Summary: fix errors with example code in the manual that shows how to set up DNS-01 verification via the acme protocol, e.g. for those who want to get wildcard certificates from Let's Encrypt.
Fix syntax error in nix arrays (there should not be commas.)
Fix permissions on /var/lib/secrets so it can be read by bind daemon. Without this fix bind won't start.
Add the missing feature: put the generated secret into certs.secret
Allow @resources syscalls in the grafana.service unit. While Grafana
itself does not need them, some plugins (incl. first party) crash if
they fail to setrlimit. This was first seen with the official grafana
Clickhouse datasource plugin.
The @resources syscalls set is fairly harmess anyway.
`paperless-ngx.pythonPath` was incomplete due to the missing paperless-ngx
source, so it had to be amended in the service.
Instead of amending it, define it entirely in the service.
This allows an override of `paperless-ngx.propagatedBuildInputs` to be reflected
in the service's PYTHONPATH.
We are building fwupd daemon with polkit support which means
polkit daemon is required.
Previously polkit was enabled by default via udisks2 but that
stopped with f763710065
breaking the fwupd installed tests as a result.
Let’s add the polkit dependency to the fwupd module to ensure polkit is available.
Handing CAP_NET_BIND_SERVICE to the `paperless-web.service` only makes
sense when it actually wants to bind to a port < 1024. Don't hand it out
if that is not the case.
Finding out how to connect paperless to a PostgreSQL database via unix
sockets and peer authentication took me a few minutes, so leaving a hint
in the extraConfig example seems like a good idea to me.
Also remove unnecessary use of literalExpression for attribute set, it
is only required for complex values like functions or values that depend
on other values or packages.
After uploading a document through the webinterface I started seeing
it killed through the SYSBUS signal. Inspecting the call trace led me to
liblapack's memory allocator, that uses the mbind syscall on Linux.
Prior to this change, ffmpeg couldn't be built for an
environment.noXlibs system, because it would fail in:
ffmpeg → SDL2 → libdecor
ffmpeg certainly does not need support for SDL2 windowing on a noXlibs
system.
This fix is important because the minidlna NixOS test, which uses the
minimal profile (and therefore environment.noXlibs) and ffmpeg, can't
currently build.
The primary difference between the standard and minimal variants of
this package is that all the X libraries are removed from the minimal
variant.
I had to switch the order of the definitions in all-packages.nix to
avoid an infinite recursion after the overlay was applied.
The udisks2 service was enabled to fix the test in (c5ebec7ee4).
However, cagebreak doesn't require udisks2, just polkit (which the
udisks2 module enables and which is why the cagebreak test broke after
the udisks2 module was disabled by default).
I've documented why polkit is required in this PR:
https://github.com/NixOS/nixpkgs/pull/156858
In this case the "dependency" chain is basically cagebreak -> wlroots ->
libseat -> logind (with polkit support) -> polkit.
Because of long standing bugs and stability issues & an
uncollaborative upstream there has been talk on the emacs-devel
mailing list to switch the default toolkit to
Lucid (https://lists.gnu.org/archive/html/emacs-devel/2022-08/msg00752.html).
The GTK build also has issues with Xinput2, something that both we and
upstream want to enable by default in Emacs 29.
This situation has prompted me to use both Lucid an no-toolkit (pure X11) Emacs
as a daily driver in recent weeks to evaluate what the
advantages/drawbacks are and I have concluded that, at least for me,
switching the toolkit to Lucid is strictly an upgrade.
It has resulted in better stability (there are far fewer tiny UX
issues that are hard to understand/identify) & a snappier UI.
On top of that the closure size is reduced by ~10%.
In the pure X11 build I noticed some unsharpness around fonts so this
is not a good default choice.
As with everything there is a cost, and that is uglier (I think most
would agree but of course this is subjective) menu bars for
those that use them and no GTK scroll bars.
For anyone who still wants to use GTK they could of course still
choose to do so via the new `emacs-gtk` attribute but I think this
is a bad default.
A note to Wayland users:
This does not affect Wayland compatibility in any way since that will
already need a PGTK build variant in the future.