I no longer contribute to this test nor do I plan to do so in the
future.
My contributions moved to nixosTests.forgejo, after we (nixpkgs) decided
to split the gitea and forgejo nixpkgs modules.
While this can be added via `services.journald.extraConfig`, this option
provides proper type-checking and other modules can determine
where journal data is stored. This is relevant when using e.g. promtail
to send logs to Loki and it should read from `/run/log/journal` if
volatile storage is used.
Adds a postResumeCommands option to the initramfs to allow inserting
code to execute after the device has attempted to resume, and before
filesystems are mounted. This allows to inject code for operations like
wiping the rootfs on boot; if those were instead put in
postDeviceCommands, on a hibernated device, they would execute before
the device resumes from hibernation.
`environment.variables` gets sourced by shells & the x11 wrapper
through bash's `/etc/profile`, but not by systemd services, dbus
services, wayland sessions...
`environment.sessionVariables` sets these variables with PAM early in
the login process so it gets applied in all contexts.
I ran into a similar issue before in #109060.
upstream is in the process of renaming to `hickory-dns`.
a consequence of this is that the main binary has been renamed from
`trust-dns` to `hickory-dns` and the repository has been moved (though
for the time being the old repo is still usable on account that it
redirects to the new one).
see: <https://bluejekyll.github.io/blog/posts/announcing-hickory-dns/>
Modules built in to the kernel can attempt to load firmware before
init is started. To guarantee the firmware is accessible to them
where they expect, /lib has to exist in the initramfs — it can't be
created later by init, because by that point the module may already
have tried and given up.
The virtualisation.directBoot.initrd option was added for netboot
images, but the assertion to check directBoot enabled if it was used
caused an infinite recursion if it was. Minimal reproduction:
import nixos/tests/make-test-python.nix ({ pkgs, ... }: {
name = "";
nodes = {
machine = { config, ...}: {
imports = [ nixos/modules/installer/netboot/netboot-minimal.nix ];
virtualisation.directBoot = {
enable = true;
initrd = "${config.system.build.netbootRamdisk}/${config.system.boot.loader.initrdFile}";
};
};
};
testScript = "";
}) {}
The fix is to swap the two conditions, so that cfg.directBoot.enable
is checked first, and the initrd comparision will be short circuited.
This wasn't noticed during review because in earlier versions of the
virtualisation.directBoot patch, the assertion was accidentally in the
conditional above, so wasn't evaluated unless port forwarding was in
use.
Aliases exist for a reason. Sure it is nice to make sure that
some aliases aren't used within Nixpkgs, but this creates two problems
which are far worse than your failing to meet your neatness compulsions.
- Users encounter missing attributes, https://github.com/NixOS/nixpkgs/issues/264577
wasting their time, stalling their progress, and even occupying others
time that would be better spent on fixing *real* issues.
- Hydra doesn't treat evaluation errors seriously enough, with the
effect that actual relevant test failures are masked by evaluation
failures such as those caused by this no aliases business.
- We don't even have the infrastructure to get rid of aliases, because
all warnings in package attributes are disallowed by Nixpkgs CI
tooling, last I checked.
Before re-disabling this, make sure that
- An actually helpful deprecation process is in place.
- Aliases are still allowed when `nixos-lib.runTests` and
`pkgs.testers.runNixOSTest` are invoked by external projects.
For instance, `all-tests.nix` could provide such an
override (e.g. with `newScope`).
The PAM service `greetd` creates now autostarts GNOME Keyring when it is
enabled via `services.gnome.gnome-keyring.enable`.
Should cause a lot fewer headaches for people like me who didn't know
why GNOME Keyring was complaining that it was never supplied with login details.
Fixes#246197
In https://github.com/NixOS/nixpkgs/pull/254071, a mismatch between usage of
the Nix language and the NixOS module system was introduced. By merging the
kwin_wayland wrapper attrset into the mkIf representation, the former was
effectively ignored.
As a result, the capability wrapper for kwin_wayland stopped being installed,
leading to realtime scheduling being disabled. The issue was not detected
because the behavioral change is very subtle.
By consistently using language-level constructs, this mismatch is resolved.
The capability wrapper is thus installed again and realtime scheduling is
restored.
Based on #257780, separated since it introduces significant changes.
bpycv: update passthru.tests.render
blender-with-packages: deprecated
it is still backwards compatible, but no longer preferred.
When building kexec-based installer every mb saved will reduce the RAM usage and allow to install NixOS on smaller machines.
It also means that less data has to be downloaded from the network.
When using flakes or niv we no longer rely on nix channels beeing present
and when using something like nixos-anywhere, we no longer need to evaluate anything in the installer at all.
This is a fixup for c1ae82f448.
nix' `passAsFile` does not create empty files for variables that are
`null`.
This results in the following error for units that have no overrides or
content, but are, e.g. `wantedBy`:
`mv: cannot stat '': No such file or directory`.
Minimal reproducer:
`systemd.units.empty.wantedBy = [ "multi-user.target" ];`
This is often necessary when a unit is loaded in via `systemd.packages`.
[Motivation](NixOS#257817 (comment))
`extraLayouts` was missed in #259891, so moving it to the other xkb
options with this PR.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
https://learn.netdata.cloud/docs/logs/systemd-journal/
need acces to
Kernel Logs (dmesg):
Capability: CAP_SYSLOG
Description: This capability allows the program to read kernel logs using the dmesg command or by reading the /dev/kmsg file.
System Logs (e.g., /var/log/syslog):
Capability: CAP_DAC_READ_SEARCH
Description: This capability allows the program to read system logs located in directories such as /var/log/.
User Logs (e.g., /var/log/auth.log):
Capability: CAP_DAC_READ_SEARCH
Description: This capability allows the program to read user logs located in directories such as /var/log/.
Related to #262907 (Django3 removal from nixpkgs).
This package already required an unreasonable amount of maintenance
regularly for a such small leaf-package. It has a few highly outdated
dependencies (e.g. flask 1, jinja2 2.11, sqlalchemy 1.3).
After at least each Python package-set update one had to fix up a lot of
dependencies to fix the package itself, so it was only useful on stable
branches. And having so much outdated software in a security-sensitive
piece of software seems questionable.
Finally, globin and I won't be available for maintaining this now that
Mayflower is migrating to another solution (and we'll do that as well)
and I'd expect this to bitrot extremely quick if we both bail out.
