Because ARM hardware is starting to have serious issues with completing everything, due to
- A seemingly harmless Lomiri crash & restart early on eating up some time (adding more RAM seemed to have helped with that?), and
- Every OCR usually taking multiple minutes to complete
So start splitting them up into parts
- greeter, for testing just the greeter
- desktop, for general app stuff
- desktop-ayatana-indicators, for checking indicators (OCR-heavy & especially slow)
Currently passing on my hardware, but might need to be split up more in the future.
Lomiri now uses a separate systemd user target for all indicators that should start under Lomiri, because some Ayatana-like indicators do not make sense on non-Lomiri desktops.
Probably temporary, as we should instead encode this data from every indicator's service file into some passthru attribute.
This allows librenms to use socket authentication to the mysql package out of the box if installed under
the same username, avoiding complex DB password initialization steps.
Found a few instances, where celery intermittently complained about a
misconfigured redis instance and exited.
> redis.exceptions.ResponseError: MISCONF Redis is configured to save RDB
> snapshots, but it's currently unable to persist to disk. Commands that
> may modify the data set are disabled, because this instance is
> configured to report errors during writes if RDB snapshotting fails
> (stop-writes-on-bgsave-error option). Please check the Redis logs for
> details about the RDB error.
Windows with BitLocker and TPM enabled doesn't support boot chaining.
This option activates a special experimental mode in systemd-boot that
tries to detect such systems and, if detected and selected by the user
at the boot menu, set the BootNext EFI variable to it before resetting.
Rebuilding images multiple times on the small channels is too expensive
and makes them slower than they could be. Consuming the image from the
full release channel is probably good enough.
msmtpq patches had to be recreated:
- removal of the executable check and addition of systemd logging were
kept and split into two patches.
- renaming of queue and log files was removed as the upstream script had
renamed these to add the `MSMTPQ_` prefix (noted as a backwards
incompatible change).
*compressDrv* compresses files in a given derivation.
*compressDrvWeb* compresses a derivation for a loosely-defined
pre-compressed "web server" usage.
This intends to replace the `passthru.data-compressed` derivations that
have accumulated in nixpkgs with something more reusable.
This package was marked as vulnerable in
<https://github.com/NixOS/nixpkgs/pull/255959>, almost a year ago and
over a year after the project was archived upstream. The package and
module are unusable without bypassing a security warning in 23.05,
23.11, and 24.05.
Given that the package is intended as an organizer for
potentially‐untrusted media files, the vulnerability is critical and
leads to remote code execution, and there is basically no prospect
of upstream releasing a fix, remove the package and module entirely
for 24.11.
Defining a package that isn't the default results in podman-compat linking to a different version of podman (always the default one). This PR changes the behavior so that the given alternative package is used for the dockerCompat option as well. This could technically break things for people who rely on this quirk, albeit the previous behavior is probably not what one would expect.
Co-authored-by: Winter <winter@winter.cafe>
this patch adds the `services.flatpak.package` option to
allow overriding the package added by this module to
`environment.systemPackages` and the likes.
This is useful in scenarios where applications call the
flatpak binary to query information like writable directories
and there is a custom package returning different results
from the vanilla binary.
See https://github.com/crabdancing/nixpak-flatpak-wrapper
This option is already present in the wireguard module, but missing from
the wg-quick module. This is very annoying, because it means you can't
easily get a safe and valid configuration on first boot when using
wg-quick.
This change adds the same option with the same description text and the
same script, but instead of generating an entire systemd unit dedicated
to creating the key file, it adds the script as a PreUp script, which
is a much simpler solution.
I've tested this in my own configuration, and it does indeed work.
wg-quick allows multiple PreUp scripts, which are run in order, and
all PreUp scripts are run before the private key is read from disk,
see `man wg-quick`.
* buildkite-agent: 3.59.0 -> 3.76.1
* nixos/buildkite-agent: put each agent in its own private /tmp
Workaround for https://github.com/buildkite/agent/issues/2916, but
probably still a good idea.
I'm not using seriously Pixelfed those days, this software is
non-trivial and the NixOS module seems to have some sharp edges.
Change-Id: Ie93df9dcb00d0a58bd5e4165e377979c489af0b0
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
