| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Fix make disk image automatic size
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This ensures the following gptfdisk warning won't happen:
```
Warning: File size is not a multiple of 512 bytes! Misbehavior is likely!
```
Additionally, helps towards aligning the partition to be more optimal
for the underlying storage.
It is actually impossible to align for the actual underlying storage
optimally because we don't know what the block device will be!
But aligning on 1MiB should help.
|
| |
| |
| |
| | |
(cherry picked from commit f3aa040bcbf39935e7e9ac7a7296eac9da7623ec)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a bit of a thorny issue. See, the actual `diskSize` variable is
for the *total* disk size, not for the filesystem!
The automatic numbers are meant to compute the *filesystem* required
space. So we have to add any other reserved space!
We have different requirements for reserved space. E.g. there could be
none (when it's actually a filesystem image). There could also be 1MiB
for alignment for an MBR image, legacy+gpt needs 2MiB, then GPT with an
ESP ("bootSize") needs to take the boot partition and GPT size into
account too!
Though luckily(?) for this latter situation we can cheat! As noted in the
change, `bootSize` is NOT the boot partition size. It is actually the
offset where the target filesystem starts.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Reserved space includes:
- inodes space in use (2 blocks per)
- about 5.2% of the space
The 5.2% reserved space was computed empirically when working on a
previous EXT4 image builder. It seems to stabilize around 5% even for
much larger filesystems.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On some filesystems, `du` without `--apparent-size` will not give the
actual size for a file. Using `--apparent-size` will give us the actual
file size.
Though, this is not actually correct still. 1000 × 1 bytes is not 1000
bytes. It is 1000 × ceil(filesize/blockSize)*blockSize.
So instead of adding up the actual file sizes. We are adding up the
block sizes.
Note that this also changes the builder to work with *bytes*, rather
than with any other units. Doing maths on bytes is less likely to go
awry than doing it on other units.
|
|\ \
| | |
| | | |
make-disk-image: fix broken EFI image builds
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Work around missing /dev files inside runInLinuxVM by creating a
symlink before calling nixos-enter.
This fixes https://github.com/NixOS/nixpkgs/issues/93381.
I ran into this issue when trying to create a VMware image that boots from EFI.
Thanks @colemickens for reporting this and @danielfullmer for fixing the same thing in in qemu-vm.nix (37676e77cb5adab936606838d6465faafda54f61) and explaining what the issue was.
|
|\ \ \
| | | |
| | | | |
nixos/doc/manual: refine extraLayouts, add warnings an test commands
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Add podgrab package and module
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
Closes #117284.
|
|\ \ \ \ \ |
|
| |\ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/nixos-containers: default boot.enableContainers to true
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Related to #85746 which addresses documentation issue,
digging deeper for a reason why this was disabled
was simply because it wasn't working which is not the case anymore.
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
systemd-boot-builder.py: ignore profile names with invalid chars
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Catch and ignore errors during writing of the boot entries. These
errors could stem from profile names that are not valid filenames on
vfat filesystems.
fixes #114552
|
| |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
nixos/exim: Make queue runner interval configurable and reduce it to 5m by default
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Exim spawns a new queue runner every n minutes as configured by the
argument to -q; up to queue_run_max can be active at the same time.
Spawning a queue runner only every 30 mins means that a message that
failed delivery on the first attempt (e.g. due to greylisting) will only
be retried 30 minutes later.
A queue runner will immediately exit if the queue is empty, so it is
more a function on how quickly Exim will scale to mail load and how
quickly it will retry than something that is taxing on an otherwise
empty system.
|
| |\ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
nixos/spamassassin: Avoid network dependency on boot
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
For sa-update we care about two successful codes:
* 1 -> no updates available: exit successfully
* 0 -> updates have been installed: run sa-compile and pass
through its return code
|
| | | | | | | | | | |
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
sa-compile speeds up processing the rules by compiling them from Perl to
C. This needs to be run after every update and is saved in the local
state directory by Perl and SpamAssassin version.
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Let systemd create SpamAssassin's state directory and populate it using the
regular updater service. Depend on the updater service on boot but do not
propagate failure to the main service.
spamd's commands to start and reload the service are still executed as
root but user/group are set to properly chown the state directory to the
target user. spamd drops privileges itself for its runner children but
preserves root on the main daemon (to listen and re-exec).
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
sa-update currently runs as part of the pre-start script of spamd. The
network is not guaranteed to be online at that point and even if we
were to depend on that, it makes the bootup brittle, as there is a
reliance on SpamAssassin's update server as a startup dependency on
boot.
Refactor the setup to move the pre-start script into its own unit.
This allows to perform the setup task only once. Continuous updates
are already done by sa-update.service triggered by sa-update.timer.
Only run sa-update in case /var/lib/spamassassin is empty.
While we are on it, let sa-update.service depend on the network being
online.
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
nixos-install: fix flake command
|
| | | | | | | | | | | |
|
|\| | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
They are now set as part of the babeld module.
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
The last bits to prevent babeld from running unprivileged was its
kernel_setup_interface routine, that wants to set per interface
rp_filter. This behaviour has been disabled in a patch that has been
submitted upstream at https://github.com/jech/babeld/pull/68 and reuses
the skip-kernel-setup config option.
→ Overall exposure level for babeld.service: 1.7 OK 🙂
|
|\| | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Choose binwalk 2.3.1, 27 is legacy version for Python 2.
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
nixos/nginx: set isSystemUser
|
| | | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \ \
| | |_|_|_|_|_|_|_|_|_|/
| |/| | | | | | | | | | |
nixos/test/prometheus-exporters/bird: fix race condition
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Previously bird would refuse to start up because the router id wasn't
set.
> bird[682]: Cannot determine router ID, please configure it manually
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
The bird socket would not always be instantly present, when the exporter
was queried, leading to the test sometimes failing in its entirety.
|
| |\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
nixos/nagios: use the correct option to restart on config change
|
| | | |_|/ / / / / / / /
| | |/| | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
X-ReloadIfChanged is incorrect, apparently https://github.com/NixOS/nixpkgs/pull/120324#discussion_r619472321
We restart instead of reloading because nagios unit file has no
ExecReload.
|
| |\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
flexoptix-app: Init at 5.9.0
|
| | | |_|/ / / / / / / /
| | |/| | | | | | | | | |
|
| | |/ / / / / / / / /
| |/| | | | | | | | | |
|
|\| | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
This reverts commit f3aa040bcbf39935e7e9ac7a7296eac9da7623ec.
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
This reverts commit 6a8359a92ab501ae62739e9d3302f48e3e73c750.
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
nixos/amazon-image: (temporarily) use fixed disk size again
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
As a temporary workaround for #120473 while the image builder is patched
to correctly look up disk sizes, partially revert
f3aa040bcbf39935e7e9ac7a7296eac9da7623ec for EC2 disk images only.
We retain the type allowing "auto" but set the default back to the
previous value.
|
| |\ \ \ \ \ \ \ \ \ \ \
| | |/ / / / / / / / / /
| |/| | | | | | | | | | |
nixos/printers: fix ensureDefaultPrinter
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
`lpoptions -d` sets the default printer *for this user*, while `lpadmin -d`
sets the system-wide default printer.
|