This warning is based on a misconception: xss-lock, as most user
services, just require access to the shell environment variables,
which for `startx` have to be imported manually.
There are some common pitfalls and no documentation around how to write
the .xinitrc to correctly start the window manager, the systemd
graphical session and, ideally, cleaning up afterwards.
To improve the user experience around startx this change:
1. Adds two options to generate a sane default script and extend
it declaratively from NixOS.
2. Adds assertions to graphical-session.target so that it will fail
clearly and immediately when users writing their own script forget to
import the necessary environment variables.
The LibreNMS cache may contain paths to the old package and may break
when the old package is removed. So it is not enough to clear the cache
only on version updates, as the package will also change when build
inputs change.
This commit updates the setup script to regenerate the cache on every
package change. In addition, it now only performs migrations when the
package version has changed, since the migrations only change on version
updates and don't need to be applied on every package change.
Maybe PrivateHome once existed? It doesn't now, though, and this is the
only instance of it in all of nixpkgs!
Mar 11 15:18:28 kala systemd[1]: /etc/systemd/system/outline.service:46: Unknown key 'PrivateHome' in section [Service], ignoring.
Closes#386804
The issue with coercing to `types.str` is that it's not mergeable, so
any declarations will result in an eval error like this:
error: The option `interactive.nodes.tmp.services.postgresql.settings.shared_preload_libraries' has conflicting definition values:
- In `/home/ma27/Projects/nixpkgs-hack/tmp.nix@node-tmp': "foo"
- In `/home/ma27/Projects/nixpkgs-hack/tmp.nix@node-tmp': "bar2"
Use `lib.mkForce value` or `lib.mkDefault value` to change the priority on any of these definitions.
Using a mergeable type (`types.comma`, i.e. a string, where all declarations
get joined with a comma as delimiter) fixes the problem.
tracefs is a special-purpose filesystem in Linux used for tracing filesystem and kernel operations.
This was added to the kernel back in 2015 to replace debugfs. For security reasons, some system do not mount debugfs at all. Tracefs reduces the attack surface by allowing to trace without mounting debugfs. Additionally it provides features not supported by debugfs (such as calls for mkdir and rmdir
Debian and Arch Linux both enable this by default.
RHEL 8 and later, they enable tracefs by default.
Signed-off-by: John Titor <50095635+JohnRTitor@users.noreply.github.com>
