Commit graph

596 commits

Author SHA1 Message Date
Pasquale
90b1197301 nixos/xdg: add portal option
This factors the configuration out of the flatpak module.
2019-07-18 19:59:07 -04:00
Nikolay Amiantov
01b90dce78 resolvconf service: init
This is a refactor of how resolvconf is managed on NixOS. We split it
into a separate service which is enabled internally depending on whether
we want /etc/resolv.conf to be managed by it. Various services now take
advantage of those configuration options.

We also now use systemd instead of activation scripts to update
resolv.conf.

NetworkManager now uses the right option for rc-manager DNS
automatically, so the configuration option shouldn't be exposed.
2019-07-15 20:25:39 +03:00
edef
4a405d8995 nixos/networking: filter out empty entries 2019-07-07 00:49:40 +00:00
Joachim Fasting
44b6999614
nixos/malloc: use ld preload
This is more robust than setting via environment variable, though it does come
later in the load sequence.  An added benefit is affecting the current
session.
2019-07-04 19:24:40 +02:00
talyz
80acb28bee networkmanager: Add rc-manager option
Add an option to set the rc-manager parameter in NetworkManager.conf,
which controls how NetworkManager handles resolv.conf. This sets the
default rc-manager to "resolvconf", which solves #61490. It
additionally allows the user to change rc-manager without interference
from configuration activations.
2019-07-03 09:40:05 +00:00
adisbladis
b19e8388c9
nixos/pulseaudio: Set speex-float-5 as default resample-method
The upstream default (speex-float-1) results in audible artifacts
2019-05-31 16:05:39 +01:00
Pierre Bourdon
9e60eab8f5
nixos/malloc: apply allocator settings to systemd units
This uses systemd's system.conf/user.conf "DefaultEnvironment" feature
to set the allocator's LD_PRELOAD near-globally.
2019-05-30 12:07:34 +09:00
Pierre Bourdon
1cc8ea7cb4
nixos/malloc: add scudo from LLVM compiler-rt 2019-05-30 02:35:50 +09:00
Bryan Gardiner
2400191caf
nixos/xdg/mime: disable fdatasync when building the XDG MIME database
Back in 2013, update-mime-database started using fdatasync() to write out
its changes after processing each file in /share/mime, with the reasoning
that a corrupted database from an interruption midway would be
problematic for applications[1].  Unfortunately, this caused a
significant regression in the time required to run update-mime-database:
commonly from under a second to half a minute or more.

This delay affects the time required to build system-path on NixOS, when
xdg.mime.enable is true (the default).  For example, on one of my systems
system-path builds in ~48 seconds, 45 of which are update-mime-database.
This makes rapidly building new system configurations not fun.

This commit disables the calls to fdatasync().  update-mime-database
checks an environment variable, PKGSYSTEM_ENABLE_FSYNC, to determine
whether it should sync, and we can set this to false.  system-path
already only has whatever filesystem commit guarantees that the Nix
builder provides.  Furthermore, there is no risk of a failed MIME
database update messing up existing packages, because this is Nix.

(This issue was also reported at and discussed by Debian, Red Hat, and
Gentoo at least.)

[1] https://bugs.freedesktop.org/show_bug.cgi?id=70366
2019-05-25 21:00:25 -07:00
Robin Gloster
6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull
treewide: Remove usage of isNull
2019-05-18 09:36:24 +00:00
Eelco Dolstra
de9e238469
FIx some malformed XML in option descriptions
E.g. these were using "<para>" at the *end* of a description. The real
WTF is that this is possible at all...
2019-05-13 09:15:17 +02:00
Joachim Fasting
a84be28270
nixos/malloc: configure system-wide malloc provider
Currently, this uses the somewhat crude method of setting LD_PRELOAD in the
system environment.  This works, but should be considered a stepping stone to
a more robust solution.
2019-05-07 13:45:38 +02:00
Daniel Schaefer
786f02f7a4 treewide: Remove usage of isNull
isNull "is deprecated; just write e == null instead" says the Nix manual
2019-04-29 14:05:50 +02:00
Frederik Rietdijk
4a125f6b20 Merge master into staging-next 2019-04-07 08:33:41 +02:00
Pierre Bourdon
f8eec8dc34 environment.noXlibs: disable gnome3 support for pinentry (#59051) 2019-04-06 10:06:55 +00:00
Jan Tojnar
cb1a20499a
Merge branch 'master' into staging 2019-04-05 11:37:15 +02:00
Florian Klink
8817bbefdb nixos/ldap: set proper User= and Group= for nslcd service
eb90d97009 broke nslcd, as /run/nslcd was
created/chowned as root user, while nslcd wants to do parts as nslcd
user.

This commit changes the nslcd to run with the proper uid/gid from the
start (through User= and Group=), so the RuntimeDirectory has proper
permissions, too.

In some cases, secrets are baked into nslcd's config file during startup
(so we don't want to provide it from the store).

This config file is normally hard-wired to /etc/nslcd.conf, but we don't
want to use PermissionsStartOnly anymore (#56265), and activation
scripts are ugly, so redirect /etc/nslcd.conf to /run/nslcd/nslcd.conf,
which now gets provisioned inside ExecStartPre=.

This change requires the files referenced to in
users.ldap.bind.passwordFile and users.ldap.daemon.rootpwmodpwFile to be
readable by the nslcd user (in the non-nslcd case, this was already the
case for users.ldap.bind.passwordFile)

fixes #57783
2019-03-28 13:08:47 +01:00
Florian Klink
0a1451afe3 nixos/ldap: rename password file options properly
users.ldap.daemon.rootpwmodpw -> users.ldap.daemon.rootpwmodpwFile
users.ldap.bind.password -> users.ldap.bind.passwordFile

as users.ldap.daemon.rootpwmodpw never was part of a release, no
mkRenamedOptionModule is introduced.
2019-03-27 02:53:56 +01:00
Vladimír Čunát
8d502fd425
Merge branch 'staging-next' into staging 2019-03-10 08:05:27 +01:00
Matthew Bauer
8a08d7e7cc
Merge pull request #56031 from matthewbauer/priorities
Add some more priorities
2019-03-09 18:02:55 -05:00
Danylo Hlynskyi
ef1911d045 zram: revert "change default algorithm to zstd" (#56856)
19.03 default kernel is still 4.14, which doesn't support zstd. So,
zramSwap in current fasion fails on default kernel.
2019-03-07 02:11:20 +02:00
Matthew Bauer
5dee926eb9
nixos/no-x-libs.nix: override pinentry directly
This is more specific and we avoid having gtk or qt libraries come in at all.
2019-02-27 23:53:50 -05:00
Silvan Mosberger
cc98350d55
Merge pull request #55843 from LnL7/nixos-nss-hosts
nixos-nsswitch: add option to configure nssHosts
2019-02-22 23:04:01 +01:00
Daiderd Jordan
11cd761dbf
nixos/nsswitch: add option to configure nssHosts
Enables adding or overriding the default nsswitch hosts in a generic
way for packages without a nixos module.
2019-02-22 23:00:24 +01:00
Symphorien Gibol
a915b33315 nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
Matthew Bauer
6fc5ce2c4f nixos/system-path.nix: add 3 to every priority
We can’t use lowPrio here because it erases the differences in
priority of the packages by setting it to a constant value. see this
comment for info:

https://github.com/NixOS/nixpkgs/issues/55886#issuecomment-464766877
2019-02-18 21:16:30 -05:00
Florian Klink
d3c2ed21d0
Merge pull request #53762 from ju1m/nslcd
Improving integration of `nslcd`, PAM and `openldap`.
2019-01-30 19:34:40 +01:00
worldofpeace
dc923b6ad1 nixos/pulseaudio: disable flat-volumes by default
The motivation for this is that some applications are unaware
of this feature and can set their volume to 100% on startup
harming people ears and possiblly blowing someone's audio
setup.

I noticed this in #54594 and by extension epiphany[0].

Please also note that many other distros have this default for
the reason outlined above.

Closes #5632 #54594

[0]: https://bugzilla.gnome.org/show_bug.cgi?id=675217
2019-01-27 19:51:26 +00:00
Julien Moutinho
65cfba23af nixos/tests: test LDAP password changing through nslcd
NOTE: slapd.conf is deprecated, hence use cn=config.
2019-01-18 05:13:42 +01:00
danbst
34a764ce87 zramSwap: remove basic.target for zram devices
This creates a dependency cycle when used with boot.tmpOnTmpfs:
basic.target <- tmp.mount <- swap.target <- zram-init-dev0 <- basic.target

This same fix is done already for tmp.mount

Fixes https://github.com/NixOS/nixpkgs/issues/47474
2019-01-17 21:18:45 +02:00
danbst
8d8a7210e4 zramSwap: allow configure compression algorithm + cleanups
- add `zramSwap.algorithm` option, which allows to change compressor
declaratively. zstd as default
- add `zramSwap.swapDevices` option, which allows to define how many zram
devices will be used as swap. Rest devices can be managed freely
- simpler floating calculations
- fix udev race condition
- some documentation changes
- replaced `/sys/block/zram*` handling with `zramctl`, because I had occasional
"Device is busy" error (looks like zram has to be configured in predefined order)
- added `memoryPercent` and `algorithm` as restart triggers. I think, it was
a bug that changing `memoryPercent` in configuration wasn't applied immediately.
- removed a bind to .swap device. While it looks natural (when swap device goes
off, so should zram device), it wasn't implemented properly. This caused problems
with swapon/swapoff:
```
$ cat /proc/swaps
Filename                                Type            Size    Used    Priority
/dev/zram0                              partition       8166024 0       -2
/var/swapfile                           file            5119996 5120    1

$ sudo swapoff -a

$ sudo swapon -a
swapon: /dev/zram0: read swap header failed

$ cat /proc/swaps
Filename                                Type            Size    Used    Priority
/var/swapfile                           file            5119996 0       1
```
2019-01-17 15:58:53 +02:00
Julien Moutinho
eb90d97009 nixos/nslcd: use systemd's RuntimeDirectory 2019-01-09 17:45:19 +01:00
Julien Moutinho
4af7db9c73 nixos/nslcd: restart when nslcd.conf changes 2019-01-09 17:45:15 +01:00
Frederik Rietdijk
070290bda7 Merge master into staging-next 2018-12-31 12:00:36 +01:00
Léo Gaspard
fa98337a15
system-path: set implicitly installed packages to be low-priority
The aim is to minimize surprises: when the user explicitly installs a
package in their configuration, it should override any package
implicitly installed by NixOS.
2018-12-26 23:16:17 +09:00
Jan Tojnar
ef935fa101
Merge branch 'master' into staging 2018-12-24 15:02:29 +01:00
Florian Klink
04f3562fc4 config.nsswitch: load cache_oslogin and oslogin nss modules if config.security.googleOsLogin.enable is set 2018-12-21 17:52:37 +01:00
Frederik Rietdijk
9ab61ab8e2 Merge staging-next into staging 2018-12-19 09:00:36 +01:00
Michael Peyton Jones
f64bc036a5
nixos: add XDG sounds module 2018-12-18 00:32:13 +01:00
Jan Tojnar
aacb244889
Merge pull request #51520 from michaelpj/imp/appstream
nixos: add AppStream module
2018-12-18 00:27:23 +01:00
volth
bb9557eb7c lib.makePerlPath -> perlPackages.makePerlPath 2018-12-15 03:50:31 +00:00
Michael Peyton Jones
656b74f021
nixos: add AppStream module 2018-12-04 20:26:25 +00:00
Jan Tojnar
a51a99c690
gobject-introspection: rename package
camelCase package name was a huge inconsistency in GNOME package set.
2018-12-02 12:42:29 +01:00
Maximilian Bosch
45c6794573
Merge pull request #36424 from jfrankenau/i18n-extra-locale
nixos/i18n: add option for extra locale settings
2018-11-29 16:22:34 +01:00
Eelco Dolstra
09cbfea2ed
Revert "resolvconf.conf: Remove forced NSCD service restart"
This reverts commit d8c16bc54a. It
breaks nscd invalidation when the network configuration changes.
2018-11-21 15:26:37 +01:00
Thomas Tuegel
25b8d4bd42
Merge pull request #50472 from jfrankenau/fix-penultimate
nixos/fontconfig: fix enable option of penultimate
2018-11-20 19:20:43 -06:00
Vladimír Čunát
80738ed9dc
nixos gtk.iconCache.enable: default from xserver.enable
It's a quick approximation to unblock unstable channels after #48116.
This commit isn't ideal, as I suspect most wayland users won't have
xserver.enable, so they will lose the icon cache in case they had gtk
in system path (otherwise they didn't get cache anyway).

I considered using environment.noXlibs, but the nixos tests installing
headless systems do *not* get that option, so we would still be pulling
gtk in many cases where it's clearly not desired.  We need to design
this more carefully.
2018-11-17 11:18:10 +01:00
Johannes Frankenau
eea86c9e71 nixos/fontconfig: fix enable option of penultimate 2018-11-16 21:33:53 +01:00
Florian Jacob
e80cdb2bac nixos/systemd-resolved: link resolv.conf to dynamic stub resolver
version as recommended by upstream (since systemd 236):
https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf
2018-11-13 19:21:02 +01:00
José Romildo Malaquias
39a9b865b5 gtk: new service giving support to GTK+ applications 2018-11-12 19:55:30 -02:00
Matthew Bauer
4a8fc5b9aa treewide: remove pkgs_i686
This was getting evaluated eagerly causing assertion failures in
aarch64 systems. We can replace usages of pkgs_i686 with
pkgs.pkgsi686Linux.
2018-11-03 00:56:39 -05:00
Travis Athougies
8cc028fd34 nixos/networking.nix: only setup rpc on glibc
(cherry picked from commit 4177dc3f774523fea7d181601d7c3301fda13790)
and
(cherry picked from commit a2f0c95baf57fb735dd47b5db73274f7e75df7c9)
2018-10-30 20:29:28 -05:00
Will Dietz
9de0b2883a nixos: use pkgs.getent and stdenv.cc.libc
(cherry picked from commit 52eba9753aeba4f02c8ce0de50f10bd98de1ef1e)
2018-10-30 19:49:43 -05:00
xeji
6419bdac05
Merge pull request #47241 from oxij/pull/36261-fix-local-hostname-alternative
nixos/networking: add hostname to /etc/hosts by default, simplify
2018-10-27 16:55:10 +02:00
Jeff Slight
d7fcd1dcbf nixos/users: fix users home directory with isNormalUser 2018-10-24 10:38:56 -07:00
adisbladis
78c0e1aa11
nixos/pulseaudio: Add extraModules config option 2018-10-18 16:27:43 +08:00
Silvan Mosberger
d4f2f4c79d
Merge pull request #44441 from mnacamura/shell-aliases
environment.shellAliases: change default behavior
2018-10-13 17:46:11 +02:00
Mitsuhiro Nakamura
c941577dcb nixos/shells: enable to nullify already defined aliases 2018-10-14 00:14:49 +09:00
Mitsuhiro Nakamura
e4e160cc39 nixos/shells: do not override user-defined shell aliases 2018-10-14 00:13:13 +09:00
volth
dbb445736f use buildPackages in environment.extraSetup 2018-10-12 01:16:50 +00:00
Pavel Goran
858b263bf0 nixos: correct improper uses of mkEnableOption, clarify service descriptions
Several service definitions used `mkEnableOption` with text starting
with "Whether to", which produced funny option descriptions like
"Whether to enable Whether to run the rspamd daemon..".

This commit corrects this, and adds short descriptions of services
to affected service definitions.
2018-10-05 13:14:45 +07:00
Jan Malakhovski
c57892462b nixos/networking: add hostname to /etc/hosts by default
We use `127.0.1.1` instead of `127.0.0.1` because some applications will fail if
`127.0.0.1` resolves to something other than `localhost`.

Debian does the same.

See #1248 and #36261.
2018-10-02 23:58:36 +00:00
Jan Malakhovski
1ece5041a4 nixos/networking: simplify /etc/hosts generation, add asserts
Since `networking.hosts` is properly typed all of that magic `/etc/hosts` generator
does can be dropped. People that disagree with the value of `networking.hosts` can
simply `mkForce`.
2018-10-02 23:58:35 +00:00
Uli Baum
1df2560dde Merge branch 'master' into staging-next 2018-09-13 10:08:53 +02:00
Jan Malakhovski
b23f6a3714 nixos: xdg: fix indent and eol spaces 2018-09-08 17:20:56 -05:00
Matthew Bauer
fb0e0dcbc6 xdg/mime.nix: ensure $out/share/mime/packages exists
For update-mime-database to work, you must have to have some mime
packages installed. In some DEs like XFCE this is not guaranteed to
happen. In that case just skip the update-mime-database call.

Fixes #46162
2018-09-08 16:54:12 -05:00
xeji
5fc8ebdda0
Merge pull request #45784 from oxij/pull/44720-shell-env-edited
nixos/shells: Avoid overriding the environment for other child shells
2018-09-06 20:30:34 +02:00
Vladimír Čunát
1428d00aa4
Merge branch 'master' into staging-next
Hydra: ?compare=1477053
2018-09-04 13:06:45 +02:00
Christopher Birkbeck
0dd7a0f266 Added an example for environment.variable. (#45956) 2018-09-02 21:21:14 +02:00
volth
0fa04d646d alternative for iproute module (#41801) 2018-09-01 20:28:23 +02:00
Vladimír Čunát
2d6179d1e8
Merge branch 'master' into staging
A few trivial conflicts due to *Platforms mass replace.
2018-09-01 17:38:18 +02:00
Vladimír Čunát
2e7cb61cfb
Merge #45720: coreutils: split a coreutils-full version 2018-09-01 17:03:49 +02:00
Jan Tojnar
8a8056c302
Merge pull request #45058 from michaelpj/imp/freedesktop-modules
freedesktop modules: init
2018-08-30 16:14:35 +01:00
Jan Malakhovski
8952375b48 nixos/shells: fix indent everywhere
to comply with `doc/coding-conventions.xml`
2018-08-30 13:20:39 +00:00
Tor Hedin Brønner
d273db48c6 nixos/shells: avoid overriding the environment for child shells
A shared exported guard `__NIXOS_SET_ENVIRONMENT_DONE` is introduced that can
be used to prevent child shells from sourcing `system.build.setEnvironment`
the second time.

This fixes e.g. `nix run derivation` when run from e.g. ZSH through the console or
ssh. Before this Bash would resource the common environment resetting the `PATH`
environment variable.

We also export `system.build.setEnvironment` to `/etc/set-environment` making it
easy to reset the common environment with `. /etc/set-environment` when
needed and to grep for environment variables in `/etc` (which was the
motivation of #30418).

This reverts changes made in b00a3fc6fd
(the original #30418).
2018-08-30 13:20:39 +00:00
Bjørn Forsman
ee56a2cc19 treewide: fix typo: asumed -> assumed 2018-08-30 10:19:20 +02:00
Vladimír Čunát
fd3927ac29
coreutils: split a coreutils-full version
- default coreutils is stripped of /share/ (11 -> 2 MiB)
- coreutils-full retains /share/ and adds openssl for faster *sum tools
- NixOS systemPackages contains coreutils-full
- *Support parameter defaults are moved inside
  (it seemed confusing to have `? false` and "at once" with `? isLinux`)

Closure considerations:
+ typical build-time closure will get lighter by ~9 MiB
- typical closure of NixOS installation will grow by ~2 MiB,
  due to referring to both versions.  I think it would be possible to
  re-use most of the utils between the two versions, but the expression
  would get much more complex.

I considered having stdenv with minimal coreutils and the default
`coreutils` attribute being full, but it turned out there were too many
trivial references in nixpkgs, so it didn't seem easy to keep rebuild
impact of openssl from growing significantly.
2018-08-28 22:17:07 +02:00
Eric Wolf
7f8b1dd32f systemd: added groups kvm, render
they need to exist according to the README of systemd
2018-08-25 05:18:53 +03:00
Michael Peyton Jones
854ebed789
system-path: fix default option value 2018-08-20 09:23:11 +01:00
Michael Peyton Jones
1b11fdd0df
system-path: allow other modules to provide setup fragments 2018-08-16 21:23:34 +01:00
Michael Peyton Jones
13e2e19158
xdg: add modules for supporting various XDG specs 2018-08-16 21:23:34 +01:00
Alyssa Ross
98b8d4cfbc
environment.extraInit: fix description typo 2018-08-13 14:28:52 +01:00
Silvan Mosberger
7eb5ba7618
Merge pull request #44015 from alexshpilkin/resolv-unbound
nixos/networking: include local Unbound in resolv.conf
2018-07-24 22:53:53 +02:00
Alexander Shpilkin
81fa1ceeee nixos/networking: include local Unbound in resolv.conf
Previously, only BIND, dnsmasq and resolved were included in
resolv.conf. Recognize an Unbound installation as well.
2018-07-23 16:26:03 +02:00
volth
92b3e8f147 fix build with allowAliases=false 2018-07-23 00:12:23 +00:00
volth
2e979e8ceb [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
volth
87f5930c3f [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
Matthew Bauer
2b4d7221a9
Merge pull request #42569 from spacefrogg/nscd-fix
resolvconf.conf: Remove forced NSCD service restart
2018-07-05 22:16:02 -04:00
Florian Klink
fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Michael Raitza
d8c16bc54a resolvconf.conf: Remove forced NSCD service restart
Forcibly restarting NSCD is unnecessary and breaks setups that use SSSD for
authentication. NSCD is capable of detecting changes to /etc/resolv.conf and
invalidating its caches internally. Restarting NSCD/SSSD breaks user name and
UID resolution.
2018-06-25 16:25:15 +02:00
aszlig
fb2c132db4
nixos/no-x-libs: Switch to using nixpkgs.overlays
The usage of nixpkgs.config.packageOverrides is deprecated and we do
have overlays since quite a while.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra
2018-06-11 20:58:33 +02:00
Matthieu Coudron
1e0975f4c0 iproute2: module to create rt_table file & co
When doing source routing/multihoming, it's practical to give names to routing
tables. The absence of the rt_table file in /etc make this impossible.
This patch recreates these files on rebuild so that they can be modified
by the user see NixOS#38638.

iproute2 is modified to look into config.networking.iproute2.confDir instead of
/etc/iproute2.
2018-05-15 21:55:04 +09:00
John Ericson
ba52ae5048 treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.

The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:

```
ISA:             ARMv8   {-A, -R, -M}
                 /    \
Mode:     Aarch32     Aarch64
             |         /   \
Encoding:   A64      A32   T32
```

At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.

The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.

[1]: https://developer.arm.com/products/architecture/a-profile
2018-04-25 15:28:55 -04:00
Wout Mertens
8e3a14549f
zramSwap: remove mentions of old kernels 2018-04-19 16:53:40 +02:00
Wout Mertens
dd5e2a08fb
zramSwap: default to 1 device
One device per cpu is only needed for kernel 3.14
2018-04-19 16:44:08 +02:00
Jörg Thalheim
02dfbab3be nixos/pulseaudio: pulseaudio.enable should imply sound.enable
cc @fpletz
2018-04-14 19:12:47 +01:00
aszlig
99ba1cb424
Increase max group name length to 32 characters
With #36556, a check was introduced to make sure the user and group
names do not exceed their respective maximum length. This is in part
because systemd also enforces that length, but only at runtime.

So in general it's a good idea to catch as much as we can during
evaluation time, however the maximum length of the group name was set to
16 characters according groupadd(8).

The maximum length of the group names however is a compile-time option
and even systemd allows more than 16 characters. In the mentioned pull
request (#36556) there was already a report that this has broken
evaluation for people out there.

I have also checked what other distributions are doing and they set the
length to either 31 characters or 32 characters, the latter being more
common.

Unfortunately there is a difference between the maximum length enforced
by the shadow package and systemd, both for user name lengths and group
name lengths. However, systemd enforces both length to have a maximum of
31 characters and I'm not sure if this is intended or just a off-by-one
error in systemd.

Nevertheless, I choose 32 characters simply to bring it in par with the
maximum user name length.

For the NixOS assertion however, I use a maximum length of 31 to make
sure that nobody accidentally creates services that contain group names
that systemd considers invalid because of a length of 32 characters.

Signed-off-by: aszlig <aszlig@nix.build>
Closes: #38548
Cc: @vcunat, @fpletz, @qknight
2018-04-08 12:51:33 +02:00
Michael Raskin
b07ce1fb74
Merge pull request #38114 from oxij/nixos/doc-module
nixos: doc module
2018-04-05 07:09:32 +00:00
Michael Raskin
195521350a
Merge pull request #38111 from oxij/tree/cleanups
assorted cleanups
2018-04-05 07:08:05 +00:00
Joachim Schiele
1b0cb040d9 user/group assertion to not exceed the 32 character limit 2018-03-30 23:43:23 +02:00