This adds a new `imageStream` option that can be used in conjunction
with `pkgs.dockerTools.streamLayeredImage` so that the image archive
never needs to be materialized in the `/nix/store`. This greatly
improves the disk utilization for systems that use container images
built using Nix because they only need to store image layers instead of
the full image. Additionally, when deploying the new system and only
new layers need to be built/copied.
Test out both nix upgrade-nix and a NixOS upgrade.
Inject a fake fallback-paths.nix assuming a stable -> latest upgrade.
The NixOS upgrade does not use nixos-rebuild switch due to the
cost+annoyance of the instantiation needing
system.includeBuildDependencies.
This links the generated configuration to /etc/wpa_supplicant.conf
unless `allowAuxiliaryImperativeNetworks`. In the latter case the
file in /etc should be writable and the generated one remains only
in the Nix store.
provision # [ 8.223448] (kanidmd)[819]: kanidm.service: Failed to set up mount namespacing: /ofborg/checkout/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ofborg-evaluator-1/nixos/tests/common/acme/server:
No such file or directory
- Split desktop into desktop-basics (basic keybind & app launching) and
desktop-appinteractions (one applications triggering something in another) due to timeouts
- Wrap machine.wait_for_text to wait 10 seconds before starting
The 10 second delay improves runtime dramatically on weaker hardware. In desktop-ayatana-indicators
on my aarch64 laptop, runtime was cut down by 818,41 seconds (~ 14 minutes).
Hopefully helps abit with timeout issues on ARM :(
This replaces the current implementation (splicing the secrets into the
configuration file using environment variables) with the new built-in
mechanism ext_password_backend.
With some minor syntax changes, it works exactly as before, except the
heavy lifting is done by wpa_supplicant and probably less error-prone.
Previously the cgi-user option in stargazer was broken in this module
because stargazer didn't have CAP_SETUID and CAP_SETGID. cgi-user tells
stargazer to run cgi processes as a different user. I added an option
allowCgiUser that give stargazer these capabilities when enabled. I made
this an option because access to those syscalls greatly increases the
damage a RCE bug in stargazer could do. So they should only be enabled
if needed.
