about summary refs log tree commit diff
path: root/nixos
Commit message (Collapse)AuthorAge
* Merge pull request #120489 from samueldr/fix/make-disk-image-auto-sizeLassulus2021-04-26
|\ | | | | Fix make disk image automatic size
| * make-disk-image: Round image size to the next mebibyteSamuel Dionne-Riel2021-04-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This ensures the following gptfdisk warning won't happen: ``` Warning: File size is not a multiple of 512 bytes! Misbehavior is likely! ``` Additionally, helps towards aligning the partition to be more optimal for the underlying storage. It is actually impossible to align for the actual underlying storage optimally because we don't know what the block device will be! But aligning on 1MiB should help.
| * treewide: use auto diskSize for make-disk-imagelassulus2021-04-24
| | | | | | | | (cherry picked from commit f3aa040bcbf39935e7e9ac7a7296eac9da7623ec)
| * make-disk-image: Account for reserved disk spaceSamuel Dionne-Riel2021-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a bit of a thorny issue. See, the actual `diskSize` variable is for the *total* disk size, not for the filesystem! The automatic numbers are meant to compute the *filesystem* required space. So we have to add any other reserved space! We have different requirements for reserved space. E.g. there could be none (when it's actually a filesystem image). There could also be 1MiB for alignment for an MBR image, legacy+gpt needs 2MiB, then GPT with an ESP ("bootSize") needs to take the boot partition and GPT size into account too! Though luckily(?) for this latter situation we can cheat! As noted in the change, `bootSize` is NOT the boot partition size. It is actually the offset where the target filesystem starts.
| * make-disk-image: Account for the ext4 reserved spaceSamuel Dionne-Riel2021-04-24
| | | | | | | | | | | | | | | | | | | | | | Reserved space includes: - inodes space in use (2 blocks per) - about 5.2% of the space The 5.2% reserved space was computed empirically when working on a previous EXT4 image builder. It seems to stabilize around 5% even for much larger filesystems.
| * make-disk-image: Get proper size for automatic sizeSamuel Dionne-Riel2021-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On some filesystems, `du` without `--apparent-size` will not give the actual size for a file. Using `--apparent-size` will give us the actual file size. Though, this is not actually correct still. 1000 × 1 bytes is not 1000 bytes. It is 1000 × ceil(filesize/blockSize)*blockSize. So instead of adding up the actual file sizes. We are adding up the block sizes. Note that this also changes the builder to work with *bytes*, rather than with any other units. Doing maths on bytes is less likely to go awry than doing it on other units.
* | Merge pull request #120251 from mschwaig/fix-make-disk-image-for-efi-2Lassulus2021-04-26
|\ \ | | | | | | make-disk-image: fix broken EFI image builds
| * | make-disk-image: fix broken EFI image buildsMartin Schwaighofer2021-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Work around missing /dev files inside runInLinuxVM by creating a symlink before calling nixos-enter. This fixes https://github.com/NixOS/nixpkgs/issues/93381. I ran into this issue when trying to create a VMware image that boots from EFI. Thanks @colemickens for reporting this and @danielfullmer for fixing the same thing in in qemu-vm.nix (37676e77cb5adab936606838d6465faafda54f61) and explaining what the issue was.
* | | Merge pull request #119952 from attila-lendvai/extraLayoutsMichele Guerini Rocco2021-04-25
|\ \ \ | | | | | | | | nixos/doc/manual: refine extraLayouts, add warnings an test commands
| * | | nixos/doc/manual: refine extraLayouts, add warnings an test commandsAttila Lendvai2021-04-24
| | | |
* | | | Merge pull request #119443 from ambroisie/add-podgrabLuke Granger-Brown2021-04-25
|\ \ \ \ | | | | | | | | | | Add podgrab package and module
| * | | | nixos/tests/podgrab: initBruno BELANYI2021-04-15
| | | | |
| * | | | nixos/podgrab: add moduleBruno BELANYI2021-04-15
| | | | | | | | | | | | | | | | | | | | Closes #117284.
* | | | | Merge master into staging-nextFrederik Rietdijk2021-04-25
|\ \ \ \ \
| * \ \ \ \ Merge pull request #114240 from sorki/containers/nestedLuke Granger-Brown2021-04-25
| |\ \ \ \ \ | | | | | | | | | | | | | | nixos/nixos-containers: default boot.enableContainers to true
| | * | | | | nixosTests.containers-nested: initRichard Marko2021-03-04
| | | | | | |
| | * | | | | nixos/nixos-containers: default boot.enableContainers to trueRichard Marko2021-03-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Related to #85746 which addresses documentation issue, digging deeper for a reason why this was disabled was simply because it wasn't working which is not the case anymore.
| * | | | | | Merge pull request #114637 from KaiHa/pr/fix-systemd-boot-builderLuke Granger-Brown2021-04-25
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | systemd-boot-builder.py: ignore profile names with invalid chars
| | * | | | | | systemd-boot-builder: gracefully ignore errors during entry creationKai Harries2021-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Catch and ignore errors during writing of the boot entries. These errors could stem from profile names that are not valid filenames on vfat filesystems. fixes #114552
| * | | | | | | Merge pull request #107604 from pkern/eximLuke Granger-Brown2021-04-25
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | nixos/exim: Make queue runner interval configurable and reduce it to 5m by default
| | * | | | | | | nixos/exim: Make queue runner interval configurable and reduce it to 5mPhilipp Kern2020-12-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Exim spawns a new queue runner every n minutes as configured by the argument to -q; up to queue_run_max can be active at the same time. Spawning a queue runner only every 30 mins means that a message that failed delivery on the first attempt (e.g. due to greylisting) will only be retried 30 minutes later. A queue runner will immediately exit if the queue is empty, so it is more a function on how quickly Exim will scale to mail load and how quickly it will retry than something that is taxing on an otherwise empty system.
| * | | | | | | | Merge pull request #103902 from pkern/spamassassinLuke Granger-Brown2021-04-25
| |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | nixos/spamassassin: Avoid network dependency on boot
| | * | | | | | | | nixos/spamassassin: Handle return codes correctlyPhilipp Kern2021-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For sa-update we care about two successful codes: * 1 -> no updates available: exit successfully * 0 -> updates have been installed: run sa-compile and pass through its return code
| | * | | | | | | | nixos/spamassassin: Only run sa-compile when updates have been installedPhilipp Kern2021-02-11
| | | | | | | | | |
| | * | | | | | | | nixos/spamassassin: Run sa-compile after updating the rulesPhilipp Kern2021-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sa-compile speeds up processing the rules by compiling them from Perl to C. This needs to be run after every update and is saved in the local state directory by Perl and SpamAssassin version.
| | * | | | | | | | nixos/spamassassin: Simplify services by using StateDirectoryPhilipp Kern2021-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let systemd create SpamAssassin's state directory and populate it using the regular updater service. Depend on the updater service on boot but do not propagate failure to the main service. spamd's commands to start and reload the service are still executed as root but user/group are set to properly chown the state directory to the target user. spamd drops privileges itself for its runner children but preserves root on the main daemon (to listen and re-exec).
| | * | | | | | | | nixos/spamassassin: Fix network requirement on bootPhilipp Kern2021-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sa-update currently runs as part of the pre-start script of spamd. The network is not guaranteed to be online at that point and even if we were to depend on that, it makes the bootup brittle, as there is a reliance on SpamAssassin's update server as a startup dependency on boot. Refactor the setup to move the pre-start script into its own unit. This allows to perform the setup task only once. Continuous updates are already done by sa-update.service triggered by sa-update.timer. Only run sa-update in case /var/lib/spamassassin is empty. While we are on it, let sa-update.service depend on the network being online.
| * | | | | | | | | Merge pull request #120508 from Mic92/nixos-installJörg Thalheim2021-04-25
| |\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | nixos-install: fix flake command
| | * | | | | | | | | nixos-install: fix flake commandJörg Thalheim2021-04-24
| | | | | | | | | | |
* | | | | | | | | | | Merge master into staging-nextgithub-actions[bot]2021-04-25
|\| | | | | | | | | |
| * | | | | | | | | | nixos/tests/babeld: drop forwarding sysctlsMartin Weinelt2021-04-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | They are now set as part of the babeld module.
| * | | | | | | | | | nixos/babeld: run as DynamicUserMartin Weinelt2021-04-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The last bits to prevent babeld from running unprivileged was its kernel_setup_interface routine, that wants to set per interface rp_filter. This behaviour has been disabled in a patch that has been submitted upstream at https://github.com/jech/babeld/pull/68 and reuses the skip-kernel-setup config option. → Overall exposure level for babeld.service: 1.7 OK 🙂
* | | | | | | | | | | Merge branch 'master' into staging-nextJan Tojnar2021-04-25
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Choose binwalk 2.3.1, 27 is legacy version for Python 2.
| * | | | | | | | | | Merge pull request #119803 from SuperSandro2000/SuperSandro2000-patch-1Lassulus2021-04-24
| |\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | nixos/nginx: set isSystemUser
| | * | | | | | | | | | nixos/nginx: set isSystemUserSandro2021-04-18
| | | | | | | | | | | |
| * | | | | | | | | | | Merge pull request #119498 from mweinelt/tests-birdMaximilian Bosch2021-04-24
| |\ \ \ \ \ \ \ \ \ \ \ | | |_|_|_|_|_|_|_|_|_|/ | |/| | | | | | | | | | nixos/test/prometheus-exporters/bird: fix race condition
| | * | | | | | | | | | nixos/tests/prometheus-exporters/bird: set router idMartin Weinelt2021-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously bird would refuse to start up because the router id wasn't set. > bird[682]: Cannot determine router ID, please configure it manually
| | * | | | | | | | | | nixos/test/prometheus-exporters/bird: fix race conditionMartin Weinelt2021-04-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The bird socket would not always be instantly present, when the exporter was queried, leading to the test sometimes failing in its entirety.
| * | | | | | | | | | | Merge pull request #120537 from symphorien/nagios-restartGuillaume Girol2021-04-24
| |\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | nixos/nagios: use the correct option to restart on config change
| | * | | | | | | | | | | nixos/nagios: use the correct option to restart on config changeSymphorien Gibol2021-04-24
| | | |_|/ / / / / / / / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | X-ReloadIfChanged is incorrect, apparently https://github.com/NixOS/nixpkgs/pull/120324#discussion_r619472321 We restart instead of reloading because nagios unit file has no ExecReload.
| * | | | | | | | | | | Merge pull request #119725 from helsinki-systems/feat/flexoptix-appLassulus2021-04-24
| |\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | flexoptix-app: Init at 5.9.0
| | * | | | | | | | | | | nixos/flexoptix-app: Add the moduleJanne Heß2021-04-17
| | | |_|/ / / / / / / / | | |/| | | | | | | | |
| * | | | | | | | | | | nixos/mastodon/sandbox: add @privileged and @raw-io to SystemCallFilterIzorkin2021-04-24
| | |/ / / / / / / / / | |/| | | | | | | | |
* | | | | | | | | | | Merge master into staging-nextgithub-actions[bot]2021-04-24
|\| | | | | | | | | |
| * | | | | | | | | | Revert "treewide: use auto diskSize for make-disk-image"Luke Granger-Brown2021-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit f3aa040bcbf39935e7e9ac7a7296eac9da7623ec.
| * | | | | | | | | | Revert "nixos/amazon-image: (temporarily) use fixed disk size again"Luke Granger-Brown2021-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 6a8359a92ab501ae62739e9d3302f48e3e73c750.
| * | | | | | | | | | Merge pull request #120481 from lukegb/temp-ec2-fixed-diskLuke Granger-Brown2021-04-24
| |\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | nixos/amazon-image: (temporarily) use fixed disk size again
| | * | | | | | | | | | nixos/amazon-image: (temporarily) use fixed disk size againLuke Granger-Brown2021-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As a temporary workaround for #120473 while the image builder is patched to correctly look up disk sizes, partially revert f3aa040bcbf39935e7e9ac7a7296eac9da7623ec for EC2 disk images only. We retain the type allowing "auto" but set the default back to the previous value.
| * | | | | | | | | | | Merge pull request #119706 from nyanotech/masterSandro2021-04-24
| |\ \ \ \ \ \ \ \ \ \ \ | | |/ / / / / / / / / / | |/| | | | | | | | | | nixos/printers: fix ensureDefaultPrinter
| | * | | | | | | | | | nixos/printers: fix ensureDefaultPrinternyanotech2021-04-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `lpoptions -d` sets the default printer *for this user*, while `lpadmin -d` sets the system-wide default printer.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-29 07:52:50 +0000