| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |\
| |
| | |
nixos-install: add documentation for --channel, --no-channel-copy
|
| | | |
|
| |/
|
|
| |
With a backwards compatibility alias
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit eec83d41e3e7d9ad5bc1086198d972d55bab1203.
This broke hydra evaluation because with this commit submodule values
are allowed to be paths, however the certmgr module uses `either
(submodule ...) path` in its type, meaning it already used paths for
something else which would now be interpreted as a submodule.
|
| | | |
|
| | | |
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes the patch for nginx to clear the Last-Modified header if a
static file is served from the Nix store.
So far we only used the ETag from the store path, but if the
Last-Modified header is always set to "Thu, 01 Jan 1970 00:00:01 GMT",
Firefox and Chrome/Chromium seem to ignore the ETag and simply use the
cached content instead of revalidating.
Alongside the fix, this also adds a dedicated NixOS VM test, which uses
WebDriver and Firefox to check whether the content is actually served
from the browser's cache and to have a more real-world test case.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is what I've suspected a while ago[1]:
> Heads-up everyone: After testing this in a few production instances,
> it seems that some browsers still get cache hits for new store paths
> (and changed contents) for some reason. I highly suspect that it might
> be due to the last-modified header (as mentioned in [2]).
>
> Going to test this with last-modified disabled for a little while and
> if this is the case I think we should improve that patch by disabling
> last-modified if serving from a store path.
Much earlier[2] when I reviewed the patch, I wrote this:
> Other than that, it looks good to me.
>
> However, I'm not sure what we should do with Last-Modified header.
> From RFC 2616, section 13.3.4:
>
> - If both an entity tag and a Last-Modified value have been
> provided by the origin server, SHOULD use both validators in
> cache-conditional requests. This allows both HTTP/1.0 and
> HTTP/1.1 caches to respond appropriately.
>
> I'm a bit nervous about the SHOULD here, as user agents in the wild
> could possibly just use Last-Modified and use the cached content
> instead.
Unfortunately, I didn't pursue this any further back then because
@pbogdan noted[3] the following:
> Hmm, could they (assuming they are conforming):
>
> * If an entity tag has been provided by the origin server, MUST
> use that entity tag in any cache-conditional request (using If-
> Match or If-None-Match).
Since running with this patch in some deployments, I found that both
Firefox and Chrome/Chromium do NOT re-validate against the ETag if the
Last-Modified header is still the same.
So I wrote a small NixOS VM test with Geckodriver to have a test case
which is closer to the real world and I indeed was able to reproduce
this.
Whether this is actually a bug in Chrome or Firefox is an entirely
different issue and even IF it is the fault of the browsers and it is
fixed at some point, we'd still need to handle this for older browser
versions.
Apart from clearing the header, I also recreated the patch by using a
plain "git diff" with a small description on top. This should make it
easier for future authors to work on that patch.
[1]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-495072764
[2]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451644084
[3]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451646135
Signed-off-by: aszlig <aszlig@nix.build>
|
| |\| | |
|
| | |\ \
| | | |
| | | | |
nixos/connman: optional iwd backend
|
| | | | | |
|
| | |\ \ \
| | | | |
| | | | | |
nixosTests.mysql: add more tests
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Test that other users are not able to access the mysql database, and
unix socket auth actually works.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Because mysql.wait_for_unit() starts the vm as well, we didn't notice
that.
|
| | |\ \ \ \
| | | | | |
| | | | | | |
nvidia: fix $ substitution in udev rules
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Related to https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-390/+bug/1767777
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This fixes a harmless error from systemd-udevd that looks like:
Dec 23 15:35:23 dellbook systemd-udevd[696]:
/nix/store/iixya3ni5whybpq9zz1h7f4pyw7nhd19-udev-rules/99-local.rules:25
Invalid value "..." for RUN (char 101: invalid substitution type),
ignoring, but please fix it.
Using $$ fixes it using the escaping documented at https://www.freedesktop.org/software/systemd/man/udev.html.
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | | |
Module system improvements for NixOS as a submodule
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Module arguments should be taken from the arguments directly. This
allows evalModule's specialArgs to override them if necessary
|
| | | | | | | | |
|
| | |\ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
nixosTests.3proxy: port test to python
|
| | | | | | | | | |
|
| | |\ \ \ \ \ \ \
| | |/ / / / / /
| |/| | | | | | |
nixos/httpd: update default ssl protocols
|
| | | | |_|_|_|/
| | |/| | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | | |
We don't need to stop the container if it already exited sucessfully
|
| | |\ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
nixosTests.kexec: port to python and mark as broken
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The test did not succeed for me before this commit
(the Perl test hung forever), and this translation exhibits
the same problem.
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Before, the example script didn't actually exit when the event type
didn't match "up".
|
| | |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
netdata: 1.18.1 -> 1.19.0
|
| | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Some Ruby 2.7 updates and fixes
|
| | | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \
| | |/ / / / / / / /
| |/| | | | | | | | |
nixosTests.haka: port to python
|
| | | | | | | | | | | |
|
| |\| | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
bandwhich: init at 0.6.0
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
- Rename from `what` to `bandwhich`
- Add Security for darwin
|
| | | | |_|_|/ / / / /
| | |/| | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Currently if you specify home to be someplace else than ~/ for user
then Transmissions always attempts to load the config from the
default location which is $HOME/.config/transmission-daemon based on documentation:
https://github.com/transmission/transmission/wiki/Configuration-Files
Which means that the changes done to the config under settingsDir in
ExecPreStart have no effect because they are modifying a file that is never loaded.
I've added an explicit --config-dir ${settingsDir} to make sure
that Transmission loads the correct config file even when home is changed.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
|
| | |\ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
nixos/containers: use machinectl poweroff
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Previously, we were storing the leader pid in a runtime file and
signalled SIGRTMIN+4 manually.
In systemd 219, the `machinectl poweroff` command was introduced, which
does that for us.
|
| | | | | | | | | | | | |
|
| |\| | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
nagios: various improvements
|
| | | | | | | | | | | | | |
|
| | | |/ / / / / / / / /
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
* structured config for main config file allows to launch nagios in
debug mode without having to write the whole config file by hand
* build time syntax check
* all options have types, one more example
* I find it misleading that the main nagios config file is linked in
/etc but that if you change the link in /etc/ and restart nagios, it
has no effect. Have nagios use /etc/nagios.cfg
* fix paths in example nagios config files, which allows to reuse it:
services.nagios.objectDefs =
(map (x: "${pkgs.nagios}/etc/objects/${x}.cfg")
[ "templates" "timeperiods" "commands" ]) ++ [ ./main.cfg ]
* for the above reason, add mailutils to default plugins
Co-Authored-By: Aaron Andersen <aaron@fosslib.net>
|
| | |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
shorewall: init at 5.2.3.3
|