This script would always "detect" the "powersave" governor as it is available on
practically all CPUs while the "ondemand" governor is only available on some old
CPUs.
IME the "powersave" governor barely provides any power savings but introduces
massive performance deficits, including noticable stuttering. This is not the
default experience we should offer users, even for those who use laptops.
Use the kernel default (currently "performance", CPU makers may change it in
future) instead.
This adds a NixOS module for Soft Serve, a tasty, self-hostable Git
server for the command line. The module has a test that checks some
basic things like creating users, creating a repo and cloning it.
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
Now that we have a QMP client, we can wire it up in the test driver.
For now, it is almost completely useless because of the need of a constant "event loop", especially
for event listening.
In the next commits, we will slowly enable more and more usecases.
Add jitterentropy-rngd, a tool similar to rng-tools.
While not necessarily needed, it is useful for those
who want to strengthen their kernel entropy input pool
by periodic insertion of an independent source.
The entropy source is a NIST SP800-90B compliant
non-physical true RNG source on most systems.
See the jitterentropy documentation for details
(http://chronox.de/jent/doc/CPU-Jitter-NPTRNG.pdf).
Signed-off-by: Markus Theil <theil.markus@gmail.com>
The `AUTOFS4_FS` name appears to be a legacy naming stub:
>Ok, I ran the script, and also decided that we might as well remove
>the AUTOFS4 legacy naming stub entry by now.
>
>It has been five years, and people will have either picked up the new
>name with 'make oldconfig', or they just don't use 'make oldconfig' at
>all.
https://lore.kernel.org/lkml/CAHk-=wgK9-Tx4BxYMrc0pg==mcaz3cjWF6-CBwVpM_BZAmf4JQ@mail.gmail.com/#r
That has been remove in 6.6 kernel and results in a failure:
```
error:
Failed assertions:
- CONFIG_AUTOFS4_FS is not enabled!
```
Signed-off-by: Jakub Sokołowski <jakub@status.im>
- Removal of top-level `with lib`
- Allow usage of module without setting `platformTheme`, so we can set
the QT_PLUGIN_PATH/QML2_IMPORT_PATH paths without theming
- Add support for kvantum and some other styles
- Add myself as maintainer
Allow reloading the webserver, which is useful when e.g there are new
certificates available that we want lighttpd to use, but don't want to
completely shut down the server.
There's no reason to do this in initrd. Partitions can be resized online.
We just have to make sure it happens before we resize the file system.
This also makes grow-partition work with systemd-initrd
It's time again, I guess :>
Main motivation is to stop being pinged about software that I maintained
for work now that I'm about to switch jobs. There's no point in pinging
me to review/test updates or to debug issues in e.g. the Atlassian stack
or on mailman since I use neither personally.
But there's also a bunch of other stuff that I stopped using personally. While
at it I realized that I'm still maintainer of a few tests & modules related to
packages I stopped maintaining in the past already.
In my case I'd like to be able to add `-m last` to `cage` to make sure
that the login form from regreet isn't displayed half on my external
monitor and half on my laptop screen, but on the last connected monitor
only.
That's basically the issue described in #226586, though it's not a
proper fix since the login form is shown on one monitor only.
- Remove lots of declared options that were not used outside of being
included in settings. These should now be used through the freeform
module.
- Deprecate `cfg.workDir`, in favor of using systemds `StateDirectory`
- Use sqlite as default database.
Co-authored-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
The networkd backend logic for setting DHCP= on an interface is bugged
and inconsistent with the scripted logic. Consider this simple NixOS
configuration:
{
networking.useNetworkd = true;
networking.interfaces.eth0.wakeOnLan.enable = true;
}
The default value of networking.useDHCP is true, so we expect our eth0
interface to have DHCP enabled. With the scripted backend, this works.
But the networkd backend generates the following 40-eth0.network file:
[Match]
Name=eth0
[Network]
DHCP=no
IPv6PrivacyExtensions=kernel
This is happening because the wakeOnLan configuration creates a key in
networking.interfaces, and the networkd backend erroneously checks that
instead of for explicitly configured IP addresses as in the scripted
backend. The documentation is also inconsistent across various options.
This change aligns the networkd backend and option documentation to the
actual behavior of the scripted backend, and updates a test to account
for this behavior for both backends.
I noticed that openvpn3 is been clobbering my `/etc/resolv.conf` file. I
dug around a bit, and it turns out that upstream actually does have
support for systemd-resolved. I think it makes sense for us to
automatically enable that feature if the system is configured to use
systemd-resolved.
I opted to not change the default behavior of `pkgs.openvpn3`, but can
easily be convinced to change that if folks think I should.
With those settings starting dex crashed with:
Oct 03 21:37:51 hydrogen (tart-pre)[11048]: dex.service: Failed to set up mount namespacing: /run/systemd/mount-rootfs/sys/fs/cgroup/system.slice/dex.service/memory.pressure: No such file or directory
Oct 03 21:37:51 hydrogen (tart-pre)[11048]: dex.service: Failed at step NAMESPACE spawning /nix/store/q8clp1lm8jznxf9330jd8cwc6mdy6glz-dex-start-pre: No such file or directory
without this
```
nix-repl> nixosTests.xfce.nodes.machine.services.xserver.xkb
error: The option 'nodes.machine.services.xserver.xkb' is used but not defined.
```
with this
```
nix-repl> nixosTests.xfce.nodes.machine.services.xserver.xkb
{ dir = "/nix/store/096yg7fc67py86w0bm6g7a32npgyh5ic-xkeyboard-config-2.39/etc/X11/xkb"; layout = "us"; model = "pc104"; options = "terminate:ctrl_alt_bksp"; variant = ""; }
```
I chose not to do nixos.{config, options} because that would make it
look too much like a configuration object, which it is not.
A configuration object I would define as for example the result of
calling NixOS, an attrset with `_type = "configuration";`.
Recreating a configuration object without evalModules is quite
feasible but not guaranteed to be correct, and not maintainable.
This commit makes auto-restarting declarative containers optional.
This is useful when you don't want changes to your config to automatically
restart the container and thus stop any applications running inside it.
[Motivation](https://github.com/NixOS/nixpkgs/issues/257817#issuecomment-1741705042):
- Having all the XKB options in the same attribute set clarifies their
relation better than using a common option name prefix ("xkb").
- `services.xserver.layout` is an XKB option, but this is not obvious
from its name. Putting it with the other XKB options clarifies this.
Co-authored-by: Michele Guerini Rocco <rnhmjoj@users.noreply.github.com>
Makes it possible to override properties of a rule by name. Introduces
an 'order' field that can be overridden to change the sequence of rules.
For now, the order value for each built-in rule is derived from its
place in the hardcoded list of rules.
Adds easily overrideable settings for the most common PAM argument
styles. These are:
- Flag (e.g. "use_first_pass"): rendered for true boolean values. false
values are ignored.
- Key-value (e.g. "action=validate"): rendered for non-null, non-boolean
values.
Most PAM arguments can be configured this way. Others can still be
configured with the 'args' option.
This reverts commit 80665d606a.
Parsing the package version broke our systemd-boot builder test.
i.e. it won't be able to parse systemd-boot efi binaries coming from
ubuntu
We no longer use the faulty systemd-boot version so this code should no
longer be needed.
For some time now the attrset returned by `evalModules` has
`type = "configuration"`.
This is a clean refactor because the name is not exposed.
(never is for simple lambda)
Add new test to check if kubo.passthru.repoVersion is set correctly.
Also split the existing NixOS VM test into two independent parts. The test already used two independent VMs but just one testScript. This made experimenting with just one of the two VMs slower than it needed to be. It should also increase parallelism slightly since both test scripts can now run at the same time.
PIE causes problems with static binaries on ARM (see 76552e9). It is
enabled by default on other platforms anyway when musl is used, so we
don't need to specify it manually.
These names are internal identifiers. They will be used as keys so that
users can reconfigure rules by merging a rule config with the same name.
The name is arbitrary. The built-in rules are named after the PAM where
practical.
Eliminates a redundancy between the 'rules' suboptions and the type
specified in each rule.
We eventually want to give each rule a name so that we can merge config
overrides. The PAM name is a natural choice for rule name, but a PAM is
often used in multiple rule types. Organizing rules by type and rule
name avoids name collisions.
When listening on unix sockets, it doesn't make sense to specify a port
for nginx's listen directive.
Since nginx defaults to port 80 when the port isn't specified (but the
address is), we can change the default for the option to null as well
without changing any behaviour.
This was causing the following warning before when building the manual:
warning: literalExample is deprecated, use literalExpression instead, or use literalMD for a non-Nix description.
Rather than using `literalExpression`, nothing is used. This option
expects a string and the example is a string, no special handling
required. Both `literalExample` from the docbook ages and
`literalExpression` now are only required if the example is
a Nix expression rather than a value of the option's type.
Right now there's no trivial way to override parts of synapse's log
config such as the log-level because the only thing that's changeable is
the path to the log-file used by synapse and its workers.
Now, there's a new option called `services.matrix-synapse.log`
which contains the default log config as Nix attribute-set (except
`handlers.journal.SYSLOG_IDENTIFIER`). It has default priority, so new
things can be added like
services.matrix-synapse.log = {
my.extra.field = 23;
}
without discarding the rest. If desired, this can still be done via
`lib.mkForce`.
If the log configuration for a single worker or synapse, but not all
workers should be changed, `services.matrix-synapse.settings.log_config`
or `services.matrix-synapse.workers._name_.worker_log_config`
can be used.
Closes#236062
The PR #236062 was submitted because of the following problem: a synapse
instance was running in a NixOS container attached to the host network
and a postgresql instance on the host as database. In this setup,
synapse connected to its DB via 127.0.0.1, but the DB wasn't locally set
up and thus not configured in NixOS (i.e.
`config.services.postgresql.enable` was `false`). This caused the
assertion removed in this patch to fail.
Over three years ago this assertion was introduced when this module
stopped doing autoconfiguration of postgresql entirely[1] because a
breaking change in synapse couldn't be managed via an auto-upgrade on
our side. To make sure people don't deploy their DB away by accident,
this assertion was introduced.
Nowadays this doesn't serve any value anymore because people with
existing instances should've upgraded by now (otherwise it's their job
to carefully read the release notes when missing upgrades for
several years) and people deploying fresh instances are instructed by
the docs to also configure postgresql[2].
Instead, it only causes issues in corner cases like #236062, so after
some discussion in that PR I think it's time to remove the assertion
altogether.
Also, there's no `Requires=` for `postgresql.service` in the systemd
units which means that it's not strictly guaranteed that the DB is up
when synapse starts up. This is fixed now by adding `requires`. To avoid
being bitten by above mentioned cases again, this only happens if
`config.services.postgresql.enable` is `true`.
If somebody uses a non-local postgresql, but has also deployed a local
postgresql instance on the synapse server (rather unlikely IMHO), it's
their job to opt out of this behavior with `mkForce` (this is precisely one
of the use-cases `mkForce` and friends were built for IMHO).
[1] https://github.com/NixOS/nixpkgs/pull/80447
[2] https://nixos.org/manual/nixos/stable/#module-services-matrix-synapse
First of all, a few cleanups were made to make it more readable:
* Reordered the sections by their priority so what you're reading in Nix
is also what you get in the final nginx.conf.
* Unified media/asset locations
Most notably, this fixes the
Your web server is not properly set up to resolve "/ocm-provider/".
warning since 27.1.2 where `ocm-provider` was moved from a static
directory in the source tarball to a dynamic HTTP route[1].
Additionally, the following things were fixed:
* The 404 checks for build/tests/etc. are now guaranteed to be before
the `.php` location match and it's not implicitly relied upon Nix's
internal attribute sorting anymore.
* `.wasm` files are supported properly and a correct `Content-Type` is
set.
* For "legacy" routes (e.g. `ocs-provider`/`cron`/etc) a `rewrite` rule
inside the location for fastcgi is used as recommended by upstream[2].
This also makes it easier to understand the purpose of the location
itself (i.e. use fastcgi for PHP code).
[1] https://github.com/nextcloud/documentation/pull/11179
[2] https://docs.nextcloud.com/server/27/admin_manual/installation/nginx.html
Currently, when setting a custom media_store_path, which lies outside of
cfg.dataDir, the current ReadWritePaths make it so that Synapse can't
access the media_store_path. So add the media_store_path to
ReadWritePaths to fix that.
- run conf-check iff keyFiles == [] (like in 23.05; this was my bug)
- support extraConfig + keyFiles
- but warning will still be shown if extraConfig is used,
and it might be slightly confusing
