| Commit message (Collapse) | Author | Age |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When `services.resolved.enable` is set to true, the file /etc/resolv.conf becomes a symlink to /etc/static/resolv.conf, which is a symlink to /run/systemd/resolve/stub-resolv.conf. Without this commit, tor does not have access to this file thanks to systemd confinement. This results in the following warning when tor starts:
```
[warn] Unable to stat resolver configuration in '/etc/resolv.conf': No such file or directory
[warn] Could not read your DNS config from '/etc/resolv.conf' - please investigate your DNS configuration. This is possibly a problem. Meanwhile, falling back to local DNS at 127.0.0.1.
```
To fix this, simply allow read-only access to the file when resolved is in use.
According to https://github.com/NixOS/nixpkgs/pull/161818#discussion_r824820462, the symlink may also point to /run/systemd/resolve/resolv.conf, so allow that as well.
|
| |\ \
| |/
|/| |
|
| | | |
|
| |\ \
| | |
| | | |
Remove ancient unfree bitmap fonts from fonts.defaultXFonts
|
| | | | |
|
| | | |
| | |
| | |
| | | |
See https://github.com/NixOS/nixpkgs/issues/160740
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
bcachefs: unstable-2022-01-12 -> unstable-2022-03-09
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
plantuml-server 1.2021.12 -> 1.2022.2
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- changed JDK version to 17 (11+ required)
- added maven build reproducibility
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
nixos/mate: allow remove any added package
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Only extra packages removable currently, but it's possible to run MATE without packages like caja or yelp
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/switch-to-configuration: fix installBootLoader escaping
|
| | | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Use a quoted heredoc to inject installBootLoader safely into the script,
and restore the previous invocation of `system` with a single argument so
that shell commands keep working.
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
prometheus-dmarc-exporter: init at 0.5.1
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
nixos/pantheon: enable xdg desktop integration
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This prevents the embarrassing situation in https://github.com/NixOS/nixpkgs/pull/163828 from happening again.
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
nixos/tomcat: configure default group and fix broken default package …
|
| | | | | | | | | |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Without this fix, evaluating a NixOS configuration with Tomcat enabled and the
default settings results in the following evaluation error:
Failed assertions:
- users.users.tomcat.group is unset. This used to default to
nogroup, but this is unsafe. For example you can create a group
for this user with:
users.users.tomcat.group = "tomcat";
users.groups.tomcat = {};
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
nixos: add functions and documentation for escaping systemd Exec* directives
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
it's really easy to accidentally write the wrong systemd Exec* directive, ones
that works most of the time but fails when users include systemd metacharacters
in arguments that are interpolated into an Exec* directive. add a few functions
analogous to escapeShellArg{,s} and some documentation on how and when to use them.
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
to be accessed
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
nixos/switch-to-configuration: Few minor/medium improvements
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This bug is so obscure and unlikely that I was honestly not able to
properly write a test for it. What happens is that we are calling
handleModifiedUnit() with $unitsToStart=\%unitsToRestart. We do this to
make sure that the unit is stopped before it's started again which is
not possible by regular means because the stop phase is already done
when calling the activation script.
recordUnit() still gets $startListFile, however which is the wrong file.
The bug would be triggered if an activation script requests a service
restart for a service that has `stopIfChanged = true` and
switch-to-configuration is killed before the restart phase was run. If
the script is run again, but the activation script is not requesting
more restarts, the unit would be started instead of restarted.
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Some unit keys don't need to restart the service to make them effective.
Reduce the amount of service restarts by ignoring these keys
|
| | | |/ / / / / / /
| |/| | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
sdboot-builder: fix crash in exception handling
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Also some cleanups.
|
| | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
pomerium: 0.15.7 -> 0.17.0
|
| | | | | | | | | | | | |
|
| | | |/ / / / / / / /
| |/| | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
epgstation: 1.7.5 -> 2.6.20
|
| | | | | | | | | | | | |
|
| | | | | | | | | | | | |
|
| | | | | | | | | | | | |
|
| | |/ / / / / / / / / |
|
| |\ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
The amuleDaemon package was renamed to kebab-case in 81ef57d6.
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
As a novice to using this module, I found the existing description to be
quite misleading. It does not at all disable pulling from the registry,
it just loads some image archive that may or may not be related to the
container you're specifying. I had thought there was extra magic behind
this option, but it's just a `docker load`. You need foreknowledge of
the contents of the archive so that whatever it contained is actually
used to run the container.
I've reworded the description to hopefully make this behavior clearer.
|