Since 25.05 dbtype no longer defaults to sqlite and this yields an error
that is understandable enough but not easy to properly address.
Add an assert that is more explicit.
Before:
```
error: The option `nodes.nextcloud.services.nextcloud.config.dbtype' was accessed but has no value defined. Try setting the option.
```
After:
```
error:
Failed assertions:
- `services.nextcloud.config.dbtype` must be set explicitly (pgsql, mysql, or sqlite)
Before 25.05, it used to default to sqlite but that is not recommended by upstream.
Either set it to sqlite as it used to be, or convert to another type as described
in the official db conversion page:
https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/db_conversion.html
```
Link: https://github.com/NixOS/nixpkgs/pull/369242#issuecomment-3036296243
(cherry picked from commit 78a20758e0)
This, and commits to k3s and util-linux close#409339.
The util-linux.withPatches API was a temporary hack for the 25.05
release to fix Kubernetes, and is going away.
While we're at it, we should use util-linuxMinimal because we do not
need things such as systemd support for kubelet initialization.
(cherry picked from commit 949e299d24)
See https://discourse.nixos.org/t/i-cannot-for-the-life-of-me-find-the-package-that-has-pg-config/66244/4
I decided against doing this in its own nixpkgs manual: the line
to draw is quite blurry already (e.g. we have documented our package
removal policy in here as well) and having to check two manuals for a
single subsystem feels pretty annoying to me.
The relevant part - where to find pg_config - is written at the top. I
decided to give a bit more context about the way our packaging works
since I realized a few times now that I don't remember all the details
about the problems we had in the past and having to look up individual
commit messages for that isn't very productive.
(cherry picked from commit e031c5ff6b)
We currently bypass systemd's switch-root logic by premounting
/sysroot/run. Make sure to propagate its sub-mounts with the recursive
flag, in accordance with the default switch-root logic.
This is required for creds at /run/credentials to survive the transition
from initrd -> host.
(cherry picked from commit 7d36daa76a)
When running with a xfs root partition and using systemd for stage 1
initrd, I noticed in journalctl that fsck.xfs always failed to execute.
The issue is that it is trying to use the below sh interpreter:
`#!/nix/store/xy4jjgw87sbgwylm5kn047d9gkbhsr9x-bash-5.2p37/bin/sh -f`
but the file does not exist in the initrd image.
/nix/store/xy4jjgw87sbgwylm5kn047d9gkbhsr9x-bash-5.2p37/bin/**bash**
exists since it gets pulled in by some package, but the rest of the
directory is not being pulled in.
boot/systemd/initrd.nix mentions that xfs_progs references the sh
interpreter and seems to explicitly try to address this by adding
${pkgs.bash}/bin to storePaths, but that's the wrong bash package.
Update the `storePaths` value to pull in `pkgs.bashNonInteractive`
rather than `pkgs.bash`.
(cherry picked from commit 3332613add)
This fixes postfix' membership in the postfix-tlspol group, since
memberships in a dynamically allocated group don't seem to work out.
Additionally this fixes a typo in the systemd hardening and the test now
prints the results of systemd-analyze security.
(cherry picked from commit df0eb78b31)
Fixes the group membership for postfix processes in the postfix-tlspol
group.
Makes the postfix.service start up after postfix-tlspol.service, because
it depends on it for the TLS policy lookups.
(cherry picked from commit 64e7fad038)
Kernel 6.16-rc1 removed the poly1305 algorithm in
ceef731b0e22df80a13d67773ae9afd55a971f9e
bcachefs switched to the kernel libraries for poly1305 and chacha20 in
6.15 in 4bf4b5046de0ef7f9dc50f3a9ef8a6dcda178a6d
(cherry picked from commit f9bd91aa07)
Upstream changes were checked by checking out the stable31 branch of the
https://github.com/nextcloud/documentation and comparing:
git diff c1c9b0a072537544769fdd6062989a631d4fb17c admin_manual/installation/nginx-root.conf.sample
Notably, this adds the text/javascript and application/wasm mime types to the list of
gzip'ed mime types, which improves nextcloud loading in our testing.
Also adds webp support.
(cherry picked from commit 0c7a8d5255)
`user-.slice` does not seem to exist, and the config we generate for it is
rejected by systemd (see `systemctl status user-.slice`).
I suppose that what was really intended here, was to configure
`user.slice`, which is the one that is documented in `man systemd.special`.
Reported-by: Ian Sollars <Ian.Sollars@brussels.msf.org>
(cherry picked from commit c28b3143da)
Upstream, intentionally or not, no longer appends the EFI image
with a .pad section for us to hook the rest of the UKI to. This
simply dehardcodes .pad from the awk script, instead using the
very last section in the binary. (Currently .reloc)
Co-authored-by: Yaroslav Bolyukin <iam@lach.pw>
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
`config.services.postgresql.package` is now only available when the
PostgreSQL module is actually enabled. If we're not using the local
database, we'll need to fallback to the latest postgresql version, since
we don't know about the remote version.
(cherry picked from commit 62d2b6d593)
