This was a workaround to begin with, as hardened kernel didn't support tracing.
Back then kernel level tracing was only available through debugfs, and now that
tracefs has been available on NixOS for a while now, enabled in
Link: https://github.com/NixOS/nixpkgs/pull/388751
This workaround can be removed and bpf can be used with tracefs.
Link: https://github.com/NixOS/nixpkgs/issues/360957
Signed-off-by: John Titor <50095635+JohnRTitor@users.noreply.github.com>
this assertion broke gnome sessions in very hard to debug way:
- gdm starts, but on successful login just returns to login screen
- journalctl isn't exactly helpful in this condition:
- a typical gnome login will involve many warnings and errors, that
aren't actually preventing login, but will lead affected users
on a merry chase for many hours
- the actual indicators in the log arent't even an errors, only info and warning
- graphical-session.target: Starting requested but asserts failed.
- Assertion failed for Current graphical user session.
startx is a power tool for power users, needing a certain level of
expertise for the user to even want it, let alone use correctly.
However, the expectation is, that the necessary expertise will be
contained within the domain of startx and that it not break tools for
regular users.
This partially reverts commit e1c3082085.
Previously, `http://` scheme was hard coded into the caddy config if
`webserver = "caddy"` was chosen. This is fine for local testing, but is
problematic if you want your nixos host to be public facing.
In the public facing case, you generally want to be using TLS. But since
the wordpress module generates the caddyfile rule, the user's nixos
config cannot easily change it to also allow https.
An alternative would be to reverse proxy an https rule to the generated
http rule, but that's somewhat questionable as there's not an internal
http endpoint to proxy to. It might be possible but I couldn't figure
it out.
So simplify by omitting the scheme. This causes caddy to use https by
default and 301 redirect any http requests to the https endpoint. Caddy
will just do the right thing if it's being hosted on a local/internal
hostname (self sign certificates).
This should be backwards compatible with previous default if users are
using reasonable browsers/tools.
Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
