+2 -2

nixos/doc/manual/manpages/README.md

··· 17 17 - Use `Cm` to mark literal string arguments, e.g. the `boot` command argument passed to `nixos-rebuild`. 18 18 - Optional flags or arguments should be marked with `Op`. This includes optional repeating arguments. 19 19 - Required flags or arguments should not be marked. 20 20 - - Mutually exclusive groups of arguments should be enclosed in curly brackets, preferrably created with `Bro`/`Brc` blocks. 20 20 + - Mutually exclusive groups of arguments should be enclosed in curly brackets, preferably created with `Bro`/`Brc` blocks. 21 21 22 22 When an argument is used in an example it should be marked up with `Ar` again to differentiate it from a constant. For example, a command with a `--host name` flag that calls ssh to retrieve the host's local time would signify this thusly: 23 23 ``` ··· 45 45 ... 46 46 .Ed 47 47 ``` 48 48 - Contents of code blocks may be marked up further, e.g. if they refer to arguments that will be subsituted into them: 48 48 + Contents of code blocks may be marked up further, e.g. if they refer to arguments that will be substituted into them: 49 49 ``` 50 50 .Bd -literal -offset indent 51 51 {

+2 -2

nixos/doc/manual/release-notes/rl-1609.section.md

··· 20 20 21 21 - A large number of packages have been converted to use the multiple outputs feature of Nix to greatly reduce the amount of required disk space, as mentioned above. This may require changes to any custom packages to make them build again; see the relevant chapter in the Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions related to multiple-output packages [were changed](https://github.com/NixOS/nixpkgs/pull/14766) late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.) 22 22 23 23 - - Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to aviod breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html). 23 23 + - Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to avoid breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html). 24 24 25 25 - Shell aliases for systemd sub-commands [were dropped](https://github.com/NixOS/nixpkgs/pull/15598): `start`, `stop`, `restart`, `status`. 26 26 ··· 28 28 29 29 - `/var/empty` is now immutable. Activation script runs `chattr +i` to forbid any modifications inside the folder. See [ the pull request](https://github.com/NixOS/nixpkgs/pull/18365) for what bugs this caused. 30 30 31 31 - - Gitlab's maintainance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI. 31 31 + - Gitlab's maintenance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI. 32 32 33 33 - `services.xserver.libinput.accelProfile` default changed from `flat` to `adaptive`, as per [ official documentation](https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79). 34 34

+1 -1

nixos/doc/manual/release-notes/rl-1709.section.md

··· 275 275 276 276 You can check that backups still work by running `systemctl start mysql-backup` then `systemctl status mysql-backup`. 277 277 278 278 - - Templated systemd services e.g `container@name` are now handled currectly when switching to a new configuration, resulting in them being reloaded. 278 278 + - Templated systemd services e.g `container@name` are now handled correctly when switching to a new configuration, resulting in them being reloaded. 279 279 280 280 - Steam: the `newStdcpp` parameter was removed and should not be needed anymore. 281 281

+1 -1

nixos/doc/manual/release-notes/rl-1803.section.md

··· 174 174 175 175 - The `openssh` package now includes Kerberos support by default; the `openssh_with_kerberos` package is now a deprecated alias. If you do not want Kerberos support, you can do `openssh.override { withKerberos = false; }`. Note, this also applies to the `openssh_hpn` package. 176 176 177 177 - - `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatability, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved. 177 177 + - `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatibility, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved. 178 178 179 179 - The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual. The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected. 180 180

+3 -3

nixos/doc/manual/release-notes/rl-1903.section.md

··· 81 81 82 82 The slurmctld now runs as user `slurm` instead of `root`. If you want to keep slurmctld running as `root`, set `services.slurm.user = root`. 83 83 84 84 - The options `services.slurm.nodeName` and `services.slurm.partitionName` are now sets of strings to correctly reflect that fact that each of these options can occour more than once in the configuration. 84 84 + The options `services.slurm.nodeName` and `services.slurm.partitionName` are now sets of strings to correctly reflect that fact that each of these options can occur more than once in the configuration. 85 85 86 86 - The `solr` package has been upgraded from 4.10.3 to 7.5.0 and has undergone some major changes. The `services.solr` module has been updated to reflect these changes. Please review http://lucene.apache.org/solr/ carefully before upgrading. 87 87 ··· 91 91 92 92 - Network interface indiscriminate NixOS firewall options (`networking.firewall.allow*`) are now preserved when also setting interface specific rules such as `networking.firewall.interfaces.en0.allow*`. These rules continue to use the pseudo device "default" (`networking.firewall.interfaces.default.*`), and assigning to this pseudo device will override the (`networking.firewall.allow*`) options. 93 93 94 94 - - The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interferring with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network. 94 94 + - The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interfering with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network. 95 95 96 96 If the old behaviour is desired, this can be restored by setting the `services.nscd.config` option with the desired caching parameters. 97 97 ··· 135 135 136 136 - GitLab Shell previously used the nix store paths for the `gitlab-shell` command in its `authorized_keys` file, which might stop working after garbage collection. To circumvent that, we regenerated that file on each startup. As `gitlab-shell` has now been changed to use `/var/run/current-system/sw/bin/gitlab-shell`, this is not necessary anymore, but there might be leftover lines with a nix store path. Regenerate the `authorized_keys` file via `sudo -u git -H gitlab-rake gitlab:shell:setup` in that case. 137 137 138 138 - - The `pam_unix` account module is now loaded with its control field set to `required` instead of `sufficient`, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to `pam_unix`. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previosuly shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting `security.pam.services.<name?>.text`. 138 138 + - The `pam_unix` account module is now loaded with its control field set to `required` instead of `sufficient`, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to `pam_unix`. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previously shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting `security.pam.services.<name?>.text`. 139 139 140 140 - The `pam_unix` password module is now loaded with its control field set to `sufficient` instead of `required`, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account's password through PAM was not possible: the whole password module verification was exited prematurely by `pam_unix`, preventing `pam_ldap` to manage the password as it should. 141 141

+1 -1

nixos/doc/manual/release-notes/rl-1909.section.md

··· 194 194 195 195 `security.acme.preDelay` and `security.acme.activationDelay` options have been removed. To execute a service before certificates are provisioned or renewed add a `RequiredBy=acme-${cert}.service` to any service. 196 196 197 197 - Furthermore, the acme module will not automatically add a dependency on `lighttpd.service` anymore. If you are using certficates provided by letsencrypt for lighttpd, then you should depend on the certificate service `acme-${cert}.service>` manually. 197 197 + Furthermore, the acme module will not automatically add a dependency on `lighttpd.service` anymore. If you are using certificates provided by letsencrypt for lighttpd, then you should depend on the certificate service `acme-${cert}.service>` manually. 198 198 199 199 For nginx, the dependencies are still automatically managed when `services.nginx.virtualhosts.<name>.enableACME` is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all `acme-certificates.target`. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at [NixOS/nixpkgs\#60180](https://github.com/NixOS/nixpkgs/issues/60180). 200 200

+2 -2

nixos/doc/manual/release-notes/rl-2009.section.md

··· 130 130 131 131 - [services.cage.enable](options.html#opt-services.cage.enable) Wayland cage service 132 132 133 133 - - [services.convos.enable](options.html#opt-services.convos.enable) IRC daemon, which can be accessed throught the browser 133 133 + - [services.convos.enable](options.html#opt-services.convos.enable) IRC daemon, which can be accessed through the browser 134 134 135 135 - [services.engelsystem.enable](options.html#opt-services.engelsystem.enable) Tool for coordinating volunteers and shifts on large events 136 136 ··· 552 552 553 553 - The [jellyfin](options.html#opt-services.jellyfin.enable) module will use and stay on the Jellyfin version `10.5.5` if `stateVersion` is lower than `20.09`. This is because significant changes were made to the database schema, and it is highly recommended to backup your instance before upgrading. After making your backup, you can upgrade to the latest version either by setting your `stateVersion` to `20.09` or higher, or set the `services.jellyfin.package` to `pkgs.jellyfin`. If you do not wish to upgrade Jellyfin, but want to change your `stateVersion`, you can set the value of `services.jellyfin.package` to `pkgs.jellyfin_10_5`. 554 554 555 555 - - The `security.rngd` service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundent. 555 555 + - The `security.rngd` service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundant. 556 556 557 557 - The `hardware.nvidia.optimus_prime.enable` service has been renamed to `hardware.nvidia.prime.sync.enable` and has many new enhancements. Related nvidia prime settings may have also changed. 558 558

+3 -3

nixos/doc/manual/release-notes/rl-2105.section.md

··· 197 197 198 198 Android packages are now loaded from a repo.json file created by parsing Android repo XML files. The arguments `repoJson` and `repoXmls` have been added to allow overriding the built-in androidenv repo.json with your own. Additionally, license files are now written to allow compatibility with Gradle-based tools, and the `extraLicenses` argument has been added to accept more SDK licenses if your project requires it. See the androidenv documentation for more details. 199 199 200 200 - - The attribute `mpi` is now consistently used to provide a default, system-wide MPI implementation. The default implementation is openmpi, which has been used before by all derivations affects by this change. Note that all packages that have used `mpi ? null` in the input for optional MPI builds, have been changed to the boolean input paramater `useMpi` to enable building with MPI. Building all packages with `mpich` instead of the default `openmpi` can now be achived like this: 200 200 + - The attribute `mpi` is now consistently used to provide a default, system-wide MPI implementation. The default implementation is openmpi, which has been used before by all derivations affects by this change. Note that all packages that have used `mpi ? null` in the input for optional MPI builds, have been changed to the boolean input parameter `useMpi` to enable building with MPI. Building all packages with `mpich` instead of the default `openmpi` can now be achieved like this: 201 201 202 202 ```nix 203 203 self: super: ··· 272 272 273 273 - `environment.defaultPackages` now includes the nano package. If pkgs.nano is not added to the list, make sure another editor is installed and the `EDITOR` environment variable is set to it. Environment variables can be set using `environment.variables`. 274 274 275 275 - - `services.minio.dataDir` changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements. 275 275 + - `services.minio.dataDir` changed type to a list of paths, required for specifying multiple data directories for using with erasure coding. Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements. 276 276 277 277 - All CUDA toolkit versions prior to CUDA 10 have been removed. 278 278 ··· 375 375 376 376 - When defining a new user, one of [users.users._name_.isNormalUser](options.html#opt-users.users._name_.isNormalUser) and [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) is now required. This is to prevent accidentally giving a UID above 1000 to system users, which could have unexpected consequences, like running user activation scripts for system users. Note that users defined with an explicit UID below 500 are exempted from this check, as [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) has no effect for those. 377 377 378 378 - - The `security.apparmor` module, for the [AppArmor](https://gitlab.com/apparmor/apparmor/-/wikis/Documentation) Mandatory Access Control system, has been substantialy improved along with related tools, so that module maintainers can now more easily write AppArmor profiles for NixOS. The most notable change on the user-side is the new option [security.apparmor.policies](options.html#opt-security.apparmor.policies), replacing the previous `profiles` option to provide a way to disable a profile and to select whether to confine in enforce mode (default) or in complain mode (see `journalctl -b --grep apparmor`). Security-minded users may also want to enable [security.apparmor.killUnconfinedConfinables](options.html#opt-security.apparmor.killUnconfinedConfinables), at the cost of having some of their processes killed when updating to a NixOS version introducing new AppArmor profiles. 378 378 + - The `security.apparmor` module, for the [AppArmor](https://gitlab.com/apparmor/apparmor/-/wikis/Documentation) Mandatory Access Control system, has been substantially improved along with related tools, so that module maintainers can now more easily write AppArmor profiles for NixOS. The most notable change on the user-side is the new option [security.apparmor.policies](options.html#opt-security.apparmor.policies), replacing the previous `profiles` option to provide a way to disable a profile and to select whether to confine in enforce mode (default) or in complain mode (see `journalctl -b --grep apparmor`). Security-minded users may also want to enable [security.apparmor.killUnconfinedConfinables](options.html#opt-security.apparmor.killUnconfinedConfinables), at the cost of having some of their processes killed when updating to a NixOS version introducing new AppArmor profiles. 379 379 380 380 - The GNOME desktop manager once again installs gnome.epiphany by default. 381 381

+1 -1

nixos/doc/manual/release-notes/rl-2111.section.md

··· 375 375 376 376 - `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument. 377 377 378 378 - - The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group. 378 378 + - The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`hardware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group. 379 379 380 380 - The fontconfig service's dpi option has been removed. 381 381 Fontconfig should use Xft settings by default so there's no need to override one value in multiple places.

+6 -6

nixos/doc/manual/release-notes/rl-2205.section.md

··· 10 10 for Flakes, but also marks the `nix` command as experimental which now has to 11 11 be enabled via the configuration explicitly. For more information and 12 12 instructions for upgrades, see the 13 13 - relase notes for [nix-2.4](https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html), 13 13 + release notes for [nix-2.4](https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html), 14 14 [nix-2.5](https://nixos.org/manual/nix/stable/release-notes/rl-2.5.html), 15 15 [nix-2.6](https://nixos.org/manual/nix/stable/release-notes/rl-2.6.html), 16 16 [nix-2.7](https://nixos.org/manual/nix/stable/release-notes/rl-2.7.html) and ··· 278 278 279 279 - `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`. 280 280 281 281 - Additionally with 2.5 the argon2 module was included in the standard distrubtion and renamed from `pw-argon2` to `argon2`. Remember to update your `olcModuleLoad` entry in `cn=config`. 281 281 + Additionally with 2.5 the argon2 module was included in the standard distribution and renamed from `pw-argon2` to `argon2`. Remember to update your `olcModuleLoad` entry in `cn=config`. 282 282 283 283 - `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface. 284 284 285 285 - - `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`. 285 285 + - `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your environment consider adding `openssh` to it or switching to `gitFull`. 286 286 287 287 - `services.k3s.enable` no longer implies `systemd.enableUnifiedCgroupHierarchy = false`, and will default to the 'systemd' cgroup driver when using `services.k3s.docker = true`. 288 288 This change may require a reboot to take effect, and k3s may not be able to run if the boot cgroup hierarchy does not match its configuration. ··· 639 639 changes in the database scheme and configuration format. 640 640 641 641 - Some top-level settings under [services.epgstation](#opt-services.epgstation.enable) 642 642 - is now deprecated because it was redudant due to the same options being 642 642 + is now deprecated because it was redundant due to the same options being 643 643 present in [services.epgstation.settings](#opt-services.epgstation.settings). 644 644 645 645 - The option `services.epgstation.basicAuth` was removed because basic ··· 653 653 option now expects options for `config.yml` in EPGStation v2. 654 654 655 655 - Existing data for the [services.epgstation](#opt-services.epgstation.enable) 656 656 - module would have to be backed up prior to the upgrade. To back up exising 656 656 + module would have to be backed up prior to the upgrade. To back up existing 657 657 data to `/tmp/epgstation.bak`, run 658 658 `sudo -u epgstation epgstation run backup /tmp/epgstation.bak`. 659 659 To import that data after to the upgrade, run ··· 804 804 - The `influxdb2` package was split into `influxdb2-server` and 805 805 `influxdb2-cli`, matching the split that took place upstream. A 806 806 combined `influxdb2` package is still provided in this release for 807 807 - backwards compatibilty, but will be removed at a later date. 807 807 + backwards compatibility, but will be removed at a later date. 808 808 809 809 - The `unifi` package was switched from `unifi6` to `unifi7`. 810 810 Direct downgrades from Unifi 7 to Unifi 6 are not possible and require restoring from a backup made by Unifi 6.

+2 -2

nixos/doc/manual/release-notes/rl-2211.section.md

··· 205 205 206 206 - Linux 4.9 has been removed because it will reach its end of life within the lifespan of 22.11. 207 207 208 208 - - (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden. 208 208 + - (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintenance burden. 209 209 Use `configure.packages` instead. 210 210 - Neovim can not be configured with plug anymore (still works for vim). 211 211 ··· 221 221 222 222 - `mysql57` has been removed. Please update to `mysql80` or `mariadb`. See the [upgrade guide](https://mariadb.com/kb/en/upgrading-from-mysql-to-mariadb/) for more information. 223 223 224 224 - - Consequently, `cqrlog` and `amorok` now use `mariadb` instead of `mysql57` for their embedded databases. Running `mysql_upgrade` may be neccesary. 224 224 + - Consequently, `cqrlog` and `amorok` now use `mariadb` instead of `mysql57` for their embedded databases. Running `mysql_upgrade` may be necessary. 225 225 - `k3s` supports `clusterInit` option, and it is enabled by default, for servers. 226 226 227 227 - `percona-server56` has been removed. Please migrate to `mysql` or `mariadb` if possible.

+6 -6

nixos/doc/manual/release-notes/rl-2305.section.md

··· 72 72 73 73 - [stevenblack-blocklist](https://github.com/StevenBlack/hosts), A unified hosts file with base extensions for blocking unwanted websites. Available as [networking.stevenblack](options.html#opt-networking.stevenblack.enable). 74 74 75 75 - - [Budgie Desktop](https://github.com/BuddiesOfBudgie/budgie-desktop), a familiar, modern desktop environment. Availabe as [services.xserver.desktopManager.budgie](options.html#opt-services.xserver.desktopManager.budgie). 75 75 + - [Budgie Desktop](https://github.com/BuddiesOfBudgie/budgie-desktop), a familiar, modern desktop environment. Available as [services.xserver.desktopManager.budgie](options.html#opt-services.xserver.desktopManager.budgie). 76 76 77 77 - [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable). 78 78 ··· 88 88 89 89 - [alertmanager-irc-relay](https://github.com/google/alertmanager-irc-relay), a Prometheus Alertmanager IRC Relay. Available as [services.prometheus.alertmanagerIrcRelay](options.html#opt-services.prometheus.alertmanagerIrcRelay.enable). 90 90 91 91 - - [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Mutiple servers may be configured below [services.tts.servers](#opt-services.tts.servers). 91 91 + - [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Multiple servers may be configured below [services.tts.servers](#opt-services.tts.servers). 92 92 93 93 - [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable). 94 94 ··· 98 98 99 99 - [gonic](https://github.com/sentriz/gonic), a Subsonic music streaming server. Available as [services.gonic](#opt-services.gonic.enable). 100 100 101 101 - - [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable). 101 101 + - [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and receives MMSes. Available as [services.mmsd](#opt-services.mmsd.enable). 102 102 103 103 - [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable) 104 104 ··· 287 287 288 288 - The `nix.readOnlyStore` option has been renamed to `boot.readOnlyNixStore` to clarify that it configures the NixOS boot process, not the Nix daemon. 289 289 290 290 - - Deprecated `xlibsWrapper` transitional package has been removed in favour of direct use of its constitutents: `xorg.libX11`, `freetype` and others. 290 290 + - Deprecated `xlibsWrapper` transitional package has been removed in favour of direct use of its constituents: `xorg.libX11`, `freetype` and others. 291 291 292 292 - The latest available version of Nextcloud is v26 (available as `pkgs.nextcloud26`) which uses PHP 8.2 as interpreter by default. The installation logic is as follows: 293 293 - If `system.stateVersion` is >=23.05, `pkgs.nextcloud26` will be installed by default. ··· 302 302 [upstream's release notes](https://github.com/iputils/iputils/releases/tag/20221126) 303 303 for more details and available replacements. 304 304 305 305 - - The ppp plugin `rp-pppoe.so` has been renamed to `pppoe.so` in ppp 2.4.9. Starting from ppp 2.5.0, there is no longer a alias for backwards compatiblity. Configurations that use this plugin must be updated accordingly from `plugin rp-pppoe.so` to `plugin pppoe.so`. See [upstream change](https://github.com/ppp-project/ppp/commit/610a7bd76eb1f99f22317541b35001b1e24877ed). 305 305 + - The ppp plugin `rp-pppoe.so` has been renamed to `pppoe.so` in ppp 2.4.9. Starting from ppp 2.5.0, there is no longer a alias for backwards compatibility. Configurations that use this plugin must be updated accordingly from `plugin rp-pppoe.so` to `plugin pppoe.so`. See [upstream change](https://github.com/ppp-project/ppp/commit/610a7bd76eb1f99f22317541b35001b1e24877ed). 306 306 307 307 - [services.xserver.videoDrivers](options.html#opt-services.xserver.videoDrivers) now defaults to the `modesetting` driver over device-specific ones. The `radeon`, `amdgpu` and `nouveau` drivers are still available, but effectively unmaintained and not recommended for use. 308 308 ··· 567 567 568 568 The Pipewire config semantics don't really match the NixOS module semantics, so it's extremely awkward to override the default config, especially when lists are involved. Vendoring the configuration files in nixpkgs also creates unnecessary maintenance overhead. 569 569 570 570 - Also, upstream added a lot of accomodations to allow doing most of the things you'd want to do with a config edit in better ways. 570 570 + Also, upstream added a lot of accommodations to allow doing most of the things you'd want to do with a config edit in better ways. 571 571 572 572 #### Migrating your configuration {#sec-release-23.05-migration-pipewire-how} 573 573

+1 -1

nixos/modules/config/xdg/portal.nix

··· 21 21 in 22 22 { 23 23 warnings = lib.mkIf config.xdg.portal.gtkUsePortal [ 24 24 - "The option `${lib.showOption from}' defined in ${lib.showFiles fromOpt.files} has been deprecated. Setting the variable globally with `environment.sessionVariables' NixOS option can have unforseen side-effects." 24 24 + "The option `${lib.showOption from}' defined in ${lib.showFiles fromOpt.files} has been deprecated. Setting the variable globally with `environment.sessionVariables' NixOS option can have unforeseen side-effects." 25 25 ]; 26 26 } 27 27 )

+1 -1

nixos/modules/hardware/sensor/hddtemp.nix

··· 43 43 }; 44 44 45 45 unit = mkOption { 46 46 - description = lib.mdDoc "Celcius or Fahrenheit"; 46 46 + description = lib.mdDoc "Celsius or Fahrenheit"; 47 47 type = types.enum [ "C" "F" ]; 48 48 default = "C"; 49 49 };

+1 -1

nixos/modules/installer/tools/nixos-enter.sh

··· 97 97 exec 2>/dev/null 98 98 fi 99 99 100 100 - # Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings. 100 100 + # Run the activation script. Set $LOCALE_ARCHIVE to suppress some Perl locale warnings. 101 101 LOCALE_ARCHIVE="$system/sw/lib/locale/locale-archive" IN_NIXOS_ENTER=1 chroot "$mountPoint" "$system/activate" 1>&2 || true 102 102 103 103 # Create /tmp. This is needed for nix-build and the NixOS activation script to work.

+2 -2

nixos/modules/misc/version.nix

··· 9 9 literalExpression mkRenamedOptionModule mkDefault mkOption trivial types; 10 10 11 11 needsEscaping = s: null != builtins.match "[a-zA-Z0-9]+" s; 12 12 - escapeIfNeccessary = s: if needsEscaping s then s else ''"${lib.escape [ "\$" "\"" "\\" "\`" ] s}"''; 12 12 + escapeIfNecessary = s: if needsEscaping s then s else ''"${lib.escape [ "\$" "\"" "\\" "\`" ] s}"''; 13 13 attrsToText = attrs: 14 14 concatStringsSep "\n" ( 15 15 - mapAttrsToList (n: v: ''${n}=${escapeIfNeccessary (toString v)}'') attrs 15 15 + mapAttrsToList (n: v: ''${n}=${escapeIfNecessary (toString v)}'') attrs 16 16 ) + "\n"; 17 17 18 18 osReleaseContents = {

+1 -1

nixos/modules/programs/fish.nix

··· 303 303 programs.fish.interactiveShellInit = '' 304 304 # add completions generated by NixOS to $fish_complete_path 305 305 begin 306 306 - # joins with null byte to acommodate all characters in paths, then respectively gets all paths before (exclusive) / after (inclusive) the first one including "generated_completions", 306 306 + # joins with null byte to accommodate all characters in paths, then respectively gets all paths before (exclusive) / after (inclusive) the first one including "generated_completions", 307 307 # splits by null byte, and then removes all empty lines produced by using 'string' 308 308 set -l prev (string join0 $fish_complete_path | string match --regex "^.*?(?=\x00[^\x00]*generated_completions.*)" | string split0 | string match -er ".") 309 309 set -l post (string join0 $fish_complete_path | string match --regex "[^\x00]*generated_completions.*" | string split0 | string match -er ".")

+1 -1

nixos/modules/programs/nix-ld.nix

··· 2 2 let 3 3 cfg = config.programs.nix-ld; 4 4 5 5 - # TODO make glibc here configureable? 5 5 + # TODO make glibc here configurable? 6 6 nix-ld-so = pkgs.runCommand "ld.so" {} '' 7 7 ln -s "$(cat '${pkgs.stdenv.cc}/nix-support/dynamic-linker')" $out 8 8 '';

+3 -3

nixos/modules/programs/singularity.nix

··· 25 25 type = types.nullOr types.package; 26 26 default = null; 27 27 description = mdDoc '' 28 28 - This option provides access to the overriden result of `programs.singularity.package`. 28 28 + This option provides access to the overridden result of `programs.singularity.package`. 29 29 30 30 - For example, the following configuration makes all the Nixpkgs packages use the overriden `singularity`: 30 30 + For example, the following configuration makes all the Nixpkgs packages use the overridden `singularity`: 31 31 ```Nix 32 32 { config, lib, pkgs, ... }: 33 33 { ··· 42 42 } 43 43 ``` 44 44 45 45 - Use `lib.mkForce` to forcefully specify the overriden package. 45 45 + Use `lib.mkForce` to forcefully specify the overridden package. 46 46 ''; 47 47 }; 48 48 enableFakeroot = mkOption {

+1 -1

nixos/modules/programs/turbovnc.nix

··· 39 39 config = mkIf cfg.ensureHeadlessSoftwareOpenGL { 40 40 41 41 # TurboVNC has builtin support for Mesa llvmpipe's `swrast` 42 42 - # software rendering to implemnt GLX (OpenGL on Xorg). 42 42 + # software rendering to implement GLX (OpenGL on Xorg). 43 43 # However, just building TurboVNC with support for that is not enough 44 44 # (it only takes care of the X server side part of OpenGL); 45 45 # the indiviudual applications (e.g. `glxgears`) also need to directly load

+1 -1

nixos/modules/rename.nix

··· 112 112 (mkRemovedOptionModule [ "services" "cryptpad" ] "The corresponding package was removed from nixpkgs.") 113 113 (mkRemovedOptionModule [ "services" "rtsp-simple-server" ] "Package has been completely rebranded by upstream as mediamtx, and thus the service and the package were renamed in NixOS as well.") 114 114 115 115 - (mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Plesae use fcitx5 instead") 115 115 + (mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Please use fcitx5 instead") 116 116 117 117 # Do NOT add any option renames here, see top of the file 118 118 ];

+1 -1

nixos/modules/services/cluster/kubernetes/flannel.nix

··· 53 53 }; 54 54 }; 55 55 56 56 - # give flannel som kubernetes rbac permissions if applicable 56 56 + # give flannel some kubernetes rbac permissions if applicable 57 57 services.kubernetes.addonManager.bootstrapAddons = mkIf ((storageBackend == "kubernetes") && (elem "RBAC" top.apiserver.authorizationMode)) { 58 58 59 59 flannel-cr = {

+1 -1

nixos/modules/services/cluster/kubernetes/kubelet.nix

··· 337 337 }; 338 338 }; 339 339 340 340 - # Allways include cni plugins 340 340 + # Always include cni plugins 341 341 services.kubernetes.kubelet.cni.packages = [pkgs.cni-plugins pkgs.cni-plugin-flannel]; 342 342 343 343 boot.kernelModules = ["br_netfilter" "overlay"];

+1 -1

nixos/modules/services/continuous-integration/gitea-actions-runner.nix

··· 207 207 export LABELS_CURRENT="$(cat $LABELS_FILE 2>/dev/null || echo 0)" 208 208 209 209 if [ ! -e "$INSTANCE_DIR/.runner" ] || [ "$LABELS_WANTED" != "$LABELS_CURRENT" ]; then 210 210 - # remove existing registration file, so that changing the labels forces a re-registation 210 210 + # remove existing registration file, so that changing the labels forces a re-registration 211 211 rm -v "$INSTANCE_DIR/.runner" || true 212 212 213 213 # perform the registration

+1 -1

nixos/modules/services/continuous-integration/woodpecker/agents.nix

··· 23 23 DOCKER_HOST = "unix:///run/podman/podman.sock"; 24 24 } 25 25 ''; 26 26 - description = lib.mdDoc "woodpecker-agent config envrionment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)"; 26 26 + description = lib.mdDoc "woodpecker-agent config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)"; 27 27 }; 28 28 29 29 extraGroups = lib.mkOption {

+1 -1

nixos/modules/services/continuous-integration/woodpecker/server.nix

··· 28 28 WOODPECKER_GITEA_URL = "https://git.example.com"; 29 29 } 30 30 ''; 31 31 - description = lib.mdDoc "woodpecker-server config envrionment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/server-config)"; 31 31 + description = lib.mdDoc "woodpecker-server config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/server-config)"; 32 32 }; 33 33 environmentFile = lib.mkOption { 34 34 type = lib.types.nullOr lib.types.path;

+1 -1

nixos/modules/services/databases/cockroachdb.nix

··· 164 164 example = [ "--advertise-addr" "[fe80::f6f2:::]" ]; 165 165 description = lib.mdDoc '' 166 166 Extra CLI arguments passed to {command}`cockroach start`. 167 167 - For the full list of supported argumemnts, check <https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags> 167 167 + For the full list of supported arguments, check <https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags> 168 168 ''; 169 169 }; 170 170 };

+1 -1

nixos/modules/services/databases/couchdb.nix

··· 141 141 type = types.lines; 142 142 default = ""; 143 143 description = lib.mdDoc '' 144 144 - Extra configuration. Overrides any other cofiguration. 144 144 + Extra configuration. Overrides any other configuration. 145 145 ''; 146 146 }; 147 147

+1 -1

nixos/modules/services/databases/firebird.nix

··· 1 1 { config, lib, pkgs, ... }: 2 2 3 3 - # TODO: This may file may need additional review, eg which configuartions to 3 3 + # TODO: This may file may need additional review, eg which configurations to 4 4 # expose to the user. 5 5 # 6 6 # I only used it to access some simple databases.

+1 -1

nixos/modules/services/databases/mongodb.nix

··· 142 142 User = cfg.user; 143 143 PIDFile = cfg.pidFile; 144 144 Type = "forking"; 145 145 - TimeoutStartSec=120; # intial creating of journal can take some time 145 145 + TimeoutStartSec=120; # initial creating of journal can take some time 146 146 PermissionsStartOnly = true; 147 147 }; 148 148

+1 -1

nixos/modules/services/desktops/deepin/dde-api.nix

··· 16 16 17 17 enable = mkEnableOption (lib.mdDoc '' 18 18 Provides some dbus interfaces that is used for screen zone detecting, 19 19 - thumbnail generating, and sound playing in Deepin Desktop Enviroment. 19 19 + thumbnail generating, and sound playing in Deepin Desktop Environment. 20 20 ''); 21 21 22 22 };

+1 -1

nixos/modules/services/mail/roundcube.nix

··· 72 72 type = types.str; 73 73 description = lib.mdDoc '' 74 74 Password file for the postgresql connection. 75 75 - Must be formated according to PostgreSQL .pgpass standard (see https://www.postgresql.org/docs/current/libpq-pgpass.html) 75 75 + Must be formatted according to PostgreSQL .pgpass standard (see https://www.postgresql.org/docs/current/libpq-pgpass.html) 76 76 but only one line, no comments and readable by user `nginx`. 77 77 Ignored if `database.host` is set to `localhost`, as peer authentication will be used. 78 78 '';

+3 -3

nixos/modules/services/misc/siproxd.nix

··· 60 60 default = [ ]; 61 61 example = [ "192.168.1.0/24" "192.168.2.0/24" ]; 62 62 description = lib.mdDoc '' 63 63 - Acess control list for incoming SIP registrations. 63 63 + Access control list for incoming SIP registrations. 64 64 ''; 65 65 }; 66 66 ··· 69 69 default = [ ]; 70 70 example = [ "123.45.0.0/16" "123.46.0.0/16" ]; 71 71 description = lib.mdDoc '' 72 72 - Acess control list for incoming SIP traffic. 72 72 + Access control list for incoming SIP traffic. 73 73 ''; 74 74 }; 75 75 ··· 78 78 default = [ ]; 79 79 example = [ "10.0.0.0/8" "11.0.0.0/8" ]; 80 80 description = lib.mdDoc '' 81 81 - Acess control list for denying incoming 81 81 + Access control list for denying incoming 82 82 SIP registrations and traffic. 83 83 ''; 84 84 };

+1 -1

nixos/modules/services/monitoring/prometheus/default.nix

··· 1614 1614 1615 1615 The following property holds: switching to a configuration 1616 1616 (`switch-to-configuration`) that changes the prometheus 1617 1617 - configuration only finishes successully when prometheus has finished 1617 1617 + configuration only finishes successfully when prometheus has finished 1618 1618 loading the new configuration. 1619 1619 ''; 1620 1620 };

+2 -2

nixos/modules/services/monitoring/unpoller.nix

··· 47 47 type = types.bool; 48 48 default = false; 49 49 description = lib.mdDoc '' 50 50 - Whether to disable the prometheus ouput plugin. 50 50 + Whether to disable the prometheus output plugin. 51 51 ''; 52 52 }; 53 53 http_listen = mkOption { ··· 71 71 type = types.bool; 72 72 default = false; 73 73 description = lib.mdDoc '' 74 74 - Whether to disable the influxdb ouput plugin. 74 74 + Whether to disable the influxdb output plugin. 75 75 ''; 76 76 }; 77 77 url = mkOption {

+1 -1

nixos/modules/services/networking/headscale.nix

··· 393 393 type = types.nullOr types.path; 394 394 default = null; 395 395 description = lib.mdDoc '' 396 396 - Path to a file containg ACL policies. 396 396 + Path to a file containing ACL policies. 397 397 ''; 398 398 }; 399 399 };

+1 -1

nixos/modules/services/networking/wgautomesh.nix

··· 94 94 address = mkOption { 95 95 type = types.str; 96 96 description = mdDoc '' 97 97 - Wireguard address of this peer (a single IP address, multliple 97 97 + Wireguard address of this peer (a single IP address, multiple 98 98 addresses or address ranges are not supported). 99 99 ''; 100 100 example = "10.0.0.42";

+1 -1

nixos/modules/services/search/meilisearch.md

··· 30 30 31 31 - The default nixos package doesn't come with the [dashboard](https://docs.meilisearch.com/learn/getting_started/quick_start.html#search), since the dashboard features makes some assets downloads at compile time. 32 32 33 33 - - Anonimized Analytics sent to meilisearch are disabled by default. 33 33 + - Anonymized Analytics sent to meilisearch are disabled by default. 34 34 35 35 - Default deployment is development mode. It doesn't require a secret master key. All routes are not protected and accessible. 36 36

+1 -1

nixos/modules/services/security/authelia.nix

··· 72 72 type = types.nullOr types.path; 73 73 default = null; 74 74 description = mdDoc '' 75 75 - Path to your JWT secret used during identity verificaiton. 75 75 + Path to your JWT secret used during identity verificaton. 76 76 ''; 77 77 }; 78 78

+1 -1

nixos/modules/services/security/kanidm.nix

··· 10 10 certPaths = builtins.map builtins.dirOf [ cfg.serverSettings.tls_chain cfg.serverSettings.tls_key ]; 11 11 12 12 # Merge bind mount paths and remove paths where a prefix is already mounted. 13 13 - # This makes sure that if e.g. the tls_chain is in the nix store and /nix/store is alread in the mount 13 13 + # This makes sure that if e.g. the tls_chain is in the nix store and /nix/store is already in the mount 14 14 # paths, no new bind mount is added. Adding subpaths caused problems on ofborg. 15 15 hasPrefixInList = list: newPath: lib.any (path: lib.hasPrefix (builtins.toString path) (builtins.toString newPath)) list; 16 16 mergePaths = lib.foldl' (merged: newPath: let

+1 -1

nixos/modules/services/web-apps/dokuwiki.nix

··· 173 173 } 174 174 { 175 175 assertion = config.usersFile != null -> config.mergedConfig.useacl != false; 176 176 - message = "${showPath [ "settings" "useacl" ]} is required when ${showPath [ "usersFile" ]} is set (Currently defiend as `${config.usersFile}' in ${showFiles options.usersFile.files})."; 176 176 + message = "${showPath [ "settings" "useacl" ]} is required when ${showPath [ "usersFile" ]} is set (Currently defined as `${config.usersFile}' in ${showFiles options.usersFile.files})."; 177 177 } 178 178 ]; 179 179 })

+1 -1

nixos/modules/services/web-apps/kavita.nix

··· 35 35 ipAdresses = lib.mkOption { 36 36 default = ["0.0.0.0" "::"]; 37 37 type = lib.types.listOf lib.types.str; 38 38 - description = lib.mdDoc "IP Adresses to bind to. The default is to bind 38 38 + description = lib.mdDoc "IP Addresses to bind to. The default is to bind 39 39 to all IPv4 and IPv6 addresses."; 40 40 }; 41 41 };

+1 -1

nixos/modules/services/web-apps/mastodon.nix

··· 508 508 type = with lib.types; listOf path; 509 509 default = []; 510 510 description = lib.mdDoc '' 511 511 - Extra environment files to pass to all mastodon services. Useful for passing down environemntal secrets. 511 511 + Extra environment files to pass to all mastodon services. Useful for passing down environmental secrets. 512 512 ''; 513 513 example = [ "/etc/mastodon/s3config.env" ]; 514 514 };

+1 -1

nixos/modules/services/web-apps/monica.nix

··· 367 367 }; 368 368 369 369 systemd.services.monica-setup = { 370 370 - description = "Preperation tasks for monica"; 370 370 + description = "Preparation tasks for monica"; 371 371 before = ["phpfpm-monica.service"]; 372 372 after = optional db.createLocally "mysql.service"; 373 373 wantedBy = ["multi-user.target"];

+1 -1

nixos/modules/services/web-apps/nextcloud-notify_push.nix

··· 31 31 type = lib.types.bool; 32 32 default = false; 33 33 description = lib.mdDoc '' 34 34 - Wether to add an entry to `/etc/hosts` for the configured nextcloud domain to point to `localhost` and add `localhost `to nextcloud's `trusted_proxies` config option. 34 34 + Whether to add an entry to `/etc/hosts` for the configured nextcloud domain to point to `localhost` and add `localhost `to nextcloud's `trusted_proxies` config option. 35 35 36 36 This is useful when nextcloud's domain is not a static IP address and when the reverse proxy cannot be bypassed because the backend connection is done via unix socket. 37 37 '';

+1 -1

nixos/modules/services/web-apps/nextcloud.nix

··· 556 556 default = config.services.nextcloud.notify_push.enable; 557 557 defaultText = literalExpression "config.services.nextcloud.notify_push.enable"; 558 558 description = lib.mdDoc '' 559 559 - Wether to configure nextcloud to use the recommended redis settings for small instances. 559 559 + Whether to configure nextcloud to use the recommended redis settings for small instances. 560 560 561 561 ::: {.note} 562 562 The `notify_push` app requires redis to be configured. If this option is turned off, this must be configured manually.

+1 -1

nixos/modules/services/web-apps/pixelfed.nix

··· 237 237 QUEUE_DRIVER = mkDefault "redis"; 238 238 SESSION_DRIVER = mkDefault "redis"; 239 239 WEBSOCKET_REPLICATION_MODE = mkDefault "redis"; 240 240 - # Suppport phpredis and predis configuration-style. 240 240 + # Support phpredis and predis configuration-style. 241 241 REDIS_SCHEME = "unix"; 242 242 REDIS_HOST = config.services.redis.servers.pixelfed.unixSocket; 243 243 REDIS_PATH = config.services.redis.servers.pixelfed.unixSocket;

+1 -1

nixos/modules/services/web-servers/garage.md

··· 77 77 on fresh setups. 78 78 79 79 If major-releases will be abandoned by upstream, we should check first if those are needed 80 80 - in NixOS for a safe upgrade-path before removing those. In that case we shold keep those 80 80 + in NixOS for a safe upgrade-path before removing those. In that case we should keep those 81 81 packages, but mark them as insecure in an expression like this (in 82 82 `<nixpkgs/pkgs/tools/filesystem/garage/default.nix>`): 83 83 ```

+1 -1

nixos/modules/services/web-servers/stargazer.nix

··· 152 152 153 153 Expressed as a list of attribute sets. Each set must have a key `route` 154 154 that becomes the section name for that route in the stargazer ini cofig. 155 155 - The remaining keys and vaules become the parameters for that route. 155 155 + The remaining keys and values become the parameters for that route. 156 156 157 157 [Refer to upstream docs for other params](https://git.sr.ht/~zethra/stargazer/tree/main/item/doc/stargazer.ini.5.txt) 158 158 '';

+1 -1

nixos/modules/services/x11/window-managers/qtile.nix

··· 40 40 description = lib.mdDoc '' 41 41 Extra Python packages available to Qtile. 42 42 An example would be to include `python3Packages.qtile-extras` 43 43 - for additional unoffical widgets. 43 43 + for additional unofficial widgets. 44 44 ''; 45 45 example = literalExpression '' 46 46 python3Packages: with python3Packages; [

+2 -2

nixos/modules/system/boot/loader/grub/install-grub.pl

··· 213 213 $search .= $matches[0]; 214 214 } 215 215 216 216 - # BTRFS is a special case in that we need to fix the referrenced path based on subvolumes 216 216 + # BTRFS is a special case in that we need to fix the referenced path based on subvolumes 217 217 if ($fs->type eq 'btrfs') { 218 218 my ($status, @id_info) = runCommand("@btrfsprogs@/bin/btrfs", "subvol", "show", @{[$fs->mount]}); 219 219 if ($status != 0) { ··· 586 586 if (($grubTarget eq "") || ($grubTargetEfi eq "")) { die } 587 587 else { return "both" } 588 588 } elsif (($grub ne "") && ($grubEfi eq "")) { 589 589 - # TODO: It would be safer to disallow non-EFI grub installation if no taget is given. 589 589 + # TODO: It would be safer to disallow non-EFI grub installation if no target is given. 590 590 # If no target is given, then grub auto-detects the target which can lead to errors. 591 591 # E.g. it seems as if grub would auto-detect a EFI target based on the availability 592 592 # of a EFI partition.

+2 -2

nixos/modules/system/boot/luksroot.nix

··· 130 130 ''} 131 131 132 132 # Disable all input echo for the whole stage. We could use read -s 133 133 - # instead but that would ocasionally leak characters between read 133 133 + # instead but that would occasionally leak characters between read 134 134 # invocations. 135 135 stty -echo 136 136 ''; ··· 861 861 ''; 862 862 description = lib.mdDoc '' 863 863 Commands that should be run right before we try to mount our LUKS device. 864 864 - This can be useful, if the keys needed to open the drive is on another partion. 864 864 + This can be useful, if the keys needed to open the drive is on another partition. 865 865 ''; 866 866 }; 867 867

+1 -1

nixos/modules/system/boot/stage-1-init.sh

··· 445 445 mv -v "$d" "$root/old-root.tmp" 446 446 done 447 447 448 448 - # Use .tmp to make sure subsequent invokations don't clash 448 448 + # Use .tmp to make sure subsequent invocations don't clash 449 449 mv -v "$root/old-root.tmp" "$root/old-root" 450 450 451 451 mkdir -m 0755 -p "$root/etc"

+1 -1

nixos/modules/tasks/filesystems/bcachefs.nix

··· 16 16 local path="$2" 17 17 if bcachefs unlock -c $path > /dev/null 2> /dev/null; then # test for encryption 18 18 prompt $name 19 19 - until bcachefs unlock $path 2> /dev/null; do # repeat until sucessfully unlocked 19 19 + until bcachefs unlock $path 2> /dev/null; do # repeat until successfully unlocked 20 20 printf "unlocking failed!\n" 21 21 prompt $name 22 22 done

+1 -1

nixos/modules/tasks/filesystems/btrfs.nix

··· 25 25 type = types.listOf types.path; 26 26 example = [ "/" ]; 27 27 description = lib.mdDoc '' 28 28 - List of paths to btrfs filesystems to regularily call {command}`btrfs scrub` on. 28 28 + List of paths to btrfs filesystems to regularly call {command}`btrfs scrub` on. 29 29 Defaults to all mount points with btrfs filesystems. 30 30 If you mount a filesystem multiple times or additionally mount subvolumes, 31 31 you need to manually specify this list to avoid scrubbing multiple times.

+1 -1

nixos/modules/tasks/network-interfaces-scripted.nix

··· 396 396 ''; 397 397 postStop = '' 398 398 echo "Cleaning Open vSwitch ${n}" 399 399 - echo "Shuting down internal ${n} interface" 399 399 + echo "Shutting down internal ${n} interface" 400 400 ip link set ${n} down || true 401 401 echo "Deleting flows for ${n}" 402 402 ovs-ofctl --protocols=${v.openFlowVersion} del-flows ${n} || true

+1 -1

nixos/modules/tasks/network-interfaces-systemd.nix

··· 437 437 ''; 438 438 postStop = '' 439 439 echo "Cleaning Open vSwitch ${n}" 440 440 - echo "Shuting down internal ${n} interface" 440 440 + echo "Shutting down internal ${n} interface" 441 441 ip link set ${n} down || true 442 442 echo "Deleting flows for ${n}" 443 443 ovs-ofctl --protocols=${v.openFlowVersion} del-flows ${n} || true

+1 -1

nixos/modules/testing/test-instrumentation.nix

··· 43 43 # Passing the terminal device makes bash run non-interactively. 44 44 # Otherwise we get errors on the terminal because bash tries to 45 45 # setup things like job control. 46 46 - # Note: calling bash explicitely here instead of sh makes sure that 46 46 + # Note: calling bash explicitly here instead of sh makes sure that 47 47 # we can also run non-NixOS guests during tests. 48 48 PS1= exec /usr/bin/env bash --norc /dev/hvc0 49 49 '';