This reverts commit 263297b4e5 while also
explaining in the docs where exactly LANGUAGE is ignored, and why.
Fixes#409306.
(cherry picked from commit 82dfbe95f5)
This ensures the NixOS notes only refer to things like modules and
NixOS-specific improvements, while the Nixpkgs notes refer to all
package changes
(cherry picked from commit 39a20c95fe)
This keeps us in-line with all previous releases. Users should be able
to still differentiate the NixOS and Nixpkgs release notes based on the
header of Nixpkgs' notes
(cherry picked from commit 7edb76465e)
Since there are now variants of tpm2-pkcs11 with and without ABRMD
support (for the kernel resource manager), ensure we pick the correct
default.
Fixes an accidental backwards incompatibility with the module.
(cherry picked from commit 9c1564e395)
`gitlab` >= 18.0 requires at least `postgresql` >= 16. GitLab users
are advised to follow the mentioned steps in the manual to upgrade their
PostgreSQL installation.
(cherry picked from commit c46cc8a67a)
This patch resolves an issue where systemd-udevd outputs events like:
/nix/store/jm9paymkapbi6pzwbjgmi634vaf2y5va-udev-rules/49-brother-mfp-brscan5-1.0.2-2.rules:17 Invalid key 'SYSFS'.
(cherry picked from commit ff62fe4136)
Without this, the greeter is unable to see `orca` program on `PATH`
and so `${gdm}/share/gdm/greeter/autostart/orca-autostart.desktop`
will fail to start it. As a result, screen reader would not work
on the login screen.
(cherry picked from commit 9af27f1cb5)
Containers did not have *systemd-journald-audit.socket* in *additionalUpstreamSystemUnits*, which meant that the unit was not provided.
However the *wantedBy* was added without any additional check, therefore creating an empty unit with just the *WantedBy* on *boot.isContainer* machines.
This caused `systemd-analyze verify` to fail:
```text
systemd-journald-audit.socket: Unit has no Listen setting (ListenStream=, ListenDatagram=, ListenFIFO=, ...). Refusing.
systemd-journald-audit.socket: Cannot add dependency job, ignoring: Unit systemd-journald-audit.socket has a bad unit file setting.
systemd-journald-audit.socket: Cannot add dependency job, ignoring: Unit systemd-journald-audit.socket has a bad unit file setting.
```
The upstream unit already contains the following, which should make it safe to include regardless:
```ini
[Unit]
ConditionSecurity=audit
ConditionCapability=CAP_AUDIT_READ
```
For reference, this popped up in the context of #[360426](https://redirect.github.com/NixOS/nixpkgs/issues/360426) as well as #[407696](https://redirect.github.com/NixOS/nixpkgs/pull/407696).
Co-authored-by: Bruce Toll <4109762+tollb@users.noreply.github.com>
Signed-off-by: benaryorg <binary@benary.org>
(cherry picked from commit e434130d0b)
Fix regression from https://github.com/NixOS/nixpkgs/pull/379629.
The systemd-journal test has been failing on hydra since 2025-02-10.
See, for instance: https://hydra.nixos.org/build/290855155.
This commit enables auditing, as expected by the tests. It also
addresses an issue where audit messages were getting dropped due to
rate limits.
(cherry picked from commit 22d51e08cf)
Partially revert #179194 which first filtered
`extraLocaleSettings.LANGUAGE`. Indeed this environment variable is
given precedence according to:
https://www.gnu.org/software/gettext/manual/html_node/Locale-Environment-Variables.html
So using it will simply make all other `extraLocaleSettings` be ignored
in practice, but the OS shouldn't ignore it when aggregating the locales
required in general, as this setup should still be legitimate, and it
may even be useful if you wish to set it by default and use `env -u
LANGUAGE` for some programs.
(cherry picked from commit 263297b4e5)
Disk usage of the image has risen considerably since last release. We
still need to investigate the cause in detail. Increasing it for now
prevents build failures at least.
(cherry picked from commit 813d0ba1fb)
By default, `system.nixos.label` includes `system.nixos.tags` which
historically was not set for the amazon image.
Keeping the tag in the label of the generated disk image inside the
derivation (i.e. `image.filePath`) makes it easier to tell that the
file is for amazon (i.e.
`nixos-image-amazon-25.11pre-git-x86_64-linux.vpc`) while the "label"
in `image-info.json` for users of the AWS api stays stable (i.e.
`/25.05pre-git-x86_64-linux`).
`
(cherry picked from commit 8ccd7e5d9a)
