Replace `services.timesyncd.extraConfig` with a freeform `services.timesyncd.settings.Time` submodule, rendered via `utils.systemdUtils.lib.settingsToSections`. `extraConfig` is removed via `mkRemovedOptionModule`.
`servers` and `fallbackServers` are kept as typed wrappers; they now bridge into `settings.Time.NTP` / `settings.Time.FallbackNTP` via `mkDefault` so users can still override them through `settings.Time`.
Adds `nixos/tests/systemd-timesyncd` to assert the rendered `timesyncd.conf` contents.
Now that ARMv5 no longer uses `uImage`, there’s no point in keeping
around support for this deprecated format that the rest of the NixOS
infrastructure doesn’t handle. Modern U‐Boot setups should not
be affected in any way by this.
Writing a multi-line /proc/<pid>/[ug]id_map only requires
CAP_SETUID/CAP_SETGID over the parent user namespace, not full root.
shadow's own --with-fcaps install mode (70971457b761) sets exactly
cap_setuid+ep / cap_setgid+ep, and Arch, Fedora and Debian have shipped
these binaries with file capabilities instead of setuid for years.
The setuid variant already drops to the same single capability before
the uid_map write (see lib/idmapping.c), so the privilege at the point
attacker-controlled data reaches the kernel is unchanged. The reduction
is in the startup window: with file capabilities the process never has
euid 0 and never holds the full capability set during NSS lookups,
/etc/subuid parsing and /proc/<pid> opening.
The only functional difference is that mapping host uid 0 into a child
namespace additionally needs CAP_SETFCAP, which the setuid path got
implicitly. NixOS never puts uid 0 into auto-allocated subuid ranges,
and granting it manually is a deliberate root-equivalent configuration;
the release notes document the override for that case.
nixosTests.{shadow,podman,docker-rootless} pass; the latter two
exercise newuidmap/newgidmap via rootless containers.
Supersedes #461172.
Co-authored-by: Rasheeq Azad <rasheeqhere@gmail.com>
Fixes odd bulletpoints and bare URLs that are prohibited by most
Markdown linters and specs.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Iae14dce3d158ac11c59d9117694ccde46a6a6964
Deprecated in 2020 because Xorg works better with kernel modesetting,
and the original 800x600 default is rarely the right choice anyway.
Users who still need a VESA fallback can inline
`boot.kernelParams = [ "vga=0x317" "nomodeset" ];`.
`mkRemovedOptionModule` makes the removal noisy: setting `boot.vesa`
will now fail evaluation with a pointer to the replacement.
