This commit introduces a new NixOS module `networking.getaddrinfo` to allow
declarative configuration of `/etc/gai.conf`, which controls address
selection behavior for `getaddrinfo(3)` as defined in RFC 3484 and
RFC 6724.
Partially revert #179194 which first filtered
`extraLocaleSettings.LANGUAGE`. Indeed this environment variable is
given precedence according to:
https://www.gnu.org/software/gettext/manual/html_node/Locale-Environment-Variables.html
So using it will simply make all other `extraLocaleSettings` be ignored
in practice, but the OS shouldn't ignore it when aggregating the locales
required in general, as this setup should still be legitimate, and it
may even be useful if you wish to set it by default and use `env -u
LANGUAGE` for some programs.
Previously, when adding a new user when at least two users already exist,
this new user was assigned the same subuid range as the second existing user.
This pulls in another instance of nixpkgs including glibc.
This is both not great from a evaluation perspective and a dependency
closure.
So let's remove this part from nixpkgs again and re-enable it, when we
have slimmed down the build according to `environment.ldso32 = mkIf
pkgs.stdenv.hostPlatform.isx86_64 (mkDefault stub-ld32);`
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:
nix-build ci -A fmt.check
This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).
This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).
Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).
If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
This makes it so that the getty units are only included if
`config.console.enable` is set to `true`. Previously, they would be
included, but disabled in that case, which is unnecessary.
Testing showed that the existing documentation regarding password override
ordering was incorrect. This commit corrects the errors and refactors
the way the text is constructed to make updating future ordering
changes significantly easier.
From hosts(5):
> For each host a single line should be present with the following
> information:
>
> IP_address canonical_hostname [aliases...]
With lines like "::1 localhost ahost.adomin ahost", we were saying
that the canonical name for "ahost" was "localhost", the opposite of a
canonical name. This is why a second loopback address (127.0.0.2) is
used for hostnames with IPv4 — if they were put after "localhost" on
the 127.0.0.1 line, the same thing would happen. With IPv6 we can't
do the same thing as there's only a single loopback address, so
instead the right thing to do is to simply not list the hostnames in
/etc/hosts, and rely on the myhostname NSS plugin, which will handle
this correctly.
(Note that the examples in hosts(5) also do not include IPv6 FQDN or
hostname entries.)
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
Before the error message only mentioned isSystemUser/isNormalUser which
lead to a confusing situation when setting isNormalUser and an uid like
500 which would generate an error like:
error:
Failed assertions:
- Exactly one of users.users.other.isSystemUser and users.users.other.isNormalUser must be set.
from which you cannot know that setting the uid to 500 *and* setting
isNormalUser is the actual problem.
With this patch the error looks like:
error:
Failed assertions:
- A user cannot have a users.users.fixme.uid set below 1000 and set users.users.fixme.isNormalUser.
Either users.users.fixme.isSystemUser must be set to true instead of users.users.fixme.isNormalUser
or users.users.fixme.uid must be changed to 1000 or above.
If `resolvconf` is invoked by a process not running with the resolvconf
group as primary group, other processes will run into trouble as files
or directories under /run/resolvconf won't have write permissions.
This ACL rule ensure that resolvconf files, include new files created by
any process, are always accessible by users of the resolvconf group.
This was suggested since it might make it a little easier to identify
the places where the definitions come from.
Retrieving the effective definitions from the module-system seems
non-trivial, especially for submodules though, hence only the values are
shown for now.
I'd argue that especially the `password` option are mostly a convenience
thing for test setups. If the password is an actual secret, it should be
treated as such, i.e. `hashedPasswordFile` should be used.
For the `shadow` VM test, the new section of the warning looks like
this:
The values of these options are:
* users.users."leo".hashedPassword: "$6$ymzs8WINZ5wGwQcV$VC2S0cQiX8NVukOLymysTPn4v1zJoJp3NGyhnqyv/dAf4NWZsBWYveQcj6gEJr4ZUjRBRjM0Pj1L8TCQ8hUUp0"
* users.users."leo".hashedPasswordFile: null
* users.users."leo".password: null
* users.users."leo".initialHashedPassword: "!"
* users.users."leo".initialPassword: null
systemd requires paths in `ReadWritePaths=` to exist before setting up
the service sandbox, so dhcpcd should be ordered after resolvconf.
Making resolvconf a oneshot service ensure `After=resolvconf.service`
works correctly.
Contour was broken for aarch64 in #253334, and completely broke
in #344788 for all platforms.
This removes the broken package, and adds a notice to remove broken
packages in the future. aarch64 users have waited a year for this to be
fixed, so I think we should lean to be more eager to remove in general,
and then the fix can come when it is ready, instead of letting it block
this.
Resolves: #258515
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
In preparation for the deprecation of `stdenv.isX`.
These shorthands are not conducive to cross-compilation because they
hide the platforms.
Darwin might get cross-compilation for which the continued usage of `stdenv.isDarwin` will get in the way
One example of why this is bad and especially affects compiler packages
https://www.github.com/NixOS/nixpkgs/pull/343059
There are too many files to go through manually but a treewide should
get users thinking when they see a `hostPlatform.isX` in a place where it
doesn't make sense.
```
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv.is" "stdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv'.is" "stdenv'.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "clangStdenv.is" "clangStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "gccStdenv.is" "gccStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenvNoCC.is" "stdenvNoCC.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "inherit (stdenv) is" "inherit (stdenv.hostPlatform) is"
fd --type f "\.nix" | xargs sd --fixed-strings "buildStdenv.is" "buildStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "effectiveStdenv.is" "effectiveStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "originalStdenv.is" "originalStdenv.hostPlatform.is"
```
A sed with nested double quotes is inserting malformed XML into /etc/fonts/fonts.conf, this commit put the sed command into single quotes to properly insert double quotes to enclose the XML attribute.
