Now it's possible to start multiple mailpit instances - for e.g.
multiple testing environments - on the same machine:
{
services.mailpit.instances = {
dev = { /* ... */ };
staging = { /* ... */ };
};
}
The simplest way to start a single instance is by declaring
services.mailpit.instances.default = {};
Since the systemd boot counting PR was merged, dashes in specialisation
names cause issues when installing the boot loader entries, since dashes
are also used as separator for the different components of the file name
of the boot loader entries on disk.
The assertion avoids this footgun which is pretty annoying to recover
from.
Because ARM hardware is starting to have serious issues with completing everything, due to
- A seemingly harmless Lomiri crash & restart early on eating up some time (adding more RAM seemed to have helped with that?), and
- Every OCR usually taking multiple minutes to complete
So start splitting them up into parts
- greeter, for testing just the greeter
- desktop, for general app stuff
- desktop-ayatana-indicators, for checking indicators (OCR-heavy & especially slow)
Currently passing on my hardware, but might need to be split up more in the future.
PgBouncer instance running on localhost may not be the on being
monitored in connectionString. Remove checks that forbid valid
configuration from being used and instead document requirements for
PgBouncer configuration when used with the exporter.
This change adds services.pgbouncer.settings option as per [RFC 0042]
and deprecates other options that were previously used to generate
configuration file.
In addition to that, we also place the configuration file under
environment.etc to allow reloading configuration without service
restart.
[RFC 0042]: https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
I'm not using seriously Pixelfed those days, this software is
non-trivial and the NixOS module seems to have some sharp edges.
Change-Id: Ie93df9dcb00d0a58bd5e4165e377979c489af0b0
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
By default the use of alias generates warning:
$ nix build --no-link -f. nixosTests.bittorrent
evaluation warning: transmission has been renamed to transmission_3 since transmission_4 is also available. Note that upgrade caused data loss for some users so backup is recommended (see NixOS 24.11 release notes for details)
When alaises are disabled that causes the eval failure:
error: attribute 'transmission' missing
at /home/slyfox/dev/git/nixpkgs/nixos/tests/bittorrent.nix:24:36:
23| transmissionConfig = { ... }: {
24| environment.systemPackages = [ pkgs.transmission ];
| ^
25| services.transmission = {
Did you mean one of transmission_3 or transmission_4?
This is a breaking change, requiring users of `featureGates` to change
from a `listOf str` to `attrsOf bool`.
Before:
```nix
featureGates = [ "EphemeralContainers" ];
extraOpts = pkgs.lib.concatStringsSep " " (
[
"--container-runtime=remote"
''--feature-gates="CSIMigration=false"''
});
```
After:
```nix
featureGates = {EphemeralContainers = true; CSIMigration=false;};
```
This is much nicer, and sets us up for later work of migrating to
configuration files for other services, like e.g. has been happening
with kubelet (see: #290119).
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
This adds migration instructions for the removed global shared instance
configuration of fcgiwrap.
Adding those explicit messages to the previous options requires moving
the newly defined options from `services.fcgiwrap.*` to
`services.fcgiwrap.instances.*` due to an option namespace clash.
`mkRenamedOptionModule` was not used because the previous options do
not directly map to the new ones. In particular, `user` and `group`
were described as setting the socket's permission, but were actually
setting the process' running user.
Co-authored-by: Minijackson <minijackson@riseup.net>
The k3s update script filters the assets of a
corresponding release for airgap images archives
and provides these as passthru attributes of the
k3s derivation. We use zstd archives, as these
offer the best compression ratios and decompression
speed. Furthermore, the `airgapImages` passthru
provides the images archive that matches the host
platform architecture, however, this only works
for aarch64 and x86_64. In addition, a txt file
listing all container images of a release is made
available via a passthru attribute. The airgap
images archives can be combined nicely with the
`services.k3s.images` option, e.g. to pre-provision
k3s nodes for environments without Internet
connectivity.
It has started to take 10 minutes to get a match, and we open the starter more than once.
Let's just drop this check, ydotool helps alot with getting it open more reliably.
The docker-tools test, where this originates, was not run on aarch64-linux, but this is an artifact of its age more so than anything else.
Co-authored-by: Ivan Trubach <mr.trubach@icloud.com>
Adds a module for rathole package. The package itself
and this module is very similar to frp, so the options
and tests are not very far off from those for frp.
This is a full rewrite independent of the previously removed cryptpad
module, managing cryptpad's config in RFC0042 along with a shiny test.
Upstream cryptpad provides two nginx configs, with many optimizations
and complex settings; this uses the easier variant for now but
improvements (e.g. serving blocks and js files directly through nginx)
should be possible with a bit of work and care about http headers.
the /checkup page of cryptpad passes all tests except HSTS, we don't
seem to have any nginx config with HSTS enabled in nixpkgs so leave this
as is for now.
Co-authored-by: Pol Dellaiera <pol.dellaiera@protonmail.com>
Co-authored-by: Michael Smith <shmitty@protonmail.com>
On Linux we cannot feasbibly generate users statically because we need
to take care to not change or re-use UIDs over the lifetime of a machine
(i.e. over multiple generations). This means we need the context of the
running machine.
Thus, stop creating users statically and instead generate them at
runtime irrespective of mutableUsers.
When /etc is immutable, the password files (e.g. /etc/passwd etc.) are
created in a separate directory (/var/lib/nixos/etc). /etc will be
pre-populated with symlinks to this separate directory.
Immutable users are now implemented by bind-mounting the password files
read-only onto themselves and only briefly re-mounting them writable to
re-execute sysusers. The biggest limitation of this design is that you
now need to manually unmount this bind mount to change passwords because
sysusers cannot change passwords for you. This shouldn't be too much of
an issue because system users should only rarely need to change their
passwords.
