and udev
rules from the libjaylink package are enabled. Read-/Write access is
granted to the members of the jlink group and to seat sessions.
Signed-off-by: Felix Singer <felixsinger@posteo.net>
By enabling this module, the ftdi system group is created and udev
rules from the libftdi package are enabled. Read-/Write access is
granted to the members of the ftdi group and to seat sessions.
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Introduce the flashprog module. By enabling, its udev rules are applied
in addition to installing the package.
Signed-off-by: Felix Singer <felixsinger@posteo.net>
The mautrix-facebook project was deprecated as of 2 March 2024:
2ab4342c0d
The repository is archived, and it is now recommended to use
mautrix-meta.
Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
nixos/manual: add archtika module to 25.05 release notes
nixos/archtika: fix module formatting, add description and remove trailing whitespace
nixos/archtika: refactor module
nixos/archtika: refactor module
nixos/archtika: make SystemCallFilter addition for postgres systemd service
nixos/archtika: refactor module
nixos/archtika: grant only necessary authentication permissions to archtika db
This adds a simple hardened systemd-based module for g3proxy, a generic
purpose forward proxy.
Change-Id: I8c6e5d2cc8a9faa2aea8c5df3af56756ffed542d
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Co-authored-by: Elias Coppens <elias.coppens@ens.fr>
nixos/libeufin: init module
nixos/libeufin(nexus): init submodule
nixos/libeufin(nexus): refactor service
Also added state directory to allow the creation of client ebic keys.
nixos/libeufin: review suggestions
nixos/libeufin: fix nexus service executable
nixos/libeufin: add mkLibeufinModule
nixos/libeufin: fix dbinit service not starting for utils, cleanup
nixos/libeufin: use mkLibeufinModule for nexus
nixos/libeufin: use mkLibeufinModule for bank
nixos/libeufin: add initialAccounts, stateDir options
nixos/libeufin: refactor to make nexus work, cleanup
nixos/libeufin: refactor stateDir, only register accounts on init
nixos/libeufin: explicitly specify psql user
Sometimes the dbinit service fails to find the user.
nixos/libeufin: cleanup stateDir
nixos/libeufin: add openFirewall option; install package
feat: apply review suggestions
Co-authored-by: h7x4 <h7x4@nani.wtf>
style: format code
fix: evaluation errors
fix(libeufin): start main services after dbinit
The main services can start after their databases have been initialized,
it's just that the bank and nexus shouldn't do the initialization at the
same time.
refactor(libeufin): dbinit script
feat: add assertions, remove throw
chore: remove unused code
feat(libeufin): recfactor dbinit service
feat: move libeufin module to services/finance
refactor(libeufin): remove configFile option
refactor(libeufin): use environment.etc for config file
basic config set that makes the service at least start
add secmod helpers and taler-global runtime dir
support for includes
taler denominations
Only enable services if taler is enabled
fix wirewatch service name
use correct permissions for database schema
The current permissions don't work or aren't enough and cause the
wirewatch and closer services to fail.
nixos/libeufin: init module
libeufin: refactor module
libeufin: add main service
nixos/taler: configure settings using options
Works, but can be refactored further
taler: refactor settings options
trim settings defaults to the absolutely necessary ones
nixos/libeufin: refactor and move to separate dir
nixos/libeufin: set defaultText
nixos/libeufin: use getExe
nixos/libeufin-bank: move to own dir
nixos/libeufin: move libeufin related config into its own config file
nixos/libeufin/bank: extract dbinitServiceName into var
nixos/libeufin: move script to ExecStart
nixos/libeufin: fix config file name
nixos/taler: refactor config file
nixos/taler-exchange: grant delete to taler-exchange-aggregator
Would repeatedly attempt to delete in a table where it wasn't allowed to and
cause insane spam in the postgres log.
nixos/taler/exchange: move exchange-specific options to exchange
nixos/taler: move generic taler settings into taler system module
nixos/taler: import exchange in module-list.nix
nixos/taler-exchange: refactor services group name
nixos/taler-exchange: use taler-harness to generate coins
The taler-wallet-cli does not have the deployment subcommand anymore,
but the docs still say that it should be used to generate the keys.
For now, the keys should be generated with taler-harness.
nixos/taler-exchange: add option to enable accounts
nixos/taler: add missing descriptions
nixos/taler(exchange): add description & use getExe'
nixos/taler(merchant): init submodule
nixos/taler: use correct script for db access
nixos/taler: merchant add depositcheck path
nixos/taler: review suggestions
nixos/taler: make runtimeDir into an option, refactor
nixos/taler: init mkTalerModule
nixos/taler: use mkTalerModule for exchange
nixos/taler: exchange fixups
nixos/taler: use mkTalerModule for merchant
nixos/taler: improve how dbInit script is created
nixos/taler: remove exchange enableAccounts option
nixos/taler: explicitly specify psql user
Sometimes the dbinit service fails to find the user.
nixos/taler: add openFirewall option; install package
feat: add assertions, remove throw
feat(taler): use module system instead of functions
Also:
- remove throw from denominateConfig
- rename `utils.nix` to `common.nix`
feat(taler): refactor modules
feat: move taler module to services/finance
refactor(exchange): replace throw with assert
refactor(exchange,merchant): settings options
fix(taler): manpage URLs
fix(exchange): public key assert
refactor(taler): use configFile
feat(taler): include component configs directly
Makes services detect config changes better.
this should not result in any observable change by default, the
motivation is to make working on either one of these components in
isolation of the other a bit easier.
nm-file-secret agent is a small agent that can supply secrets of
connection profiles to NetworkManager by reading the contents of
preconfigured files.
These files could be supplied e.g. by nixos-sops or any other mechanism.
This allows users to simply enable support for all hardware by enabling the option `hardware.enableAllHardware`, instead of having to import `modules/profiles/all-hardware.nix`.
This is better, as the enableAllHardware option will be discoverable via search.nixos.org, while the `all-hardware.nix` is hidden inside nixpkgs and hard to discover.
Backward compatibility is provided by replacing the old `profiles/all-hardware.nix` with a file that sets the `enableAllHardware` option to true.
A new NixOS module that adds two new options to `system.build`:
- imageModules: An attrset mapping image variant names to a list of nixos
modules to use when building such images.
- images: An attrset mapping image variant names to a nixos instance
based on the current config plus variant-specific modules (see
`system.build.imageModules` above.
[buffyboard](https://gitlab.postmarketos.org/postmarketOS/buffybox/-/tree/master/buffyboard)
is the on-screen framebuffer keyboard provided by postmarketOS's
buffybox project.
enable this with `services.buffybox.enable = true;`: any additional
settings are strictly optional.
once enabled, tab to an unused TTY (e.g. Ctrl+Alt+F2) and use the
mouse/touchpad/touchscreen to use the virtual keyboard. may require
a manual `systemctl start buffybox` if enabled on an already-booted
device.
Co-authored-by: Luflosi <luflosi@luflosi.de>
Add an option for shell script fragments that are ran before switching
to a new NixOS system configuration (pre installation of bootloader or
system activation). Also add a new subcommand for
switch-to-configuration called "check" that will cause the program to
always exit after checks are ran.
This adds a `services.scx.enable` option to enable sched-ext schedulers.
Requires a kernel with sched-ext enabled (6.12+) or a kernel with the patchset.
requiredKernelConfigs are taken from https://cateee.net/lkddb/web-lkddb/SCHED_CLASS_EXT.html
