There's quite a bit of pingpong redirection with Nixpkgs and NixOS
manual utilities. Since devmode was lacking a README, the descriptive
text is moved there and it's referenced by both manuals.
When pdns-recursor is enabled it should ideally be the default resolver
for the host as well. This is probably good for 95% of the use-cases out
there, and the default for unbound and kresd, but also bind and dnsmasq.
The geoclue2 module recommends that the guest agent be disabled when the
desktop environment provides their own geoclue2 agent. But when a
desktop environment uses the demo agent directly, like COSMIC does, the
demo agent must be whitelisted. But disabling the demo agent also
removes it from the whitelisted agents.
This commit adds an option which holds a list of all whitelisted
geoclue2 agents. It allows for consumers like COSMIC to have the demo
agent disabled but still whitelisted for such use cases.
Make sure SSH_AUTH_SOCK is known by these sessions, which are not
systemd managed. It should not be a problem for users who know this
environment variable and use multiple desktops environments to
opt-out of this and I would prefer a more out-of-the-box experience
for those who don't.
There exist multiple issues with these options, for example they are not
introspectable, since the values are configured in the config part of the
module.
Also the keypair is always configured for both server and client usage,
which is really surprising. The postfix docs even advise against setting
up client certificates, if they aren't required. [1]
The replacements are the `smtpd_tls_chain_files` for server usage and
`smtp_tls_chain_files` for client usage, which are the prefered way to
configure keys and certificates since Postfix 3.4.0. [2]
[1] https://www.postfix.org/postconf.5.html#smtp_tls_cert_file
[2] https://www.postfix.org/postconf.5.html#smtpd_tls_cert_file
This fixes the import of backups, that would break when they wanted to
nuke the existing config, because they had to npermission to delete the
default blueprints that were copied without write-permissions from the
nix store.
