Without this, the greeter is unable to see `orca` program on `PATH`
and so `${gdm}/share/gdm/greeter/autostart/orca-autostart.desktop`
will fail to start it. As a result, screen reader would not work
on the login screen.
The message incorrectly stated that 'agentToken' or 'agentTokenFile' should be set when role is 'agent', which is misleading. Corrected it to state that these should NOT be set for the 'agent' role.
Partially revert #179194 which first filtered
`extraLocaleSettings.LANGUAGE`. Indeed this environment variable is
given precedence according to:
https://www.gnu.org/software/gettext/manual/html_node/Locale-Environment-Variables.html
So using it will simply make all other `extraLocaleSettings` be ignored
in practice, but the OS shouldn't ignore it when aggregating the locales
required in general, as this setup should still be legitimate, and it
may even be useful if you wish to set it by default and use `env -u
LANGUAGE` for some programs.
I'm already a maintainer of the Gerrit package and I've done various
work on the Gerrit module. So it makes sense to be a maintainer there as
well.
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Containers did not have *systemd-journald-audit.socket* in *additionalUpstreamSystemUnits*, which meant that the unit was not provided.
However the *wantedBy* was added without any additional check, therefore creating an empty unit with just the *WantedBy* on *boot.isContainer* machines.
This caused `systemd-analyze verify` to fail:
```text
systemd-journald-audit.socket: Unit has no Listen setting (ListenStream=, ListenDatagram=, ListenFIFO=, ...). Refusing.
systemd-journald-audit.socket: Cannot add dependency job, ignoring: Unit systemd-journald-audit.socket has a bad unit file setting.
systemd-journald-audit.socket: Cannot add dependency job, ignoring: Unit systemd-journald-audit.socket has a bad unit file setting.
```
The upstream unit already contains the following, which should make it safe to include regardless:
```ini
[Unit]
ConditionSecurity=audit
ConditionCapability=CAP_AUDIT_READ
```
For reference, this popped up in the context of #[360426](https://redirect.github.com/NixOS/nixpkgs/issues/360426) as well as #[407696](https://redirect.github.com/NixOS/nixpkgs/pull/407696).
Co-authored-by: Bruce Toll <4109762+tollb@users.noreply.github.com>
Signed-off-by: benaryorg <binary@benary.org>
Consider a user wanting to set up the Linux builder for the first time,
but with a slightly more generous allocation of resources compared to
the default. They'll do something like this:
```
{
virtualisation.cores = 3;
virtualisation.darwin-builder = {
diskSize = 40 * 1024;
memorySize = 4 * 1024;
};
}
```
This will fail with an error like this:
```
error: a 'aarch64-linux' with features {} is required to build '/nix/store/3acpgmwqwnk8g2gc5r05ar2lvmn01b8a-builder.pl.drv', but I am a 'aarch64-darwin' with features {apple-virt, benchmark, big-parallel, nixos-test}
```
But why would they have to rebuild the NixOS system?! All they did was
change the arguments passed to QEMU, and nothing those options control
would affect the NixOS configuration itself... right?
`config.system.build.toplevel` is defined with `allowSubstitutes` set to
`false` by default, which makes it so that the toplevel can't be
substituted if Nix is trying to use it "directly." So because the above
example would have to rebuild the VM runner, which references toplevel
directly, Nix refuses to substitute it, unless `always-allow-substitutes
= true` is set as a Nix option. (In the case where the QEMU options
aren't changed at all, Nix just substitutes the runner, which sidesteps
this issue as the runner itself doesn't use toplevel as an input.)
