now nix-doc-munge will not introduce whitespace changes when it replaces
manpage references with the MD equivalent.
no change to the manpage, changes to the HTML manual are whitespace only.
Upstream XMonad was using our xmonad patch file for their flake build to
support our nixos module. This would of course break the build upstream
if the version we patched and their master branch diverged. We
[discussed] that it'd make sense to upstream the environment var code.
In the process it seemed sensible to rename the NIX_GHC variable as
well, since it isn't really Nix-specific – it's just a way to set the
GHC binary to execute. This change has been [implemented] upstream in an
unreleased version of xmonad now – meaning we'll be able to drop the
xmonad patch soon!
This also clarifies the situation in nixpkgs a bit: NIX_GHC is easy to
confuse with the environment variable used in the ghcWithPackages
wrapper where it is used to set an alternative prefix for a GHC-wrapper
for applications trying to discover it via e.g. ghc-paths. It is an
implementation detail in this context, as it is in the case of the
xmonad module. Since they are different implementations doing different
things, different names also make sense.
[discussed]: 36d5761b3e
[implemented]: 23f36d7e23
A larger number of bluetooth components were introduced in 2022.8.0. To
make them work we need to add a hardening exception, so they can
discover and use bluetooth devices.
make (almost) all links appear on only a single line, with no
unnecessary whitespace, using double quotes for attributes. this lets us
automatically convert them to markdown easily.
the few remaining links are extremely long link in a gnome module, we'll
come back to those at a later date.
we can't embed syntactic annotations of this kind in markdown code
blocks without yet another extension. replaceable is rare enough to make
this not much worth it, so we'll go with «thing» instead. the module
system already uses this format for its placeholder names in attrsOf
paths.
markdown can't represent the difference without another extension and
both the html manual and the manpage render them the same, so keeping the
distinction is not very useful on its own. with the distinction removed
we can automatically convert many options that use <code> tags to markdown.
the manpage remains unchanged, html manual does not render
differently (but class names on code tags do change from "code" to "literal").
our xslt already replaces double line breaks with a paragraph close and
reopen. not using explicit para tags lets nix-doc-munge convert more
descriptions losslessly.
only whitespace changes to generated documents, except for two
strongswan options gaining paragraph two breaks they arguably should've
had anyway.
Enabling soju without providing a value for tlsCertificate currently
results in:
error: The option `services.soju.tlsCertificate' is used but not
defined.
Since tlsCertificate is intended to be optional, set default to null.
Additionally, add assertions to ensure that both tlsCertificate and
tlsCertificateKey are either set or unset.
the conversion procedure is simple:
- find all things that look like options, ie calls to either `mkOption`
or `lib.mkOption` that take an attrset. remember the attrset as the
option
- for all options, find a `description` attribute who's value is not a
call to `mdDoc` or `lib.mdDoc`
- textually convert the entire value of the attribute to MD with a few
simple regexes (the set from mdize-module.sh)
- if the change produced a change in the manual output, discard
- if the change kept the manual unchanged, add some text to the
description to make sure we've actually found an option. if the
manual changes this time, keep the converted description
this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
Move the defaults to the `config` section of the module, and apply them
with mkDefault.
That way the defaults are merged with user-provided config, and are
merged without having to use lib.mkForce.
That way the `backupCleanupCommand` can also run when the backup service
failed for some reason.
Fixes: #182089.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
This change allows detecting configuration errors during
switch-to-configuration instead of them being reported asynchronously
*after* switch-to-configuration has exited.
(And update the NixOS test accordingly.)
If a host key file is a symlink pointing to an as of yet non-existent
file, we don't want to remove it, but instead follow the symlink and
create the file at that location.
See https://github.com/nix-community/impermanence/issues/101 for more
information on the issue the original behavior creates.
Setting `cgroup-driver=systemd` was originally necessary to match with
docker, else the kubelet would not start (#111835)
However, since then, docker support has been dropped from k3s (#177790).
As such, this option is much less necessary.
More importantly, it now seems to be actively causing issues. Due to an
upstream k3s bug, it's resulting in the kubelet and containerd having
different cgroup drivers, which seems to result in some difficult to
debug failure modes.
See
https://github.com/NixOS/nixpkgs/issues/181790#issuecomment-1188840862
for a description of this problem.
Removing this flag entirely seems reasonable to me, and it results in
k3s working again on my machine.
The group configuration parameter allow to share access to yggdrasil
control socket with the users in the system. In the version we propose,
it is null by default so that only root can access the control socket,
but let user create their own group if they need.
Remove User= durective in systemd unit. Should a user with the specified
name already exist in the system, it would be used silently instead of a
dynamic user which could be a security concern.
Since version 0.4 Yggdrasil works again using systemd's DynamicUser option.
This patch reenables it to improve security.
We tested this with both persistent and non-persistent keys. Everything
seems to work fine.
