From 4477421b05b9e3e1d801c8bb08bd6d5db9ee49ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 10 Aug 2021 16:26:18 +0200 Subject: [PATCH 1/2] changelog: re-add by accident deleted sections --- .../from_md/release-notes/rl-2111.section.xml | 35 +++++++++++++++++++ .../manual/release-notes/rl-2111.section.md | 6 ++++ 2 files changed, 41 insertions(+) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 535c63dfd3f5..5d2a7189a2d2 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -661,6 +661,32 @@ to use wildcards in the source argument. + + + The openrazer and + openrazer-daemon packages as well as the + hardware.openrazer module now require users + to be members of the openrazer group + instead of plugdev. With this change, users + no longer need be granted the entire set of + plugdev group permissions, which can + include permissions other than those required by + openrazer. This is desirable from a + security point of view. The setting + harware.openrazer.users + can be used to add users to the openrazer + group. + + + + + The yambar package has been split into + yambar and + yambar-wayland, corresponding to the xorg + and wayland backend respectively. Please switch to + yambar-wayland if you are on wayland. + +
@@ -830,6 +856,15 @@ version of zfs. + + + Nginx will use the value of + sslTrustedCertificate if provided for a + virtual host, even if enableACME is set. + This is useful for providers not using the same certificate to + sign OCSP responses and server certificates. + +
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index b03f2931becf..99bc47e4a12e 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -169,6 +169,10 @@ pt-services.clipcat.enable). - `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument. +- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group. + +- The `yambar` package has been split into `yambar` and `yambar-wayland`, corresponding to the xorg and wayland backend respectively. Please switch to `yambar-wayland` if you are on wayland. + ## Other Notable Changes {#sec-release-21.11-notable-changes} - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets. @@ -214,3 +218,5 @@ pt-services.clipcat.enable). - The [services.syncoid.enable](options.html#opt-services.syncoid.enable) module now properly drops ZFS permissions after usage. Before it delegated permissions to whole pools instead of datasets and didn't clean up after execution. You can manually look this up for your pools by running `zfs allow your-pool-name` and use `zfs unallow syncoid your-pool-name` to clean this up. - Zfs: `latestCompatibleLinuxPackages` is now exported on the zfs package. One can use `boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;` to always track the latest compatible kernel with a given version of zfs. + +- Nginx will use the value of `sslTrustedCertificate` if provided for a virtual host, even if `enableACME` is set. This is useful for providers not using the same certificate to sign OCSP responses and server certificates. From 7b6af9e542eda798072b1951ffce91c600bc73ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 10 Aug 2021 16:26:34 +0200 Subject: [PATCH 2/2] betterlockscreen: format --- .../screensavers/betterlockscreen/default.nix | 21 +++++++------------ 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/pkgs/misc/screensavers/betterlockscreen/default.nix b/pkgs/misc/screensavers/betterlockscreen/default.nix index 113c0f5d2e68..476b2ae872dd 100644 --- a/pkgs/misc/screensavers/betterlockscreen/default.nix +++ b/pkgs/misc/screensavers/betterlockscreen/default.nix @@ -3,7 +3,7 @@ , makeWrapper , stdenv -# Dependencies (@see https://github.com/pavanjadhaw/betterlockscreen/blob/master/shell.nix) + # Dependencies (@see https://github.com/pavanjadhaw/betterlockscreen/blob/master/shell.nix) , bc , coreutils , i3lock-color @@ -30,20 +30,15 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ makeWrapper ]; - installPhase = - let - PATH = - lib.makeBinPath - [ bc coreutils i3lock-color gawk gnugrep gnused imagemagick procps xdpyinfo xrandr xset ]; - in '' - runHook preInstall + installPhase = '' + runHook preInstall - mkdir -p $out/bin - cp betterlockscreen $out/bin/betterlockscreen - wrapProgram "$out/bin/betterlockscreen" --prefix PATH : "$out/bin:${PATH}" + mkdir -p $out/bin + cp betterlockscreen $out/bin/betterlockscreen + wrapProgram "$out/bin/betterlockscreen" --prefix PATH : "$out/bin:${lib.makeBinPath [ bc coreutils i3lock-color gawk gnugrep gnused imagemagick procps xdpyinfo xrandr xset ]}" - runHook preInstall - ''; + runHook preInstall + ''; meta = with lib; { description = "Fast and sweet looking lockscreen for linux systems with effects!";