| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
(cherry picked from commit d171c59926b77564089964f06ba761609b9a477e)
Signed-off-by: Domen Kožar <domen@dev.si>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Thanks @cstrahan.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
See migration changelogs at
- 7.0 -> 8.0: https://tomcat.apache.org/migration-8.html
- 8.0 -> 8.5: https://tomcat.apache.org/migration-85.html
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
(systemd kills process)
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
(cherry picked from commit 701f02a6eed902835e3d2a27838723cd9a7bb66a)
|
| | | | | |
| | | | |
| | | | |
| | | | | |
(cherry picked from commit 1f510dc7cd1dbb67bbf6574983de1dc5ebde1a1d)
|
| | | | | |
| | | | |
| | | | |
| | | | | |
remove after upstream gets fixed
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ref #18209
(cherry picked from commit 3fd603c02f339778c8ea24c2fadacb91185eb1c7)
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We need to rewrite attributes passed via files to their location in
/tmp/xchg in the VM. Otherwise functions like runCommand don't work.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Data from the documentation example[1] was used.
[1] https://docs.influxdata.com/influxdb/v1.0/guides/writing_data/
[Bjørn: change commit message.]
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Radicale can run as a foreground service and will then emits logging and
errors on the standard output. This helps the logging end up in the
systemd journal.
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
emacs module: Fix to get properly themed GTK apps
|
| | | |_|/
| |/| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This partially reverts commit ab9537ca22ce3fd4efc1795c58105504022d0c48.
From the manpage of systemd-nspawn(1):
Note that systemd-nspawn will mount file systems private to the
container to /dev, /run and similar.
Testing this in a shell turns out:
$ sudo systemd-nspawn --bind-ro=/nix/store "$(readlink "$(which ls)")" /proc
Spawning container aszlig on /home/aszlig.
Press ^] three times within 1s to kill container.
/etc/localtime does not point into /usr/share/zoneinfo/, not updating
container timezone.
1 execdomains kpageflags stat
acpi fb loadavg swaps
asound filesystems locks sys
buddyinfo fs meminfo sysrq-trigger
bus interrupts misc sysvipc
cgroups iomem modules thread-self
cmdline ioports mounts timer_list
config.gz irq mtrr timer_stats
consoles kallsyms net tty
cpuinfo kcore pagetypeinfo uptime
crypto key-users partitions version
devices keys scsi vmallocinfo
diskstats kmsg self vmstat
dma kpagecgroup slabinfo zoneinfo
driver kpagecount softirqs
Container aszlig exited successfully.
So the test on whether PID 1 exists in /proc is enough, because if we
use PID namespaces there actually _is_ a PID 1 (as shown above) and the
special file systems are already mounted. A test on the $containers
variable actually mounts them twice.
This unbreaks NixOS containers and I've tested this against the
containers-imperative NixOS test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @rickynils, @shlevy, @edolstra
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The loopback-based tests use a storage size of 102400 blocks (one block
is 1024 bytes), which doesn't seem to fit for btrfs volumes in recent
btrfs versions. I'm setting this to 409600 (400 MB) now so that it
should be enough for later versions in case they need even more space
for subvolumes.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Follow-up to the following commits:
abdc5961c3cdf9f5893ea1e91ba08ff5089f53a4: Fix starting the firewall
e090701e2d09aec3e8866ab9a8e53c37973ffeb4: Order before sysinit
Solely use sysinit.target here instead of multi-user.target because we
want to make sure that the iptables rules are applied *before* any
socket units are started.
The reason I've dropped the wantedBy on multi-user.target is that
sysinit.target is already a part of the dependency chain of
multi-user.target.
To make sure that this holds true, I've added a small test case to
ensure that during switch of the configuration the firewall.service is
considered as well.
Tested using the firewall NixOS test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
|
| | | | |
| | | |
| | | |
| | | | |
Suggested by @aszlig.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Probably as a result of 992c514a20cf2da897db68169d7dcab721e8c7b7, it
was not being started anymore.
My understanding of systemd.special(7) (section "Special passive
system units") is that the firewall should want network-pre.target,
rather than the other way around (not very intuitive...). This in
itself does not cause the firewall to be wanted, which is why the
wanted-by relationship with multi-user.target is necessary.
http://hydra.nixos.org/build/39965589
|
| | | | |
| | | |
| | | |
| | | | |
We can probably drop NFSv3...
|
| | | | |
| | | |
| | | |
| | | | |
http://hydra.nixos.org/build/40038016
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
These domains are not actually default but examples. See
https://github.com/lathiat/avahi/blob/master/avahi-daemon/avahi-daemon.conf#L24
for default config.
|
| |\ \ \ \
| | | | |
| | | | |
| | | | | |
https://github.com/rickynils/nixpkgs
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This way, stage-2 behaves correctly also for libvirt-lxc containers.
Some more discussion on this:
https://github.com/NixOS/nixpkgs/commit/a7a08188bf650ababa36300a9a6f34169e2a73bf
https://github.com/NixOS/nixpkgs/commit/bfe46a653ba2f8ff9902128f485cbd87c49cbca7
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Make /var/empty immutable (with chattr +i)
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fixes #14910 and #18358
Deployed to an existing server, restarted sshd and polkit to verify
they don't fail.
|
| | |/ / / /
|/| | | |
| | | | |
| | | | | |
fixes #17702.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Closes #18377.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
security.acme: require networking for client, remove loop without fallbackHost
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Actually this can be improved since the client only needs network
connectivity if it needs to renew the certificate.
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
input-methods modules: fix engine description
|
| | | | | | | | |
|
| | |_|/ / / /
|/| | | | |
| | | | | |
| | | | | | |
Fixes #14701.
|
| | | | | | | |
|
| | | | | | | |
|
| | |/ / / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
explicit path in nixos-install""
This partially reverts commit 0aa75206705afc71b991cceeede644c87088d583.
Fine for rsync to be in system path but we still need the explicit path
in nixos-install in case it is invoked from non-NixOS systems and also
to fix OVA test failure
See also https://github.com/NixOS/nixpkgs/commit/0aa75206705afc71b991cceeede644c87088d583
cc @edolstra
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
various: minor cleanup
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Added in systemd/systemd@68ac53e
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
this is already upstream default
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
this is part of (network,remote-fs).target, repectively
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We were pulling in 44 MiB of fonts in the default configuration, which
is a bit excessive for headless configurations like EC2
instances. Note that dejavu_minimal ensures that remote X11-forwarded
applications still have a basic font regardless.
|
| | | | | | | |
|