Running the migrations in a systemd execStartPre was a mistake. The
migrations can be pretty long to run and easily time-out.
Moving this to a proper oneshot service solves this issue and makes
this fits better the systemd execution model. We can now easily filter
the migrations logs.
In preparation for the deprecation of `stdenv.isX`.
These shorthands are not conducive to cross-compilation because they
hide the platforms.
Darwin might get cross-compilation for which the continued usage of `stdenv.isDarwin` will get in the way
One example of why this is bad and especially affects compiler packages
https://www.github.com/NixOS/nixpkgs/pull/343059
There are too many files to go through manually but a treewide should
get users thinking when they see a `hostPlatform.isX` in a place where it
doesn't make sense.
```
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv.is" "stdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv'.is" "stdenv'.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "clangStdenv.is" "clangStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "gccStdenv.is" "gccStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenvNoCC.is" "stdenvNoCC.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "inherit (stdenv) is" "inherit (stdenv.hostPlatform) is"
fd --type f "\.nix" | xargs sd --fixed-strings "buildStdenv.is" "buildStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "effectiveStdenv.is" "effectiveStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "originalStdenv.is" "originalStdenv.hostPlatform.is"
```
I'm maintaining the associated packages. So it makes sense to add myself
to their modules as well.
Signed-off-by: Felix Singer <felixsinger@posteo.net>
The 1.x iteration of globalprotect-openconnect is no longer being
developed. Remove related components from nixpkgs.
Signed-off-by: Rahul Rameshbabu <sergeantsagara@protonmail.com>
This reverts commit 89eb93dc3f.
It broken setups where /etc/wpa_supplicant.conf is configured
imperatively and reloading of the service on configuration changes.
The current default, 7, is, to put it nicely, absolutely ridiculous.
On 2.4 GHz, the only channels you should use are 1, 6 and 11, because
every other channel overlaps one of those and causes interference.
On 5/6 GHz, channel 7 does not exist at all.
Also, it's 2024, most things will support automatic channel selection,
and those that don't will likely need extra care to support prehistoric
hardware anyway.
The priviledge separation mode has several downsides:
- it's incompatible with alternative memory allocators, including
graphene-hardened;
- it needs an unreleased patch to fix a crash;
- it results in none less than 6 subprocesses running at any time,
increasing the memory usage;
- the privileged process (albeit not doing any networking related
tasks) is still running as root, so it has complete access to the
system.
Let's disable this by default and instead run dhcpcd as an unpriviledge
user with only the necessary capabilities.
