This fixes "frequency file /var/lib/ntp/ntp.drift.TEMP: Permission denied".
Creating a directory via StateDirectory makes that directory /var/lib/ntp owned by root:root.
However, when running ntpd we change to user ntp (see ntpFlags), so the process cannot
actually use that directory.
Actually creating a home directory for the user at that location solves that problem.
(cherry picked from commit 31942f20f4)
It was kinda weird to assert that the clear-text password was
in the unit when the hashed password was the effective one.
This change makes it explicit that both are in there and the latter
takes precedence.
(cherry picked from commit da2c826e1a)
This commit adds two new tests to show that the ordering of password
overrides documentation in nixos/modules/config/user-groups.nix is
correct. The override behavior differs depending on whether a system
has systemd-sysusers enabled, so there are two tests.
(cherry picked from commit b84fb1e5cd)
Testing showed that the existing documentation regarding password override
ordering was incorrect. This commit corrects the errors and refactors
the way the text is constructed to make updating future ordering
changes significantly easier.
(cherry picked from commit 52ce5caf36)
nm-file-secret agent is a small agent that can supply secrets of
connection profiles to NetworkManager by reading the contents of
preconfigured files.
These files could be supplied e.g. by nixos-sops or any other mechanism.
(cherry picked from commit 24e0db1ba9)
This module potentially generates `/etc/nix/machines`. Correct an
existing comment to refer to that path rather than `/etc/machines`.
(cherry picked from commit 3275a6b361)
This matches how `environment.gnome.excludePackages` works elsewhere,
and prevents evaluation from failing when an excluded package is not
available (e.g. by having a blocklisted license).
(cherry picked from commit 8e1ad9ba92)
Disabling this option is required to obtain a DHCPv4 lease from
some old/misconfigured DHCP servers. This was already exposed for
DHCPv6.
(cherry picked from commit 6c324710e3)
First, `stop network-addresses-X` should clean up the addresses without deleting the interfaces. And only `stop tap0-netdev` should fully delete the interfaces.
Signed-off-by: Egor Savkin <es@m-labs.hk>
(cherry picked from commit 8bda6ea01c)
This changes the following chain after `nixos-rebuild switch` with modified tunnel interfaces:
stop network-setup -> stop TUN-netdev -> stop network-addresses-TUN -> start network-addresses-TUN (fails since it depends on TUN-netdev which is off).
Chain after this change:
stop TUN-netdev -> stop network-setup -> stop network-addresses-TUN -> start TUN-netdev -> start network-addresses-TUN -> start network-setup
Signed-off-by: Egor Savkin <es@m-labs.hk>
(cherry picked from commit 9354d385e2)
