Yes I know it's dirty to link the rendered HTML, but linking
`#sec-kernel-config` breaks the manual build for me with the following
error:
element link: validity error : IDREF attribute linkend references an unknown ID "sec-kernel-config"
This is something that should probably be fixed, but for the current
change I'd argue that this is good enough (in fact even the
`nix.settings`-option uses that hack).
Its scripts disagree a bit with our flexible
logging approach and our default logging config.
Might want to revisit this at some point.
The `mkdir` failures in the log are harmless.
I'm well aware that this issue is currently under discussion[1] and that
these things may change. Also, please don't misinterpret this as an
attempt to end the discussion.
This topic made it obvious that people are surprised by the way this
issue is handled and only finding out about this unwritten rule because
of asking is not a good state IMHO, so I decided to document the
following things:
* Right now we drop kernels as soon as they get out of maintenance (LTS
kernels even before the next stable NixOS that will exceed their
lifespan).
* The `latestCompatibleLinuxPackages` attribute from ZFS isn't
monotonic since latest only refers to the latest supported kernel.
* In fact `latestCompatibleLinuxPackages` doesn't seem to be documented
at all in the manual, so I also did that.
[1] https://discourse.nixos.org/t/aggressive-kernel-removal-on-eol-in-nixos/23097
Adds a new option for backup jobs `inhibitsSleep` which prevents
the system from going to sleep while a backup is in progress.
Uses `systemd-inhibit`, which holds a "lock" that prevents the
system from sleeping while the process it invokes is running.
This did require wrapping the existing backup script using
`writeShellScript` so that it could be run by `systemd-inhibit`.
Changes sgx-psw to append `aesm` to `LD_LIBRARY_PATH`:
- Append instead of prepend to allow for overriding in service config
- As we already add a wrapper to add `aesm` to `LD_LIBRARY_PATH` it is
not necessary to also set in `LD_LIBRARY_PATH` of the systemd service.
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
Pin the `nixpkgs` registry entry to the *filtered* nixpkgs source to
avoid copying the entire `.git` directory to the ISO when building
from a local checkout.
Also set `to` directly instead of the `flake.outPath` hack.
