| Commit message (Collapse) | Author | Age |
|---|
| |
|
| |
Change name of the parameter to match https://github.com/NixOS/nixpkgs/blob/3d4cb55b718cfab054e86e864c90220d040d1935/nixos/modules/programs/zsh/oh-my-zsh.nix
|
| |\
| |
| | |
nixos/tests/xmonad: fix terminal title
|
| | |
| |
| |
| | |
bash now sets a different title.
|
| |\ \
| | |
| | | |
nixos/kubernetes: fix import path of default nixpkgs
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Disable nscd caching
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
It was the last database that wasn't listed.
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Hopefully fixes #50290
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Systemd provides an option for allocating DynamicUsers
which we want to use in NixOS to harden service configuration.
However, we discovered that the user wasn't allocated properly
for services. After some digging this turned out to be, of course,
a cache inconsistency problem.
When a DynamicUser creation is performed, Systemd check beforehand
whether the requested user already exists statically. If it does,
it bails out. If it doesn't, systemd continues with allocating the
user.
However, by checking whether the user exists, nscd will store
the fact that the user does not exist in it's negative cache.
When the service tries to lookup what user is associated to its
uid (By calling whoami, for example), it will try to consult
libnss_systemd.so However this will read from the cache and tell
report that the user doesn't exist, and thus will return that
there is no user associated with the uid. It will continue
to do so for the cache duration time. If the service
doesn't immediately looks up its username, this bug is not
triggered, as the cache will be invalidated around this time.
However, if the service is quick enough, it might end up
in a situation where it's incorrectly reported that the
user doesn't exist.
Preferably, we would not be using nscd at all. But we need to
use it because glibc reads nss modules from /etc/nsswitch.conf
by looking relative to the global LD_LIBRARY_PATH. Because LD_LIBRARY_PATH
is not set globally (as that would lead to impurities and ABI issues),
glibc will fail to find any nss modules.
Instead, as a hack, we start up nscd with LD_LIBRARY_PATH set
for only that service. Glibc will forward all nss syscalls to
nscd, which will then respect the LD_LIBRARY_PATH and only
read from locations specified in the NixOS config.
we can load nss modules in a pure fashion.
However, I think by accident, we just copied over the default
settings of nscd, which actually caches user and group lookups.
We already disable this when sssd is enabled, as this interferes
with the correct working of libnss_sss.so as it already
does its own caching of LDAP requests.
(See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/usingnscd-sssd)
Because nscd caching is now also interferring with libnss_systemd.so
and probably also with other nsss modules, lets just pre-emptively
disable caching for now for all options related to users and groups,
but keep it for caching hosts ans services lookups.
Note that we can not just put in /etc/nscd.conf:
enable-cache passwd no
As this will actually cause glibc to _not_ forward the call to nscd
at all, and thus never reach the nss modules. Instead we set
the negative and positive cache ttls to 0 seconds as a workaround.
This way, Glibc will always forward requests to nscd, but results
will never be cached.
Fixes #50273
|
| | | | | |
|
| |/ / / |
|
| | | |
| | |
| | |
| | | |
/cc ac19d5e34 #51836.
|
| | | |
| | |
| | |
| | |
| | | |
Right now it's not at all obvious that one can override this option
using `services.logind.extraConfig`; we might as well add an option
for `killUserProcesses` directly so it's clear and documented.
|
| |\ \ \ |
|
| | | | | |
|
| | |_|/
|/| | |
|
| |\ \ \
| |/ /
|/| | |
nixos/slurm: set slurmd KillMode and add extraConfigPaths
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This makes tests more reliable. It seems
that waitForUnit(slurmdbd.service) is not sufficient
on some systems.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The default of systemd is to kill the
the whole cgroup of a service. For slurmd
this means that all running jobs get killed
as well whenever the configuration is updated (and activated).
To avoid this behaviour we set "KillMode=process"
to kill only slurmd on reload. This is how
slurm configures the systemd service.
See:
https://bugs.schedmd.com/show_bug.cgi?id=2095#c24
https://github.com/SchedMD/slurm/commit/508f866ea10e4c359d62d443279198082d587107
|
| |\ \ \
| | | |
| | | | |
Add gnome wayland support
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
The test now runs wayland, which means we can no longer use X11 style testing.
Instead we get gnome shell to execute javascript through its dbus interface.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
This isn't strictly necessary yet as LightDM doesn't read the wayland sessions,
but there's no harm in being explicit.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
This will simply make the `sessionPath` more likely to work.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
LightDM is unable to separate between `wayland-sessions/gnome.desktop` and
`xsessions/gnome.desktop` so I ommitted adding this to LightDM.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
The update for zsh-autosuggestions in #51752 broke the module.
This fix reflects the required changes.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
They consistently fail since openjdk bump with some out-of-space errors.
That's not a problem by itself, but each test instance ties a build slot
for many hours and consequently they also delay channels as those wait
for all builds to finish.
Feel free to re-enable when fixed, of course.
|
| |\ \ \ \
| | | | |
| | | | | |
borgbackup: 1.1.7 -> 1.1.8
|
| | |/ / / |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
The tests passes, but that's just because a race condition where the window is
titled `Terminal` long enough.
|
| |/ / /
| | |
| | |
| | | |
Probably due to #51678 which makes bash set the terminal title.
|
| |\ \ \
| | | |
| | | | |
nixos/bash: set title in PS1
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
nixos lirc: fix owner-ship of runtime directory
|
| | | | | | |
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
quassel-webserver: remove
|
| | | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Package is broken and the original maintainer does not respond.
Unless someone wants to pick it up, I propose the removal.
fixes #51614
|
| |\ \ \ \ \ |
|
| | |\ \ \ \ \
| | | |/ / /
| | |/| | | |
|
| | |\ \ \ \ \
| | | |/ / /
| | |/| | | |
|
| | |\ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
camelCase package name was a huge inconsistency in GNOME package set.
|