gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
875,953 Commits 9 Branches 0 Tags
21e4aadc8fcb4fd43636a54cb15bb499a3317421
Commit Graph

3275 Commits

Author SHA1 Message Date
andre4ik3
07d5f80dcb nixos/systemd: add NSS module to shadow database 2025-08-10 05:21:00 +00:00
nixpkgs-ci[bot]
ca321b05ae Merge staging-next into staging 2025-08-09 18:05:59 +00:00
Ryan Lahfa
bcc20cad16 nixos/network-interfaces: let networkd handle privacy extensions (#431967) 2025-08-09 17:53:39 +02:00
nikstur
bb954cddf5 nixos/network-interfaces: let networkd handle privacy extensions 
This removes bash from the mandatory system closure.
 2025-08-09 00:10:13 +02:00
nixpkgs-ci[bot]
230bb9a8b7 Merge staging-next into staging 2025-08-01 18:06:57 +00:00
Alex Lyon
38ee02a873 nixos/limine: fix installation when using initrd secrets 2025-08-01 21:59:49 +05:30
nikstur
cc20f14ae4 nixos/kexec: add enable option 
It is still enabled by default but now you can actively exclude it if
you don't need it.
 2025-08-01 14:16:48 +02:00
nikstur
089e2e5eaf nixos/activation-script: disable userActivationScripts when system is not activatable 2025-07-31 20:42:36 +02:00
nikstur
400882d409 nixos/kernel: don't include append-initrd-secrets when unused 2025-07-31 20:42:36 +02:00
nixpkgs-ci[bot]
0b79387651 Merge staging-next into staging 2025-07-30 12:11:23 +00:00
Will Fancher
0a53886700 nixos/{tmpfiles, wrappers}: explicitly set RestrictSUIDSGID false (#426882) 2025-07-30 04:31:21 -04:00
nixpkgs-ci[bot]
44dfdaf4d6 Merge staging-next into staging 2025-07-29 00:20:45 +00:00
Grimmauld
fad6dbb9e6 nixos/systemd: remove enableCgroupAccounting option 2025-07-28 11:26:44 +02:00
Grimmauld
231c142766 nixos/systemd: remove obsolete DefaultCPUAccounting option 
This option is made uncondiotional in systemd 258 [1].
Earlier, it defaulted to true on kernels newer than 4.15,
which applies to all supported nixos kernels.
This means removing the option does not change behavior.

[1] 29da53dde3
 2025-07-28 11:26:37 +02:00
Grimmauld
f47b100763 nixos/systemd: remove obsolete DefaultBlockIOAccounting option 
This option is now being ignored by systemd,
so we do not need to explicitly define it.
 2025-07-28 11:26:34 +02:00
Grimmauld
265152f770 nixos/systemd: explicitly set systemd.settings.Manager.Default*Accounting 2025-07-28 11:26:30 +02:00
Grimmauld
9c429f004d nixos/systemd: remove obsolete definition for DefaultLimitCORE 
The limit was introduced in 2016 in 840f3230a2,
and broken iin 2019 in bafc256915. Since then,
it is the exact same as systemd itself sets as default.
 2025-07-28 11:26:27 +02:00
Grimmauld
69e833f187 nixos/systemd: set DefaultLimitCORE in systemd.settings.Manager explicitly 2025-07-28 11:26:24 +02:00
Grimmauld
62acc59148 nixos/systemd: move systemd.watchdog.* to systemd.settings.Manager 2025-07-28 11:26:21 +02:00
Grimmauld
493f1339b0 nixos/systemd: move systemd.watchdog.* to systemd.settings.Manager 2025-07-28 11:26:08 +02:00
Grimmauld
4d3ab0e8d3 nixos/systemd: make systemd.managerEnvironment affect systemd.settings.Manager 2025-07-28 11:24:39 +02:00
Grimmauld
897933fc9e nixos/systemd: move systemd.managerEnvironment to systemd.settings.Manager.ManagerEnvironment 2025-07-28 11:24:36 +02:00
Grimmauld
5bc2d42ba9 nixos/systemd: make boot.initrd.systemd.managerEnvironment affect boot.initrd.systemd.settings.Manager 2025-07-28 11:24:33 +02:00
Grimmauld
071ce0b44a nixos/systemd: remove boot.initrd.systemd.extraConfig 2025-07-28 11:24:29 +02:00
Grimmauld
1a846a2fff nixos/systemd: remove systemd.extraConfig 2025-07-28 11:24:26 +02:00
Grimmauld
f0b71eebdc nixos/systemd: add boot.initrd.systemd.settings.Manager option 2025-07-28 11:24:06 +02:00
Grimmauld
ebaf7a33ec nixos/systemd: add settings.Manager option 2025-07-28 11:23:57 +02:00
nixpkgs-ci[bot]
358926051b Merge staging-next into staging 2025-07-28 06:08:00 +00:00
Will Fancher
4b3b18a44f nixos/systemd-boot: refactor json.load() logic for better error message (#421916) 2025-07-27 23:08:42 -04:00
jack
dedf852ccd nixos/systemd-boot: refactor json.load() logic for better error message 2025-07-27 13:05:03 +02:00
nixpkgs-ci[bot]
e7367619eb Merge staging-next into staging 2025-07-26 18:05:47 +00:00
Grimmauld
fb51cc802d nixos/systemd: run0: enable setLoginUid, disable pamMount 
This brings our `run0` in line with the upstream defaults:
bcc73cafdb/src/run/systemd-run0.in

While working on `auditd`, i noticed differences in how `run0` behaves
in regard to `/proc/$pid/sessionid` and `/proc/$pid/loginuid`. Particularly,
both files were set to `4294967295`, the magic value denoting `unset`.

While the manual page says elevators such as sudo should not set the loginuid,
run0 is a bit of a special case: The unit spawned by it is not child of
the running user session, and as such there is no id to inherit.

`systemd` upstream uses `pam_loginuid`, and for consistency we should too.
Especially because it prevents a whole lot of pain when working with `auditd`.

As to pam mounts:
On nixos we enable those if they are globally enabled. Upstream does not.
Considering the password entered into polkit is usually not the user password
of the account which will own the unit, pam mount will fail for any partition
which requires a password. Thus it makes sense to also disable pam mounts
for our run0, it prevents unnecessary unexpected pain.
 2025-07-25 23:49:59 +02:00
nixpkgs-ci[bot]
583e3d6d24 Merge staging-next into staging 2025-07-24 18:06:21 +00:00
Robert Hensing
f5ee08446a Modular services (#372170) 2025-07-24 16:46:34 +02:00
Wolfgang Walther
90604d95bc Merge branch 'staging-next' into staging 2025-07-24 14:33:09 +02:00
Wolfgang Walther
5a0711127c treewide: run nixfmt 1.0.0 2025-07-24 13:55:40 +02:00
Wolfgang Walther
62fe016519 treewide: run treefmt with mdcr/nixfmt 2025-07-24 13:52:31 +02:00
Grimmauld
248c463f69 nixos/tmpfiles: explicitly set RestrictSUIDSGID = false 
This ensures the tmpfiles resetup service has permissions
to create suid/sgid files, even if `DefaultRestrictSUIDSGID`
is set in system.conf. This is required, as tmpfiles
are used to e.g. set file permissions on the journal
directory.`DefaultRestrictSUIDSGID` is a new feature
coming in systemd 258 [1].

[1] https://github.com/systemd/systemd/pull/38126
 2025-07-20 12:40:26 +02:00
Robert Hensing
b51a6c3531 nixos/system/service: Use copy of escapeSystemdExecArgs 
This unblocks modular services while providing opportunity to
improve this when a solution is agreed on.
 2025-07-20 03:02:03 +02:00
Robert Hensing
af04a80c76 modular-services: merge process.argv from executable and args 2025-07-20 03:01:06 +02:00
Robert Hensing
b9e4118e6d nixosTests.modularService: adjust quoting expectations 2025-07-20 03:01:06 +02:00
Robert Hensing
109a6a9d1e Add assertions and warnings to modular services 2025-07-20 03:01:05 +02:00
Robert Hensing
1acabeebed Add modular services, system.services 2025-07-20 03:01:05 +02:00
nixpkgs-ci[bot]
0ac23e27dd Merge staging-next into staging 2025-07-18 18:06:01 +00:00
nikstur
3fd41447c7 nixos/systemd/repart: add extraArgs option and Encrypt=tpm2 test (#422511) 2025-07-18 16:52:18 +02:00
nixpkgs-ci[bot]
abbe5cd65f Merge staging-next into staging 2025-07-18 00:18:34 +00:00
Franz Pletz
71064c4808 nixos/systemd: fix run0 failing to run commands (#419588) 2025-07-17 22:18:10 +02:00
Florian Klink
27752d2b39 systemd: add sysupdated (#424101) 2025-07-17 02:04:13 +02:00
Jared Baur
996cc69171 nixos/sysupdate: add jmbaur as maintainer 2025-07-15 09:09:36 -07:00
Jared Baur
7b981efa88 nixos/sysupdate: add support for sysupdated/updatectl 2025-07-15 09:09:32 -07:00