This is useful when the config doesn't entirely live in the Nix store,
but is configured to include mutable config files written at runtime.
Co-Authored-By: Puck Meerburg <puck@puck.moe>
This fixes a class of errors seen on aarch64 during coredns import where content was seen to be missing ("digest xxx not found") or "failed to get reader from content store" depending on which coredns version was being imported.
With the UMask set to 0023, the
mkdir -p command which creates the webroot
could end up unreadable if the web server
changes, as surfaced by the test suite in #114751
On top of this, the following commands
to chown the webroot + subdirectories was
mostly unnecessary. I stripped it back to
only fix the deepest part of the directory,
resolving #115976, and reintroduced a
human readable error message.
Reverted https://github.com/NixOS/nixpkgs/pull/115228 for kodi to avoid conflict.
It does not look like unzip would be used but not investigating now to speed up merge conflict resolution.
If `openFirewall = true`, but no `firewallFilter` is set, the evaluation
fails with the following error:
The option `services.prometheus.exporters.node.firewallFilter` is defined both null and
not null, in `/home/ma27/Projects/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix'
and `/home/ma27/Projects/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix'.
Originally introduced by me in #115185. The problem is that
`mkOptionDefault` has - as its name suggests - the same priority as the
default-value of the option `firewallFilter` and thus it conflicts if
this declaration and the actual default value are set which is the case
if `firewallFilter` isn't specified somewhere else.
In the latest release of mautrix-telegram not all secrets can be set
using environment variables (see https://github.com/tulir/mautrix-telegram/issues/584).
This change allows these secret values to be set without ending up in
the Nix store.
- Write a `mkDerivation` and `mkDerivationWith` function for gnuradio,
like qt5.
- qradiolink, gqrx: Use gnuradio's callPackage and mkDerivation.
- Use gnuradio.callPackage to define all gnuradio.pkgs.
- Move all gnuradio packages expressions to pkgs/development/gnuradio-modules/ -
modeled after Python's.
- Add more paths to gnuradio's wrapper - add the extra packages as
python modules, and add their executables with proper env vars
wrapping.
Co-authored-by: Frederik Rietdijk <fridh@fridh.nl>
Adding template overrides allows for custom behavior for specific
instances of a template. Previously, it was not possible to provide
bind mounts for systemd-nspawn. This change allows it.
This adds a new internal option, services.slurm.etcSlurm such
that other modules can access slurm's config files. This is
needed, for example, when a service wants to run a slurm command.
When using `buildLayeredImage`, it is not possible to specify an image
name of the form `<registry>/my/image`, although it is a valid name.
This is due to derivations under `buildLayeredImage` using that image
name as their derivation name, but slashes are not permitted in that
context.
A while ago, #13099 fixed that exact same problem in `buildImage` by
using `baseNameOf name` in derivation names instead of `name`. This
change does the same thing for `buildLayeredImage`.
This is a major rewrite of the Privoxy module:
- As per RFC0042, remove privoxy.extraConfig and replace it
with a privoxy.settings option, which maps a NixOS freeform
submodule to the Privoxy configuration format.
- Move all top-level options that mirrored a setting to
the real ones in privoxy.settings. This still keeps the
type-checking, default values and examples in places.
- Add two convenience options: userActions and userFilters, which
simplify the operation of creating a file with pkgs.writeText,
converting it to a string and adding it to the actionsfile/
filterfile list.
- Add a privoxy.inspectHttps option to automagically setup TLS
decryption support. I don't know how long have been waiting
for this feature: can't believe it has just happened.
- Also add a privoxy.certsLifetime to control the periodical
cleanup of the temporary certificates generate by Privoxy.
Currently, kernel config options whose value is "yes" always override
options whose value is "no".
This is not always desired.
Generally speaking, if someone defines an option to have the value
"no", presumably they are disabling the option for a reason, so it's
not always OK to silently enable it due to another, probably unrelated
reason.
For example, a user may want to reduce the kernel attack surface and
therefore may want to disable features that are being enabled in
common-config.nix.
In fact, common-config.nix was already silently enabling options that
were intended to be disabled in hardened/config.nix for security
reasons, such as INET_DIAG.
By eliminating the custom merge function, these config options will
now use the default module option merge functions which make sure
that all options with the highest priority have the same value.
A user that wishes to override an option defined in common-config.nix
can currently use mkForce or mkOverride to do so, e.g.:
BINFMT_MISC = mkForce (option no);
That said, this is not going to be necessary in the future, because
the plan is for kernel config options defined in nixpkgs to use a
lower priority by default, like it currently happens for other module
options.
