Loading nixos/doc/manual/release-notes/rl-2511.section.md +2 −0 Original line number Diff line number Diff line Loading @@ -255,6 +255,8 @@ - `i18n.inputMethod.fcitx5.plasma6Support` has been removed because qt6 is the only one used for fcitx5-configtool now. - `firezone` has changed how the `Everyone` group behaves. Service Accounts are no longer considered part of `Everyone`. - The `boot.readOnlyNixStore` has been removed. Control over bind mount options on `/nix/store` is now offered by the `boot.nixStoreMountOpts` option. - The Postfix module has been updated and likely requires configuration changes: Loading nixos/modules/programs/gpu-screen-recorder.nix +0 −6 Original line number Diff line number Diff line Loading @@ -34,12 +34,6 @@ in capabilities = "cap_sys_admin+ep"; source = "${package}/bin/gsr-kms-server"; }; security.wrappers."gpu-screen-recorder" = { owner = "root"; group = "root"; capabilities = "cap_sys_nice+ep"; source = "${package}/bin/gpu-screen-recorder"; }; }; meta.maintainers = with lib.maintainers; [ timschumi ]; Loading nixos/modules/services/networking/firezone/provision.exs +1 −1 Original line number Diff line number Diff line Loading @@ -343,7 +343,7 @@ defmodule Provision do case Map.get(changes, {:account, slug}) do {:new, account} -> Logger.info("Creating everyone group for new account") {:ok, actor_group} = Actors.create_managed_group(account, %{name: "Everyone", membership_rules: [%{operator: true}]}) {:ok, actor_group} = Actors.create_managed_group(account, %{name: "Everyone"}) UuidMapping.update_entities(slug, "actor_groups", %{"everyone" => actor_group.id}) {:ok, actor_group} {:existing, _account} -> Loading nixos/modules/services/networking/firezone/server.nix +4 −1 Original line number Diff line number Diff line Loading @@ -546,7 +546,6 @@ in }; in { flow_activities = mkFeatureOption "flow_activities" true; policy_conditions = mkFeatureOption "policy_conditions" true; multi_site_resources = mkFeatureOption "multi_site_resources" true; traffic_filters = mkFeatureOption "traffic_filters" true; Loading Loading @@ -923,9 +922,13 @@ in { name = "firezone"; ensureDBOwnership = true; ensureClauses.superuser = true; } ]; ensureDatabases = [ "firezone" ]; # Firezone uses an internal replication strategy # that depends on a logical wal settings.wal_level = "logical"; }; services.firezone.server.settings = { Loading nixos/modules/services/web-apps/gerrit.nix +4 −1 Original line number Diff line number Diff line Loading @@ -219,19 +219,22 @@ in ''; serviceConfig = { CacheDirectory = "gerrit"; DynamicUser = true; ExecStart = "${gerrit-cli}/bin/gerrit daemon --console-log"; LimitNOFILE = 4096; StandardInput = "socket"; StandardOutput = "journal"; StateDirectory = "gerrit"; StateDirectoryMode = "750"; CacheDirectory = "gerrit"; CacheDirectoryMode = "750"; WorkingDirectory = "%S/gerrit"; AmbientCapabilities = ""; CapabilityBoundingSet = ""; LockPersonality = true; NoNewPrivileges = true; PrivateDevices = true; PrivateMounts = true; PrivateTmp = true; ProtectClock = true; ProtectControlGroups = "strict"; Loading Loading
nixos/doc/manual/release-notes/rl-2511.section.md +2 −0 Original line number Diff line number Diff line Loading @@ -255,6 +255,8 @@ - `i18n.inputMethod.fcitx5.plasma6Support` has been removed because qt6 is the only one used for fcitx5-configtool now. - `firezone` has changed how the `Everyone` group behaves. Service Accounts are no longer considered part of `Everyone`. - The `boot.readOnlyNixStore` has been removed. Control over bind mount options on `/nix/store` is now offered by the `boot.nixStoreMountOpts` option. - The Postfix module has been updated and likely requires configuration changes: Loading
nixos/modules/programs/gpu-screen-recorder.nix +0 −6 Original line number Diff line number Diff line Loading @@ -34,12 +34,6 @@ in capabilities = "cap_sys_admin+ep"; source = "${package}/bin/gsr-kms-server"; }; security.wrappers."gpu-screen-recorder" = { owner = "root"; group = "root"; capabilities = "cap_sys_nice+ep"; source = "${package}/bin/gpu-screen-recorder"; }; }; meta.maintainers = with lib.maintainers; [ timschumi ]; Loading
nixos/modules/services/networking/firezone/provision.exs +1 −1 Original line number Diff line number Diff line Loading @@ -343,7 +343,7 @@ defmodule Provision do case Map.get(changes, {:account, slug}) do {:new, account} -> Logger.info("Creating everyone group for new account") {:ok, actor_group} = Actors.create_managed_group(account, %{name: "Everyone", membership_rules: [%{operator: true}]}) {:ok, actor_group} = Actors.create_managed_group(account, %{name: "Everyone"}) UuidMapping.update_entities(slug, "actor_groups", %{"everyone" => actor_group.id}) {:ok, actor_group} {:existing, _account} -> Loading
nixos/modules/services/networking/firezone/server.nix +4 −1 Original line number Diff line number Diff line Loading @@ -546,7 +546,6 @@ in }; in { flow_activities = mkFeatureOption "flow_activities" true; policy_conditions = mkFeatureOption "policy_conditions" true; multi_site_resources = mkFeatureOption "multi_site_resources" true; traffic_filters = mkFeatureOption "traffic_filters" true; Loading Loading @@ -923,9 +922,13 @@ in { name = "firezone"; ensureDBOwnership = true; ensureClauses.superuser = true; } ]; ensureDatabases = [ "firezone" ]; # Firezone uses an internal replication strategy # that depends on a logical wal settings.wal_level = "logical"; }; services.firezone.server.settings = { Loading
nixos/modules/services/web-apps/gerrit.nix +4 −1 Original line number Diff line number Diff line Loading @@ -219,19 +219,22 @@ in ''; serviceConfig = { CacheDirectory = "gerrit"; DynamicUser = true; ExecStart = "${gerrit-cli}/bin/gerrit daemon --console-log"; LimitNOFILE = 4096; StandardInput = "socket"; StandardOutput = "journal"; StateDirectory = "gerrit"; StateDirectoryMode = "750"; CacheDirectory = "gerrit"; CacheDirectoryMode = "750"; WorkingDirectory = "%S/gerrit"; AmbientCapabilities = ""; CapabilityBoundingSet = ""; LockPersonality = true; NoNewPrivileges = true; PrivateDevices = true; PrivateMounts = true; PrivateTmp = true; ProtectClock = true; ProtectControlGroups = "strict"; Loading
![nixpkgs-ci[bot]'s avatar](https://secure.gravatar.com/avatar/21d9e4256a026824783d9069d7622ceb22d44398fd318ddfee596c72e5556369?s=48&d=identicon "nixpkgs-ci[bot]")