This change is to support LEGO's capability to spawn an external process that
solves the DNS-01 challenge. In particular, this enables a setup where LEGO
runs a shell script that uses nsd-control to add an appropriate zone to a
local NSD instance.
(cherry picked from commit d9bf91700e)
Clean up the leftover of commit 58bfe74123 ("buildPython*:
Deprecate and remove (buildPython* { ... }).override")
(cherry picked from commit b4e9f423f4)
See https://github.com/systemd/systemd/issues/33414.
The way this was phrased sounded like a dumb search/replace operation to
me. This resulted in random parts of my routing being broken (forward
from if X -> Y being fine, but the opposite direction being broken).
This change makes it explicit that it's a little more complicated and
you should really consult the docs before making that change.
(cherry picked from commit 06f50f4adf)
Without this, boot could proceed to the initrd cleanup step before the
closure was found, killing the service and breaking boot.
(cherry picked from commit af8279fe38)
E.g. when overriding `nix` with `pkgs.lix`, `nixos-option` will fail.
Given that I haven't used it in a very long time, I wanted to disable
it, but finding an option to turn off `nixos-option` is kinda hard given
that the options are generated here using `mkToolModule`.
I assumed that this isn't possible until I learned that
`system.tools.X.enable` exists. To me, this is a clear sign that these
shouldn't be internal.
(cherry picked from commit 859c76c505)
zigbee2mqtt supports having non-device ports (e.g. `tcp://`); those
should not be set in DeviceAllow. No URI will start with `/`, so use
that as the filter that it is a “real” device that needs to be allowed.
(cherry picked from commit 577e162073)
PostgreSQL with JIT support enabled doesn't work with plv8. Hence, we'd
get an evaluation failure for each
`nixosTests.postgresql.postgresql.postgresql_jit_X`.
This should be restructured in the future (less VM tests for custom
extensions, but a single VM test for this case to cover). For now, we
should get this fix out and this is a good-enough approach.
(cherry picked from commit 68d9643388)
The plv8 plugin requires access to pkey syscalls. The execution will
crash hard when it is not allowed by the syscall filter.
Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
(cherry picked from commit e198536d26)
By matching on the package names of the plugins passed into the package
we can relax the systemd unit hardening as needed.
(cherry picked from commit d370af0785)
The original work did not use the new nixfmt style.
Signed-off-by: Rahul Rameshbabu <sergeantsagara@protonmail.com>
(cherry picked from commit b6bac07973)
