Previously, it was possible to run with a tmpfs / with
`virtualisation.diskImage = null;`, this was likely broken by my changes
in 4b4e4c3ef9.
It is reintroduced by disabling properly the bootloader for now, as it
is complicated to make it work with.
Now that `useBootLoader` produces a full system image, moving disk
images can be slow because they have a full Nix store in them.
It does not make sense to keep the 9p mountpoint to shadow the
/nix/store of the VM.
We disable it if we have `useBootLoader` and introduce an option for
easy overrides.
When using Roundcube with a non local PostgreSQL database wait for
network start before running roundcube-setup.service
Otherwise the database is not reachable and the service fails.
Extract PostgreSQL database password for Roundcube from .pgpass file.
The password file is used in two locations:
1. in the Roundcube config.php
2. in the systemd setup service that initializes the roundcube
database
These two services need the password in different formats.
Keep the password file in PostgreSQL standard format and extract the
password for the Roundcube config (see #215986).
Switch to systemdb-hwdb to build the udev hwdb.bin, as "udevadm hwdb" is
deprecated. This fixes an issue where the order of conflicting keys is
not respected. The systemd-hwdb command creates a newer format (v3) of
hwdb.bin that respects the ordering of duplicate keys, with later
values replacing earlier occurrences.
A release note is included, as some mappings may be affected.
This option has been introduced in 678eed323f without realizing there was this
PR inflight, unfortunately, it collide with what this PR does and make
it irrelevant.
Therefore, I remove it here.
which allows the use of custom packages, that may not have binaries called `consul` or `consul-alerts` in their `/bin/*` (though arguably pretty unlikely to be ever used)
This allows users to set
`programs.firefox.nativeMessagingHosts.euwebid = true` to make the
native companion app available in Firefox.
It's used by the Web eID browser extension
(https://addons.mozilla.org/en/firefox/addon/web-eid-webextension/),
which can be tried out at https://web-eid.eu/ - pressing the
"Authenticate" button there should open a new window.
Bind mount the base dirs of the tls key and chain into the service.
Make sure to bind every directory just once. The test failed on ofborg
when /nix/store and the certificate path in /nix/store/<some path> were
bound.
