Found a few instances, where celery intermittently complained about a
misconfigured redis instance and exited.
> redis.exceptions.ResponseError: MISCONF Redis is configured to save RDB
> snapshots, but it's currently unable to persist to disk. Commands that
> may modify the data set are disabled, because this instance is
> configured to report errors during writes if RDB snapshotting fails
> (stop-writes-on-bgsave-error option). Please check the Redis logs for
> details about the RDB error.
Windows with BitLocker and TPM enabled doesn't support boot chaining.
This option activates a special experimental mode in systemd-boot that
tries to detect such systems and, if detected and selected by the user
at the boot menu, set the BootNext EFI variable to it before resetting.
Rebuilding images multiple times on the small channels is too expensive
and makes them slower than they could be. Consuming the image from the
full release channel is probably good enough.
msmtpq patches had to be recreated:
- removal of the executable check and addition of systemd logging were
kept and split into two patches.
- renaming of queue and log files was removed as the upstream script had
renamed these to add the `MSMTPQ_` prefix (noted as a backwards
incompatible change).
*compressDrv* compresses files in a given derivation.
*compressDrvWeb* compresses a derivation for a loosely-defined
pre-compressed "web server" usage.
This intends to replace the `passthru.data-compressed` derivations that
have accumulated in nixpkgs with something more reusable.
This package was marked as vulnerable in
<https://github.com/NixOS/nixpkgs/pull/255959>, almost a year ago and
over a year after the project was archived upstream. The package and
module are unusable without bypassing a security warning in 23.05,
23.11, and 24.05.
Given that the package is intended as an organizer for
potentially‐untrusted media files, the vulnerability is critical and
leads to remote code execution, and there is basically no prospect
of upstream releasing a fix, remove the package and module entirely
for 24.11.
Defining a package that isn't the default results in podman-compat linking to a different version of podman (always the default one). This PR changes the behavior so that the given alternative package is used for the dockerCompat option as well. This could technically break things for people who rely on this quirk, albeit the previous behavior is probably not what one would expect.
Co-authored-by: Winter <winter@winter.cafe>
this patch adds the `services.flatpak.package` option to
allow overriding the package added by this module to
`environment.systemPackages` and the likes.
This is useful in scenarios where applications call the
flatpak binary to query information like writable directories
and there is a custom package returning different results
from the vanilla binary.
See https://github.com/crabdancing/nixpak-flatpak-wrapper
This option is already present in the wireguard module, but missing from
the wg-quick module. This is very annoying, because it means you can't
easily get a safe and valid configuration on first boot when using
wg-quick.
This change adds the same option with the same description text and the
same script, but instead of generating an entire systemd unit dedicated
to creating the key file, it adds the script as a PreUp script, which
is a much simpler solution.
I've tested this in my own configuration, and it does indeed work.
wg-quick allows multiple PreUp scripts, which are run in order, and
all PreUp scripts are run before the private key is read from disk,
see `man wg-quick`.
* buildkite-agent: 3.59.0 -> 3.76.1
* nixos/buildkite-agent: put each agent in its own private /tmp
Workaround for https://github.com/buildkite/agent/issues/2916, but
probably still a good idea.
I'm not using seriously Pixelfed those days, this software is
non-trivial and the NixOS module seems to have some sharp edges.
Change-Id: Ie93df9dcb00d0a58bd5e4165e377979c489af0b0
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
By default the use of alias generates warning:
$ nix build --no-link -f. nixosTests.bittorrent
evaluation warning: transmission has been renamed to transmission_3 since transmission_4 is also available. Note that upgrade caused data loss for some users so backup is recommended (see NixOS 24.11 release notes for details)
When alaises are disabled that causes the eval failure:
error: attribute 'transmission' missing
at /home/slyfox/dev/git/nixpkgs/nixos/tests/bittorrent.nix:24:36:
23| transmissionConfig = { ... }: {
24| environment.systemPackages = [ pkgs.transmission ];
| ^
25| services.transmission = {
Did you mean one of transmission_3 or transmission_4?
The [Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/)
allows for using a key called "devicetree" for specifying which
devicetree the bootloader should use during boot. With regards to
systemd-boot, this key is used to specify which file should be picked up
from the ESP to install to the EFI DTB Configuration Table. Linux then uses
this Configuration Table to setup the machine. This change is similar to
the one done in https://github.com/NixOS/nixpkgs/pull/295096, where that
change was for adding DTB support to systemd-stub, and this is for
systemd-boot.
This is a breaking change, requiring users of `featureGates` to change
from a `listOf str` to `attrsOf bool`.
Before:
```nix
featureGates = [ "EphemeralContainers" ];
extraOpts = pkgs.lib.concatStringsSep " " (
[
"--container-runtime=remote"
''--feature-gates="CSIMigration=false"''
});
```
After:
```nix
featureGates = {EphemeralContainers = true; CSIMigration=false;};
```
This is much nicer, and sets us up for later work of migrating to
configuration files for other services, like e.g. has been happening
with kubelet (see: #290119).
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
The default in the previous option documentation was incorrect,
resulting in the UNIX socket to be unreachable except by root by
default.
This fixes the documentation and requires consumers to set values
explicitly for the socket's owning user and group.
This adds migration instructions for the removed global shared instance
configuration of fcgiwrap.
Adding those explicit messages to the previous options requires moving
the newly defined options from `services.fcgiwrap.*` to
`services.fcgiwrap.instances.*` due to an option namespace clash.
`mkRenamedOptionModule` was not used because the previous options do
not directly map to the new ones. In particular, `user` and `group`
were described as setting the socket's permission, but were actually
setting the process' running user.
Co-authored-by: Minijackson <minijackson@riseup.net>
