History

emilylange 694db856ed nixos/forgejo: refactor secrets, add `cfg.secrets` This is not a breaking change. Existing setups continue to work as-is. Users of `cfg.mailerPasswordFile` will get an option rename/deprecation warning, but that's it (assuming there is no regression). This adds `cfg.secrets`, which is a wrapper over systemd's `LoadCredential=` leveraging Forgejo's `environment-to-ini`. `environment-to-ini` is intended for configuring Forgejo in OCI containers. It requires some fairly annoying escaping of the section names to fit into the allowed environment variable charset. E.g. `"log.console".COLORIZE = false` becomes `FORGEJO__LOG_0x2E_CONSOLE__COLORIZE=false`. - `.` needs to be replaced with `_0X2E_` and - `-` needs to be replaced with `_0X2D_` Those are simply the hex representation of each char from an ASCII table: . = ASCII 46 = 46 (decimal) = 2E (hex) = 0x2E = _OX2E_ To make interacting with `environment-to-ini` less annoying, we template and escape the sections/keys in nix: `cfg.secrets` takes the same free-form sections/keys as `cfg.settings`. Meaning there is now a generalized abstraction for all keys, not just those that have been manually implemented in the past. It goes as far as theoretically allowing one to have `DEFAULT.APP_NAME` read from a secret file. I don't know why one would want to do that, but it has been made possible by this :^) More reasonable examples are listed in the `cfg.secrets` option example. We also continue to bootstrap a handful of secrets like `security.SECRET_KEY`. This is done is a sort of sidecar bootstrap unit fittingly called `forgejo-secrets.service`. Overriding those is, just like before, not really intended and requires the use of `lib.mkForce` and might lead to breakage. But it is, in a way, more possible than before.		2024-06-05 00:45:59 +02:00
..
doc/manual	Merge pull request #309121 from jlbribeiro/pkgs/zx-8.0.2	2024-06-05 06:07:55 +10:00
lib	Merge pull request #312472 from Ma27/networkd-option-rename	2024-05-30 04:06:01 +02:00
maintainers	Merge pull request #316162 from adamcstephens/lxd/vm-cfg-rw	2024-06-04 00:16:12 -04:00
modules	nixos/forgejo: refactor secrets, add `cfg.secrets`	2024-06-05 00:45:59 +02:00
tests	Merge pull request #316248 from shivaraj-bh/open-webui	2024-06-04 15:47:03 +02:00
COPYING
default.nix
README.md	Release NixOS 24.05	2024-05-31 20:17:44 +02:00
release-combined.nix	nixos/release-combined: add `nixosTests.nix-misc` to blockers	2024-05-30 21:00:12 +03:00
release-small.nix	nixos-small: fix eval	2024-06-04 14:07:11 +02:00
release.nix	treewide: rename renamed sddm/displayManager settings	2024-04-08 21:56:38 +02:00

README.md

NixOS

NixOS is a Linux distribution based on the purely functional package management system Nix. More information can be found at https://nixos.org/nixos and in the manual in doc/manual.

Testing changes

You can add new module to your NixOS configuration file (usually it’s /etc/nixos/configuration.nix). And do sudo nixos-rebuild test -I nixpkgs=<path to your local nixpkgs folder> --fast.

Commit conventions

Make sure you read about the commit conventions common to Nixpkgs as a whole.
Format the commit messages in the following way:
```
nixos/(module): (init module | add setting | refactor | etc)

(Motivation for change. Link to release notes. Additional information.)
```
Examples:
- nixos/hydra: add bazBaz option
  
  Dual baz behavior is needed to do foo.
- nixos/nginx: refactor config generation
  
  The old config generation system used impure shell scripts and could break in specific circumstances (see #1234).

Reviewing contributions

When changing the bootloader installation process, extra care must be taken. Grub installations cannot be rolled back, hence changes may break people’s installations forever. For any non-trivial change to the bootloader please file a PR asking for review, especially from @edolstra.

Module updates

Module updates are submissions changing modules in some ways. These often contains changes to the options or introduce new options.

Reviewing process:

Ensure that the module maintainers are notified.
- CODEOWNERS will make GitHub notify users based on the submitted changes, but it can happen that it misses some of the package maintainers.
Ensure that the module tests, if any, are succeeding.
- You may invoke OfBorg with @ofborg test <module> to build nixosTests.<module>
Ensure that the introduced options are correct.
- Type should be appropriate (string related types differs in their merging capabilities, loaOf and string types are deprecated).
- Description, default and example should be provided.
Ensure that option changes are backward compatible.
- mkRenamedOptionModuleWith provides a way to make renamed option backward compatible.
- Use lib.versionAtLeast config.system.stateVersion "24.05" on backward incompatible changes which may corrupt, change or update the state stored on existing setups.
Ensure that removed options are declared with mkRemovedOptionModule.
Ensure that changes that are not backward compatible are mentioned in release notes.
Ensure that documentations affected by the change is updated.

Sample template for a module update review is provided below.

##### Reviewed points

- [ ] changes are backward compatible
- [ ] removed options are declared with `mkRemovedOptionModule`
- [ ] changes that are not backward compatible are documented in release notes
- [ ] module tests succeed on ARCHITECTURE
- [ ] options types are appropriate
- [ ] options description is set
- [ ] options example is provided
- [ ] documentation affected by the changes is updated

##### Possible improvements

##### Comments

New modules

New modules submissions introduce a new module to NixOS.