Admins will be upgrading ORNL GitLab Servers on Saturday, 16 May 2026, from 7 AM until 11 AM EST. Repositories will experience intermittent outages during this time.

Commit 956f9243 authored Oct 08, 2024 by K900

Merge remote-tracking branch 'origin/master' into staging-next

parents 5e1d980f 01b7c60b

lib/systems/architectures.nix

+4 −0

Original line number	Diff line number	Diff line
		@@ -26,6 +26,8 @@ rec {
		cooperlake = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" "avx2" "avx512" "fma" ];
		tigerlake = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" "avx2" "avx512" "fma" ];
		alderlake = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" "avx2" "fma" ];
		sapphirerapids = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" "avx2" "avx512" "fma" ];
		emeraldrapids = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" "avx2" "avx512" "fma" ];
		# x86_64 AMD
		btver1 = [ "sse3" "ssse3" "sse4_1" "sse4_2" ];
		btver2 = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" ];
		@@ -73,6 +75,8 @@ rec {
		cascadelake = [ "cannonlake" ] ++ inferiors.cannonlake;
		cooperlake = [ "cascadelake" ] ++ inferiors.cascadelake;
		tigerlake = [ "icelake-server" ] ++ inferiors.icelake-server;
		sapphirerapids = [ "tigerlake" ] ++ inferiors.tigerlake;
		emeraldrapids = [ "sapphirerapids" ] ++ inferiors.sapphirerapids;

		# CX16 does not exist on alderlake, while it does on nearly all other intel CPUs
		alderlake = [ ];

maintainers/maintainer-list.nix

+6 −0

Original line number	Diff line number	Diff line
		@@ -20781,6 +20781,12 @@
		githubId = 18656090;
		name = "Yuki Takagi";
		};
		takeda = {
		name = "Derek Kuliński";
		email = "d@kulinski.us";
		github = "takeda";
		githubId = 411978;
		};
		taketwo = {
		email = "alexandrov88@gmail.com";
		github = "taketwo";

nixos/doc/manual/release-notes/rl-2411.section.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -589,6 +589,8 @@

		- `nixosTests` now provide a working IPv6 setup for VLAN 1 by default.

		- `services.dhcpcd` is now started with additional systemd sandbox/hardening options for better security. When using `networking.dhcpcd.runHook` these settings are not applied.

		- Kanidm can now be provisioned using the new [`services.kanidm.provision`] option, but requires using a patched version available via `pkgs.kanidm.withSecretProvisioning`.

		- Kanidm previously had an incorrect systemd service type, causing dependent units with an `after` and `requires` directive to start before `kanidm*` finished startup. The module has now been updated in line with upstream recommendations.

nixos/modules/services/networking/dhcpcd.nix

+2 −0

Original line number	Diff line number	Diff line
		@@ -265,6 +265,7 @@ in
		ProtectKernelLogs = true;
		ProtectKernelModules = true;
		ProtectKernelTunables = true;
		ProtectProc = "invisible";
		ProtectSystem = "strict";
		RemoveIPC = true;
		RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" "AF_PACKET" ];
		@@ -276,6 +277,7 @@ in
		"~@aio" "~@chown" "~@keyring" "~@memlock"
		];
		SystemCallArchitectures = "native";
		UMask = "0027";
		};
		};

pkgs/applications/editors/vim/plugins/generated.nix

+390 −378

File changed.

Preview size limit exceeded, changes collapsed.