commit c1536f5c78ead2fdcb0ec11824d673638fa6a5f4 · pyrox.dev/nixpkgs

+71

nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

···

       562
       562
        
                 be removed in 22.05.

     

       563
       563
        
               </para>

     

       564
       564
        
             </listitem>

     

       565
       565
       +
             <listitem>

     

       566
       566
       +
               <para>

     

       567
       567
       +
                 The order of NSS (host) modules has been brought in line with

     

       568
       568
       +
                 upstream recommendations:

     

       569
       569
       +
               </para>

     

       570
       570
       +
               <itemizedlist spacing="compact">

     

       571
       571
       +
                 <listitem>

     

       572
       572
       +
                   <para>

     

       573
       573
       +
                     The <literal>myhostname</literal> module is placed before

     

       574
       574
       +
                     the <literal>resolve</literal> (optional) and

     

       575
       575
       +
                     <literal>dns</literal> entries, but after

     

       576
       576
       +
                     <literal>file</literal> (to allow overriding via

     

       577
       577
       +
                     <literal>/etc/hosts</literal> /

     

       578
       578
       +
                     <literal>networking.extraHosts</literal>, and prevent ISPs

     

       579
       579
       +
                     with catchall-DNS resolvers from hijacking

     

       580
       580
       +
                     <literal>.localhost</literal> domains)

     

       581
       581
       +
                   </para>

     

       582
       582
       +
                 </listitem>

     

       583
       583
       +
                 <listitem>

     

       584
       584
       +
                   <para>

     

       585
       585
       +
                     The <literal>mymachines</literal> module, which provides

     

       586
       586
       +
                     hostname resolution for local containers (registered with

     

       587
       587
       +
                     <literal>systemd-machined</literal>) is placed to the

     

       588
       588
       +
                     front, to make sure its mappings are preferred over other

     

       589
       589
       +
                     resolvers.

     

       590
       590
       +
                   </para>

     

       591
       591
       +
                 </listitem>

     

       592
       592
       +
                 <listitem>

     

       593
       593
       +
                   <para>

     

       594
       594
       +
                     If systemd-networkd is enabled, the

     

       595
       595
       +
                     <literal>resolve</literal> module is placed before

     

       596
       596
       +
                     <literal>files</literal> and

     

       597
       597
       +
                     <literal>myhostname</literal>, as it provides the same

     

       598
       598
       +
                     logic internally, with caching.

     

       599
       599
       +
                   </para>

     

       600
       600
       +
                 </listitem>

     

       601
       601
       +
                 <listitem>

     

       602
       602
       +
                   <para>

     

       603
       603
       +
                     The <literal>mdns(_minimal)</literal> module has been

     

       604
       604
       +
                     updated to the new priorities.

     

       605
       605
       +
                   </para>

     

       606
       606
       +
                 </listitem>

     

       607
       607
       +
               </itemizedlist>

     

       608
       608
       +
               <para>

     

       609
       609
       +
                 If you use your own NSS host modules, make sure to update your

     

       610
       610
       +
                 priorities according to these rules:

     

       611
       611
       +
               </para>

     

       612
       612
       +
               <itemizedlist spacing="compact">

     

       613
       613
       +
                 <listitem>

     

       614
       614
       +
                   <para>

     

       615
       615
       +
                     NSS modules which should be queried before

     

       616
       616
       +
                     <literal>resolved</literal> DNS resolution should use

     

       617
       617
       +
                     mkBefore.

     

       618
       618
       +
                   </para>

     

       619
       619
       +
                 </listitem>

     

       620
       620
       +
                 <listitem>

     

       621
       621
       +
                   <para>

     

       622
       622
       +
                     NSS modules which should be queried after

     

       623
       623
       +
                     <literal>resolved</literal>, <literal>files</literal> and

     

       624
       624
       +
                     <literal>myhostname</literal>, but before

     

       625
       625
       +
                     <literal>dns</literal> should use the default priority

     

       626
       626
       +
                   </para>

     

       627
       627
       +
                 </listitem>

     

       628
       628
       +
                 <listitem>

     

       629
       629
       +
                   <para>

     

       630
       630
       +
                     NSS modules which should come after <literal>dns</literal>

     

       631
       631
       +
                     should use mkAfter.

     

       632
       632
       +
                   </para>

     

       633
       633
       +
                 </listitem>

     

       634
       634
       +
               </itemizedlist>

     

       635
       635
       +
             </listitem>

     

       565
       636
        
           </itemizedlist>

     

       566
       637
        
         </section>

     

       567
       638
        
       </section>

+24

nixos/doc/manual/release-notes/rl-2111.section.md

···

       139
       139
        
       - The wordpress module provides a new interface which allows to use different webservers with the new option [`services.wordpress.webserver`](options.html#opt-services.wordpress.webserver).  Currently `httpd` and `nginx` are supported. The definitions of wordpress sites should now be set in [`services.wordpress.sites`](options.html#opt-services.wordpress.sites).

     

       140
       140
        
       

     

       141
       141
        
         Sites definitions that use the old interface are automatically migrated in the new option. This backward compatibility will be removed in 22.05.

     

       142
       142
       +
       

     

       143
       143
       +
       - The order of NSS (host) modules has been brought in line with upstream

     

       144
       144
       +
         recommendations:

     

       145
       145
       +
       

     

       146
       146
       +
         - The `myhostname` module is placed before the `resolve` (optional) and `dns`

     

       147
       147
       +
           entries, but after `file` (to allow overriding via `/etc/hosts` /

     

       148
       148
       +
           `networking.extraHosts`, and prevent ISPs with catchall-DNS resolvers from

     

       149
       149
       +
           hijacking `.localhost` domains)

     

       150
       150
       +
         - The `mymachines` module, which provides hostname resolution for local

     

       151
       151
       +
           containers (registered with `systemd-machined`) is placed to the front, to

     

       152
       152
       +
           make sure its mappings are preferred over other resolvers.

     

       153
       153
       +
         - If systemd-networkd is enabled, the `resolve` module is placed before

     

       154
       154
       +
           `files` and `myhostname`, as it provides the same logic internally, with

     

       155
       155
       +
           caching.

     

       156
       156
       +
         - The `mdns(_minimal)` module has been updated to the new priorities.

     

       157
       157
       +
       

     

       158
       158
       +
         If you use your own NSS host modules, make sure to update your priorities

     

       159
       159
       +
         according to these rules:

     

       160
       160
       +
       

     

       161
       161
       +
         - NSS modules which should be queried before `resolved` DNS resolution should

     

       162
       162
       +
           use mkBefore.

     

       163
       163
       +
         - NSS modules which should be queried after `resolved`, `files` and

     

       164
       164
       +
           `myhostname`, but before `dns` should use the default priority

     

       165
       165
       +
         - NSS modules which should come after `dns` should use mkAfter.

+2 -2

nixos/modules/config/nsswitch.nix

···

       124
       124
        
             group = mkBefore [ "files" ];

     

       125
       125
        
             shadow = mkBefore [ "files" ];

     

       126
       126
        
             hosts = mkMerge [

     

       127
       127
       -
               (mkBefore [ "files" ])

     

       128
       128
       -
               (mkAfter [ "dns" ])

     

       127
       127
       +
               (mkOrder 998 [ "files" ])

     

       128
       128
       +
               (mkOrder 1499 [ "dns" ])

     

       129
       129
        
             ];

     

       130
       130
        
             services = mkBefore [ "files" ];

     

       131
       131
        
           };

+2 -2

nixos/modules/services/networking/avahi-daemon.nix

···

       240
       240
        
       

     

       241
       241
        
           system.nssModules = optional cfg.nssmdns pkgs.nssmdns;

     

       242
       242
        
           system.nssDatabases.hosts = optionals cfg.nssmdns (mkMerge [

     

       243
       243
       -
             (mkOrder 900 [ "mdns_minimal [NOTFOUND=return]" ]) # must be before resolve

     

       244
       244
       -
             (mkOrder 1501 [ "mdns" ]) # 1501 to ensure it's after dns

     

       243
       243
       +
             (mkBefore [ "mdns_minimal [NOTFOUND=return]" ]) # before resolve

     

       244
       244
       +
             (mkAfter [ "mdns" ]) # after dns

     

       245
       245
        
           ]);

     

       246
       246
        
       

     

       247
       247
        
           environment.systemPackages = [ pkgs.avahi ];

+2 -1

nixos/modules/system/boot/resolved.nix

···

       140
       140
        
       

     

       141
       141
        
           # add resolve to nss hosts database if enabled and nscd enabled

     

       142
       142
        
           # system.nssModules is configured in nixos/modules/system/boot/systemd.nix

     

       143
       143
       -
           system.nssDatabases.hosts = optional config.services.nscd.enable "resolve [!UNAVAIL=return]";

     

       143
       143
       +
           # added with order 501 to allow modules to go before with mkBefore

     

       144
       144
       +
           system.nssDatabases.hosts = (mkOrder 501 ["resolve [!UNAVAIL=return]"]);

     

       144
       145
        
       

     

       145
       146
        
           systemd.additionalUpstreamSystemUnits = [

     

       146
       147
        
             "systemd-resolved.service"

+2 -3

nixos/modules/system/boot/systemd.nix

···

       925
       925
        
           system.nssModules = [ systemd.out ];

     

       926
       926
        
           system.nssDatabases = {

     

       927
       927
        
             hosts = (mkMerge [

     

       928
       928
       -
               [ "mymachines" ]

     

       929
       929
       -
               (mkOrder 1600 [ "myhostname" ] # 1600 to ensure it's always the last

     

       930
       930
       -
             )

     

       928
       928
       +
               (mkOrder 400 ["mymachines"]) # 400 to ensure it comes before resolve (which is mkBefore'd)

     

       929
       929
       +
               (mkOrder 999 ["myhostname"]) # after files (which is 998), but before regular nss modules

     

       931
       930
        
             ]);

     

       932
       931
        
             passwd = (mkMerge [

     

       933
       932
        
               (mkAfter [ "systemd" ])