tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-17 05:05:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
752484 commits 212 branches 129 tags 15 GiB
Commit graph

2531 commits

Author SHA1 Message Date
Arian van Putten 587efe0fd0
Unbork journals audit logs and introduce audit option (#379629) 2025-02-10 12:09:32 +01:00
Arian van Putten ff78e34e0b services/journald: introduce audit option 
We default this option to null ; which is different
from upstream which defaults this to true.

Defaulting this to true leads to log-spam in /dev/kmesg
and thus in our opinion is a bad default https://github.com/systemd/systemd/issues/15324
 2025-02-07 15:58:19 +01:00
Arian van Putten 13b1062730 services/journald: re-enable systemd-journald-audit.socket 
This was broken due to https://github.com/systemd/systemd/pull/25687
but we never noticed.
 2025-02-07 14:14:53 +01:00
therainisme 0a12b8d03d
systemd: fix typo in boot.kernelParams (hierachy → hierarchy) 2025-02-07 12:06:23 +08:00
Jörg Thalheim b29c6f5a4a
stage-2-init: fix false positives for RO Nix store mounts (#375257) 2025-02-02 08:58:03 +07:00
Franz Pletz ca0a9a0ed6
nixos/grub: Remove > from submenu title, unbreak grub-reboot (#284987) 2025-01-29 09:23:46 +01:00
Wolfgang Walther b9ea481784
nixos/systemd-boot: replace substituteAll with replaceVarsWith 2025-01-28 22:30:26 +01:00
Peder Bergebakken Sundt fd60375c7a nixos/timesyncd: strip man: prefix from manpage links 2025-01-27 02:47:02 +01:00
Peder Bergebakken Sundt 75b2b7e946 nixos/*: undo manual linking to known manpage urls 
Made with:

jq <doc/manpage-urls.json 'to_entries[] | "rg -F \"[\(.key)](\(.value))\" nixos/ -l | xe sd -F \"[\(.key)](\(.value))\" \"{manpage}`\(.key)`\""' -r  | tr \" \' | bash -x

(requires ripgrep, sd and xe)
 2025-01-27 02:47:02 +01:00
Peder Bergebakken Sundt 953f72e76e nixos/*: tag manpage references 2025-01-27 02:47:01 +01:00
Morgan Jones 2f3a80c96f
stage-2-init: fix false positives for RO Nix store mounts 
We need to take the "top" mount instead of any mount, which is the last
line printed by findmnt. Additionally, make the regex more strict, so we
don't select mount options ending in ro (like `errors=remount-ro` from
ext4, or overlay paths ending in 'ro') and accidentally leave the Nix
store RW after boot.
 2025-01-20 00:27:18 -08:00
Yureka 3b6f658130
init-script-builder: fix build (#375160) 
Change-Id: I244160844aad5fcfcab323dd721cfd87e4b8ddc0
 2025-01-20 08:29:57 +01:00
nixpkgs-ci[bot] 31193d78d8
Merge master into staging-next 2025-01-16 18:04:20 +00:00
WilliButz bc5b78f993
nixos/systemd-tmpfiles: fix ordering of systemd-tmpfiles-setup-sysroot 
Prior to this change a service failure would occur when this tmpfiles
service did not finish fast enough and receive a SIGTERM from systemd.
Additionally, `initrd-nixos-activation` is already ordered with
`After=initrd-switch-root.target`.
 2025-01-15 15:43:36 +01:00
github-actions[bot] 74a6c68160
Merge master into staging-next 2025-01-12 18:04:11 +00:00
Christian Kögler 40932c9afa
nixos/luksroot: Check if the device was opened while reading password (#369627) 2025-01-12 14:25:08 +01:00
K900 914d17e050 nixos/boot/loader/generic-extlinux-compatible: fix eval on cross as well 2025-01-11 20:47:19 +03:00
K900 fbb4d057d1 nixos/boot/loader/generic-extlinux-compatible: fix eval 2025-01-11 20:42:58 +03:00
K900 350a060f1d Merge remote-tracking branch 'origin/master' into staging-next 2025-01-09 22:02:14 +03:00
Julien Malka 851f7fc119
nixos/clevis: do not use systemd-udev-settle (#372374) 2025-01-09 14:58:13 +01:00
rnhmjoj 2b19079b86
nixos/clevis: do not use systemd-udev-settle 
See https://github.com/NixOS/nixpkgs/issues/73095 for motivations.
In this case we can just use tpm2.target (available since systemd 256).
 2025-01-09 14:23:38 +01:00
github-actions[bot] ded5a5e552
Merge master into staging-next 2025-01-09 00:14:35 +00:00
Andreas Fuchs ad55e1a1ef Make systemd-resolved's config file a reload trigger 
It is documented to re-read its configuration file upon reload, so
we can simply reload it instead of restarting the whole daemon.
 2025-01-08 13:38:04 -05:00
Andreas Fuchs 0c5719fe0e Don't stop systemd-{networkd,resolved,udevd} on config switch 
These daemons should not be stopped, as they're foundational to a
proper functioning of the system. When switching configurations, they
only need a restart instead of that stop/start cycle.
 2025-01-08 13:05:27 -05:00
K900 9e51fd8b02 Merge remote-tracking branch 'origin/master' into staging-next 2025-01-06 21:13:31 +03:00
Will Fancher fd8696a178 nixos/systemd-stage-1: Fix FIDO2 udev rules 
Fixes #368856
 2025-01-06 11:41:39 -05:00
K900 1d9d206c4e Merge remote-tracking branch 'origin/staging-next' into staging 2025-01-05 00:25:30 +03:00
Will Fancher 15be453e9a
switch-to-configuration: Better handling of socket-activated units (#359724) 2025-01-04 11:51:21 -05:00
K900 936f4e016d Merge remote-tracking branch 'origin/staging-next' into staging 2025-01-02 19:21:56 +03:00
Julien Malka fa99ba3c13
nixos/systemd-boot: Don't write to /etc/machine-id (#347493) 2025-01-02 11:47:20 +01:00
github-actions[bot] d8e41027cf
Merge staging-next into staging 2024-12-31 12:05:50 +00:00
Christian Kögler 1c9a0c2c1b
nixos/networkd: add RequestAddress to network sectionDHCPv4 (#366864) 2024-12-31 11:22:15 +01:00
Vladimir Panteleev a5cc2d090e nixos/luksroot: Check if the device was opened while reading password 
Helps the following situation:

- SSH in initrd is enabled

- NixOS is waiting for a password to be typed at the console (or
  provided via cryptsetup-askpass)

- The user logs in via SSH, but instead of running cryptsetup-askpass,
  they run "cryptsetup open" directly (because they don't know that
  they need to use NixOS's cryptsetup-askpass script, or because they
  want to use a non-trivial unlocking method that is not natively
  supported by this module)

Currently, in the above situation, NixOS will keep waiting for a
password to be entered even though the device is already unlocked. If
a password is entered, it will print a confusing "already exists"
error and keep asking for the same password.

We can improve on this by simply checking if the device is already
unlocked in our read loop. In this case, we don't need to do anything
other than return from the function and continue booting.
 2024-12-31 09:21:25 +00:00
github-actions[bot] ec149a86e5
Merge staging-next into staging 2024-12-31 00:14:41 +00:00
Will Fancher 629c936fd2 nixos/plymouth: Respect plymouth.enable=0 in scripted stage 1 
Removing the splash param only causes plymouth to display console
output by default; it still runs. Systemd stage 1 respects this flag
due to unit conditions preventing plymouth from even running. So this
brings parity to scripted stage 1.
 2024-12-30 13:06:00 -05:00
K900 24c287ca64 Merge remote-tracking branch 'origin/staging-next' into staging 2024-12-26 10:09:36 +03:00
Franz Pletz 354e6458a9
nixos/networkd: add NetLabel & NFTSet options (#367615) 2024-12-26 04:15:11 +01:00
github-actions[bot] cf45abc720
Merge staging-next into staging 2024-12-24 06:05:30 +00:00
Will Fancher 08b6cf5430
(pkgs, nixos)/unl0kr - update to accomodate upstream changes (#362825) 2024-12-23 20:08:39 -05:00
hustlerone 66e4c2103d pkgs/unl0kr: superseded by pkgs.buffybox 
nixos/unl0kr: accomodate for the future
 2024-12-23 19:07:26 -05:00
Franz Pletz 18a943798a
nixos/networkd: add NetLabel & NFTSet options 2024-12-23 12:29:58 +01:00
K900 81932cf82a Merge remote-tracking branch 'origin/staging-next' into staging 2024-12-20 21:34:46 +03:00
Arne Keller e4e994e3fc
nixos/luksroot: Exit if EOF detected in cryptsetup-askpass (#298592) 2024-12-20 19:15:58 +01:00
FlafyDev 40086fb0ea nixos/networkd: add RequestAddress to network sectionDHCPv4 2024-12-20 18:22:47 +02:00
github-actions[bot] 3529967f0f
Merge staging-next into staging 2024-12-18 12:06:30 +00:00
Florian Klink b2e99477cd
nixos/systemd: don't require network-online.target for multi-user.taget v2 (#365809) 2024-12-18 09:52:38 +02:00
github-actions[bot] 74b55d7c5b
Merge staging-next into staging 2024-12-18 06:05:46 +00:00
Logan Attwood 6c324710e3 nixos/networkd: expose RapidCommit in DHCPv4 network unit section 
Disabling this option is required to obtain a DHCPv4 lease from
some old/misconfigured DHCP servers. This was already exposed for
DHCPv6.
 2024-12-18 01:03:54 -04:00
rnhmjoj 2370696dff
nixos/systemd: don't require network-online.target for multi-user.target v2 
This is another attempt at 62f30634 after the original change was reverted in
0d85bf0e because NetworkManager and other tests were broken.
 2024-12-16 18:12:47 +01:00
Wolfgang Walther e58e0c158e
various: replace substituteAll with replaceVarsWith 
This covers cases which need to use replaceVarsWith because the use
isExecutable = true.
 2024-12-15 13:35:30 +01:00