Previously you needed to set an devRootTokenID when dev=true despite the option being optional
Caused by wrong default value and not allowing null as value
https://github.com/kanidm/kanidm/releases/tag/v1.2.0
Added updatescript, and removed Cargo.lock as no more git deps.
New release process documented here:
a67d1f5160/book/src/support.md
Re-ordered test and removed anonymous login as logout no longer works:
[info]: Ignoring request to logout session - these sessions are not recorded
Notes:
- barf went into contrib/ and officially unsupported.
- verify was removed entirely.
- the makefile is a bit smarter now and doesn't require many
of the previous workarounds.
This reverts commit e827697fd3.
This seems to cause various issues during system activation, as reported
in https://github.com/NixOS/nixpkgs/issues/302771 for example.
Due to being close to branchoff, revert this for now.
We'll open a tracking issue to collect and sort out remaining issues.
The idea behind that is to enable users and developers of
downstream tools such as home-manager to test Nix master for several
reasons:
* Nix is currently trying to have a `master` branch that's always
releasable[1]. We're still on Nix 2.18 in nixpkgs due to too many
notable regressions. Enabling people to test latest master may help on
that end.
* This uses the most bleeding-edge Nix, but our packaging, so we can
identify issues with our packaging early.
* From what I've seen, most people are using the packages from nixpkgs
anyways instead of the upstream flake, this is far more convenient
anyways.
My plan is to update this once a week. Right now we rely on the
`installCheckPhase` here, but as soon as we have proper regression
testing[2], we may want to add `nixUnstable` there as well (however with
failures being allowed probably).
[1] https://discourse.nixos.org/t/nix-release-schedule-and-roadmap/14204
[2] https://github.com/NixOS/nixpkgs/pull/304332
Since https://github.com/redis/redis/pull/4001 included in 6.2.0
transparent hugepages works when being set to madvise which is the NixOS
and upstream recommended default.
> WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition.
> Being disabled, it can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328.
> To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
This avoids having to use workarounds like the following to retain the
default settings which podman requires to run.
virtualisation.containers.storage.settings = lib.recursiveUpdate options.virtualisation.containers.storage.settings.default {
storage.options.mount_program = lib.getExe pkgs.fuse-overlayfs;
};
Currently there is an issue with $PATH & parallel causing build errors.
It’s probably best to just remove the dependency where bash forking is
good enough here.
I found this while perusing the manual thinking about whether or not to install NixOS on my new laptop. It threw me for a loop for a second but as best I can tell this meant to be ".org" like the rest of the example, and not ".com"
I am deeply saddened at the fact that I need to do this. I have no
interest in re-litigating everything that has happened over the past
weeks and months, but I want to make my position(s) extremely clear:
The thought of any of my work contributing to someone's death by drone
makes me feel physically ill.
Recent communications from senior members of the NixOS community have
made it clear that leadership is unaware or uninterested in the basics
of how to run and moderate a community in a way that is resilient to bad
actors. The recent post by @edolstra is tone-deaf and gives me no
confidence that the Nix/NixOS community is a place that I want to remain
involved in going forward. I am thus choosing to remove myself from such
a community.
I also hereby resign from the ACME team.
See also: #307033
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Before the startup, the matrix-appservice-irc service sets up the
registration file such that it can be used by matrix-synapse. Part of
that setup requires us to change the group of said file so that the home
server can read it. Consequently, we need CAP_CHOWN and require that the
@chown system calls are allowed.
While we supposedly set up both of these, the setup of system calls is
broken as we have both an allow and a deny list of syscalls. But while
the allow list contains "@chown", the deny list contains "@privileged"
which contains "@chown" itself. So ultimately, we end up denying
"@chown".
Fix this issue by specifying "@chown" after the deny list.
I manually audited all `RunCommand` and `exec.LookPath` calls in the incus repo, combined with the following information
/run/wrappers/bin
lxc usable-cub 20240427123718.368 WARN idmap_utils - ../src/lxc/idmap_utils.c:lxc_map_ids:165 - newuidmap binary is missing
iw
lxc 20240427123830.358 ERROR network - ../src/lxc/network.c:lxc_netdev_move_wlan:1679 - Couldn't find the application iw in PATH
minio-client
https://github.com/lxc/incus/pull/777
ceph-client
Added, but could be missing bits to actually work
May need full ceph package for `radosgw-admin` for object storage?
Currently the installWrapper warning is issued if sudo (and sudo-rs)
aren't installed. This is fine, except we get the warning even if we
explicitly turn off installWrapper -- say, for this very reason!
Rather than warning on every build until either sudo is installed or
Akkoma is uninstalled, only warn if cfg.installWrapper is true.
Yall won't miss me. The packages I leave orphaned are trivially updated as dependents need the new versions.
But passively endorsing the direction this organization and its leadership is something I can't do.
To those who still have faith in turning this around, you da real MVP 🖖
* Minor tweaks to note text
* Elide "The" before attribute names at start of notes
* Turn version numbers into code blocks
* Turn branding into attribute names
* Add TODOs
* Turn code-block version numbers into plain text
... following discussion on Matrix.
---------
Co-authored-by: Weijia Wang <9713184+wegank@users.noreply.github.com>
Previously evaluaton would fail if `smtp.to` was not set, since the
default case was not handled.
With the current versions of the python elasticsearch libraries, any
configuration containing the modules default would fail since it's not a
valid URL.
The issue adressed in #279068 is also adressed, thuse closes#279068.
