Previously some modules used `config.environment.etc."ssl/certs/ca-certificates.crt".source`, some used `"/etc/ssl/certs/ca-certificates.crt"`, and some used `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"`. These were all bad in one way or another:
- `config.environment.etc."ssl/certs/ca-certificates.crt".source` relies on `source` being set; if `text` is set instead this breaks, introducing a weird undocumented requirement
- `"/etc/ssl/certs/ca-certificates.crt"` is probably okay but very un-nix. It's a magic string, and the path doesn't change when the file changes (and so you can't trigger service reloads, for example, when the contents change in a new system activation)
- `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"` silently doesn't include the options from `security.pki`
Co-authored-by: Shelvacu <git@shelvacu.com>
Add an usbmon.enable option (default false) for setting permissions for
capturing USB traffic.
Add a dumpcap.enable option (default true) for setting permissions for
capturing network traffic.
fixes#375657
Prior to this commit, the graphical output of an application
running during the boot process was only redirected to the serial
console. Therefore, testing those applications inside the driver (eg.
using `enableOCR = true` was not possible by default.
Limiting the consoles to only the `qemuSerialDevice` has originally been
introduced with fb9f5e4a03 to fix journal
output after the activation of both consoles have been introduced with
d4468bedb5.
However limiting the consoles to only `qemuSerialDevice`this is no longer
necessary since 6aba98aefd makes sure the
journal is always forwarded to the serial console used by the testing
driver.
This is a follow-up on https://github.com/NixOS/nixpkgs/pull/339730
This 711-line file was expanded into 817-line file by nixfmt.
Readability was hurt as now I can’t see as much in my editor at a time;
this directly makes editing & reviewing slower as reading is harder. I
am upset about this change.
