Merge master into staging-next (981c5658) · Commits · nix / nixpkgs

nixos/doc/manual/configuration/ssh.section.md

+2 −2

Original line number	Diff line number	Diff line
		@@ -12,12 +12,12 @@ By default, root logins using a password are disallowed. They can be
		disabled entirely by setting
		[](#opt-services.openssh.settings.PermitRootLogin) to `"no"`.

		You can declaratively specify authorised RSA/DSA public keys for a user
		You can declaratively specify authorised public keys for a user
		as follows:

		```nix
		{
		users.users.alice.openssh.authorizedKeys.keys =
		[ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
		[ "ssh-ed25519 AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
		}
		```

nixos/doc/manual/release-notes/rl-2411.section.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -191,6 +191,8 @@

		- `forgejo` and `forgejo-lts` no longer support the opt-in feature [PAM (Pluggable Authentication Module)](https://forgejo.org/docs/latest/user/authentication/#pam-pluggable-authentication-module).

		- `gitea` no longer supports the opt-in feature [PAM (Pluggable Authentication Module)][https://docs.gitea.com/usage/authentication#pam-pluggable-authentication-module].

		- `services.ddclient.use` has been deprecated: `ddclient` now supports separate IPv4 and IPv6 configuration. Use `services.ddclient.usev4` and `services.ddclient.usev6` instead.

		- `services.pgbouncer` systemd service is configured with `Type=notify-reload` and allows reloading configuration without process restart. PgBouncer configuration options were moved to the free-form type option named [`services.pgbouncer.settings`](#opt-services.pgbouncer.settings) according to the NixOS RFC 0042.

nixos/modules/installer/sd-card/sd-image.nix

+1 −1

Original line number	Diff line number	Diff line
		@@ -209,7 +209,7 @@ in
		# type=b is 'W95 FAT32', type=83 is 'Linux'.
		# The "bootable" partition is where u-boot will look file for the bootloader
		# information (dtbs, extlinux.conf file).
		sfdisk $img <<EOF
		sfdisk --no-reread --no-tell-kernel $img <<EOF
		label: dos
		label-id: ${config.sdImage.firmwarePartitionID}

nixos/modules/services/security/clamav.nix

+9 −0

Original line number	Diff line number	Diff line
		@@ -164,6 +164,10 @@ in
		environment.etc."clamav/freshclam.conf".source = freshclamConfigFile;
		environment.etc."clamav/clamd.conf".source = clamdConfigFile;

		systemd.slices.system-clamav = {
		description = "ClamAV slice";
		};

		systemd.services.clamav-daemon = mkIf cfg.daemon.enable {
		description = "ClamAV daemon (clamd)";
		after = optionals cfg.updater.enable [ "clamav-freshclam.service" ];
		@@ -181,6 +185,7 @@ in
		PrivateTmp = "yes";
		PrivateDevices = "yes";
		PrivateNetwork = "yes";
		Slice = "system-clamav.slice";
		};
		};

		@@ -208,6 +213,7 @@ in
		Group = clamavGroup;
		PrivateTmp = "yes";
		PrivateDevices = "yes";
		Slice = "system-clamav.slice";
		};
		};

		@@ -229,6 +235,7 @@ in
		Group = clamavGroup;
		PrivateTmp = "yes";
		PrivateDevices = "yes";
		Slice = "system-clamav.slice";
		};
		};

		@@ -255,6 +262,7 @@ in
		Group = clamavGroup;
		PrivateTmp = "yes";
		PrivateDevices = "yes";
		Slice = "system-clamav.slice";
		};
		};

		@@ -275,6 +283,7 @@ in
		serviceConfig = {
		Type = "oneshot";
		ExecStart = "${cfg.package}/bin/clamdscan --multiscan --fdpass --infected --allmatch ${lib.concatStringsSep " " cfg.scanner.scanDirectories}";
		Slice = "system-clamav.slice";
		};
		};
		};

nixos/modules/services/web-apps/engelsystem.nix

+49 −30

Original line number	Diff line number	Diff line
		{ config, lib, pkgs, utils, ... }:
		{
		config,
		lib,
		pkgs,
		utils,
		...
		}:

		let
		inherit (lib) mkDefault mkEnableOption mkIf mkOption types mkPackageOption;
		inherit (lib)
		mkDefault
		mkEnableOption
		mkIf
		mkOption
		mkPackageOption
		mkRenamedOptionModule
		types
		;

		cfg = config.services.engelsystem;
		in {
		options = {
		services.engelsystem = {
		enable = mkOption {
		default = false;
		example = true;
		description = ''
		Whether to enable engelsystem, an online tool for coordinating volunteers
		and shifts on large events.
		'';
		type = lib.types.bool;
		};
		imports = [
		(mkRenamedOptionModule [ "services" "engelsystem" "config" ] [ "services" "engelsystem" "settings" ])
		];

		options.services.engelsystem = {
		enable = mkEnableOption "engelsystem, an online tool for coordinating volunteers and shifts on large events";

		package = mkPackageOption pkgs "engelsystem" { };

		domain = mkOption {
		type = types.str;
		@@ -22,8 +34,6 @@ in {
		description = "Domain to serve on.";
		};

		package = mkPackageOption pkgs "engelsystem" { };

		createDatabase = mkOption {
		type = types.bool;
		default = true;
		@@ -32,9 +42,8 @@ in {
		This will override every database setting in {option}`services.engelsystem.config`.
		'';
		};
		};

		services.engelsystem.config = mkOption {
		settings = mkOption {
		type = types.attrs;
		default = {
		database = {
		@@ -144,7 +153,7 @@ in {
		script =
		let
		genConfigScript = pkgs.writeScript "engelsystem-gen-config.sh"
		(utils.genJqSecretsReplacementSnippet cfg.config "config.json");
		(utils.genJqSecretsReplacementSnippet cfg.settings "config.json");
		in ''
		umask 077
		mkdir -p /var/lib/engelsystem/storage/app
		@@ -163,7 +172,17 @@ in {
		Group = "engelsystem";
		};
		script = ''
		versionFile="/var/lib/engelsystem/.version"
		version=$(cat "$versionFile" 2>/dev/null \|\| echo 0)

		if [[ $version != ${cfg.package.version} ]]; then
		# prune template cache between releases
		rm -rfv /var/lib/engelsystem/storage/cache/*

		${cfg.package}/bin/migrate

		echo ${cfg.package.version} > "$versionFile"
		fi
		'';
		after = [ "engelsystem-init.service" "mysql.service" ];
		};

Admin message