A git command was failing in the test with
error: unable to get random bytes for temporary file: Operation not permitted
error: unable to create temporary file: Operation not permitted
error: .Radicale.lock: failed to insert into database
error: unable to index file '.Radicale.lock'
verbose is a debugging setting one step noisier than debug and should only be turned on when debugging because it leaks quite some credentials and tokens in the journalctl.
we expose it under settings instead of at the listener toplevel because
mosquitto seems to pick the addresses it will listen on
nondeterministically from the set of addresses configured on the
interface being bound to. encouraging its use by putting it into the
toplevel options for a listener seems inadvisable.
Introduced in OpenSSH 9.0 it became the part of the default kexAlgorithm
selection, visibile in sshd_config(5).
It is also enabled by default in the OpenSSH client, as can be seen from
$ ssh -Q KexAlgorithms
Also clarifies that we use the referenced documents as the lower bound,
given that they haven't been updated for 5-7y.
Tailscale uses policy routing to enable certain traffic to bypass
routes that lead into the Tailscale mesh. NixOS's reverse path
filtering setup doesn't understand the policy routing at play,
and so incorrectly interprets some of this traffic as spoofed.
Since this only breaks some features of Tailscale, merely warn
users about it, rather than make it a hard error.
Updates tailscale/tailscale#4432
Signed-off-by: David Anderson <dave@natulte.net>
For some features, tailscaled uses getent(1) to get the shell
of OS users. getent(1) is in the glibc derivation. Without this
derivation in the path, tailscale falls back to /bin/sh for all
users.
Signed-off-by: David Anderson <dave@natulte.net>
In a previous PR [1], the conditional to generate a new host key file
was changed to also include the case when the file exists, but has zero
size. This could occur when the system is uncleanly powered off shortly
after first boot.
However, ssh-keygen prompts the user before overwriting a file. For
example:
$ touch hi
$ ssh-keygen -f hi
Generating public/private rsa key pair.
hi already exists.
Overwrite (y/n)?
So, lets just try to remove the empty file (if it exists) before running
ssh-keygen.
[1] https://github.com/NixOS/nixpkgs/pull/141258
Without this, if the network goes down for a while, systemd will give up after 5 restarts:
Scheduled restart job, restart counter is at 5.
Stopped Nebula VPN service for myvpn.
nebula@myvpn.service: Start request repeated too quickly.
Failed with result 'exit-code'.
Failed to start Nebula VPN service for myvpn.
Most network services need this, but for VPNs it's extra important.
